Tuesday, 13 March 2012

Risk Management Frameworks – How Does Your NFP Compare?


Standards Australia has been quite active in its delivery of resources to the Not-for-profit sector, regarding the management and communication of risk. 2010 saw the release of HB 266:2010 entitled “Guide for managing risk in not-for-profit organizations”. This was supported by HB 327:2010 entitled “Communicating and consulting about risk”. Both publications came off the back of AS/NZS ISO 3100:2009 entitled “Risk management - Principles and guidelines”.

Together, these publications focused on the core application areas of risk management, namely the principles for managing risks, the framework within which these operated, and the process that underpinned them. Communication was recognised as the key to successfully implementing a risk aware culture within the organisation, as part of the delivery of an effective risk management framework.

The message in these pronouncements is quite clear. There are a broad range of risk principles that your organisation needs to consider in order for risk to be understood in the broadest possible way. These principles need to be contextualised within a consolidated framework that must be well considered, well developed, and well understood. In order for such a framework to be effective, it must be supported by a process that caters for the identification, assessment, and treatment of risk. Finally, this process must be supported by an effective and consistent communication methodology.

This integrated approach to risk management should be the focus for your not-for-profit when considering and assessing risk.

In the context of not-for-profit organisations, a wide range of risk categories combine to form an overall picture of the risk environment within which not-for-profits operate. These can best be summarised in the following manner:

  • Asset risk – which relates to the ongoing management and maintenance of the organisation’s physical assets including buildings and equipment used by employees, volunteers, contractors, and clients;
  • Compliance risk – which relates to the external regulatory framework that the organisation operates within as well as the internal policies and procedures that are in place to govern behaviours of its internal stakeholders;
  •  Environment risk – which relates to the management and sustainability of the built and natural environment that the organisation works within, and, from which services are delivered;
  •  Financial risk – which relates to the operation, management and development of the financial frameworks within which the organisation operates in, and supported by its internal financial policies and procedures;
  •  Liability risk – which relates to the organisation’s services, products, information or behaviours that results in legal action against the organisation or its officers;
  •  Personnel risk – which relates to the safety, occupational health or well being of the organisation’s staff;
  • Service delivery risk – which relates to failures in the provision of its services and how these may impact the organisation, and finally
  • Technology risk – which relates to the security, safety, function and management of the organisation’s technology systems and processes.

OPTIMUM NFP has worked with numerous Not-for-Profits in designing and successfully implementing risk management frameworks. As a member of the  Risk Management Institution of Australasia, and an experienced Not-for-Profit consultant, David Rosenbaum of OPTIMUM NFP is well placed to respond to the risk requirements of Australian Not-for-Profits.