Risk Oversight: Who Dunnit?

By Erin Gloeckner

When I first heard the term risk oversight, I imagined a risk manager following clues in a deerstalker hat like Sherlock Holmes. I thought risk oversight meant chasing down the villain who allowed the risk to materialize. But risk oversight is not about blaming people when downside risks materialize. Those responsible for risk oversight don’t ask, “Who dunnit?” Instead, they ask, “How can we empower team members across our organization to take appropriate risks that advance our mission and strategic goals?”

In a way, the practice of risk oversight still reminds me of Sherlock and his partner, Watson. Just as Sherlock Holmes must be zealous in his search for the truth, nonprofit leaders must be fearless and vigilant while examining and anticipating strategic risks and opportunities. Watson approaches this mystery with rationality. Like Watson, nonprofit leadership teams must provide a grounded perspective on how risk-taking and risk-avoidance align with the nonprofit’s strategic goals. Every nonprofit’s leadership needs a bit of both Sherlock and Watson, and must consider, “are we taking the appropriate level of risk across the organization, in order to advance our objectives?” This holistic mindset is likely far more valuable in risk oversight than the common question, “is a particular risk being managed as desired?”

Risk oversight is not a task assigned to a single risk manager; instead, the board of directors and the staff leadership team share this responsibility. Multiple bird’s eye perspectives are necessary to help guide the organization-wide approach to risk-taking that aims to advance your nonprofit’s mission. Ultimately, you want management and the board to develop a shared vision of accountability for risk-taking, and to communicate that vision to staff members, thus offering them space to interpret the organization’s formalized appetite for risk. The traditional approach to risk oversight also asks management to decide which strategic risks should be escalated to the board, and which operational risks remain the responsibility of management or staff.

Risk oversight is a form of high-level nonprofit stewardship, with goals including:

  • Aligning risk-taking and risk-avoidance with the nonprofit’s mission and strategic priorities, and continuously monitoring the effectiveness of these efforts from both the board’s vantage point and the holistic perspective.
  • Distributing accountability for decision-making with regard to risk, while offering guidance to staff across the organization.
  • Empowering staff to take more risk–and take the appropriate risks to advance the nonprofit’s mission–by allowing them to interpret the board’s communicated risk appetite when making day-to-day decisions.

When nonprofit leaders fail to provide risk oversight, team members are more likely to engage in misaligned risk-taking and risk management activities. If you’d like to stop chasing the Hound of Baskervilles and develop an organization-wide approach to risk-taking that supports your strategic goals, consider partnering with NRMC for an ERM project, a governance assessment, or a strategic risk engagement.

Erin Gloeckner is the former Director of Consulting Services at the Nonprofit Risk Management Center.