NFPs Failing on Risk Management: NZ Report
5 April 2011 at 5:16 pm
Despite reported fraud in the New Zealand Not for Profit sector costing charities money and reputation, organisations are still not adopting a more formal approach to risk management, according to a new survey of the nations Not for Profit sector.
The 2011 Not for Profit sector survey, by chartered accountants Grant Thornton New Zealand, found that when asked to indicate how they were dealing with risk management, only 14% of respondents thought risk management was a significant issue for them.
The report says that since 2009, New Zealand courts have prosecuted individuals who have stolen a total of more than $3 million from charities – adding up to $30,000 per week being lost from NFPs as a result of fraud.
The 2011 survey is the fifth biannual survey of the sector, however it is also the first time NFPs have been surveyed about risk management.
Grant Thornton New Zealand partner Alec Flood says for a sector that relies on funding as its life blood, only having 14% of organisations indicating risk management as a significant issues is an unusually low response rate.
Flood says the topic of risk management is wide reaching and includes the operational, financial, ethical, regulatory, and some would say most importantly, the reputational risk of the organisation.
For many Not for Profit organisations, he says, risk management is associated with an assessment of foreseeable risks and taking out insurance contracts and occasionally financial instruments to manage the consequences of the most damaging outcomes.
However, he says risk management can be much more than this. Early identification of operational risks associated with an organisation could assist in both the daily running of the organisation and its long-term survival but risk management should also be about maximising the right opportunities.
Flood says there is room for improvement in carefully assessing and monitoring where the risks in the Not for Profit sector lie, particularly those relating to the processing and controls surrounding financial and cash transactions.
As part of the survey, Grant Thornton asked respondents if their organisation's operational risk profile had increased or decreased over the past 12 months. Over 40% of respondents mentioned that their operation risk profile had increased somewhat (7% said significantly so). With this increase comes the challenge for executives and board members to manage and understand the risks present and their implications.
The survey found more than half of respondents maintained a ‘risk register’ identifying potential hazards on issues, something Flood says should be reviewed and updated at least bi-monthly.
The survey also found that among Not for Profit organisations who had a risk register, a third indicated the risk register was never circulated to all the employees. The report says strong risk management suggests that employees should be required to sign off acceptance annually and that significant changes throughout the year are communicated as they arise.
The survey found that in many organisations it was often left to the Chief Executive (44%) or the Board (38%) to sign off the risk register, which is more common in the smaller organisations. Only 13% of organisations with a risk register had the risk manager sign off the register.
Flood says they did not expect to find such limited circulation of risk registers for those organisations that actually maintain one. He says from a governance level, 52% of Boards either never see the risk register or only viewed it on an annual basis.
Grant Thornton's market data shows that the 100 largest organisations of this sector, 46 of which are registered charities, now currently account for more than $2.5 billion of turnover each year – an average of $25 million each.