Risk Management for Nonprofit Organizations
eBook - ePub

Risk Management for Nonprofit Organizations

Rick Nason, Omer Livvarcin

  1. 194 pagine
  2. English
  3. ePUB (disponibile sull'app)
  4. Disponibile su iOS e Android
eBook - ePub

Risk Management for Nonprofit Organizations

Rick Nason, Omer Livvarcin

Dettagli del libro
Anteprima del libro
Indice dei contenuti
Citazioni

Informazioni sul libro

Risk Management for Nonprofit Organizations is a straightforward, yet comprehensive guide that can be used to easily communicate effective risk management ideas among the various stakeholders who comprise a nonprofit organization.

This book positions risk management as a key element in successfully managing a nonprofit organization. Risk management in nonprofits has several unique characteristics that distinguish it from risk management in for-profit organizations. The authors present and explain specifically tailored strategies and tactics for risk management in nonprofits.

Risk Management for Nonprofit Organizations is a straightforward, yet comprehensive guide that can be used to easily communicate effective risk management ideas among the various stakeholders who comprise a nonprofit organization. This is a book that can be used to educate and inform nonprofit professionals as well as the nonprofessional volunteers who are so critical to the operations of many nonprofits. It is a tool that will enhance both understanding and communication of risk management principles.

Written in clear, jargon-free language, it is a resource that can be read by board members, professional nonprofit managers, volunteers, and other stakeholders of the nonprofit organization. As a tool for building a common appreciation and understanding of risk management, this book has the potential to become a valuable asset for the nonprofit organization.

Domande frequenti

Come faccio ad annullare l'abbonamento?
È semplicissimo: basta accedere alla sezione Account nelle Impostazioni e cliccare su "Annulla abbonamento". Dopo la cancellazione, l'abbonamento rimarrà attivo per il periodo rimanente già pagato. Per maggiori informazioni, clicca qui
È possibile scaricare libri? Se sì, come?
Al momento è possibile scaricare tramite l'app tutti i nostri libri ePub mobile-friendly. Anche la maggior parte dei nostri PDF è scaricabile e stiamo lavorando per rendere disponibile quanto prima il download di tutti gli altri file. Per maggiori informazioni, clicca qui
Che differenza c'è tra i piani?
Entrambi i piani ti danno accesso illimitato alla libreria e a tutte le funzionalità di Perlego. Le uniche differenze sono il prezzo e il periodo di abbonamento: con il piano annuale risparmierai circa il 30% rispetto a 12 rate con quello mensile.
Cos'è Perlego?
Perlego è un servizio di abbonamento a testi accademici, che ti permette di accedere a un'intera libreria online a un prezzo inferiore rispetto a quello che pagheresti per acquistare un singolo libro al mese. Con oltre 1 milione di testi suddivisi in più di 1.000 categorie, troverai sicuramente ciò che fa per te! Per maggiori informazioni, clicca qui.
Perlego supporta la sintesi vocale?
Cerca l'icona Sintesi vocale nel prossimo libro che leggerai per verificare se è possibile riprodurre l'audio. Questo strumento permette di leggere il testo a voce alta, evidenziandolo man mano che la lettura procede. Puoi aumentare o diminuire la velocità della sintesi vocale, oppure sospendere la riproduzione. Per maggiori informazioni, clicca qui.
Risk Management for Nonprofit Organizations è disponibile online in formato PDF/ePub?
Sì, puoi accedere a Risk Management for Nonprofit Organizations di Rick Nason, Omer Livvarcin in formato PDF e/o ePub, così come ad altri libri molto apprezzati nelle sezioni relative a Commerce e Gestion des risques financiers. Scopri oltre 1 milione di libri disponibili nel nostro catalogo.

Informazioni

Editore
Business Expert Press
Anno
2020
ISBN
9781951527235
Argomento
Commerce
Categoria
Gestion des risques financiers
CHAPTER 1
What Is Risk? What Is Risk Management?
What Is Risk?
What is risk? It is such a simple and basic question. When we run risk workshops, we generally get started with this question and then are almost always surprised by the wide variety of answers provided. Some seminar participants give very sophisticated answers, while others give much more basic answers. It seems as if everyone has their own separate and distinct definition—even those that are from the same organization.
In the management literature, there are several different definitions of risk as well. They range from the highly technical or mathematical to the very basic. A common mathematical definition is that risk is the variance of results. A less technical definition is that risk is any event that causes deviations from an organization achieving its desired goals and objectives. Perhaps asking for the definition of risk is not so basic a question and worthy of a bit more analysis.
There is, however, one common element that people generally cite when asked for their definition of risk, and that is that risk is something to be avoided. They say things such as “risk is the possibility that something bad will happen” or “risk is the chance that you will lose” or “risk is danger.” We believe that such negative definitions of risk are very limiting and hamper proper risk management.
Our definition of risk is “the possibility that bad or good things may happen.” It may seem strange to include a positive element into the definition of risk, but it aligns with good risk practice, and it is also consistent with how risk is generally measured. It also makes it clear that the purpose of risk management is solely to aid the organization in implementing its strategy and achieving its objectives.
There are three distinct elements of our definition of risk. The first is an element of possibility. The second element is that risk is concerned with future events. Risk is looking backward only in order to learn from past experiences. Risk, however, is ultimately about future events. The third element is that risk can be positive or negative; that is, there is good risk, and there is bad risk. It is useful to take a moment and explore each of these three elements.
Risk is about not knowing what is going to happen. Risk is pregnant with possibility. Sometimes we can conjecture about what will happen, and sometimes we cannot. Sometimes risk is separated from uncertainty based on the types of possibilities. For instance, when I flip a coin in the air, I know that it can land either on heads or on tails. I know the possible outcomes, and I know the probabilities that it would land on heads is 50 percent; what I don’t know is which of the two outcomes will occur and thus I have a risk. Conversely consider the occupations that will exist in 50 years from now. Just as 50 years ago we could not have conceived of a web developer or a mobile phone app programmer, the occupations of the future are unknown and at present inconceivable to us. We do not know what the possible outcomes are, nor do we know the associated probabilities.
The secretary of defense under George W. Bush, Donald Rumsfeld, famously stated his “unknown unknowns” quote:
Reports that say that something hasn’t happened are always interesting to me, because as we know, there are known knowns; there are things we know we know. We also know there are known unknowns; that is to say we know there are some things we do not know. But there are also unknown unknowns—the ones we don’t know we don’t know. And if one looks throughout the history of our country and other free countries, it is the latter category that tend to be the difficult ones.1
The quote is so famous and well known that it even has its own Wikipedia page. The point is that in terms of risk management Donald Rumsfeld was onto something. There are risks that we know about, and risks that we do not know about. Proper risk management needs to be able to deal with and manage both types of risks. As pointed out by Rumsfeld, it is the unknown unknowns that tend to be the more difficult ones to deal with.
It may seem that we are belaboring this point, but our experience in risk management has taught us that the known risks tend to be the risks that are dealt with, but the more important and more valuable unknown unknowns risks tend to be ignored (either consciously or unconsciously) and thus risk management fails to be effective.
The second element of our definition is that risk is forward looking. In part, the forward nature of risk creates the uncertainty, and it is also the part that makes it difficult. Many organizations try to risk-manage the past, but that is mostly a fruitless exercise. “What’s done is done” is a well-known expression along with “you cannot change the past.” The past is only relevant for risk management to the extent that lessons can be learned and that those lessons will be relevant in the future. Ironically, however, risks, both positive and negative, tend to occur in an idiosyncratic manner with different outcomes and implications each time. In other words, the lessons of the past are often of little value for dealing with future risks. However, some risks do have a habit of reoccurring, and these “known knowns” can and should be dealt with by proper risk management.
The key point is that not even the best of risk management systems can do anything about the past. Risk management can, however, do something about the future—even if that future is uncertain. Thinking about risk is just like what you would typically do when driving a car; it is best done by looking through the front windshield rather than being overly occupied with what is happening in the rear-view mirror. That does not mean you ignore what you see in the rear-view mirror, particularly if it is relevant or a precursor to what is upcoming. It does imply, though, that eyes front should always be a priority.
The third element of our definition of risk is that risk has both positive and negative elements. Admittedly this is not always widely accepted, and it is not how many people view risk. However, there are several excellent reasons for considering risk this way. The first is that it implies that risk can be opportunistic. This, in turn, leads to risk management tactics being used not only to prevent unwelcome results but also to improve the number and size of unexpectedly good outcomes.
Another significant advantage of having a two-sided definition of risk is that it produces a more positive culture surrounding risk management. Instead of risk management being the “department of No!” it becomes the function of asking, “How can we do things more risk intelligently?” This is a theme that we will repeatedly return to and one that makes risk management an asset to the organization rather than a drag and a cost. It may be a subtle change in the outlook on risk, but it makes a significant difference in the effectiveness of risk management.
What Is Risk Management?
If risk is the possibility that bad or good things may happen, that thus makes risk management the function of managing so as to increase the probability and magnitude of occurrence of good risk while simultaneously managing so as to decrease the probability and severity of occurrence of bad risk.
Risk management is a proactive activity for managing both upside and downside risk. Risk management is as much about preventing unwanted outcomes as it is about being in position to capitalize on opportunities. Negative events are simply the flip side of positive outcomes. The same activities that are used to prevent negative risks can be used to seize upon positive risks.
Being proactive means that risk management is both an active and ongoing set of activities as well as a planned set of activities. Too often, risk management is thought of as a set of actions that are taken after something has happened. In such situations, risk management becomes crisis management. In our opinion, crisis management is what needs to be done only if risk management is not an active part of an organization’s activities. Crisis management is separate from risk management, and a separate crisis management plan should be in place. Likely the crisis management plan will be informed by the risk management plan and activities, but the two are not substitutes for each other.
As the preceding brief discussion of crisis management highlights, it is important to be clear about not only what risk management is but also what it is not. First and foremost, risk management is not compliance management. While compliance management is important, it needs to be realized that compliance management is set to achieve the objectives of the regulators of the organization. While the objectives of the regulators may be in line with the strategic objectives of the organization, it is not a given and, indeed, is often a poor assumption. How many times have you heard an organization say that they were not responsible for avoiding a preventable debacle since they followed all of the regulations? Additionally, an organization is likely to have additional goals and objectives that go well beyond those of the regulators. As discussed in the following section, risk management should be in line with the goals and objectives of an organization.
We suggest that organizations keep regulatory compliance as a necessary but not sufficient part of risk management. The risk management function and tactics would ideally capture whatever synergies are possible with compliance management. However, when these synergies are not present, a separate set of risk management guidelines, metrics, and procedures should be put in place.
An additional concept to remember is that the regulators will not understand or know the functioning of an organization as well as the managers and the board of the organization. Regulators by necessity are forced to create a broad set of guidelines that may or may not pertain to the specifics of each and every organization. Thus, an organization should be sure to create and implement a risk management plan that is specifically suited to their own context. An additional component of compliance is that it is often based almost exclusively on the past, with limited attention paid to the future or planned changes in the activities of the organization. Thus, the future-looking nature of risk management implies that while compliance is necessary, it is not sufficient for risk management.
Additionally, a risk management plan is not a control mechanism. While controls will likely be part of risk management activities, according to author and enterprise risk management consultant James Lam, the objective is to operate in a “control environment, not an environment of control.”2
If a conscious effort is made in managing both upside and downside risk, the outcome will be that risk management activities become an enabler for an organization. It changes the risk management function from one of being “the department of No!” to “the department of how to do it more risk intelligently.” This subtle change in focus can completely change the attitude toward risk management in an organization and create a more helpful and healthier risk culture.
Risk Management as a Strategic Activity
A central tenet of risk management is that it is a core part of strategic management and objective management. Ultimately risk management is an activity to help an organization reach its strategic goals and objectives. If risk management is not doing that, then, at best, it is compliance activity. As discussed in both Chapters 3 and 11 (“Risk Management Frameworks” and “Risk Governance,” respectively), the risk management activities of a firm should be explicitly aligned with their strategic objectives. It is only by doing this that risk management becomes a value-added activity rather than a cost center.
As a strategic activity, risk management must also be tied to the operational realities of an organization. There is a right amount of risk management. Too much risk management and it becomes an unnecessarily bulky, clunky, and superfluous set of activities. Too little risk management and the organization is exposed to downside risks and will likely miss upside opportunities or be unable to capitalize on them.
The development of the risk management plan and the strategic plan of an organization is an exercise that is ideally done in tandem. The risk management knowledge provides input to the development of the strategic plan. In turn, the strategic plan drives risk management activities. Both plans inform, guide, and support each other.
In a well-functioning organization, with a mature and robust risk management structure, strategic planning and risk management are virtually one and the same. A specific case in point is the situation of Hydro One. Hydro One is the power distribution utility for the province of Ontario, Canada. As outlined in an extensive case study, the risk management plan was explicitly tied to the development of the strategic plan.3 Capital was allocated based on needs to manage risk, and thus essentially the operations of the utility were indistinguishable from the risk management operations. As a consequence, the role of the chief risk officer became almost superfluous. Risk management became indistinguishable from management, and Hydro One became a model of risk management.
Risk Management as a Value-Added Activity
Risk management should be both an enabler of the organization and a value-added activity. Risk management activities should enable a nonprofit to more effectively and efficiently carry out its strategic plan and provide the goods and services that it has as its mission. Depending on the scope and scale of a risk management process needed, the development of a risk management process can be lengthy and costly in terms of time, energy, and resources. However, there are many benefits from implementing risk management such that the overall return from risk management activities should be strongly positive.
The first and primary benefit of implementing risk management is that it increases the possibility of good outcomes, while simultaneously it also reduces the probability and severity of negative outcomes. This is the primary function of risk management, and it is thus also the primary benefit. Again, it is important to realize the two-way benefit: not only avoiding negative surprises but also being better positioned to take advantage of positive surprises or uncertainty.
A widely cited standard for enterprise risk management is the Committee of Sponsoring Organizations of the Treadway Commission, which is better known as COSO. Although the COSO risk management framework is designed for for-profit organizations, there are six frequently cited advantages associated with adopting the COSO risk framework that are also applicable to nonprofit organizations. These six advantages of adopting risk management as stated by COSO are “(1) Increase the range of opportunities, (2) Identify and manage entity-wide risks, (3) Increasing positive outcomes and advantage while reducing negative surprises, (4) Reduce performance variability, (5) Improve re...

Indice dei contenuti

  1. Cover Page
  2. Half Title Page
  3. Title Page
  4. Copyright Page
  5. Dedication
  6. Abstract
  7. Contents
  8. Introduction
  9. Chapter 1 What Is Risk? What Is Risk Management?
  10. Chapter 2 Basic Principles of Risk
  11. Chapter 3 Risk Management Frameworks
  12. Chapter 4 Risks of Nonprofit Organizations
  13. Chapter 5 Risk Analytics
  14. Chapter 6 Financial Risks
  15. Chapter 7 Operational Risks
  16. Chapter 8 Legal, Compliance, and Reputational Risks
  17. Chapter 9 Risk Treatment
  18. Chapter 10 Partnerships and Stakeholder Engagement
  19. Chapter 11 Risk Governance
  20. Chapter 12 The Future of Risk Management
  21. About the Authors
  22. Index
Stili delle citazioni per Risk Management for Nonprofit Organizations

APA 6 Citation

Nason, R., & Livvarcin, O. (2020). Risk Management for Nonprofit Organizations ([edition unavailable]). Business Expert Press. Retrieved from https://www.perlego.com/book/1353956/risk-management-for-nonprofit-organizations-pdf (Original work published 2020)

Chicago Citation

Nason, Rick, and Omer Livvarcin. (2020) 2020. Risk Management for Nonprofit Organizations. [Edition unavailable]. Business Expert Press. https://www.perlego.com/book/1353956/risk-management-for-nonprofit-organizations-pdf.

Harvard Citation

Nason, R. and Livvarcin, O. (2020) Risk Management for Nonprofit Organizations. [edition unavailable]. Business Expert Press. Available at: https://www.perlego.com/book/1353956/risk-management-for-nonprofit-organizations-pdf (Accessed: 14 October 2022).

MLA 7 Citation

Nason, Rick, and Omer Livvarcin. Risk Management for Nonprofit Organizations. [edition unavailable]. Business Expert Press, 2020. Web. 14 Oct. 2022.