Unleashed: How to Inspire Risk Maturity

At this year’s Risk Summit, I’m excited to co-present a session on risk maturity, a timeless topic for risk champions. Evolving the approach to risk management—which may include simplifying, fortifying and many steps in between—is a familiar goal expressed by our consulting clients and Affiliate Members. The risk champions we meet year-round are resolved and ready to update and upgrade their risk programs to build resilience and readiness to face disruption.

Frequently expressed worries about risk program maturity include:

• “We’re doing risk management, but not in an integrated or holistic fashion.”
• “We talk about risk, but I’m not confident we’re talking about the right risks with the right people at the table.”
• “Our risk program consists of dated tools (think risk registers and heat maps!) which contrast with our modern, tech-inspired approach to service delivery.”
• “I’m not sure we’re learning and growing our risk management capabilities and know-how.

This year I’m teaming up with Gerry Zack, CEO of Risk Trek LLC, to present a session we’re calling Risk Maturity: Beyond the Tyranny of Run-On Risk Registers and Hopeless Heat Maps. I recently caught up with Gerry to chat about our expectations for the workshop.

Melanie: Thanks for suggesting a session on Risk Maturity! It’s such a relevant topic for risk professionals and teams that want to grow and learn. How might our session on this topic surprise and inspire participants? What are some of the misconceptions about risk maturity?

Gerry:  I think our session can address one of the biggest misconceptions: that maturing our risk management practices is inevitably a heavy lift. Prioritizing and mapping out steps that can be taken over several years is much more manageable and efficient than trying to fix everything in one massive effort.

Melanie: Agreed! I’m excited that we will show participants practical, goal-focused ways to mature risk management and explain why putting an end to filling boxes on a tyrannical risk register is the first step.

Gerry: Another topic we will cover is that improving risk management practices is a continuous process that is more than just being efficient; risk management should be seen and understood as a companion to strategy-setting and operational improvement.

Melanie: We’re excited that you’ll be presenting two sessions at this year’s Risk Summit, Gerry. Your second session is Fraud Risk Management in the Age of AI. Fraud is a top-of-mind, perennial concern for mission-focused leaders. As stewards of the resources provided for our missions, we need to be risk-aware and resolved to implement practical prevention and detection strategies. How is fraud risk—and fraud risk management—changing and evolving?

Gerry: Fraudsters are always devising new and creative ways to harm our organizations. Increasingly, they are utilizing emerging technologies to perpetrate fraud. The only way to combat fraud in today’s environment is to use more sophisticated methods of assessing risk and to better utilize data and technology in managing these risks.

Risk Maturity Tips and Insights

During a prior session on risk maturity, I shared these tips from our work as risk advisors:

• As you work to elevate risk management or evolve from a traditional approach (avoiding losses) to Enterprise Risk Management (gaining a bird’s eye view and holistic approach), remember to focus on the essential goal of building risk awareness in an environment of inevitable uncertainty.
• Don’t feel confined to existing (or conventional) tools—especially risk registers and heat maps—just because they have been around forever, especially if they have questionable utility
• Stay humble and in learning mode: no risk program offers a prescient forecast of future events. The best you can hope for is to build resilience and readiness to manage through (and possibly learn to relish and welcome) surprises
• Promote risk optimism by asking:
  • What silver lining lessons and insights have we experienced from recent risks that we had hoped to avoid?
  • What exciting possibilities would be within reach if we are able to free up staff time by simplifying our approach to risk management?
  • What could we do to become more comfortable embracing mission-advancing risks this year?

Variety is the Spice in Life (and Risk Management)

The NRMC team offers hands-on help, supportive coaching, and creative design to modest (and grand!) plans to evolve risk practice in nonprofits with myriad missions. Some of the varieties of improvements we’ve helped support include:

• Expanding the risk team in a nonprofit to include professionals from multiple functions
• Drafting clear statements describing the risk function’s goals, purpose, and areas of focus over one, two, or three years
• Hiring a full-time risk professional to assume the role of internal risk champion and subject matter expert
• Broadening the scope for an existing board committee (e.g., from Audit Committee to Audit and Risk Oversight Committee)
• Drafting a Risk Management Plan describing the function’s purpose, scope, components, and intended outcomes
• Completing a practical Business Continuity Plan that will be a roadmap for managing through future disruptions to normal operations
• Convening annual risk workshops to revisit and streamline risk registers into practical documents that inspire risk awareness and action.

Whatever steps you’re prepared to take to improve the risk function in your nonprofit, I hope you’re feeling optimistic and supported. Your agency won’t be the first—or the last—to ponder practical steps to modernize your approach and strive for ‘better’ practices all around. If you’re a current or former consulting client of NRMC or a current Affiliate Member of NRMC, please know that there is no cost to speak with us about your vision and plans. We welcome the opportunity to ponder the goals you have for evolving risk management. We’ll help you find options, pathways and practical steps you can take without delay.

Melanie Herman is Executive Director of the Nonprofit Risk Management Center. She welcomes your questions about evolving your nonprofit’s risk management program and your stories about planting strategic seeds of maturity and growth at 703.777.3504 or Melanie@nonprofitrisk.org.