Risk management is the identification, evaluation, and prioritisation of risks (the effect of uncertainty on objectives) followed by coordinated and economical application of resources to minimise, monitor, and control the probability or impact of unfortunate events or to maximise the realisation of opportunities.
Risk management aims firstly to anticipate risks. Then, in the case of adverse risks, it aims to prevent them from arising or to minimise their impact if they do. In the case of positive risks, it aims to capitalise on opportunities that present themselves.
Most leaders in civil society organisations (CSOs) know well what Risk Management Plan is within the project area. It is an obligatory question which projects’ teams ask themselves when they run planning.
But how typical is an overall risk management plan in CSOs? YMCA Europe’s analysis shows that less than 50% of National YMCAs in Europe have such a document.
Small scale organisations should include consideration on this topic in the process of strategic planning. Quite often such a simple tool as SWOT analysis is used. Reflecting on Strengths, Weaknesses, Opportunities and Threats gives a chance to look overly at the external environment and its potential negative impact internally. But the disadvantage of such an approach is that often possible threats/risks are considered in connection with the identified internal “weaknesses” or vice versa. The approach often falls into a very general one; or covers very limited areas.
In addition consideration should be given to a PEST analysis. It involves evaluation of the following external factors and their potential impact on the organisation:
Political – political stability, tax guidelines, NGOs regulations, safety regulations, employment laws, etc.
Economic – inflation, interest rates, economic growth, the unemployment rate, exchange rates, brain leak, etc.
Social – demographics, cultural limitations, lifestyle attitude, education, emerging needs, etc.
Technological – technological advancements, available IT opportunities, lifecycle of technologies, the role of the Internet, etc.
Risk Categories
You can categorise risks by different features but the most common approach is the following:
- Contextual risks – external ones, outside the control of an NGO, like political situation, economic factors, etc.
- Programmatic risks – depend on how programmes, projects are designed and delivered; if they reach the needs and objectives; if they do any harm to the target groups, etc;
- Organisational risks – the ones connected with internal development like legal compliance, management, financial sphere, human resources, property, governance, reputation, security, IT management, etc.
Risk Management System
A risk management system encompasses many elements: a risk management policy, a risk management framework, and various risk management tools and processes.
The process of risk management usually incorporates the following steps:
- Clarifying what the organisation seeks to achieve – goals.
- Identifying the principal opportunities and dangers that may affect achieving these goals – uncertainties.
- Assessing the likelihood that each opportunity or threat will materialise – probabilities.
- Calculating the extent of the resulting gain or loss to the organisation from each opportunity or danger – magnitudes of the positive or negative consequences.
- Weighing what the organisation can do: 1) to increase the probability and the magnitude of the positive consequences of each opportunity, and 2) to decrease the probability and the magnitude of the negative consequences of each danger – risk management techniques for each opportunity or threat.
- Deciding whether and how the organisation is able to take these actions – costs and benefits of each technique.
Risk Management as Change Management
The root word of risk, risicare, means “to dare.” Daring to act audaciously is inherent to the lives of NGOs. Without taking risks, there is no innovation or social change.
The nature of NGO work is to dare constantly to make decisions and act to achieve positive results, while daring to hazard negative outcomes.
One of the beauties of the risk concept is its simplicity. As with anything occurring in the future, there is uncertainty about the results, desirable or undesirable; there are consequences of each positive or negative result; and one needs to focus on the probability of positive and negative results.
This definition of risk is powerful. Instead of struggling to avoid all uncertainties – for that would be to avoid all chances of positive outcomes – an organisation strives to increase the chances and size of positive outcomes while reducing the odds and magnitude of the negative outcomes. This dual strategy is the essence of strategic risk management.
It contrasts with the narrow, negative traditional focus – merely preserving the organisations past achievements from future losses. While guarding against loss, the NGO that manages risk strategically takes carefully chosen decisions, purposely mindful of the positive side of a potentially surprising future. An organisation managing risk strategically dares to succeed.
We are happy to introduce the example of Risk Management Plan from YMCA St Paul’s Group (YMCA England and Wales)
Created by Olga Lukina, Executive Secretary for Strategy and Movement Strengthening
Paul Smillie, Chair of YMCA Europe Movement Strengthening Committee
May 2022
The project “Organic Governance and Quality Development” is supported by Erasmus+, Key Action 2 programme.
Movement Strengthening in YMCA Europe is aimed at building the capacity of organisations in different spheres including governance, internal policies, quality standards and strategic planning.