Written by Sheila Filion, CPA, CA
Partner, Virtus Group
In a business context, risk is the possibility of loss. Risk management refers to a formal process of identifying risks and designing responses in order to minimize or eliminate the possibility of loss.
A risk management process typically contains the following steps:
- Identify all risks – what could go wrong? Brainstorm all possible things that could impact your organization – the goal is to create a large list of potential concerns. Some examples of risk categories include strategic risks, financial risks, operational risks and compliance risks.
- Assess likelihood of risks identified – what are the chances that the risk will occur? The more likely the risk is to occur, the higher it should be on the priority list.
- Assess impact of the risks identified – if the risk occurred, what would the impact be on the organization? The greater the impact of the risk, the higher it should be on the priority list.
- Determine an action plan for each risk – what can we do to reduce or eliminate the risk? For most risks, an action plan can be formulated.
Organizations may have limited staff and financial resources and therefore, it is important to prioritize the identified risks by the likelihood and impact of the risk. By focusing resources on reducing risks that are the most likely to occur and/or have the most impact, the organization can efficiently reduce the organization’s risk profile. The organization can choose which risks to mitigate or eliminate and which require no action.
A risk management process increases the organization’s awareness of its operating environment and the activities that it undertakes. This knowledge can improve decision making and strategic planning processes.
Other articles on Board Governance to read:
- How big should our board be?
- How often should we review our policies?
- How do I find board members?
- What does oversight mean?
- What are the top internal control tips for small organizations?
- Donations & Fundraising - what is your policy?
- Why is effective budgeting important?
- Is the CEO doing a good job?
- How much should a not for profit organization hold in net assets?
- Should we meet with our auditor?