A Pragmatic Approach to Risk Management

As a professional who has worked in financial control, compliance and risk management for more years than I care to remember, my experience tells me that, of all the tools available to us as managers, there is only one that I consider to be absolutely mandatory. A Risk Register or Risk Log.

If we are entrusted with other people’s money with specific causes, then we need to demonstrate that we have acted with diligence and appropriate caution.

Over the last decade in many consumer facing sectors, we have seen regulators come to the same conclusion. Now more than ever, there is a far more pressing requirement to have a robust Risk Management process in place. Ultimately, this is the responsibility of your Board.

Typical characteristics of a robust process:

• Top-down: Identifying the key risks facing your charity from the top down will ensure that your scarce resources are deployed appropriately in a cost-effective way.
• Expertise: If you have a diverse Board of experienced members, you already have the expertise in-house. Robust Risk Management processes tap into this experience and diversity at no additional cost.
• Simplicity: The Risk Management platform can be easily managed on the likes of excel or word, at no additional cost.
• Focus: Most importantly, it ensures that everyone in the organisation is facing in the same direction. No additional cost.

Best practice steps:

1. Nominate a Risk Management facilitator in your organisation.
2. Buy-In. The job of the facilitator is to ensure that everyone is included, discussions are frank and open and that every possible significant risk is raised, discussed, recorded and measured.

Risks need to be rated – Examples:

Data - If lost or stolen, could it have a devastating impact on your “trusted” status or unnecessarily place vulnerable persons at risk?

Finance - Can staff pay a fraudulent invoice?

It is key that the Board consider the former risk while the latter should be included in the Financial Controller’s day job specification. 2. above is a problem when it occurs, 1. is a disaster; the Board needs to focus resources accordingly.

Top-down risk management:

• The first draft of significant risks can be logged by staff.
• This log must be discussed at Board and Management level and ultimately agreed by the Board. This focus is vital to tap into the experience and diversity of the Board.

To Summarise

If a robust Risk Management process is developed from the very start, most of the hard work can be completed in Year 1. Going forward, the Board and Management only need to ensure that they discuss the ever changing environment and its impact on the organisation.

Given the limited resources available to the sector, charities must first leverage their own resources and experience to deliver a Risk Management process fit for their purpose; No one size fits all and who knows your risk better than you.

Author: Ben Hoey FCCA, AMCT. Currently a consumer protection activist representing individuals who were mis-sold mortgages in the Ireland’s Celtic Tiger years. Previous risk management roles as Chief Financial Officer of Merrill Lynch International Bank and Managing Director of Kennedy Wilson.

Why not join a live event in Dublin hosted by Brian Waldron & Ben Hoey on the 27th February to learn more.