RM is an integral part of managing a sustainable SE It is part of and integrates with all of the other skills areas shown on the &quot; Flower&quot; There are specific techniques and tools that can be used to proactively manage risk
The Risk management techniques and tools that we are going to review today can and should be used at every stage of the development path. For this workshop we are going to focus on social enterprises that are IN LAUNCH PREPARATION or are already in operation
There are many sorts of risks that can affect social enterprise, from financial or legal, to environmental risks or the loss of staff. Different risks can affect your enterprise in different ways. Risks are threats, issues, events or opportunities, if it happened, could have a positive or negative effect on your enterprise. Risks may: cost you money cause your social enterprise to fail or be less successful damage your reputation Opportunities may positively impact your social enterprise
Challenge the participants...what is their definition of Risk Management ? Key word is proactive - identifying and actively managing risks and opportunities is better than being reactive Example – recovering from a major disaster – Haiti vs. New Zealand Managing risk is about identifying all the actions that your enterprise can carry out before anything actually happens to make sure that things go as smoothly as possible. It is also about making sure that even if a potential risk does become a reality, that your Social Enterprise can carry on operating.
Build exercise with work shop participants using flipchart/whiteboard Stakeholder buy in and support is very important to achieve a successful RM process. Your RM process should have demonstrable benefits. Adjust your outcomes based on risk management adjust business model or outcomes as per David's comments on Strategic plan Risk is uncertainty of outcome, and good risk management allows an organization to: have increased confidence in achieving its desired outcomes; effectively constrain threats to acceptable levels; and take informed decisions about exploiting opportunities. Good risk management also allows stakeholders to have increased confidence in the enterprise’s governance and ability to deliver against the stated aims and vision. Also, carrying out a risk management process might help your organisation to identify threats and also consider opportunities that you had not already considered. Every enterprise, no matter how big or small should understand the potential risks that face it and think about ways in which they can be managed
There are 4 key Risk Management Steps Risk management should be part of a cycle of continuous improvement since risk will never be totally eliminated.
1 st Step is Identify Risk Must know what risks & opportunities our social enterprise may have, in order to proactively manage them.
There are 5 broad buckets or types of risks found in most social enterprises. People, Property, Liability, Income, Compliance Review types of risks and... Challenge workshop participants to come up with examples of each type of risk from their own social enterprises
GROUP EXERCISE – ask participants to work at their tables If group is larger or in pairs if smaller group. Do Good Landscaping #1 Cool Threads Thrift Store #2 Events can trigger multiple exposures. Give the participants the scenarios and ask them to identify the risk (opportunity) exposures. Do Good Landscaping Company ( pure risk) Risk Exposures: People – driver is injured, cannot work for several weeks. Cost to replace him/her Property – truck is badly damaged and must be repaired/replaced. Costs include temporary replacement, insurance deductibles etc. Liability – injured pedestrian, damage to storefront. Costs could include insurance deductibles, defence costs if sued by either 3 rd party. Income – loss of truck, cost of insurance deductibles, potential loss of revenue due to damage to reputation. Cool Threads Thrift Store ( speculative risk) Opportunity & Risk Exposures: Opportunity – large supply of new clothing that can be sold in store, generating significant revenue People – stress to current workforce of additional hours for receiving/managing inventory Property – Additional inventory. Costs include renting and insuring storage, loss prevention? Income – additional staffing costs ( unloading/storage), temporary storage of products, how to deal with goods that not be suitable for sale in your market
Leave this slide on screen for audience reference for Activity 1
In order to manage risk, an organization needs to know what risks it faces, and to evaluate them. Identifying risks is the first step in building the organization’s risk profile. Ideally this first step should be done with support from an external facilitator
risk information should be drawn from a variety of sources Some information and tools can be obtained from suppliers e.g. risk surveys and questionnaires from insurance brokers, consultants
Assessment needs to be done by evaluating both the likelihood of the risk being realised, and of the impact if the risk is real Once you have considered your risks, then each needs to be assessed as to their potential negative impact – potential risk- to your organization. This activity is a typical process of risk analysis and a useful way to weigh each resource. Probability For each of the risks that you have identified, assess the likelihood of them occurring on the following scale: extremely unlikely likely extremely likely Impact Then consider, if the risk did happen how it would impact on your organisation: Not critical significant impact; would not affect continued operations in the short term but might in the long term fundamental to continuing operations Take each risk you have identified, question each item as to probability and its impact and then find its place on the matrix. You will know from this exercise what the core of risk is which will be associated with the risk. The next step is to construct a table with each resource scored for risk. The scores are derived by multiplying the number from the Probability axis with the number from the Impact axis. Once risks have been assessed, the risk priorities for the organisation will emerge. The less acceptable the effect of a risk, the higher the priority. The highest priority risks (the key risks) should be given regular attention at the highest level of the enterprise, and should consequently be considered regularly by management. The specific risk priorities will change over time as specific risks are addressed and prioritisation will need to change to reflect this.
Think about your enterprise and identify 3 risks that face it at the moment / imagine 3 risks for a fictitious Social Enterprise. Enter these risks into the Risk Register Hand-out. For each of the risks that you have identified, asses the likelihood / impact of their occurrence on the following scale: Likelihood extremely unlikely likely extremely likely; frequent occurrence Impact Not critical significant impact; would not affect continued operations in the short term but might in the long term fundamental to continuing operations Risks that are low probability and low impact should not be cause for concern unless it scores higher next time you review it (score 1 / 2) Risks that get a rating of 3 or 4 - identify the actions that your enterprise can undertake to reduce the likelihood of the risk happening and the impact that it will have. Consider what will happen if the risk does materialise High rated risks (6 – 9) – identify the actions that your enterprise can undertake to reduce the likelihood of the risk happening and the impact that it will have and implement these actions. The higher the priority of the risk, the sooner you should manage it.
Leave on screen during Activity 2 for reference
Traditionally, there are 5 basic risk management strategies that can be used to decrease the probability or the impact of an identified risk. The purpose of addressing risks is to turn uncertainty to the enterprise’s benefit by constraining threats and taking advantage of opportunities Challenge the participants to think of some examples from their own social enterprises
The management of risk has to be reviewed and reported on for two reasons: - To monitor whether or not the risk profile is changing; - To gain assurance that risk management is effective, and to identify when further action is necessary.
Relate the RM 4 steps to the Plan, Do, Study, Act cycle
Social Enterprise Learning Toolkit (Risk Management Module)
Risk Management for Social EnterpriseAn enp Strengthening Your Skills workshop 1
Workshop ObjectivesAt the end of this workshop, you will be able to:2 Understand what constitutes a risk and/or an opportunity.3 Apply the process of managing risk.4 Use the tools and techniques to support risk management in your social enterprise. 2
Risk Management is an integral part ofmanaging a sustainable social enterprise Social Enterprise Learning Toolkit Source: www.enterprisingnonprofits.ca/learning-toolkits 3
Where are you along the Social Enterprise Development Path ? Social Enterprise Development Path Opportunity Business Start-Up Strengthening Identification PlanOrganizational Feasibility Launch Evaluation Readiness Study PreparationSource: The Canadian Social Enterprise Guide (2nd edition) 4
What is a risk?A risk is anything that might happen and that,if it did happen, would have an impact (+/-)on the ability of a social enterprise toaccomplish its mission. 5
What is Risk Management?Risk Management is a process that enables asocial enterprise to cope with uncertainty bytaking proactive steps to protect its assets &resources. 6
Why manage risk? The benefits of Risk Management• identifies risks and opportunities not already considered• effectively constrains risks to acceptable levels• informs decisions about exploiting opportunities• increases stakeholder confidence in achieving desired outcomes 7
How do you manage risk? Identify Risk Review & AssessReport Risk Risk Manage Risk 8
Property• Partial or total loss of premises• Theft of equipment, inventory, cash, information• Intellectual property compromised• Brand & reputation damaged 12
Liability• Injury to clients, general public• Product liability• Damage to property of others• Breach of contract• Professional liability 13
Income• Loss of grant funding• Revenue shortfalls• Fire, floods, natural disasters• Change in market conditions 14
Compliance• Laws & regulations - knowing what applies to your social enterprise• Legal responsibilities of employers• Workplace health & safety• Human Rights• Privacy 15
5 Types of Risk SummaryPeople Property Liability Income ComplianceWorkplace Partial or total Injury to clients, Loss of grant Laws &injuries loss of premises general public funding regulations - knowing what applies to your social enterpriseDeath, Theft of Product liability Revenue Legaldisability, equipment, shortfalls responsibilitiesretirement inventory, cash, of employers informationResignation Intellectual Damage to Fire, floods, Workplace property property of natural health & safety compromised others disastersDisengagement Brand & Breach of Change in Human Rights reputation contract market damaged conditions Professional Privacy liability 16
Identifying Risk Activity 1Sample case studies:• Do Good Landscaping• Cool Threads Thrift Store 17
Identifying Risk• Types of exposures• Get input from many stakeholders – board, managers, staff, clients, partners and suppliers• Use external facilitation/resources if possible• Own the process 19
Assessing Risk Probability 1 2 3 Extremely Likely Extremely Impact unlikely likely1 Not critical 1 2 31 Significant 2 4 61 Fundamental to 3 6 9 continuing operations Priority Impact x Probability = Risk score Low Medium High 22
Assessing Risk Activity 2Consider the risks that face your own socialenterprise, or one with which you arefamiliar:•Identify 3 risks that the organization faces•Use the simple matrix on the next slide togive them scores and determine the levelsof risk 23
Risk Assessment Matrix Activity 2 Probability 1 2 3 Extremely Likely Extremely Impact unlikely likely1 Not critical 1 2 31 Significant 2 4 61 Fundamental to 3 6 9 continuing operations Priority LowImpact x Probability = Risk score Medium High 24
Managing Risk – 5 Strategies The risk may be acceptable without any further action being taken. The ability to do anything about some risks may be limited, or theAccept cost of taking any action may be disproportionate to the potential benefit gained. Most risks will be addressed in this way. Actions are taken toTreat mitigate the impact and/or probability of the risk to an acceptable level. For some risks the best response may be to transfer them forTransfer example, by taking out insurance. Some risks are not (fully) transferable – e.g. reputational risk.Avoid Some risks will only be treatable eliminating the source of the risk. This is not an alternative to those above but an option whichTake the should be considered whenever accepting, transferring or treatingOpportunity a risk. Do circumstances arise which offer positive outcomes? 26
Reviewing and Reporting Risk• Why review and report?• Frequency of review• Who “owns” the risk 28
Risk RegisterDescription of RiskProbability (Low/Med/High)Impact (Low/Med/High)Rating (score)Risk OwnerStrategy to deal with Risk –(accept, treat, transfer,avoid, take the opportunity)Cost $Cost TimeFrequency of ReviewRe-assessor 29
Create a Risk Register Activity 3For each of the 3 risks that you identified inActivity 2:•Complete the table on the previous slide(you can download the worksheet).For your own organization you will need todo this for each of the risks, producing arisk register. 30
How/when to adjust your Risk Management plan 31
Tools and templates you can download• User Guide & Glossary• Risk Types Chart• Risk Management techniques chart• Risk Assessment matrix• Risk Register 32
Take action – your next steps!• Use the risk management process to produce a risk register for your social enterprise.• Download and use the tools and templates provided.• Review and update your risk register regularly as part your ongoing management practices! 33