While so many are surveying the damage and beginning what may be a long and bumpy road to recovery amongst the devastation and emotional loss caused by recent disasters, many have already started to reflect – ‘What could we have done better? Or how do we prepare for the next one?’ Hundreds of positive stories have already been shared – neighbors helping neighbors, first responders going above and beyond and communities banding together in support of one another. Relief efforts are underway and many more uplifting stories are sure to emerge. For many businesses and certainly not-for-profits, recent events have caused many leaders to focus more than ever on operations and ‘what if’ scenarios. If they were in the ‘eye of the storm’ so to speak, were they prepared? And even if they were miles away, would they have been prepared if Harvey, Irma or the wildfires on the West Coast struck their organization?
Alexander Graham Bell is quoted saying, “Before anything else, preparation is the key to success.” The preparation that went into securing residents and their homes, planning for response and now disaster recovery was and will continue to be critical to outcomes.
So what does any of this have to do with using risk to your advantage? Preparation for the storm can be compared to assessing risk in an organization – the goal of both is to obtain the best chance of a successful outcome. By no means is anything in life guaranteed, but just like with natural disasters, those who prepare, are likely to fare better than those who do not. While there may be challenges to assessing risk in your organization, the benefits can be numerous. Unfortunately, too many organizations, for a variety of reasons, do not have a timely, methodical process in place to identify and proactively mitigate risks. Some organizations are not even sure how to start the conversation let alone take on an enterprise-wide risk assessment.
Where is our organization exposed? Are we paying enough attention to operations to be able to continue our mission? What is our risk tolerance? How do we mitigate our risk? Asking questions may not always generate answers, but it helps to identify knowledge gaps and serves to drive action.
While most professionals would agree that risk generally involves exposure to danger or some type of negative impact, people often view and speak about risk differently. Take a minute to think about what the following types of risks might mean in the context of your environment – governance risk, external risk, regulatory and compliance risk, financial risk and operational risk. Maybe you started thinking about whether your management team has the right capabilities? Or should a disaster hit, do you have a plan to locate your employees to ensure their safety? Have you educated your professionals enough about cyber-attacks – a whole other type of ‘disaster’? How do you finance new technology and does it comply with the pending regulations that may be approved? Will funding streams be impacted due to recent events? Regardless of the risks that came to mind, it can be overwhelming. By categorizing risks and beginning to assess concepts such as impact and likelihood, it can make managing them a bit more – ‘manageable’.
The political conversation about global warming aside, we cannot typically prevent natural disasters. As a result, we can only plan so much. Similarly, there are inherent risks to not-for-profits that may not be fully mitigated as some aspect of them are out of our control. As a not-for-profit, you likely experience challenges with some or all of the following:
Focusing on what you can control is more productive than stressing over things you cannot change. Again, assessing and prioritizing risks makes the most effective use of the effort needed to address them.
The maturity level of your organization and its risk ‘appetite’ play a crucial role in the level of risk program you ultimately implement. Developing organizations are sometimes willing to take on more risks to enhance rewards while pushing forward, while more established organizations often feel they have more to lose. Regardless of where you sit on the spectrum and why, it is important to discuss tolerance in order to establish a properly calibrated response.
The concepts surrounding risk need to be viewed as part of a continuous cycle and embedded into an organization. Encouraging the risk conversation as a part of your culture helps professionals understand, be aware, take ownership and act accordingly to identify, assess, mitigate and respond to risks. Keep in mind, risk management is a cycle, not a sprint – simply reacting to events and thinking about risk at a point in time is less productive than considering it holistically and responding as circumstances evolve.
Risk management among not-for-profits is vital to the success and sustainability of the organization. Identifying, analyzing, prioritizing, mitigating, monitoring and reviewing risk can not only potentially prevent negative impact to the organization (e.g. loss of revenue, bad press, etc.), it can also enhance the effectiveness and efficiency of operations. Risk assessments and resulting management plans can often identify areas for process improvement by refocusing resources and effort to more critical risks.
Using risk to your advantage enables you to take the next step in moving your organization forward. Understanding and acknowledging risk can enhance and inform strategic planning, which will be the focus of the next article in this series.
In the meantime, if you would like to further the discussion related to assessing your risks and using risk to your advantage, please fill out the form below and a member of our Management Consulting Services team will respond to you. Our professionals have extensive experience in this area and can help develop personalized plans to assess, manage and mitigate risk, putting you in a position of strength.