Risk Assessment Perspectives: Re-Lens with Three Approaches

By Melanie Lockwood Herman

For some, an updated prescription from an optometrist is the perfect reason to pick out a new pair of frames. For me, a new prescription led me to purchase vintage frames, which required finding a company offering a “re-lens” service. Many retailers with optical departments are risk averse: refusing to put new lenses in an older frame due to the risk of damaging a frame that can’t be readily replaced. The process of ordering new lenses to fit an old frame got me thinking about lenses—devices that focus or modify the direction of light.

During NRMC-led Risk Assessments, our clients often identify their desire for an independent view as a key motivation for engaging our team. But we recognize that NRMC’s independent lens is limited by the professional experiences and worldviews that each team member brings to a project. So a first order of business in a Risk Assessment is soliciting input from a client’s internal stakeholders who have different points of view about the nonprofit’s history and vision for the future, as well as the risks that could bolster or impede success.

This week I’ve been reading about the work of educator, systems scientist, professor and author Béla H. Bánáthy, whose research included exploration of three different models or lenses through which to understand complex systems:

  1. Bird’s Eye Lens – Bánáthy’s first model, the Systems-Environment Model, invites the understanding of a system by seeing it within and in relationship to, its larger environment, or context. This model leads to scrutiny and consideration of key interdependencies and the multitude of effects of the environment on the system. Our team has been drawn to this approach—particularly as we conduct Enterprise Risk Assessments—and our clients tell us that the way we describe their respective “risk landscapes” helps them understand nuanced risks and risk-taking opportunities at a deeper level, in relation to mission and operating context.
  2. Still Picture Lens – A second model, the Functions/Structure Model, invites consideration of complex systems at a particular point in time. Although the results of a risk identification exercise often live on in a risk register, any assessment of risk probability and potential impact is a perception of the current situation. We often hear clients describe various aspects of their risk management analysis as a snapshot in time.
  3. Motion Picture Lens – Bánáthy’s Process Model invites an examination of a system based on how it is changing over time. In an ideal world, a risk assessment would present a three-dimensional moving picture of an organization in relationship to its risks, and to the most critical decisions in its path. To empower nonprofit leaders to undertake multidimensional and future-focused risk analysis, NRMC develops decision-making frameworks for vetting strategic risks (opportunities to take on higher-risk, higher-reward ventures) in our Strategic Risk Engagements. We also coach nonprofit teams to set and apply a shared risk appetite when making decisions that will affect the trajectories of their organizations.

I’ve long admired a colleague’s systems approach to risk management, which I’ve seen as a contrast to my tendency for linear thinking. Bánáthy’s work has helped me understand that there is more to systems thinking than first meets the eye! Perhaps incorporating all three lenses is the best approach to developing a richer understanding of the risks facing a nonprofit.

Risk Assessment Perspectives

Explore these key questions suggested by my colleague Erin Gloeckner to hone in on three risk assessment perspectives inspired by Bánáthy’s models.

Bird’s Eye Lens

  • What are the intersections or interactions between/amongst the individual risks we have identified?
  • Are we exploring risks in an overly simplified or siloed manner? How can we encourage a more holistic approach to risk identification and risk assessment?
  • Do we adequately consider the impact of risks and risk management efforts on our organization as a whole? On our various stakeholder groups (internal and external)? On our partners, peers, and the nonprofit sector itself?
  • What risk management initiatives can we implement to better manage multiple risks—rather than just one risk at a time?
  • What risks should we take, what risks should we manage/control, and what risks should be left unmanaged (or be monitored for the time being), in order to maintain an acceptable/appropriate level of risk across our organization and in regards to our strategic objectives?

Still Picture Lens

  • What are the most critical risks—and the most promising risk-taking opportunities—facing us at this point in time?
  • How should we prioritize and implement risk management efforts for the specific risks we just identified? (e.g., prioritize based on: risk severity/impact, risk likelihood/frequency, cost-benefit analysis, reputation impact or perceptions of stakeholders if risks are left unmanaged, etc.)
  • How should we prepare to continue monitoring the risks that we identified during this snapshot-in-time risk assessment?
  • What must we do to ensure that our snapshot risk assessment drives real, positive change within a timeframe in which the results are still actionable/relevant? (i.e., don’t just stick risk assessment results in a drawer!)
  • What lessons will this point-in-time analysis offer us when we reach another time or phase of organizational life? How can we reflect upon this analysis at that time, or prepare for that time using the results of this analysis?

Motion Picture Lens

  • How do we identify or sense risks as they emerge and change? Do we identify emerging risks (or understand the nuances of changing risks) before they begin to affect us too greatly?
  • For any individual risk we have identified, what are the many possibilities for how the risk could unfold? How can we prepare for those possibilities?
  • How can we better incorporate the consideration of risk and uncertainty into our day-to-day decision-making practices?
  • How can we empower all team members to make more informed decisions that align (for the most part) with a shared appetite for risk-taking?
  • What downside/threatening risks must we manage better in order to free up the time/resources needed to undertake higher-risk, higher-reward ventures that could advance our mission?

Melanie Lockwood Herman is Executive Director of the Nonprofit Risk Management Center (NRMC). Melanie welcomes your insights on risk assessment perspectives at 703.777.3504 or Melanie@https://nonprofitrisk.org/.