Home

Caritas Products & Services

Caritas Magazine

Find a Charity

Find an Adviser

Find a Charity Event

WLR Store

Advanced Search  |  About us  |  Contact us  |  Write for us  |  Advertise with us

Sponsored by

In the field

Everything we do involves a certain amount of risk. However carefully we plan, there are always things that can go wrong or that do not turn out as we would want them to. In some activities, we accept a level of risk because this is necessary to achieve our objectives. There are others, however, where we should do whatever we can to minimise the risks. People and organisations that always try to avoid risks are never going to push the boundaries and achieve something special. On the other hand, people who rush into a venture without considering what might go wrong, or who take excessive or poorly judged risks are likely to get their fingers burnt. Risk management is not about avoiding or eliminating risk. It is about understanding what the risks are, what the likely impact would be if the risks should materialise and how this would be managed.

This article reflects on some of our experiences at Christian Aid from the perspective of an international non-governmental organisation (NGO) and shares how we developed and implemented our risk management strategy.

Figure 1: Rebecca's Bolivia experience (part 1)

On a recent trip to Bolivia, I found myself being driven up the side of a mountain, on a road which could best be described as a single dirt track, in the pitch dark. It wasn’t Bolivia’s infamous ‘road of death’, but it didn’t feel that far from it. I was obviously breaching our security procedures and I was terrified. I was praying that the car didn’t fall off the edge, not so much because I was scared of dying, but more because I was scared of surviving and having to explain to our corporate security manager why on earth I had put myself in such a position. Normally, this would never have happened, but circumstances conspired against our carefully made plans. We were due to visit a partner organisation up in the mountains, but late on Monday afternoon, it was announced that the local bus drivers were going to strike the next day and blockade the roads (apparently the government was cracking down on drink-driving and the bus drivers were not best pleased about this). Our only option therefore was to drive up on Monday night. Or was it? We could have waited till later in the week after all. However, we had discussed it and decided that it would be OK. So, there we were, driving up the side of a mountain in the dark, but what had seemed like a calculated risk now just seemed foolhardy.

Implementing a new risk management framework
 

Work on risk management has been ongoing in Christian Aid for a number of years, but a recent assessment suggested we had yet to properly embed risk management in all of our day-to-day decision making. So, a robust risk management strategy to help us do this was required. We wanted the strategy to recognise that risk is
a fundamental part of Christian Aid’s business – after all our staff, partners and the beneficiaries we support take risks every day. But the strategy needed to promote a greater understanding and awareness of risk across all of Christian Aid’s work. We also had to develop a framework that would help to systematically analyse and manage risk within acceptable parameters appropriate to the organisational need.

In developing the framework, we therefore set the following objectives:

• to improve awareness of risk and its  management;to support managers in identifying and  managing risk; and
• to develop and establish systems to  monitor risk.

The first step in developing the framework was to understand where we were and where we needed to go. In order to assess our existing arrangements, we used a CIPFA (Chartered Institute of Public Finance and Accountancy) checklist to benchmark against best practice standards[1]. This enabled us to identify gaps in our existing arrangements, compile an action plan and prioritise key tasks for the next 12 to18 months.

Engaging stakeholders

Once we had developed a strategy for moving forwards, the next step was to engage our key stakeholders and gain their commitment.We first met with the directors and the finance and audit committee, to present our vision for risk management. We then presented this to the board and the wider senior management team. We also established a risk management group, which was made up of risk management champions (key individuals from across the organisation who would be responsible
for assisting the risk management function through its promotion and co-ordination).

Developing the strategy

The next step was to develop a risk management strategy. The strategy describes the process for identifying, assessing, documenting, managing and reporting risk at various levels within Christian Aid; provides clarity around the risk management roles and responsibilities and attempts to provide a consistent understanding of our risk appetite.

When we started this process, Christian Aid already had a corporate risk register[2]. However, it was maintained by the head of audit and risk management and the rest of the organisation had little involvement in it. Furthermore, there was nothing substantial underpinning it. We set about creating a set of strategic and operational risk assessments, which would be owned by the wider management team and feed into the corporate risk register; something fully owned by the directors and the board.
It was also important to align the risk management process with the corporate planning and reporting process. It therefore seemed timely to develop the new strategic/operational risk assessments and to re-work the corporate risk register during the annual planning cycle, while the organisation was considering its objectives and activities for the coming year.

Training programme

The risk management function carried out a number of training sessions and one-to-one sessions with key managers and staff across the organisation. These were provided in order to raise awareness of risk management, introduce the new risk management process, assist with the development of the new strategic/operational risk assessments, and to identify the organisation’s significant risks. As a result of this process, Christian Aid now uses a series of risk assessments for recording and managing major risks at a corporate, strategic and operational level. This ensures a rigorous and consistent approach to risk management across the organisation. The assessments are intended to ensure that risks are properly identified, evaluated and monitored and that appropriate action is taken.

The corporate risk register

The corporate risk register records significant risks to Christian Aid, which are often cross-cutting in nature and/or relate to major corporate initiatives or programmes/projects. It includes risks that could prevent us from meeting our strategic objectives, major risks to our reputation and risks relating to overriding issues of corporate concern. In order to assist with risk identification and documentation, the corporate risk register has been divided into the following categories of risk:

• Strategic. Definition, communication and  implementation of our long-term  corporate strategy.
• Governance. The appropriate structure   and effective oversight of the organisation.
• Compliance. With legal and regulatory  requirements; industry standards and best  practice; internal policies and procedures;
•  and professional ethics.
• Contextual. The external political, eco  nomic, social, environmental and market   forces affecting Christian Aid.
• Financial. Effective management and control  of our finances and key financial systems.
• Information systems. Effective manage  ment and control of our data/information   and key information systems.
•  Health, safety and security. Protection   of our staff and assets.
• People. Effective management of  Christian Aid’s permanent staff; temporary staff/consultants; and volunteers[3].
• Third parties. Relationships with the  churches’ public; supporters; donors;  partners; beneficiaries; alliances and  networks; and suppliers.
• Programmatic. Effective design and  implementation of our programmes.
• Change programmes. Effective  management of large-scale, cross-cutting,  corporate change programmes.
• Reputational. Protection of Christian  Aid’s reputation [4].

Strategic and operational risk assessments
Strategic risk assessments
These record risks which specifically relate to Christian Aid’s eight strategic priorities for the period to 2012. See figure 2 below.

Operational risk assessments
These risk assessments record risks which specifically relate to each division of Christian Aid. They include risks that could prevent the division from meeting its annual targets. See figure 3 below.

Keeping on top of risk management
Once we had the risk assessments in place, the next question was how were we going to help colleagues monitor them and report on them? On a formal basis, this was easy – managers would be required to update their risk assessments and submit them with their six-monthly progress reports, as part of the corporate reporting process. On a day-to-day basis, this was not so straightforward. While risk awareness has certainly increased across the organisation, we are still very much at the beginning of the risk management journey and we are continuing to work with managers to help them embed risk management in everyday operations. We are also attempting to define the organisation’s risk appetite, to enable us to prioritise risks and allocate resources effectively.

We identified the three examples of NGO risk as follows but they are managed alongside all the other routine risks facing any organisation:

1) Political risks
International NGOs often work in countries where political tensions are running high. We are therefore working in places where there may be governments hostile to NGO’s and/or hostile insurgents/militants. For example, we could be ejected from the country, we could face sanctions or restrictive conditions could be placed on our operations, our staff could be taken prisoner and/or our assets could be seized. So, how do we protect our operations, staff and assets from being caught up in political wrangling? We try to build good working relationships with host governments, we try to ensure that we comply with all legal requirements in-country and we try to ensure that all policy statements are adequately scrutinised and signed off before being released. Funds are only transferred as and when required, to avoid an excess of funds being held in-country. We are also developing business continuity plans for all overseas offices, to enable us to continue working in adverse circumstances.

2) Security risks

International NGOs also work in some of the most dangerous countries in the world. Our staff are therefore working in places where there is
a high risk of conflict/civil unrest, violent crime, kidnapping, road traffic accidents, infectious diseases and natural disasters. So, how do we safeguard our staff? We have a corporate security manager and strict security policies, procedures and minimum operating standards. All staff are given security training and are provided with security briefings for the countries they travel to. We have a security plan and risk assessment for every country we work in and each country office has someone responsible
for security. We also have comprehensive travel insurance and arrangements with a medical assistance company for emergencies.

3) Fraud and corruption risks
Working in developing countries, we often face a higher risk of fraud and corruption due to weak legal and regulatory frameworks, weak systems and processes, lower levels of financial management capacity and competence, lower levels of accountability and transparency, and culture, custom and practice. So, how do we prevent and detect fraud and corruption? We have a set of policies and procedures addressing fraud and corruption and staff are provided with training. We have been working to build the capacity of finance staff and improve our systems of internal control. We also have audit and compliance teams who are responsible for undertaking both proactive and reactive work in this area.

Figure 4: Rebecca's Bolivia experience (part 2)

I obviously survived the Bolivian mountain road, as I’m here to tell the tale, but if you asked me whether I would make the same decision again, I’d probably say ‘No, I would re-schedule the trip’. You may well be wondering why I chose to tell you this story… I suppose I’m just trying to show that we all take calculated risks on a daily basis. If we didn’t, we’d never get anywhere. What is important is that we are aware of those risks, we are evaluating them and we are taking appropriate actions to mitigate them. Sometimes we might make the wrong decision, but then we must learn from and adapt to the unacceptable risks we have taken previously. Having a robust risk management framework in place should help us to do that.

[1] www.ipfbenchmarking.net/finance/risk_man agement/default.asp
[2] See also Steve Fowler’s article ‘Beyond compliance’ in this issue
[3] See also Terry Edney’s article ‘Managing HR risks’ in this issue
[4] See also Tamsin Turke’s article ‘Headline news’ in Caritas, issue 23, October 2009.

 

Comments

About us | Terms, Conditions and Privacy Policy | Advertise with us

Charities | Accommodation/Housing | Animals | Arts/culture | Disability | Economic/Community development/Employment | Education/Training | Environment/Conservation/Heritage | General Charitable Purposes | Medical/Health/Sickness | Other charitable purposes | Overseas aid/Famine relief | Relief of Poverty | Religious activities | Sport/recreation

Advisers | Accountancy | Actuarial Consultancy | Auditors | Banks | Conference and Venue Hire | Design Services | Financial Advisers | Fundraising Consultants | Fundraising Services | Human Resources | Insurance Brokers | Insurance Providers | Investment Managers | IT | Legal Advisers | Mailing and Fulfilment | Promotional Merchandise | Property Advisers | Recruitment | Response Handling | Retail Management | Risk and Insurance Consultancy | Stockbrokers | Training and Development | VAT Consultants

Caritas Magazine | ACEVO | CFDG | Data & Research | Editorial | Finance | First Person | Funding | Governance | Investment | Legal | Management | NCVO | News Review | Social Enterprise | State of play | Supplements | Viewpoint

Caritas Magazine Issues | May 2012 | April 2012 | March 2012 | February 2012 | January 2012 | December 2011 | November 2011 | October 2011 | September 2011 | August 2011 | July 2011 | June 2011 | May 2011 | April 2011 Supplement | April 2011 | March 2011 | February 2011 | January 2011 | December 2010 supplement | December 2010 | November 2010 | October 2010 | September 2010 Supplement | September 2010 | August 2010 | July 2010 | July 2010 supplement | June 2010 | May 2010 supplement | May 2010 | April 2010 | March 2010 | February 2010 | January 2010 | December 2009 | November 2009 Supplement | November 2009 | October 2009 | September 2009 | August 2009 | July 2009 | June 2009 | June 2009 Supplement | May 2009 | April 2009 | March 2009 | February 2009 | January 2009 Supplement | January 2009 | December 2008 | November 2008 | October 2008 | September 2008 | August 2008 | July 2008 | June 2008 | May 2008 | April 2008 | March 2008 | February 2008 | January 2008 | December 2007

© 2011 CaritasData, a division of Wilmington Publishing & Information Ltd, part of the Wilmington Group PLC. Wilmington Publishing & Information Ltd is a limited company registered in England & Wales. Registered Office: 19 - 21 Christopher Street, London EC2A 2BS. Company Registration Number: 03368442. VAT NO.GB 899 3725 51 Charity Database | Charity Advisers | Charity Magazine | Admin