Wednesday 4 April 2018

Risk Management Frameworks for Nonprofit Organisations - Maximising the success of their implementation

Standards Australia has been quite active in its delivery of resources to the nonprofit sector, regarding the management and communication of risk. 2010 saw the release of HB 266:2010 entitled “Guide for managing risk in not-for-profit organizations”. This was supported by HB 327:2010 entitled “Communicating and consulting about risk”. Both publications came off the back of AS/NZS ISO 3100:2009 entitled “Risk management - Principles and guidelines”.

Together, these publications focused on the core application areas of risk management, namely the principles for managing risks, the framework within which these operated, and the process that underpinned them. Communication was recognised as the key to successfully implementing a risk aware culture within the organisation, as part of the delivery of an effective risk management framework.

The message in these pronouncements is quite clear. There are a broad range of risk principles that your organisation needs to consider in order for risk to be understood in the broadest possible way. These principles need to be contextualised within a consolidated framework that must be well considered, well developed, and well understood. In order for such a framework to be effective, it must be supported by a process that caters for the identification, assessment, and treatment of risk. Additionally, this process must be supported by an effective and consistent communication methodology. Finally, and a very important point to consider when deciding on how to approach the design and implementation of a Risk Management Framework, is its workability. In other words, failure will be determined, in part, by the way staff within your organisation view the Framework and how they work with it and within it. Three key rules that I always say are a prerequisite for success in this area are: 
  1.  SEAMLESNESS - The processes surrounding the Framework must be seamless. Staff must see it as merely another part of their day-to-day activities, rather than seen as yet ‘something else that needs to be done’; 
  2.  TRANSPARENCY - The Framework must support transparency. Information captured within it must be largely available to all staff. The only caveat here may relate to a range of strategic risks, and 
  3.  COMMUNICATION – Internal communications supporting the workings of the Framework must be effective and timely, ensuring confidence in the processes is maximised


This integrated approach to risk management should be the focus for your nonprofit when considering and assessing risk. In the context of nonprofit organisations, a wide range of risk categories combine to form an overall picture of the risk environment within which nonprofits operate. These can best be summarised in the following manner: 
  • Asset risk – which relates to the ongoing management and maintenance of the organisation’s physical assets including buildings and equipment used by employees, volunteers, contractors, and clients; 
  • Compliance risk – which relates to the external regulatory framework that the organisation operates within as well as the internal policies and procedures that are in place to govern behaviours of its internal stakeholders; 
  • Environment risk – which relates to the management and sustainability of the built and natural environment that the organisation works within, and, from which services are delivered; 
  • Financial risk – which relates to the operation, management and development of the financial frameworks within which the organisation operates in, and supported by its internal financial policies and procedures; 
  • Liability risk – which relates to the organisation’s services, products, information or behaviours that results in legal action against the organisation or its officers; 
  • Personnel risk – which relates to the safety, occupational health or well being of the organisation’s staff; 
  • Service delivery risk – which relates to failures in the provision of its services and how these may impact the organisation, and finally 
  • Technology risk – which relates to the security, safety, function and management of the organisation’s technology systems and processes.


A further aspect to consider is the extent to which the implementation of a Risk Management Framework represents challenges to your organisation in terms of implementation. This may require an effective change management strategy in order to maximse successful implementation.

OPTIMUM NFP has worked with many nonprofits in designing and implementing Risk Management Frameworks which respond directly to the unique organisational requirements whilst maintaining the important elements of the Australian Standards.

Further information regarding the work of OPTIMUM NFP in this area can be found by following this URL -  https://www.optimumnfp.com.au/services/risk-management.html

Contact David Rosenbaum of OPTIMUM NFP at drosenbaum@optimumnfp.com.au or 0411-744-911 to further discuss your requirements and how your nonprofit may benefit from the work we do in this very important area.


In response to the change management challenges that may be connected to successful implementation, keep an eye out for the forthcoming NFP Change Management Masterclass being held in Sydney on Wednesday 12th September 2018, where participants will be introduced to NFP specific change management approaches which have directly resulted from this ground-breaking research. You can register your interest by following this URL - https://www.optimumnfp.com.au/masterclass.html

No comments:

Post a Comment