This section explains the concept of risk management and describes some practical strategies to assist organisations to manage the risks they face. While the principles discussed are relevant to all community organisations, the strategies will be most appropriate for small to medium agencies. Larger organisations will probably need to go into more detail than that provided here and may go as far as making risk management the sole or prime duty of a staff member.
Risk management and legal prescriptions
Compliance with the law is not always easy. Laws have become so numerous and complex that it seems impossible to comply with them all, every time. Nonprofit organisations wish to avoid breaking the law not only because of the penalties, but also because negative publicity may affect its standing and trustworthiness in the community. Nonprofit organisations, more than most other organisations, rely on the public’s trust to exist. Donations and volunteers disappear when an organisation is characterised as ‘untrustworthy’ because of breaches of the law.
An organisation will probably identify the risk of a fine for breaking a law in tis risk management process. For example, there is a risk of a fine or penalty fee if an organisation is required by law to file its annual audited financial report with a government department. These types of risks need to be dealt with in a slightly different way than other risks the organisation may face. This is because the law requires an organisation to comply with the provision, not make a decision to insure against the event occurring, or to accept the risk of being discovered and fined. It is more appropriate to deal with such issues by a legal compliance plan. Standards Australia has devised a special standard for such purposes (AS 3806: 2006). A legal compliance plan manages exposure to breaching the law for the organisation, board members and management. Some important differences between risk management and legal compliance concepts are:
- Risk management reduces and manages risks; compliance seeks to eliminate or prevent them completely
- Risk management undertakes a cost/benefit approach (if cost exceeds the benefits from control, reduce control); compliance must prevent a breach occurring, regardless of the cost
The benchmark for risk management is set by the nonprofit organisation; the benchmark for legal compliance is set by the law.