Risk and Risk Management

May 30, 2018 | Author: supriyaverma1989 | Category: Risk Management, Risk, Nonprofit Organization, Goal, Strategic Management
Report this link


Description

Risk and Risk Management Risk can be defined as the combination of the probability of an event and its consequences. In all types of undertaking, there is the potential for events and consequences that constitute opportunities for benefit (upside) or threats to success (downside). Risk Management is increasingly recognized as being concerned with both positive and negative aspects of risk. Therefore this standard considers risk from both perspectives. In the safety field, it is generally recognized that consequences are only negative and therefore the management of safety risk is focused on prevention and mitigation of harm. Risk is anything that can derail your nonprofit from accomplishing its mission. Risk management is a discipline for identifying risks, assessing how serious or severe the risks are, and determining ways to address that uncertain future with a goal of avoiding or minimizing harm and financial losses. Risk management focuses on those events or occurrences that may cause injury or harm to a nonprofit’s clients, its assets (including employees and volunteers) and its reputation. Risk and Risk Management Risk-uncertainty of the outcome Risk can bring unexpected gains. It can also cause unforeseen losses, even catastrophes. Risks are common and inherent in the financial markets and commodity markets: asset risk (stocks...), interest rate risk, foreign exchange risk, credit risk, commodity risk and so on. There are two totally different attitudes toward risks: Risk aversion: quantify an identified risk and control it, i.e., to devise a plan to manage the exposed risk and convert it into a desired form. Basically, two kinds of plans are available: a. Replace the uncertainty with a certainty to avoid the risk of adverse outcomes even if this requires giving up the potential gaining opportunity. Be willing to pay a certain price for the potential gaining opportunity, while avoiding the risk of adverse outcomes. 1. 2. Risk seeking: willing to take the risk with one's money, in hope of reaping risk profits from investments in risky assets out of their frequent price changes. Acting in hope of reaping risk profits from the market price changes is called speculation. The most common risks facing nonprofits: The frequency of a particular risk will depend on what activities your nonprofit is engaged in. Youth-serving organizations and those serving vulnerable persons are always concerned about the safety of their clients in the hands of volunteers or staff who provide services. Yet, the most common risk for those organizations may be related to the fact that the clients are being transported every day in vans, exposing them and the driver to a possible motor vehicle accident. A serious risk that every nonprofit faces is the risk that its reputation or good will in the community could be eroded by any number of circumstances, from a surly receptionist to financial improprieties. Each nonprofit needs to conduct an assessment of its activities to determine what its own most common risks may be. Statistically, if your nonprofit has any employees, it is probable that at some point the organization will be faced with an employment-related claim. Common claims in the property and casualty area include slips, trips and falls and motor vehicle accidents. Sorts of events which cause us to lose our tax-exempt status: Your organization’s articles of incorporation probably mirror the IRS regulations under Code Section by providing a fairly specific checklist of what to avoid: (i) Operating so that more than an insubstantial part of the nonprofit’s activity furthers a purpose(s) other than its charitable purpose (ii) Conferring private benefit (usually financial) on other entities or individuals (iii) Supporting or opposing a candidate for public office (iv) Upon dissolution, distributing remaining assets to someone, or something, other than the government or another tax-exempt organization. Many times the first enforcement step is for the IRS to impose penalties, called “intermediate sanctions” against the nonprofit, the person who received the excess benefit and board members who approved the nonprofit’s actions. However, in egregious situations the IRS will move directly to revoke an organization’s status. Some specific circumstances that can cause a charity to lose its tax-exempt status are: • Taking out an ad in the paper encouraging readers to vote for a particular candidate Running a commercial activity through the nonprofit that has no relation to the mission and/or that takes up more than an insubstantial amount of time, energy and resources, so that it overshadows the charitable activities of the organization. • • Engaging in a transaction that results in compensation to an individual or to another organization that exceeds the fair market value of the goods or services rendered to the nonprofit. • Failure to file the organization’s annual report, IRS Form 990. Prioritize all the possible risks facing our organization: To prioritize your risk management ‘to do’ list, you need to determine which risks are most likely to occur, as well as which risks will result in the most severe harm. This exercise is called a “risk assessment.” For some organizations, losing power or water damage due to severe weather may be a frequent occurrence that has been successfully managed so that if it happens in the future there may be minimal disruption and financial impact; while for others, a catastrophic loss such as a child drowning, may be extremely unlikely given the supervision and safety procedures in place, but, because of the severity of the loss, risk management procedures at the waterfront/poolside are a high priority for that nonprofit. • The Nonprofit Risk Management Center offers risk assessment consulting services to assist nonprofits with an overall assessment of their unique risks. Often a review of a nonprofit’s insurance program is completed simultaneously so that the nonprofit has a better idea of whether its various risks are adequately addressed through insurance. Risk Management Risk management is a central part of any organization’s strategic management. It is the process whereby organizations methodically address the risks attaching to their activities with the goal of achieving sustained benefit within each activity and across the portfolio of all activities. The focus of good risk management is the identification and treatment of these risks. Its objective is to add maximum sustainable value to all the activities of the organization. It marshals the understanding of the potential upside and downside of all those factors which can affect the organization. It increases the probability of success, and reduces both the probability of failure and the uncertainty of achieving the organization’s overall objectives. Risk management should be a continuous and developing process which runs throughout the organization’s strategy and the implementation of that strategy. It should address methodically all the risks surrounding the organization’s activities past, present and in particular, future. It must be integrated into the culture of the organization with an effective policy and a programmed led by the most senior management. It must translate the strategy into tactical and operational objectives, assigning responsibility throughout the organization with each manager and employee responsible for the management of risk as part of their job description. It supports accountability, performance measurement and reward, thus promoting operational efficiency at all levels. Risk Management Plan: Just as a nonprofit might design a strategic plan to address its goals and outline how to achieve them, similarly, a risk management plan is a way to identify risk management goals, strategies to achieve them, measurable outcomes, as well as who will be accountable. A risk management plan may include policies that the nonprofit already has, or articulate goals to adopt in the future. Generally the risk management plan is developed by a committee that includes staff and board and adopted by the board as part of the board’s overall commitment to good governance. Risk Management Plan There are four stages to risk management. They are: • Risk Identification • Risks Quantification • Risk Response • Risk Monitoring and Control Risk Identification In this stage, we identify and name the risks. The best approach is a workshop with bbusiness and IT people to carry out the identification. Use a combination of brainstorming and reviewing of standard risk lists. There are different sorts of risks and we need to decide on a project by project basis what to do about each type. Business risks are ongoing risks that are best handled by the business. An example is that if the project cannot meet end of financial year deadline, the business area may need to retain their existing accounting system for another year. The response is likely to be a contingency plan developed by the business, to use the existing system for another year. Generic risks are risks to all projects. For example the risk those business users might not be available and requirements may be incomplete. Each organization will develop standard responses to generic risks. Risks should be defined in two parts. The first is the cause of the situation (Vendor not meeting deadline, Business users not available, etc.). The second part is the impact (Budget will be exceeded, Milestones not achieved, etc.). Hence a risk might be defined as "The vendor not meeting deadline will mean that budget will be exceeded". If this format is used, it is easy to remove duplicates, and understand the risk. Risk Quantification Risk need to be quantified in two dimensions. The impact of the risk needs to be assessed. The probability of the risk occurring needs to be assessed. For simplicity, rate each on a 1 to 4 scale. The larger the number, the larger the impact or probability. By using a matrix, a priority can be established. Note that if probability is high, and impact is low, it is a Medium risk. On the other hand if impact is high, and probability low, it is High priority. A remote chance of a catastrophe warrants more attention than a high chance of a hiccup. Risk Response There are four things you can do about a risk. The strategies are: • Avoid the risk. Do something to remove it. Use another supplier for example. • Transfer the risk. Make someone else responsible. Perhaps a Vendor can be made responsible for a particularly risky part of the project. • Mitigate the risk. Take actions to lessen the impact or chance of the risk occurring. If the risk relates to availability of resources, draw up an agreement and get sign-off for the resource to be available. • Accept the risk. The risk might be so small the effort to do anything is not worthwhile. A risk response plan should include the strategy and action items to address the strategy. The actions should include what needs to be done, who is doing it, and when it should be completed. Risk Control The final step is to continually monitor risks to identify any change in the status, or if they turn into an issue. It is best to hold regular risk reviews to identify actions outstanding, risk probability and impact, remove risks that have passed, and identify new risks.


Comments

Copyright © 2024 UPDOCS Inc.