What is Risk Management?
Risk management is not a task to be completed and shelved. It is a process that, once understood, should be integrated into all aspects of your organization's management. Risk management is the ongoing process of:
- identifying and prioritizing risks;
- developing a written action plan for each significant risk;
- sharing the plan with staff and providing training if necessary; and,
- monitoring and updating the plan where necessary.
Read more about general risk management:
About Risk Management Committees: An Invaluable Resource (Nonprofit Alliance)
Getting started managing your risk (Insurance Bureau of Canada, 2010)
Starting a Risk Management Process
One way to categorize different risks is to look at the four assets that all nonprofit organizations have:
- people (directors, volunteers, employees, clients, donors)
- real property (includes buildings, facilities)
- income (donations, membership fees, grants & contributions, investment earnings)
- goodwill (reputation, stature in the community, ability to raise funds, appeal to prospective volunteers, board members, & staff)
Risks differ depending on your organization's unique activities and holdings. For this reason we are dealing with specific risk management principles in the other subject specific areas, such as Board Governance and Staff Management. A risk for a board member could be a lawsuit flowing from a board decision. A risk for a volunteer could be an accident while driving a client to an appointment. A risk for a building could be fire or water damage. A risk to office supplies could be theft. A risk to grants and contributions could be a change in government. A risk to goodwill could result from a scandal.
The Boundary Form : a simple and powerful risk-management tool (Imagine Canada, 2010)
Do you need Risk Management or Insurance?
Risk management is not the same as insurance.
Proper insurance pays for legal fees, settlements or judgements in the event that your organization is sued. But too often insurance represents a large portion of a nonprofit's total risk management effort. Insurance provides help after the problem or allegation has already occurred. It's necessary, but it's not enough; appropriate risk management can often stop problems from occurring in the first place.
The risk management process provides a framework for identifying risks and deciding what to do about them. It is easy to become overwhelmed by the huge list of risks facing an organization, but not all risks are created equally. Risk management is about assessing risks and deciding which require immediate attention.
- Legal Risk Management Checklist for Charities (Carters Professional Corporation, 2011)
- Legal Risk Management Checklist For Not-For-Profit Organizations (Carters Professional Corporation, 2012)