Risk management for community organisations
'Risk management' is the ongoing process by which your community organisation manages real and perceived risks involved in running all aspects of your operations. It involves systematically identifying threats (risks) to your organisation and developing ways to minimise or prevent them from occurring. Use this page to find out about types of risk, the risk management process and access resources and support.
What is a 'risk'?
A 'risk' is anything untoward that happens that can affect your organisation's objectives and operations by creating exposure to potential loss, harm, or damage.
Why undertake risk management?
Community organisations face increasing risk of litigation and need to provide protection for their volunteers, members and participants. The Civil Liability Act (Qld) recognises this increasing risk and provides protection by limiting the exposure to liability (in certain circumstances) for volunteers within community organisations. Whilst this legislative protection is in place, it is important that your organisation consciously deals with risks by both transferring the risks to a third party through insurance and adopting strategies and behaviours that reduce risks.
By accepting there are risks and developing a risk management plan with involvement from your members, you ensure the viability of your organisation and limit your exposure.
Identifying potential risks and creating a risk management plan for your organisation:\
- is good business and management practice
- assists with strategic planning
- reduces unexpected and costly suprises
- enables more effective and efficient allocation of resources.
Actively managing risk also helps your organisation to:
- clearly define insurance needs
- comply with regulatory requirements
- prepare for auditing
- ensure the safety of your members and others within your operations
- make good decisions
- balance opportunity and risk.
Types of risk
Risk can be:
- physical - injury or damage to a person/s or property
- legal - breaching legal obligations
- moral/ethical - harm to your organisation's reputation
- financial - loss of your assets.
Examples of risk include:
- injury to a volunteer, staff member, spectator or participant
- equipment failure
- theft of property
- loss of data/records
- a decline in the number of volunteers
- decline or loss of income sources
- attracting too many participants to an event
- discrimination or harassment
- negative publicity
- damage to the environment.
When developing your risk management plan, you should consider all areas of your operations including finances, administration, management, facilities, equipment, health and safety, event management, people and legal obligations (regulations, contracts, duty of care).
A treatment measure may be to prepare a preventative maintenance schedule for your facilities.
To comply with the national privacy principles detailed in the Information Privacy Act 2009 (Qld), a privacy policy should be developed as part of your overall risk management plan.
Ensure you complete a risk assessment for any new project, event or competition that you plan to deliver.
Risk management process
The risk management process involves eight key steps.
Establish the context
Determine the:
- scope of risk management required
- aims and objectives of your risk management plan
- how your plan will be managed (resources)
- risk assessment process and criteria.
You can also develop a risk management policy.
Identify the potential risks
This can be done through previous experience and records, brainstorming, reports, audits and other recommendations, listing what could happen (including the possible causes and scenarios).
Assess the risks identified
Consider the likelihood of a risk occurring, possible consequences, existing risk management strategies and the level of the risk
A risk severity matrix can be helpful to determine the level of each risk - likelihood (low/high) and consequences (low/high).
For example:
| Risks with | Low likelihood of occurring | High likelihood of occuring |
|---|---|---|
| Low consequences for organisation | Low risk | Moderate risk |
| High consequences for organisation | Moderate risk | High risk |
Decide to accept, treat or transfer each risk
Determine treatments for all unacceptable risks
Note - your organisation may already have a number of treatments in place.
For each risk that needs treatment, determine what needs to be done, the resources required, who is responsible, and when the treatment needs to be completed and reviewed. To treat and control potential risks, you can implement measures to reduce the likelihood (including new ways of doing things), reduce the consequence, transfer the risk (i.e. by using insurance), accept the risk or avoid it. Treatment may include implementing policies, erecting signs, providing training, replacing equipment, or purchasing insurance.
Formalise your risk management plan and communicate
Document your risk management strategies and communicate them to everyone in your organisation. This may include appointing a risk management officer, specific education and training, and including risk management as a committee meeting standing agenda item.
Implement your treatment options
Review and monitor
You should have monitoring and review mechanisms in place and update the plan with any new risks that are identified.
Resources and support
- Institute of Company Directors Australia - offers useful risk management tools, checklists, help sheets and example policies including the main areas of risk for not-for-profit organisations
- Our Community - provides help sheets and checklists to assist not-for-profit organisations to introduce and improve your risk management processes
- Queensland Government's facility risk management checklist - provides a checklist and detailed risk rating matrix
- Volunteering Queensland - provides an operations handbook that includes information on managing risk, ways to minimise risk, and insurance
- Volunteering Australia - provides a risk management tool for volunteers (risk register and risk action plan templates)
Related links
- Governance and committee management for community organisations
- Asset management for community organisations
- Financial management for community organisations
- Law and community organisations
- Insurances, indemnity and exclusion of liability
- Human resource and volunteer management for community organisations
- Facility management information for Council leases and licences
- Tenure information for Council leases and licences