Can you imagine a world without hypothetical questions? No more likely than a world without risks. Operating a nonpro fit organization is filled with countless challenges and dangers: some known, most not. To be successful, an organization's board must actively face risks and re d u c e them to bearable levels. Collectively, directors have the legal and moral responsibility to pro v i d e leadership. And one very important way to do that is to be concerned about loss.

The goal of risk management is to improve management by acknowledging and controlling risks. Risk management is not about buying insurance. It is not about avoiding lawsuits. Instead it is about protecting and conserving your organization's resources and providing goods and services sensibly. The purpose of risk management is to improve an organization's operations by having risks acknowledged and, as possible, controlled.

But surely - some of you are bound to say - that's the wrong end round. Organizations need to concentrate on service delivery, on their mission driven goals to meet the needs of those whom they serve. Being pre-occupied about gloom and doom detracts from what should be done.

But with discussion about the nature, role and responsibilities inherent in identifying and managing risk, we can put in place techniques for protecting our organizations and ourselves from unanticipated losses. In doing so we will better achieve our goals and more ably respond to those whom we serve.

Risk management is a kind of critical thinking: reflecting on the assumptions underlying our ideas and actions and considering alternative ways to think about what we have been doing. Risk management provides tools to protect volunteers and gives them the confidence to perform their assignments. The risk management process provides a systematic method of responding to the dangers of an organization's operations.

The Nature of Risk Management

The origins of risk management are in property science and transport and materials management. Risk is the probability of loss. In these environments - more susceptible to traditional engineering - the following word formula can be used to illustrate the concept:

risk = probability x consequences

In this kind of risk assessment, the rule of thumb is that the relative risk to compare two activities should be a difference of at least one order of magnitude before considering one activity over another. The ability to determine the probability with any degree of accuracy even in more traditional areas that service delivery - is difficult if not impossible. The first conclusion of the application of risk management techniques to non-profit organizations is that risk assessment in non-profit agencies is imprecise. But having said that, the second conclusion is that risk assessment is a very valuable exercise - but only if the decision makers are closely involved from the beginning and on an on-going basis. It is more useful to carry-out the analysis than to read the computed numbers.

Risk management attempts to provide techniques for controlling perils. Boards of large organizations may be able to afford the services of a professional risk manager, and others may rely upon the organization's administrators to implement risk-management policies, but responsibility always lies with the board. Most boards would do well to have a risk-management committee with special, although hardly exclusive, responsibility for assessing and responding to risks. Developing a written risk-management policy is another effective means of demonstrating to insurers and staff that the board takes risk management very seriously.

Good board procedures are themselves good risk-management procedures. The fundamentals of risk management that every nonprofit organization board member needs to understand are quite straight-forward and, for the most part, intuitively familiar. There is a way of approaching risk management systematically and in doing so bringing to light some aspects of the process that might be overlooked. Thinking about this process and putting it down on paper is the development of a risk management policy for your organization.

Goals of Risk Management

Risk management is not the same as purchasing insurance, nor is the board's job limited to protecting its members from personal liability. Deciding whether to purchase insurance and, if so, how to obtain the best insurance value is an essential part of risk management, but it is far from the whole stor y. The primary goal of risk management is to enable the organization to survive and carry out its mission.

Beyond survival, the goals of risk management vary depending on the purposes and objectives of individuals and organizations. Possible goals might include

  • Ensuring a safe environment for employees, volunteers, and service recipients;
  • Reducing the anxiety and fear of liability of employees and volunteers;
  • Conserving the assets of the organization so that it can pursue its mission;
  • Ensuring compliance with legal requirements; and
  • Ensuring that individuals harmed by the organization's activities receive adequate compensation.

Some of these goals can be achieved by purchasing insurance; many cannot. The most insurance can do is provide money - often not all the money needed - to compensate for harm the organization causes or harm done to it. Preventing the harm is better than relying on insurance to pay a loss. Thus, a comprehensive risk-management program must transcend preoccupation with insurance.

The Risk Management Process ­ An Overview

At first, risk management might seem like an overwhelming proposition. Fortunately we can lay out the risk management process in a basic, step-by-step format. After developing your policy statement, do the following:

Step l: Look For The Risks

Step 2: Assess Them

Step 3: Exercise Control.
Select methods to control or finance the risk and implement them

Step 4: Implement Decisions By Managing Claims and Losses
Report claims and losses and settle claims and losses
Keep claims and loss records

Step 5: Monitor Your Program and Make Required Changes

Where To Start & What To Do

  • Become Familiar With The Terms
  • Become Familiar With The Process
  • Develop A Risk Management Policy
  • Establish A Risk Management Committee
  • Do A Risk Management Audit
  • Follow The Process
  • Revisit The Process
  • Be True To and Do Your Mission

Some Rules of Thumb

  • Risk assessment in non-profit agencies is imprecise.
  • Risk assessment is a very valuable exercise - but only if the decision makers are closely
  • involved from the beginning and on an on-going basis.
  • Good board procedures are good risk-management procedures.
  • Insurance is the last decision, not the first; otherwise it substitutes action for thought.
  • Preventing the harm is better than relying on insurance to pay a loss. The transfer of risk
  • by insurance is always partial. At most, the financial consequences of the risk are transferred.
  • Develop a written risk management policy and establish a risk management committee
  • Develop check lists and flow charts specifically designed to examine your organization's
  • anticipated activities.

Finally And Most Importantly

  • Develop a positive risk management attitude through your organization.

Laird Hunter is a lawyer with the firm of Worton & Hunter in Edmonton, Alberta.

 

These Not-For-Profit and Charity Law Pages (http://www.law-nonprofit.org)
are copyright to LawNow, but may be copied for educational use by not-for-profit and charitable groups.

LawNow Magazine Legal Studies Program Canadian Legal FAQs Access to Justice Network Not-for-Profit Pages