This blog post is part of five articles on organizational sustainability. Related articles are noted at the end of the post.
Stage Two: Risk Assessment
The Risk Assessment component of improving sustainability builds on what was learned during the Organizational Audits and requires that the Board determine what is “acceptable” risk in several areas. As noted above, how you break out the areas that you assess or the concerns you examine depends on your current Board, what has been observed, and what is deemed to be most important to explore at this time.
This Risk Assessment process is simple and builds off the steps outlined Nick Price’s article “Risk Assessment: A template for Non-Profit Boards.” This blog writer has taken Price’s ideas and added comments and questions to help lead Boards through the process efficiently.
Step 1: Identify Key Risk Areas and Brainstorm Questions
During this first step it is important that your board determine which areas they want to examine and focus in on the most important questions it wants to ask itself (see below for examples). If an audit has been done and areas of concern have been highlighted, these are good places to start when brainstorming your own questions.
Step 2: Assess Likelihood and Impact
Now it’s time to look closely at each of the areas of concern and assess two things:
1) How likely is it to happen?
2) What impact will it have on the organization?
When these two questions are answered and scored (a Likelihood/Impact scale of 1-5 is recommended by Price, with 5 being high) and the two scores multiplied, the number you are left with rates the level of risk your organization is taking.
EXAMPLE ONE:
For example, let’s examine what level of risk losing a key staff member would result in.
Using the recommended scale of 1-5, your Board might determine that your organization’s likelihood of losing a key staff member in the next 3 years is a 5 (say your ED is retiring in two years).
Using the same scale, the Board now considers the impact of losing the ED and scores it again as a 5 as there are no succession plans in place.
Your overall impact risk is therefore 5 x 5 = 25. This is a HUGE risk and should be a priority for the board moving forward from a sustainability and operational perspective.
EXAMPLE TWO
Alternatively, your Board may be examining its financials and wants to know if enough funds are available to pay key staff for three months of wages should contract funds not come through when expected.
In this case, the Board may determine that the likelihood of this happening is a 3.
In reviewing their financials, they may learn that there are enough funds set aside in the contingency fund to carry the organization (all staff) for six months.
In this case the impact of having to pay key staff wages for three months is only a 1 on the scale of 1-5.
In this case the total likelihood / impact rating would be a 3 x 1 = 3 which means that the risk is low or almost non-existent. Thus, while this needs to be monitored, it is not a priority.
Using this simple mathematical function to help determine the level of risk is a great way to prioritize which risks the Board needs to consider immediately, in the short-term, in the long-term and which simply need to be monitored annually.
Step 3: Prioritize the Risks
Based on the level of risk determined in Step 2, you can now prioritize your risks based on the likelihood of them becoming a problem and the impact they will have on your organization’s sustainability. Positioned with this knowledge, it is easy to examine and assess which of the risks need to be addressed now, and which can wait.
In some cases, a risk may rate low on the likelihood or the impact scale and still be considered a priority. Situations vary. For example, let’s revisit the example of not having a succession plan for an ED who is planning on retiring in 2 years. Maybe it’s not an immediate priority (or is it?). So much depends on outside factors: your ED’s health, the relationships your ED has in the community (as the face of the organization) as these can’t easily be just handed on, or if you have someone on the team who can easily step into the position; depending on the situation, this risk may be higher or lower. It is the Board’s job to consider all these elements and make plans to mitigate the risk as best they can.
Step 4: Find your Board’s “Sweet Spot” for Risk
Every Board has a different “sweet spot” when it comes to what risk is acceptable and not acceptable. That level of risk may vary depending on the type of risk it is. For example, a Board may want to have a six-month contingency fund set aside to manage financial risks or they may want the security of owning their own building.
Alternatively, they may be less risk adverse when it comes to developing new, innovative programming that meets the needs of client groups. In this area, they may take more of a risk, knowing that innovative programming can lead to various outcomes – some good, some that will need to be addressed. When it comes to programming, they may say “let’s play and experiment with what works… lets be agile and listen to what our clients want” rather than stay within the “norm.”
As you go through your risk assessment, with an eye on sustainability, your Board will need to establish what they are most comfortable with. Where they are willing to take risks. Where they are not willing to take risks. Areas that Boards should NOT take risk with are things like accounting practices, financials, insurance, and legal aspects of the operations.
It is essential that your Board has a means and a process for exploring where their “sweet spot” for risk is and for monitoring it moving forward. Honest Board discussions are needed to establish and frame what is comfortable for the Board in terms of risk. These conversations are not a one-time thing; they are frequently revisited when new situations arise or when new board members join in the discussions. Wherever possible, plans should be put in place to mitigate priority risks.
Step 5: Implement and Monitor Risks
The final step of risk management is about putting plans in place to mitigate key risks and then to monitor the risks moving forward. Every Board agenda should include a risk management agenda item, even if there is nothing to address specifically. This keeps the risk on the radar and ensures that the Board and ED are monitoring current risks, ready to report on changes and new risks that may be arising. By keeping an eye on risks and managing them well, your Board and Management team increase your organizations sustainability by filling in gaps and being proactive about changes that can negatively impact the organization.
Tell us how evaluating and monitoring risks has helped your organization achieve its goals and limited mission drift. Share your thoughts and observations in the comments below.
コメント