*This opinion article has been written solely under its author’s title; it does not represent any institutional capacity.
In a time in which NGOs want to play a major role, be more independent and become self-sufficient, it has been asked to move on with a new approach to their organizational structures and governance, in addition to the continuous seek of efficiency on delivery outcomes.
No doubt, the focus still remains on aid and people, constantly improving efficiency on processes and effectiveness on projects, but now the question is how to stay competitive in the market and still be attractive with a good reputation.
Innovation as a whole is therefore essential to the NGO sector; to be able to keep saving lives and face humanitarian issues in this rapidly changing world.
The future of NGOs is likely to see a continued emphasis on technology adoption for increased efficiency, broader global collaboration on humanitarian and environmental issues, a more efficient risk management framework and a shift towards more sustainable and innovative funding models.
Every NGO, small or large, are susceptible to risk in many different areas: operational, market, legal, environmental, reputational, brand, liability, financial, and property losses.
Any of these can impact positively or negatively the organizations and, of course, they are concerned primarily with the type of risk that may affect them in a negative way. Risk management helps to identify, evaluate, analyse, monitor, and mitigate the risks that threaten the achievement of the organization’s strategic objectives in a disciplined and systematic way.
Risk management is intentionally proactive, not reactive: it’s the process of identifying, assessing, and minimizing the impact of risk. It helps organizations to identify potential dangers and threats and take steps to eliminate or reduce the chances of them happening. If they do end up happening, risk management helps ensure that adverse effects are minimal to none.
By implementing a comprehensive risk management approach, NGOs can effectively enhance their resilience and ability to fulfill their mission despite any potential challenges and uncertainties, implementing the following processes:
Risk identification, to identify potential (financial and non financial) risks that could affect the organization's ability to achieve its objectives;
risk assessment, to evaluate the likelihood and potential impact of each identified risks, prioritizing them in line with NGO objectives;
risk mitigation, to develop strategies to mitigate or reduce the likelihood and impact of the identified risks. This could imply implementing internal controls, diversifying funding sources, establishing emergency response plans, and ensuring compliance with relevant regulations;
risk monitoring and review, to regularly monitor and review the effectiveness of risk management strategies, adapting and updating these strategies in response to any changes in the organization's operating environment or risk landscape;
risk communication and reporting, to ensure effective and transparent communication of risks and risk management strategies to key stakeholders, including staff, volunteers, investors, donors, and beneficiaries.
If risk management is well implemented, in the future NGOs could benefit of:
Enhancing management, both in day-to-day and long-term situations: knowing what might go wrong and how to deal with a situation helps to control the outcome.
Streamlining day-to-day operations: employees who know the proper procedures and policies are better able to do their jobs safely (i.e. for any disaster recovery plan).
Improving financial management: losses, lawsuits, and injuries all cost money and risk management helps to avoid these costs.
Providing consistent and enhanced services to stay competitive in the market with good reputation.
NGOs transitioning towards a risk management framework will also have to focus more on cybersecurity. With the increasing digitization and the usage of online platforms for fundraising and project coordination, NGOs will face greater cybersecurity risks. Future risk management strategies may include regular vulnerability assessments, employee training, robust data encryption, and investment in advanced detection technologies.
Climate change-related risks, such as natural disasters and resource scarcity, will also necessitate stronger resilience planning as a result of a structured risk management approach, to collectively address any emerging risks.
Environmental, social and governance (ESG) risks have also become a strategic priority for all: every industry is affected by the collective efforts of governments to tackle climate change.
In the NGO sector governance is critical in navigating climate risks and social issues. It is the glue that binds environmental and social elements, ensuring the success of ESG initiatives. Without attention to governance, the other two other elements will fail. An organization weakness, coupled with an external threat such as the lack of coordinated ESG international policies, may lead to unsuccessful performance.
It would be impossible to achieve sustainable finance objectives if NGOs fail to embed the necessary governance approach into the heart of their culture and strategy. This makes the “G” of “governance”, component of ESG fundamental to the success of future gains on sustainable finance.
As said, ESG requirements will need to be embedded as well in NGO’s strategy, culture, risk management and operational control arrangements such as data governance and third-party management.
Future risk management efforts may therefore focus on building resilience through climate adaptation initiatives, diversifying funding sources to reduce reliance on vulnerable sectors, and advocating for policy changes to mitigate the impacts of climate change.
Future risk management strategies will be also asked to invest more in compliance management systems, conducting regular audits to ensure adherence to wider and global legal requirements, and staying abreast of evolving regulatory landscapes across different jurisdictions.
Transparency is another key driver. Investing on it will build trust and help stakeholders to understand how the organization is effectively (or not) addressing potential challenges. It will also reinforce the value to share potential issues and failure, as lesson learned for future projects. This will include whistleblowing processes and any mitigating actions and processes with reference to conduct & ethics risks (i.e. outside position, bribery and corruption).
Last but not least, commitment of staff is not anymore enough while technical and risk management skills are key. Looking ahead, an all-volunteer-run NGO is not any more sustainable. Ensure knowledgeable people in light of the complexity of the market that is increasing very quickly is also key.
Not only project management, time orientation, fundraising, communication, vision and forecasting skills are needed, but also strategic planning, monitoring & evaluation, compliance and risk management are becoming additional skills needed.
Investing in enhancing the knowledge of staff and volunteers to identify, assess, and manage risks effectively will be a priority. Training programs and workshops can help to enhance risk awareness and empower individuals to contribute to risk management efforts. Hiring people from more mature sectors in risk management would be another option.
All organizations, regardless of size, are already being asked to have robust risk management in place. So, what is the purpose and importance of risk management in an organization? Risk management not only aims to protect an organization from potential losses or threats to its continued operation, but by addressing it NGOs can successfully enhance their resilience and effectiveness in achieving their mission amidst an evolving operating environment.
Be aware that there’s no one-size-fits-all solution; every NGO is different and will encounter different kinds of risks. That’s why it’s so important for organizations to have a risk management plan in place. A risk management plan contains all the assessed risks that the organization is facing and the corresponding steps in place to mitigate those risks.
Taking a proactive approach to risk management and continuously training employees, an organization can reduce the chances of something going wrong and minimize the damage if something, such as an incident, does happen.
Risk management is an essential part of any organization, and must be given the attention it deserves. Managing risks keeps the organisation stable (from a financial and non financial perspective) and improves reputation.