To say that the term risk assessment has many meanings is an incontrovertible understatement. My Google search of the phrase what is a risk assessment yielded more than 127 million results in an astonishing .88 seconds! From time to time at NRMC we ponder what the phrase means, and why it’s relevant-to the mission of the people and community-serving organizations we serve.
WHY Risk Assessment Matters
- Stewardship is Significant: The leaders of nonprofits are mission stewards, responsible for guiding, supporting and sustaining the missions, values and assets of their organizations. In his book Finance Fundamentals for Nonprofits, thought leader Woods Bowman reminds us that: “…the risks of a nonprofit are borne by the people it serves (its clients), who have neither a voice in selecting the organization’s leadership nor the ability to manage the risks.” It is thus the responsibility of nonprofit leaders to manage risks that might directly or indirectly affect our stakeholders.
- Stuff Happens: All nonprofit teams face obstacles and difficulties–some capably forecast and some startling–throughout their organizational journeys. Thoughtful leadership and mindful management cannot eliminate the possibility of frustrating or resource-draining “stuff” obstructing your view or impeding your progress.
- Reflection Builds Resilience: Reflecting on the risks in your landscape is a vital step in building resilience. Former NRMC board member Felix Kloman says it best: “The proper goal of risk management is to build and maintain the confidence of stakeholders. That combined confidence and trust is often translated into much-needed support, financial and otherwise, when surprise inevitably hits. It is the essence of resilience.”
HOW Nonprofits Evaluate Their Risks
In the NRMC team’s experience, risk assessments take various forms. For example:
- Intuitive Approach: Some leadership teams (boards, staff teams, volunteer teams, etc.) intuitively ponder the risks associated with any change in strategy or new program. We’ve heard from our consulting clients and Affiliate Member teams that instinctive questions like “what are the risks associated with that?” often pop up during team meetings. Often a single team member can be counted on to ask that question, while in other groups various members take a turn with the risk champion or devil’s advocate role. One of the goals we’ve heard client teams reiterate time and time again, is to evolve risk management in a way that makes risk management skills–or the function itself–baked-in rather than bolted-on. One possible motivator for a baked-in risk function is the recognition that creating a new department of risk professionals is impractical and costly. Few leaders of ambitious nonprofit organizations have extra dollars or people available to support and fully-staff a new risk management function. A dedicated risk function also won’t guarantee that all of your team members are considering risks while making decisions each day. Read our article Designing a Durable, Doable Risk Management Function & Capabilities to explore this topic further.
- Checklist Approach: Still other nonprofit teams use checklists to assess risk management capabilities and identify gaps. I wrote about the potential value of checklists in the Risk eNews article Making My List and Checking It Twice, describing them as “among the simplest and least expensive tools at your disposal.” I was inspired to rethink my aversion to risk management checklists after reading The Checklist Manifesto: How to Get Things Right. In his terrific book, Atul Gawande explores how the simple device of a checklist can help translate a large data set into safer practices.
- Deep Dive, All-In Approach: Yet another approach to risk assessment is a full-on review, facilitated by an internal or external risk champion. At NRMC we are honored every time we are selected to lead a Risk Assessment or an Enterprise Risk Assessment for a nonprofit client. During these intensive engagements, we interview stakeholders representing diverse vantage points across the organization, we bring an outsider’s fresh perspective as we consider the nonprofit’s risk landscape, and we present detailed recommendations for action steps and strategies that will fortify the mission and key objectives of the nonprofit. These engagements often wrap up with training or risk champion coaching to equip our client teams with the resources they need to sustain lasting changes to their risk programs.
Each of these approaches offers a potentially meaningful, mission-advancing way to uncover and better understand the risks you face. Each approach can inspire action in the face of the inevitable uncertainty facing all organizations. Yet many nonprofit teams crave a self-guided option–one that is less time-consuming than an all-in assessment and more nuanced than a checklist.
My Risk Assessment
I’m excited to announce the release a brand-new self-assessment web application for nonprofit teams: My Risk Assessment. Inspired by earlier self-assessment tools developed by NRMC and lessons and insights from many deep-dive risk assessments we have led, the new My Risk Assessment is a powerful, practical and affordable fourth option for teams seeking to understand and act on their principal risks. How does My Risk Assessment work?
- Risk Ranking Capability – A brand new Risk Ranking feature enables users to swiftly create a team and invite colleagues to select and rank their top risks. Whether you want to poll a team of twelve or cast of hundreds, My Risk Assessment gives a risk champion the ability to quickly and efficiently gut-check different perspectives on risk. The Risk Ranking component features 100 risks suggested by NRMC and covers 13 areas of exposure and operations. Users have the option of adding two organization-specific risks before inviting their team members to weigh in. The web app aggregates team member scores and reports the number of votes and relative rank on a top ten list of risks. We recommend that teams use the Risk Ranking feature as a starting point for a conversation about priority risks, exploring the top ten list to validate it and to determine what risks require action.
- Risk Advice from Trusted Advisors to Nonprofits – My Risk Assessment features 13 topical risk assessment modules that users can complete to self-assess the risks facing their organizations. The NRMC team updated the assessment questions, the pop-up advice, and the detailed report and recommendations shared after you complete one or more of the 13 modules. All of the guidance in My Risk Assessment is written by NRMC team members, who are risk champions with experience advising hundreds of leadership teams in diverse nonprofits.
- Robust Reporting – You asked and we answered! Users of My Risk Assessment are able to generate an Executive Summary containing a high-level overview of assessment highlights and suggested action steps, or a full report with detailed recommendations, context, and helpful resources. Choose the report format that suits your needs in the moment, and return anytime to download or share the shorter or more substantive version of your risk assessment report.
Whether you’re a long-term risk champion who is rarely surprised by risk events, or a leader who has recently accepted a risk leadership role, I’m confident that you’ll find tremendous value in this new web app, designed for large and small nonprofits alike. We invite your questions and feedback as you use My Risk Assessment to delve into the always fascinating, never lackluster world of risk in your organization! Contact us at 703.777.3504 or email@example.com with your questions.
Melanie Lockwood Herman is executive director of the Nonprofit Risk Management Center. Melanie welcomes your thoughts about the “why” and “how” of risk assessment in the nonprofit sector at Melanie@nonprofitrisk.org or 703.777.3504.