Estimated Reading Time: 4 minutes
By Melanie Lockwood Herman
Frameworks for understanding and managing risk within organizations—often referred to as risk management “standards” exist in various forms throughout the world. Last week I had a wonderful opportunity to participate in the ongoing discussion about how voluntary standards and regulatory oversight of industry inspire, encourage and in some cases, coerce adherence to protocols that increase the safety of products and services. The opportunity arose from an invitation to discuss “Risk Management Standards for Nonprofit Organizations: Challenges and Opportunities,” at the International Conference on Risk Assessment and Management, sponsored by the United Nations Economic Commission for Europe (UNECE) in Geneva, Switzerland.
The conference attracted speakers and participants from numerous countries in Europe as well as representatives from Africa, Asia, South America, the Middle East and North America. During the segment of the conference in which I was called on to speak the familiar topic of “culture” came up several times. My reference on the topic was that the most disciplined application of a risk management standard can be diminished by an organizational culture that insists on diverting risk management responsibility to a single staff member.
During the period 2004-2005 the NRMC had an opportunity to design a number of risk management tools for use by nonprofits in Australia and New Zealand. During this time period we were exposed to the Australian/New Zealand Risk Management Standard (known as AS/NZS 4360: 2004), which was subsequently adopted throughout the world. Its widespread acceptance led to the development of what is being referred to as “the first global risk management standard.” That standard, which was published in November 15, is known as ISO 31000:2009. The new standard is the result of a multi-year international collaboration of top risk management experts from around the world. Also released this year is an accompanying piece, ISO/IEC Guide 73:2009, Vocabulary for Risk Management.
The new “global” standard offers yet another definition of risk:
[Risk is] the effect of uncertainty on objectives.
By including a reference to objectives, the new definition puts risk in context, something we have been urging nonprofit leaders to do since 2004. Leaders intuitively understand that risk arises and is shaped by the mission and goals of their organization, but unfortunately that intuitive grasp is often diminished when it comes time to addressing risk. Audiences of nonprofit CEOs and board leaders will often tell me that “risk is necessary,” and “risk is important…we have to take risks!” but later request a checklist to help them simply (and inexpensively!) avoid or eliminate the risks their organizations face. We’re eager to rush to “solve” the “problem” of risk rather than first reflecting on its role in advancing the mission of our organizations and its relationship to the goals and objectives that are essential for mission fulfillment. The availability of risk management standards, including the recently published ISO 310000:2009 can be helpful in our journey. But no standard obviates the need for reflection and ongoing dialogue about risk-taking and risk management.
As we engage in conversations about risk in our organizations we must also learn to cope with factors and influences beyond our scope of control. In some cases factors beyond our control (e.g., improving economic conditions) may support the realization of critical objectives, while in other instances that which we don’t control may impede mission fulfillment.
Perhaps nowhere is this more evident for nonprofits than financial matters. As many leaders across the country work to finalize budget projections for FY 2010 a great number are reflecting on the failure to accurately forecast the events of 2009. What signs did we miss? What steps could have been taken to minimize poor results in the current fiscal year? What additional information would have been instructive as budget projections were developed? Who in the organization—perhaps staff or board members—has special expertise, perspective or insights that should be tapped as we finalize the budget for the coming year?
While it is human nature to be eager to move past what was for so many nonprofits a very difficult year, sound risk management implores us to take time to reflect on the reasons our forecasts were inaccurate or “mistakes were made.” The missions of our organizations deserve this focus, and doing so can only improve the quality of our planning work for the year ahead.
Melanie Lockwood Herman is Executive Director of the Nonprofit Risk Management Center. She welcomes your feedback on this article and your questions about any risk management topic. Melanie can be reached at: Melanie@nonprofitrisk.org.
“First let me congratulate you on a conference well done. I had a great time at the Nonprofit Employee Benefits Conference and walked away with some valuable tools and questions that we’ll need to be addressing in both the short and long term. Thanks to you and your staff for all you do to provide us with quality resources in support of our missions.”
“BBYO’s engagement of the Center to conduct a risk assessment was one of the most valuable processes undertaken over the past five years. Numerous programmatic and procedural changes were recommended and have since been implemented. Additionally, dozens (literally) of insurance coverage gaps were identified that would never have been without the work of the Center. This assessment led to a broker bidding process that resulted in BBYO’s selection of a new broker that we have been extremely satisfied with. I unconditionally recommend the Center for their consultative services.
“Melanie Herman has provided expert, insightful, timely and well resourced information to our Executive Team and Board of Directors. Our corporation recently experienced massive growth through merger and the Board has been working to better integrate their expanded set of roles and responsibilities. Melanie presented at our Annual Board of Director’s Retreat and captured the interest of our Board members. As a result of her excellent presentation the Board has engaged in focused review which is having immediate effects on governance.”
“The Nonprofit Risk Management Center has been an outstanding partner for us. They are attentive to our needs, and work hard to successfully meet our requests for information. Being an Affiliate member gave us access to so many time- and money-saving resources that it easily paid for itself! Nonprofit Risk Management Center is truly a valued partner of The Community Foundation of Elkhart County and we are continuously able to optimize staff time with the support given by their team.”
“The board and staff of the Prince George’s Child Resource Center are extremely pleased with the results of the risk assessment conducted by the Nonprofit Risk Management Center. A thorough scan revealed that while we are a well run organization, we had risks that we never imagined. We are grateful to know that we have now minimized our organizational risks and we recommend the Center to other nonprofits.”
Great American Insurance Group’s Specialty Human Services is committed to protecting those who improve your communities. The Center team has committed to delivering dynamic risk management solutions tailored to nonprofit organizations. These organizations have many and varied risk issues, hence the need for specialized coverage and expert knowledge for their protection. We’ve had Melanie speak on several occasions to employees and our agents. She is always on point and delivers such great value. Thank you for the terrific partnership and allowing our nonprofits to focus on their mission!