Estimated Reading Time: 5 minutes
By Melanie Lockwood Herman
Throughout the year I hear from risk leaders who tell me they are either ‘still using’ or are ‘back to using’ a risk register, an impractical tool from risk management antiquity that refuses to be forgotten. Although many risk functions have moved away from finance and into the realm of the COO, General Counsel, or Chief Strategy Officer, the spreadsheet-based risk register remains.
Instead of continuing to fight the good fight to dispatch with the useless versions of the risk register, my team has come up with several alternatives. Images of these better mousetraps appear below, and the complete set is available as a link at the end. NOTE: none of these registers are in spreadsheet form, because none require the functionality of a spreadsheet (re-ordering cells based on cell values).
Imagine what you’ll be able to do when you’re freed from the constraints of a spreadsheet!
Directions: List the TOP 5 risks your team is prioritizing for action this year. #1 is your #1 risk and so on. Reminder: a risk is a possibility: something that may or may not happen. If it’s already happening or is certain to, it may warrant action, but it’s not a top ‘risk.’
RISK DESCRIPTION
Use this space to describe the risk simply.
EXAMPLE: The possibility we could lose a major source of funding.
READINESS ASSESSMENT
Describe your team’s sense of readiness for the risk.
EXAMPLE: No funding source represents more than 5% of current annual revenues. However, we do not have backup plans to replace a lost funding source OR eliminate a program should a major source of funding dry up.
ACTION PLAN
Describe what you are doing and propose to do to build resilience in the face of the risk.
EXAMPLE: The Development Team will identify 5 new prospective funding sources by year-end. The Operations team will complete an exercise to identify the steps we could take to reduce the cost of 2-3 major programs, should a reduction in funding necessitate that.
Directions: List the TOP 5 risks your team is focusing on this year. #1 is your #1 risk and so on. REMINDER: a risk is a possibility, something that may or may not happen. If it’s already happening or is certain to, it may warrant action, but it’s not a top ‘risk.’
RISK DESCRIPTION
Use this space to describe the risk simply.
EXAMPLE: The possibility of a data breach exposing confidential client, donor, or staff data.
PRIORITY ASSESSMENT
Describe why this risk is top priority for the team this year, and also if there has been a shift.
EXAMPLE: Cybercrime is increasing worldwide, and organizations like ours must resolve to make additional investments in fortifying our defenses against a breach while ensuring we have a clear plan should those defenses fail to match the threat.
ACTIONS and DECISIONS
Use this space to describe ongoing or proposed actions, and any necessary decisions related to those actions.
EXAMPLE: We recently retained a third party to assess our systems and practices related to data privacy and security. We have selected 5 action steps from that assessment and will seek Board approval of a one-time expenditure of $50K to implement the action steps.
Directions: List the TOP 5 risks your team is focusing on this year. #1 is your #1 risk and so on. For each risk, identify the person or team who will be responsible for monitoring this risk. Specify key risk indicators (KRIs) and thresholds the organization will be looking for and which mitigations will be activated if a KRI is triggered. REMINDER: a risk is a possibility, something that may or may not happen. If it’s already happening or is certain to, it may warrant action, but it’s not a top ‘risk.’
RISK DESCRIPTION
Use this space to describe the risk simply.
EXAMPLE: The possibility that dissatisfaction with the discontinuation of remote work causes many staff members to leave simultaneously.
ACCOUNTABILITY CHAMPION
Indicate who or what team will be responsible for leading action planning and monitoring key risk indicators (KRIs).
EXAMPLE: The Chief People Officer supported by our Employee Engagement Task Force
KEY RISK INDICATORS for ACTION
Specify key risk indicators (KRIs), or monitoring metrics, that will trigger an activation of the risk action plan and describe the actions the team will take.
EXAMPLE: We’ve noted growing employee dissatisfaction in our annual employee engagement survey since returning to the office following the pandemic. The Employee Engagement Task Force is taking quarterly pulse surveys to monitor this decline. If the surveys continue to decline more than 10% through Q3, we will begin a trial hybrid work model.
To download the full suite of Risk Register Redux worksheets, click the green button below.
Download Risk Register Redux Worksheets
While these options may seem bare bones compared to your old risk registers, the NRMC team believes that you’ll find them refreshing and action-oriented. Each of our risk register refreshes puts the emphasis on exactly what your team needs to know to stay on top of the priority risks for your organization. We invite you to try your favorite now or perhaps put all three in circulation among your functional teams. Get feedback from actual users and find which one works best to inspire action!
“First let me congratulate you on a conference well done. I had a great time at the Nonprofit Employee Benefits Conference and walked away with some valuable tools and questions that we’ll need to be addressing in both the short and long term. Thanks to you and your staff for all you do to provide us with quality resources in support of our missions.”
“BBYO’s engagement of the Center to conduct a risk assessment was one of the most valuable processes undertaken over the past five years. Numerous programmatic and procedural changes were recommended and have since been implemented. Additionally, dozens (literally) of insurance coverage gaps were identified that would never have been without the work of the Center. This assessment led to a broker bidding process that resulted in BBYO’s selection of a new broker that we have been extremely satisfied with. I unconditionally recommend the Center for their consultative services.
“Melanie Herman has provided expert, insightful, timely and well resourced information to our Executive Team and Board of Directors. Our corporation recently experienced massive growth through merger and the Board has been working to better integrate their expanded set of roles and responsibilities. Melanie presented at our Annual Board of Director’s Retreat and captured the interest of our Board members. As a result of her excellent presentation the Board has engaged in focused review which is having immediate effects on governance.”
“The Nonprofit Risk Management Center has been an outstanding partner for us. They are attentive to our needs, and work hard to successfully meet our requests for information. Being an Affiliate member gave us access to so many time- and money-saving resources that it easily paid for itself! Nonprofit Risk Management Center is truly a valued partner of The Community Foundation of Elkhart County and we are continuously able to optimize staff time with the support given by their team.”
“The board and staff of the Prince George’s Child Resource Center are extremely pleased with the results of the risk assessment conducted by the Nonprofit Risk Management Center. A thorough scan revealed that while we are a well run organization, we had risks that we never imagined. We are grateful to know that we have now minimized our organizational risks and we recommend the Center to other nonprofits.”
Great American Insurance Group’s Specialty Human Services is committed to protecting those who improve your communities. The Center team has committed to delivering dynamic risk management solutions tailored to nonprofit organizations. These organizations have many and varied risk issues, hence the need for specialized coverage and expert knowledge for their protection. We’ve had Melanie speak on several occasions to employees and our agents. She is always on point and delivers such great value. Thank you for the terrific partnership and allowing our nonprofits to focus on their mission!