Insights

Top 10 tips on the benefit of effective risk management and organisational resilience

Name: MHA
Price range: $

· Posted on: August 9th 2024 · read

Many charities are reporting that they are facing increasing financial uncertainties in the future that could significantly affect their activities, especially as a result of cost-of-living pressures, and the impact this has had on disposable income and potential for giving.

Top 10 tips on the benefit of effective risk management and organisational resilience Managing risk and resilience helps and organisation’s ability to thrive and survive. It can also help to break down silos and reduce costs if the organisation implements effective and efficient frameworks to ensure that these areas work collaboratively to achieve the strategic objectives in the organisation.

Of size, nature and complexity of your organisation, these top 10 tips will help you consider where you might improve or focus more keenly on your risk and resilience aims.

Share this article

Related tags

Industries

Not for Profit

Achieving your objectives
1. Charities exist to further their legal purposes but at times cannot achieve all they want for their beneficiaries due to a range of possible external and internal factors. By assessing your risk and opportunities, you can make better decisions about how to allocate resources and manage obstacles which might prevent you from achieving your objectives.
2. Action: Have you assessed the risks to the delivery of your key strategic and operational objectives and identified those areas which require the most attention. Is the charity’s leadership focused on a small number of critical areas or is your risk and resilience processes unwieldy
Resources in the right place at the right time
1. Understanding the risks your organisation faces means resources can be allocated in the most effective and efficient ways. Having a degree of agility to resource allocation could mean that it is possible to respond proactively to any changes in the risk environment.
2. Action: As part of your risk assessments or Business Impact Analysis processes, have you considered whether you have identified areas which may need additional, or perhaps less resource to achieve your objectives? This could be in the context of business-as-usual activities as well as during disruption. Have you considered the agility of resources and their ability to be reallocated to respond to the changing risk landscape?
Awareness
1. With effective risk, continuity and crisis response strategies in place, you’ll have more information and a better understanding of the risks and opportunities your organisation is facing. Being aware means, you’re prepared, likely to suffer less financially and more resilient if a risk materialises.
2. Action: Do you have effective business continuity and resilience strategies in place? How are they documented and shared? How agile and responsive are they to enable them to respond to a range of different circumstances? One of the key learnings from COVID has been that it is not necessary to have a plan in place that can respond to every potential scenario, but rather a plan which is agile and adaptable to a range of different circumstances. Consider how you communicate your active engagement in risk and resilience frameworks, strategies and processes to provide the necessary assurance to all relevant stakeholders are involved. Consider how you communicate your active engagement in risk and resilience frameworks, strategies and processes to provide the necessary assurance to all relevant stakeholders, including beneficiaries, supporters and funders. Have you considered all relevant parties, as well as the methods, timings and channels of communication?
Assurance
1. Having controls in place to manage your key risks is good, but knowing how effective they are is better as this will help you to better understand the extent to which risks are being mitigated and what further control actions may be required.
2. Action: Identify, for at least your key risks, what are your direct, indirect and independent sources of assurance that will inform you as to whether your controls in place are operating effectively in managing the risk. Where assurances are not in place, consider how such assurances could be obtained e.g. internal audit. Consider the extent to which you are utilising your assurances at the 2nd and 3rd line level to inform you over the effectiveness of controls in managing our risks.
Protection of brand and reputation
1. A charity’s brand and reputation is hard-won and highly valuable, but potentially very easily damaged. Being prepared for the worst means you should be able to respond efficiently and effectively. It minimizes the likelihood of making costly mistakes that could impact success or ultimately the existence of your organisation.
2. Action: Do you have effective response plans in place which include communication strategies? Consider testing (or retesting) the plans to ensure they remain relevant and effective and applying lessons learned across the organisation.

Industries

Not for Profit

Understanding and protecting your critical activities, services and processes
1. Understanding your risks and exposures as an organisation means you can put measures in place to mitigate those threats. Reducing risks and planning effective response strategies means you’re more likely to carry an operating after a significant incident and be in an even stronger position afterwards, with a better understanding of what makes a difference to your beneficiaries.
2. Action: Have you reviewed what is most important to the organisation? And what is required to ensure it continues to operate through a disruption? Updating your Business Impact Analysis and risks assessments will ensure that you can create effective response strategies. This does not necessarily mean a separate response plan is required for each area but rather a plan that is adaptable to range of situations.
A better risk culture
1. Embedding risk and resilience frameworks in your organisation means everyone becomes more aware and conversations about risk become the norm. More effective risk and resilience informed decisions are made when this is part of the culture. It also means that people are invested in the success of the organisation, and your existing resources are utilised more effectively.
2. Action: Consider reviewing your messaging on risk and resilience to the organisation, whether in training courses or other communications. How can you improve engagement and understanding of the importance of risk and resilience management and the relevance to all in the organisation? Consider utilizing engagement surveys to gauge the perceptions of staff of your risk culture and whether a consistent tone is being driven from the board.
Better quality risk and resilience data and reporting
1. Consistency across the quality of risk and resilience related data and the way it’s managed means risks can be reviewed and monitored more effectively. It makes reports more meaningful for those seeking assurance. Often inconsistency arises from a lack of clarity in the charity’s risk policy and procedures.
2. Action: What does your leadership want and need to see in terms of risks and resilience assessment and reporting? Does the charity have a clearly defined risk policy and is it regularly reviewed? How can you present risk information in a more accessible manner so that its impact is maximised? Discuss requirements and tailor your communications accordingly. This might also mean changing the type of data being gathered and the way it is collated. It may also mean that different types of information is presented to different groups e.g. the information requirements of the Board may be different from that of the management team.
Risk appetite
1. Understanding your appetite for different types of risk e.g. financial, safety, people etc. within the organisation better enables you to be able to respond to that risk, based upon the level of exposure that your organisation is able to accept. Embedding a risk appetite effectively can also assist in the development of an enterprise approach to risk management where it is considered from an opportunity in addition to a risk perspective.
2. Action: Consider what your appetite for risk might be for different types of risks and build that into your overall risk assessment process. Utilise the risk appetite score to help guide and prioritise the actions that need to be taken to reduce the level of risk to within your risk appetite tolerance. Be wary of over-complicating the process of risk appetite assessment.
Constantly build, develop and improve
1. Managing risk and resilience is an ongoing and dynamic process. Risks need to be reviewed after significant changes in an organisation along with any issues identified through horizon scanning. Working together and sharing information benefits not only the processes, it also means more effective use of resources and helps win hearts and minds of others across the organisation.
2. Action: Do you have processes in place to regularly review or capture new or emerging risks? Consider reviewing processes to understand areas of overlap. What information can you share? How can you improve these processes, for example, risk identification? Ensure that this becomes a dynamic part of your processes.