Follow by Email

Tuesday, 13 March 2012

Risk Management Frameworks – How Does Your NFP Compare?

Standards Australia has been quite active in its delivery of resources to the Not-for-profit sector, regarding the management and communication of risk. 2010 saw the release of HB 266:2010 entitled “Guide for managing risk in not-for-profit organizations”. This was supported by HB 327:2010 entitled “Communicating and consulting about risk”. Both publications came off the back of AS/NZS ISO 3100:2009 entitled “Risk management - Principles and guidelines”.

Together, these publications focused on the core application areas of risk management, namely the principles for managing risks, the framework within which these operated, and the process that underpinned them. Communication was recognised as the key to successfully implementing a risk aware culture within the organisation, as part of the delivery of an effective risk management framework.

The message in these pronouncements is quite clear. There are a broad range of risk principles that your organisation needs to consider in order for risk to be understood in the broadest possible way. These principles need to be contextualised within a consolidated framework that must be well considered, well developed, and well understood. In order for such a framework to be effective, it must be supported by a process that caters for the identification, assessment, and treatment of risk. Finally, this process must be supported by an effective and consistent communication methodology.

This integrated approach to risk management should be the focus for your not-for-profit when considering and assessing risk.

In the context of not-for-profit organisations, a wide range of risk categories combine to form an overall picture of the risk environment within which not-for-profits operate. These can best be summarised in the following manner:

  • Asset risk – which relates to the ongoing management and maintenance of the organisation’s physical assets including buildings and equipment used by employees, volunteers, contractors, and clients;
  • Compliance risk – which relates to the external regulatory framework that the organisation operates within as well as the internal policies and procedures that are in place to govern behaviours of its internal stakeholders;
  •  Environment risk – which relates to the management and sustainability of the built and natural environment that the organisation works within, and, from which services are delivered;
  •  Financial risk – which relates to the operation, management and development of the financial frameworks within which the organisation operates in, and supported by its internal financial policies and procedures;
  •  Liability risk – which relates to the organisation’s services, products, information or behaviours that results in legal action against the organisation or its officers;
  •  Personnel risk – which relates to the safety, occupational health or well being of the organisation’s staff;
  • Service delivery risk – which relates to failures in the provision of its services and how these may impact the organisation, and finally
  • Technology risk – which relates to the security, safety, function and management of the organisation’s technology systems and processes.

OPTIMUM NFP has worked with numerous Not-for-Profits in designing and successfully implementing risk management frameworks. As a member of the  Risk Management Institution of Australasia, and an experienced Not-for-Profit consultant, David Rosenbaum of OPTIMUM NFP is well placed to respond to the risk requirements of Australian Not-for-Profits.


  1. If your management work properly then you have no risk about your organization. It's depend on HR.

    Institute Management Solution

    1. I'm not sure that the connection that you make is as straight forward as you suggest. Irrespective of the effectiveness of your management team, no organisation operates within a risk free environment.

      The issue of mitigation is always at the heart of any risk management strategy. Such a mitigation response can only be effective if it is developed within the context of the risk management framework.

      At the heart of my approach to the management of risk, especially within not-for-profit organisations, but not limited to them, is to consider the framework as being the overall parameters within which you evaluate, document and respond to a very broad category of risk issues.

      In addition, risk becomes an organisational wide issue and not merely the responsibility of one area within the organisation. Accordingly I would suggest that your approach of focusing on HR as the key plank is potentially problematic and limiting.