Risk management rocks – Part 1

When asked to define risk, most nonprofit senior leaders, including corporates, describe their view of risk as: something negative that happens to the organisation; the potential for loss; fraud; negative publicity; things that go bump in the night that we hope will never happen to us.

However when asked how their staff view risk, the descriptions get even more depressing: a pain in the neck; too complicated and difficult; something we have to do; a compliance issue; not much use in our day to day work; health and safety; nasty, yucky, icky things that go bump in the night.

What if risk was the opposite to what most of us believe it to be?

The true description of risk is “anything that impacts on our ability to achieve our strategic objectives”. This is very different to what most people view risk as, resulting in risk obtaining a bad reputation. Risk is not inherently good or bad. It is about the things that happen outside our expectations that might have an impact on our ability to achieve the strategic objectives of the organisation.

The two main formal definitions of risk to be aware of are from Standards Australia (Australia) and the Committee of Sponsoring Organisations of the Treadway Commission (COSO, USA). They are very similar in intent, and focus on the strategic potentiality of risk, rather than the negative loss point of view. For example, the Australian/New Zealand Standard AS/NZS 4360/2004 defines risk as:

“The chance of something happening that will have an impact on goals”

And risk management as:

“The culture, processes and structures that are directed towards the effective management of potential opportunities and adverse effects”

(Note the use of ‘opportunities’.)

What would it be like if risk was viewed as just another way of looking at potential opportunity and innovation? What if risk management was viewed as creating a culture of innovation?

So let us recast risk into what the formal standards already describe as risk:

“Risk is strategic advantage”

Might this perhaps give Board, leaders and staff a different view on risk, and start to get risk management back into the arena of possibility and strategic advantage, rather than compliance?

Points of view about risk

Here are some questions to ask about points of view regarding risk:

–  How do our staff view risk?
–  How do our leadership team view risk?
–  How does the chief executive view risk?
–  How does the Board view risk?

What would it take for all organisational risk stakeholders to view risk as strategic advantage?

What is the point behind risk management?

The point behind risk management is to:

1.  Identify all potential risks
2.  Rank from the potential of occurring, including its possible impact
3.  Determine the quality of existing controls on the risks
4.  Develop new controls and strategies for the risks
5.  Monitor these new controls
6.  Extract strategic advantage

A simple process, which is often made very complicated and difficult by the points of view that people hold about what risk is. And most organisations do not extract strategic advantage from the risk management process.

Risk management is the conscious awareness of all the risks involved in the organisation, the strategic advantage of these risks, and the ease with which these risks can be managed. Though risk is inherent within all business opportunities, many leaders prefer to be risk averse. Translated, this means they are “opportunity” adverse. If an organisation sees itself has having a low risk appetite, this can be translated to mean “low opportunity appetite”. This can lead to missing opportunities and ignoring strategic advantage. Sound familiar?

How risk is defined and acted upon is all a matter of choice of the leaders. Nonprofit leaders can choose to view risk as bad, complex and to be avoided, or as a strategic advantage and potential source of innovation that can enable the organisation to undertake
activities that others might not even consider.

Steven Bowman
Global Nonprofit Advisor
Conscious Governance

For more details and examples of risk and strategic plans, view Conscious Governance latest e-books and blended-learning programs available for download online