Introduction
Effective risk management is the process of evaluating and guarding against potential losses to the organization (Taravella,1990). The organization actively pursues risk in its operations by examining the quality of its internal controls, safety, actions of its staff on the job, and behavior of its volunteers in their interaction with staff, clients ,or the public. The chief financial officer of a nonprofit organization should be very concerned about risk management issues because they directly affect the use of financial and other resources. Effective risk management can save significant resources, which ultimately translates into money. In the corporate world, treasury staff is being given greater responsibility in the area of risk management, and a newer approach to risk management is being taken: enterprise risk management (Lubart, 2005). This involves identifying, assessing, quantifying, and mitigating the broad range of strategic, operational, financial and other risks confronting the organization. Put another way, this approach to risk management brings financial risks together with nonfinancial risks in one framework for one group within the organization to oversee.
The written risk management plan includes an overview of the purpose, structure, and process of risk management activities within the organization. Within this framework, organizational performance objectives can be developed in addition to policies and guidelines to support the identified processes that maximize achievement of the program′s objectives (Carrol, 2009). It is critical to maintain an integrated approach at this point of development to achieve consistency of purpose within the organization and to avoid duplication of effort. A risk management plan does not have to be complicated, costly, or labor-intensive, but the plan does need to be consistent in its activities and in the methods for identifying and treating risk.
Risk Domains
An organization has to decide on a standard risk classification system, with the components known as ″risk domains″, ″risk categories″, or ″risk areas″. Regardless of the terminology, the intent is the same: to identify risks across the full continuum of the organization by categorizing them into common types of exposures. Classifying risk into domains will help to ensure that nothing is left out. Just as each organization needs to define enterprise risk management within its own culture and environment when considering operations and business lines, it also needs to define and select its own risk domains. Common risk domains in healthcare include operations, strategic, financial, compliance, and reputational risks. Each risk domain must be well defined and potential exposures common to that domain identified. The risk domains allow the entire organization to participate in the risk identification and analysis process using a predetermined set of risk categories and exposures.
Identifying and assessing areas at risk is a key to managing the process for nonprofits, especially as new, more complex assessments are proving to be important for decision making (Herman et al, 2004). Nonprofit leaders must keep an eye on traditional sources of risk while also learning to link mission critical strategies with key risks. Reviewing the organization′s top strategic initiatives (programs or events) is one way to begin …