Contingency Planning: Protect Your Organization from 5 Types of Risk
From natural disasters to funding shortages to unexpected staff departures, nonprofits and faith-based institutions face a variety of risks that can interrupt or bring operations to a halt. Understanding this spectrum of risks is critical for drafting a comprehensive contingency plan that assesses the likelihood of risks and their level of impact, proposes controls and solutions, and aligns key resources and teams. Here are three considerations that organizations should make as they begin the contingency-planning process:
1. The five types of risks
Risks generally fall into five categories: people, property, liability, income, and compliance. For people, this includes staff injuries at work; death, disability, and retirement; resignations; and employee disengagement and turnover. Property risks include loss of equipment and facilities, theft, compromise of intellectual property, and damage to an organization’s brand or reputation. On the liability side, risks come from outside of the organization, including injuries to clients or the general public, damage to the property of others, product and professional liability, and breach of contract. Income risks might include loss of grant funding, revenue shortfalls, changes in market conditions, and natural disasters. Finally, compliance risks include privacy, human rights, workplace safety, employers’ legal responsibilities, and laws and regulations impacting a social enterprise. All of these risks vary in the severity of their impact, and some can even be reasonably predicted. Taking the time to assess and revise the unique risks impacting your organization—on an annual basis—is at the core of an effective and responsive contingency plan.
2. Risk likelihood and impact
Not all risks are created equal. Flooding in a nonprofit’s food storage warehouse is a far more urgent priority than a church’s congregation aging out or dwindling over time. However, both are significant concerns that will ultimately impact income. Organizations should rate risks across two categories—likelihood and impact on business—to assess what solutions should be implemented. Organizations can use a simple “low/medium/high” rating for each category; the greater a risk’s likelihood and impact, the higher its priority within a contingency plan. Keep in mind that some risks carry a low probability and high impact—such as a fire or health worker traveling abroad and returning with a highly infectious disease—but all risks should be addressed in contingency planning. This worksheet is a helpful tool for rating risks by their level of impact and likelihood.
3. Who’s in charge?
Once risks are assessed, rated, and assigned a solution, they also need to be aligned with a team responsible for carrying out the work. Solutions may require a number of action steps and preparation measures to be implemented beforehand, such as setting up IT technology so that employees can work from home or conducting staff trainings. Many corporations use crisis management teams to help execute contingency plans and communicate information internally about a crisis, which reduces panicking and confusion.
Contingency planning can feel daunting, but taking the time to understand the risks impacting your organization can save time, money, and even lives.