Jean Roberts

A risk factor is present where there is a likelihood that a product or component will
have to be:

• re-worked – requiring further attention and therefore involving further cost and
  inconvenience, or
• replaced – resulting in loss, wastage or inconvenience.

A risk factor is present where there is likelihood that a service or program will be:

• ineffective – unable to achieve the purpose for which it has been designed
• inefficient – result in or contribute to an unwise use of resources
• sub-standard – failing to meet or comply with advertised or required quality or standard of delivery, process or outcome.

Every nonprofit organisation needs to ensure adequate and appropriate provision for the
management and avoidance of strategic, operational and financial risk.

However, it is also essential to consider the ‘human’ or ‘behavioural’ factors
that can contribute to risk. Examples include:

unwise, unexplained, unnecessary or unplanned change

• be particularly sensitive to the feelings of the people involved with your organization
  in any way: change can be perceived quite differently among your people and it is
  essential that you monitor all stakeholder perceptions at all times
• what some people view as progress, others can view as radical change and react with
  unnecessary emotion, causing distress to themselves and the organization
• the process of planning change is as important as the processes of implementing and evaluating change

disagreement, misinterpretation or misbehaviour among or between stakeholders

• a stakeholder is a person or group of people who stand to either gain or lose from decisions or actions
• each stakeholder will have their own needs, interests and perspectives: understanding and monitoring these is essential is risk management strategies
• failure to protect the needs and interests of the organization and the separate and particular requirements or expectations of each stakeholder can certainly lead to
  disagreement which my place the organization’s relationship with key stakeholders at
  risk

inadequate, inappropriate, incorrect or vague information or instruction

• this factor has a big impact on standards, quality, safety and security, job
  satisfaction and organizational effectiveness
• a policy for the preparation of basic information and instruction is a starting point – with procedures to ensure compliance with the policy
• when writing a basic information or instruction document, always check that what is written is what is meant to be written – and that it is written in the clearest possible language and style

non-availability of relevant information, plant, equipment, materials, facilities, tools

• risk can occur when ‘the next action’ in a project or process is unable to be
  completed
• forward planning should ensure that all resources or components necessary for ‘the next action’ in any and every project or process are available as, when and where necessary
• risk avoidance procedures include clear and concise scheduling arrangements for appropriate and timely availability
• failure to comply with legal, statutory or contractual requirements or agreements
• compliance is a governance accountability and management responsibility
• compliance in itself requires a risk management strategy

unacceptable behaviour on the part of decision-makers, including conflict of interest,
lack of confidentiality or unwise use of information

• committee or board members have a fiduciary duty, in that they are legally required
  to act in the best interests of the organisation
• a code of conduct endorsed by the committee or board should be binding on every
  person within the organization with decision-making authority or responsibility
• a policy and procedure on confidentiality and information dissemination should be widely distributed through the organisation, with appropriate monitoring as a risk
  avoidance procedure

lack of appreciation or understanding of immediate, short-term and long-term
constraints, eg finance, time, space, distance, technology

• it is risky in the extreme to commit the organization in any way without being
• absolutely certain that the necessary resources are, or will be, available to ensure
• that the ‘thing’ committed to will be performed or undertaken to the agreed cost,
  delivery, quality and timeliness

inexperience, undue haste, emotional stress, internal or external pressures,
inadequate resources, unwise decisions, insufficient care, bad timing or bad luck.

• these factors must be controlled in order to ensure the avoidance of risk at best, or management of risk if such risk does occur. control starts with:
• an acceptance that risk can occur
• an organizational commitment to reducing the possibility of risk
• allocating resources to the identification, analysis and prevention of risk
• monitoring the cause and effect of risk when it does occur, and when it is
  effectively managed
• ensuring that, where possible, risk is able to be avoided