How do you give risk a boot?
It is easy. Well, that is if you know the kinds of risks that are specific to your entity. The hardest part is knowing and recognizing your risks. Next, muster the courage and consensus to decide that you (1) want to give those risks a boot, and (2) demonstrate that you're ready to stick to a plan. If you think all that are really easy then congratulations because it would seem that you have the environment that makes institutionalizing risk prevention and management possible. Let's begin.
First, what you want to do is to develop and adopt a comprehensive, systematic, and effective risk prevention and management practice with the goal of reducing your risk, loss, and liability exposure.
In case you are one of those experienced people who knows and are comfortable with all the risk of your organization, and you are wondering why develop a system when you already know what your risks are, I say to you that its time to rethink your position on risk prevention and management.
Why develop a Risk Prevention & Management System?
All nonprofit organizations have potential risks that include property, income/funding, liability, human resources, reputation, mission, governance, fiduciary, technology, vulnerable populations, and risk associated with inter-agency collaboration.
Every nonprofit organizations wants to first eliminate all foreseeable risks associated with these potential risks to their operations and governance processes, and if an organization cannot eliminate all the potential risks, which is highly possible in today's fluid operations environment, they make every effort to reduce their risk exposure to the risk including loss, and liability.
Specifically, a Risk Prevention & Management System will:
Establish a consensus on how to prevent, detect, manage, and reduce risk
Safeguard the organization's human, physical, reputation, and financial assets
COMPONENTS OF AN EFFECTIVE RISK PREVENTION & MANAGEMENT SYSTEM
Component #1: Compliance (Corporate, Legal, and Regulatory Framework):
Obtain and comply with all required documentation and licenses; develop an internal corporate compliance system, and adhere to all applicable national, local, and funding oversight regulations.
Tips to achieve & prove implementation of Component #1
Be familiar with all regulatory requirements applicable to program and program activities.
Consult a legal counsel or a certified compliance professional, such as AMAKA, to provide qualified information including interpretation regarding codes, regulations, requirements, laws, and general guidance involving compliance.
Documentary evidence that satisfies prevailing laws and sector regulations
Component #2: Risk Prevention
Prevention and early detection systems that identify, eliminate, or reduce potential loss and liability
Tips to achieve & prove implementation of Component #2
Conduct prevention and risk reduction activities (internal records review / audit).
Monitoring and evaluate risk prevention and management effectiveness.
Develop a proactive risk management plan that anticipates potential risks, ways for managing risks, and assigns responsibility for key tasks.
Documentary evidence of procedures, and of regular reviews of immediate and ongoing risks
A dedicated Risk management personnel where possible
Component #3: Process Control and Administration
The organization ensures safe, uniform control and administration around how it does things.
Tips to achieve & prove implementation of Component #3
Regardless of the service type, program and process orientation, ensure to have some operation and management policy and procedures/protocols in place and functional
Documentation of processes and program activities
Capacity development around process control and administration for personnel
Component #4: Documentation & Records Management
Whatever you do, document, and document again. Case and service records, service and program activity utilization documentation, and funding reporting must be accurate and sufficient to reflect all stakeholders, processes, outcomes, and follow up/plan of actions where necessary; and retain program and service records as allowed for by laws relevant to service sector and location.
Tips to achieve & prove implementation of Component #4
Program activity records must be sufficient and accurate, and contemporaneous where required.
Must follow oversight and/or funding regulatory expectations
Reporting must reflect service users, service delivery, and utilization outcomes.
Ensure well-maintained records to help shield the organization from allegations of misconduct and/or impropriety.
Records management system should foster transparency and accountability through policies and procedures that address access to program and service records.
Component #5: Insurance Protection
The organization is adequately insured
Tips to achieve & prove implementation of Component #5
Network procedures for identifying and verifying provider insurance
Current insurance policies, with descriptions, amounts, and dates and scope of coverage
Minutes of meetings related to the organization's annual review and approval of insurance coverage
Documentation that the organization provides a written description to personnel regarding its: insurance types, coverage amounts, and assumes legal assistance costs, as relevant
Component #6: Contracts and Service Agreements
The organization enters into contracts and service agreements with due regard for practices that promote efficient use of resources.
Tips to achieve & prove implementation of Component #6
A human resources or procurement oversight over individual consultants and independent contractors
Vendor Contracting procedures
A governing contract body or personnel
Quality Monitoring of Purchased /Contracted Services where the organization monitors and evaluates the quality of services purchased (contracted) from another organization, foundation, or others.
Contract monitoring procedures
Contracts and Contractor progress reports
Component #7: Information and Technology Management
The information management and technology systems have sufficient capability to support the organization's operations, planning, and evaluation.
Tips to achieve & prove implementation of Component #7
Performance and quality improvement data and reports
Information management procedures/guidelines
Component #8: Security of Information
Electronic and printed information is protected against intentional and unintentional destruction or modification and unauthorized disclosure or use.
Tips to achieve & prove implementation of Component #8
Policies and procedures that comply with and ensure security of information local laws.
In the United States, policies and procedures must comply with the Health Insurance Portability and Accountability Act ("HIPAA" Privacy and Security Rule) and the Health Information Technology for Economic and Clinical Health Act ("HITECH").