Not-for-profit vs. private

Risk mitigation involves the establishment of structures that aim to reduce the exposure and likelihood of an adverse occurrence or, reduce the impact if it does occur. (1)

For risk mitigation strategies to be successful, major risks need to be anticipated and planned for – rather than addressed reactively after a situation arises. For this reason considerable time is invested into the development of risk minimization policies and procedures at the enterprise level that encourage the automated flow of activities at the operational levels. Ideally, integrating steps into the operational guidelines that promote risk prevention, allows more resources to be allocated to developing new strategies (that identify new gaps), whilst also improving existing strategies. (5)


Freeing up resources otherwise dedicated to supervising high risk activities means organizations are able to commit more time into getting a better understanding of the organizations risk appetite. Doing so allows risk professionals to allocate and prioritize these risks as either ‘that which should be further exploited for profit’, or those that ‘need to be avoided altogether’ (risk appetite vs. opportunity). (5)


The effectiveness of a mitigation program is measured by:

a)       Its versatility to address the full scope of risks including; market, credit, strategic, reputation, business, legal and biometrical risk, and

b)       How timely a purposeful response is enacted to risk occurrences.

Mitigation responses are facilitated by risk triggers – that act as pre-emptive signals to distinguish increases in the likelihood of a risk event occurring. These triggers are determined by individuals usually employed in an Actuarial role who apply subjective value judgments to information collated from internal/ external quantitative and qualitative data (statistical reports), market intelligence, and investigative feedback (as well as one’s own personal bias generated from cultural, educational, familial and group influences). (5)


From there, any deviation from the expected system metrics would trigger management to address the issue. Proactive risk management will not only ensure those trigger levels are in place, but that;

-          Someone is assigned responsibility to monitor them;

-          Sufficient tools exist to allow such monitoring; and

-          Escalation procedures exist to progress unresolved issues. (5)

Non- Financial Organizations:


A Not-for-Profit institution (NPI) does not distribute profits to shareholders and as such are regarded as ‘independently constituted’. Overall NPI’s manage to contribute around 4.7% GDP to the economy with the highest contributing industry being education and research. (4)

When measured against other Australian industries, NPI’s contribute more GDP than communications, electricity, gas, water, accommodation, cafes/restaurants, personal services, and cultural & recreational sectors. This benchmark compels NPI’s to continue to demonstrate high GDP contributions to maintain government support. (4)


In most cases, the Director’s of NPI’s are unpaid, non- executives and thus aren’t usually experts in the industry sector concerned; however they are usually experts in business management. This trait can however expose them to bias executive value judgments that lead to decision- making that is unsupportive of the group’s (Board’s) objectives. (4)


NPI’s are responsible for reporting to numerous stakeholders including; government departments, major donors, service users (beneficiaries), volunteers & others – creating a complex range of accountabilities. They exist to achieve specific social, cultural or education purposes in accordance with either Corporations Law, or Incorporated Associations Law. (4)


NPI’s must achieve targets in the form of demonstrable social reform whilst also striking a financial balance, between spending to meet current social needs, and investing to sustain future reserves.

For NPI’s like the ‘Not-for-profit’ X organization these targets revolve around providing relief and support services to the community as a means to creating a better cultural climate overall. Doing so prevents individuals from resorting to destructive, hopeless, or criminal lifestyles, which bears a toll on the individuals, families, and the community.

The nature of these support services vary greatly from sporting events that encourage youth off the street during high crime hours, care programs for disabled teenagers, to exercise programs for the elderly. (4)

To compliment the efforts of the community support division, the ‘Not-for-profit’ X organization also derives funds as charity direct from the public and government or, as investment contributions from sponsors, and profits collected from running educational institutions. (3)

As outlined on the ‘Not-for-profit’ X organization website, the main sectors of operation include; addition services, aged care, child sponsorship, counseling, court and prison services, disability, domestic violence services, employment services, family support services, gambling services, homeless services, migrant services, and second hand retail outlets. (3)


Financial/ Insurance Institutions:


Insurance Company X is a blue chip, global institution that exists for the purpose of distributing profits to its shareholders. With a focus on Financial and Insurance lines of business, ‘Insurance Company X’ operates according to a typical Corporate Governance model, which places shareholders at the top of the hierarchy. (2)


The shareholders are positioned to appoint and review the performance of each board member – as a process of their overview role. Outcomes are dependent on the success achieved by the board’s decisions concerning the reinvestment of capital into ‘Insurance Company X’ operations.

The ‘Insurance Company X’ Board is comprised of one executive and 6 non-executive directors, whose custodial responsibilities compel the formulation of business objectives that aim to ensure a worthwhile return on investment. Parallel to these initiatives are the liabilities that compel the board to provide risk awareness across the ‘Insurance Company X’ group for the purpose of improving risk control – in accordance to the ‘Insurance Company X’ Group’s risk framework. (2)


This means developing directives and allocating funds such that operational stability is maintained, and profit is generated.  These directives are communicated to the CEO who is responsible for coordinating their achievement by allocating corporate responsibilities among each senior management sector. One of these sectors is the Group Risk Department, which also performs an overview ole that ensures operating entities are adhering to the risk framework. From this the Group Risk Department is able to determine ‘Insurance Company X’ risk profile (via quantitative and qualitative analysis), which its reports back to the CEO.  (2)

Major Sources of Risk:


a)       Market Risk:

In this category losses are facilitated by interest rate changes, equity process, real estate values, commodity prices and foreign exchange rates. Unlike NPI’s, financial institutions adopt corporate strategies that temper the impact of market influences. Mitigation strategies that address market risk are more appropriate for financial organizations due to their emphasis on income generating activities.  (2,5)


b)       Credit Risk:

Credit risk concerns the potential for the value of a portfolio to decline due to non-performing debtors, bond issuers, reinsurance partners/ counter parties to meet payment obligations or change their credit worthiness. Once again the nature of this risk is exclusive to financially focused organizations. (2)


c)       Strategic risk:

This focuses on possible adversity that could arise from management decisions concerning business strategies and their implementation. This also includes management’s ability to analyze and respond to external influences – which have the potential to impact the organizations achievement of objectives. (5)

Since ‘Insurance Company X’ operates solely to generate and return profit to shareholders, strategic decisions are based on the impact to the bottom line and as such, mitigate strategies are developed to analyze and assess the strategic risks quarterly. (2)


d)       Reputation risk:

This can result in immediate or future loss due to declining reputation of the ‘Insurance Company X’ brand, from either poor judgments executed at the group level, or specific incidents occurring at an operational sector. Reputation risk can adversely affect the perspectives of the shareholders, customers, staff, business partners and the general public. To mitigate against this each operating sector works to identify and assess reputation risks as a part of everyday business processes – and assesses them quantitatively as a part of a quarterly review. (2,5)

e)       Business Risk:

Business risks concern potential loss resulting from inadequate or failed internal processes, personal and systems, or external events. Business risk consists of operational risks resulting from inadequate or failed internal processes, incompetent personnel or systems, or external events such as electricity breakdowns or employee fraud.  Cost risks are concerned with unexpected changes in business assumptions, earning fluctuations – particularly reduced income without a correlating decreased in expenses, as well as budget deficits from lower revenues or high costs that budgeted.   To mitigate, ‘Insurance Company X’ has developed a group-wide operational risk management framework with a focus on early recognition and proactive management of operational risks.  Roles and responsibilities are defined including that of local risks managers who ensure the framework is effectively implemented among the operating entities.  Furthermore a central loss database has been managed since mid 2008, which is designed to provide timely information to senior management about operational risks, which need attention. Doing so means risk prevention processes are reviewed and improved. (2,5)


f)        Legal Risk:

Legal risks arise from an organizations inability to meet minimum requirements under the various legislative acts. Regardless of the underlying causes (ignorance, incompetence or resource limitations) hefty consequences can result including; fines, imprisonment, bad press, reputation damage, regulatory sanctioning, audit, loss of clientele, and fallout of business relations. 

Whilst these legal risks often differ in nature between ‘Insurance Company X’ and the ‘Not-for-profit’ X organization (i.e. SOX requirements vs. care standards for the aged) both are equally obligated to meet requirements.  In this regard legal risks can be considered a greater concern for NPI’s like the ‘Not-for-profit’ X organization, because they are imposed with the same obligatory requirements, but with fewer resources to achieve them with. (2,3)  


g)       Biometric Risks:

For ‘Insurance Company X’, life/ health biometric influences become a concern with regards to the health of a life-insurance policyholder, particularly those that bear the potential to cause a policyholder to fall terminally ill or die before the age of 65. Whilst individual cases are to be expected in such a discipline, considerable losses can occur when a catastrophic event impact the health of numerous policyholders (i.e. Bird Flu). Such an event would require ‘Insurance Company X’ to draw reserve funds otherwise retained for investment purposes – to pay claims.

To mitigate this, life insurance pricing is calculated and adjusted according to life expectancy of policyholders, as well as the potential for unforeseen external influences to impact one’s mortality – at a local, interstate and global scale. (2,5)

Whilst the effects of biometric influences differ in type for the ‘Not-for-profit’ X organization, they can be equally if not more devastating on resources and reserves – particularly in extreme cases such as pandemic and ‘globally pandemic’ disasters (influenza). Due to the structure of the Australian health system (prioritizing private-health policy holders) such an occurrence would leave the under-privileged members of society without lifesaving medications and recuperative care, and instead dependent on sparse resources of charity organizations. Thus, for NPI charity organizations like the ‘Not-for-profit’ X organization, biometric influences bear the impact to exhaust and expire community aid resources altogether.  (3)

Unfortunately, the key mitigation approach involves the development of discriminatory and contradictory polices that define when resources (aid) must be withdrawn and reserved, despite the increasing demand. (5)


Mitigation Strategies


The following details some of the major mitigation strategies that can be implemented for the sake of improving processes at the corporate and operational levels of an organization. (5)

It should be noted that whilst ‘operational objectives’, ‘sources or risk’, and ‘consequences’ differ between NPI’s and financial institutions – the mitigation strategies implemented at the enterprise level are the same.

1. The establishment of good corporate governance principals.

Overall risks associated with non-achievement of objectives can be remedied, in a broader sense, by applying effective corporate governance structures, so corporate performance is improved. These structures must be developed according to best practices that aim to achieve the objectives of the organization, and ideally should be drafted up by legal professionals. These best practices can cover; best practice with recruiting board members; best practice with establishing an ethical code of conduct; how to best establish an audit committee for financial reporting; and securing the proper insurance cover.  Aside from ensuring operating costs are covered, allocating power and money in a balanced, intentional fashion demonstrates corporate competency to potential sponsors – whom subsequently influence the public’s willingness and support.  (2,5)

- Organizations that demonstrate better corporate structure will appear more credible. (2)

For the ‘Not-for-profit’ X organisation, this means effective resource management & financial accountability is encouraged.  However, as members of NPI boards are faced with unique challenges such as a high dependency on public trust, a tendency to be overzealous when enforcing accountability is encouraged – to the point that all funds are spent on programs. If left untreated/ disregarded, it can result in a jaded public view & subsequent loss of sponsor/ community respect/support. (2,5)

2. Regular appraisal and accreditation of the board members.

This helps ensure that the 4 main Board tasks of; policy formulation, strategic thinking, supervision of management, and accountability – are organized as an interactive, balanced cycle. Ideally this encourages the board to take a broad view of the issues – which often promotes prioritization according to key objectives, rather than micro managing, or quite simply – bias promotion of ideas instilled from time working in previous appointments.  Ideally board members must demonstrate a desire to act in the best interests of the group, regardless of whether these are contrary to interest groups or the stakeholders who nominated them to the board. (2,5)

This assists by maintaining entrepreneurial flair to the boardroom by approaching business people to join their board. Doing so provides better access to networks that result in sponsorship & business partnership. Additionally the financial & planning skills base is ensured which protects against reckless financial value judgment. They need to win the talent and dollars of supporters. (2,3,5)

This protects against risks associated with poor performance due to incompetent staff members who are unable to deliver on missions. This protects against loss of public image, reputation and support due to poor decision making. (5) 

3. Effective allocations of funds & allocation of power for decision-making purposes:

This protects against the expiration of funds otherwise provided by sponsors, communities & businesses, and is achievable through the creation of measures that plot the success & achievement of their mission. A good strategy to mitigate against this is to adopt the “Public Value Strategy”, requiring the following calculations to be considered prior to committing to any strategy: (5)

a)       Does the strategy satisfy that it works towards the ultimate value the organization seeks to produce?

b)       Is there demonstrable public value that meets the desires of the 3rd party players – such as donors or governments?

c)       Does the organization have the operational capacity to undertake this project? (5)

This protects against poor performance with regards to achieving non-financial objectives vs. financial objectives, which affects public image/ reputation, and subsequently causes hesitation & reluctance on part of sponsors, communities & the government to offer proceeds. (5)

  1. Operational policies and procedures:

There are 3 main operational approaches adopted by NPI Boards, being stewardship (or agency), political, and managerial. Whilst Stewardship is viewed as the ideal approach, resource limitations mean that board members are often required to be involved in the hands-on management of the organization. This can prove to be a downfall as it removes them from focusing on strategic board responsibilities, and prevents the board from acting as a Holistic team – which is a key driver in an effective corporate governance structure. (4)  


  1. Recruitment policies:

The success of an organizations programs is directly reliant on the availability of man hours from both wage earning & volunteer staff that provide the support to administer, organize & host programs. Any deficiency in manpower would render a program, or part thereof – inoperable.

Insufficient staffing, or high staff turnaround for a financial organization causes direct financial loss. Within reason, it is more cost effective to maintain an employee by increasing their wages than the marketing costs necessary to recruit a new starter. (5)

As it takes time to accumulate trust between clientele and staff, the loss of an employee can also mean the weakening of a business relationship. Staff leaves the project team and needs to be replaced without a loss of project-specific knowledge. The most important mitigation task for this risk should be that a strategy for the training of new staff during the project lifetime is already developed at project initiation. When project staff changes, transition periods need to be put in place where old and new staff work together on the same tasks. (5)


  1. Business Analytics Risk Review:

BARR is intended to prompt forethought on behalf of an organization’s CFO regarding the best way to allocate risk capital, such that the value of each mitigation intervention can be demonstrated independently of non-risk focused investments. BARR is a process adopted by major financial organizations as a means to analyze and compare the effectiveness of an organizations risk management controls, against those of other organizations. (7) 

Also, strategies aimed at exploiting positive risk consequences (upside risk) can be included at the risk management-planning phase, alongside traditional risk control purposes (downside risk) that aim to eliminate, prevent, and mitigate outcomes. The focus of these upside strategies is to exploit, share, enhance and ignore opportunities. (7)

For ‘Insurance Company X’ this means that capital is allocated and solvency managed according to the risk capital model, which ensures adequate capital is available for operations to continue after significant loss events. This protects against the over-allocation of capital into investments, which can leave inadequate reserves to cover potential losses through claims. (2)

The Business Analytics Risk Review process can be applied once an internal risk capital framework has been established. (7)


  1. Internal Risk Capital Framework:

This concerns the allocation of funds to be set aside under each sector at the enterprise level, to be used in the event of unexpected, extreme financial losses by splitting reserve funds among each business sector:

-          Property/ casualty

-          Life/ health

-          Banking

-          Asset Management

-          Corporate (2)

This initiative is continued at the corporate level whereby the results are aggregated and assessed at the end of each quarter, denoting whether or not levels of risk capital need to be increased/ decreased for the quarter ahead for each sector. It should also be noted that the quarterly results are to acknowledge how a sectors performance impacts other sectors. (2,5)

Whilst it would take an extremely significant event to warrant the use of reserve funds, the risk capital structure enables the identification of smaller adverse effects within each sector – enabling ‘Insurance Company X’ to analyze each source of risk exposure. (2)


  1. Pricing and Risk Appetite:

Similarly to an NPI’s need to allocate funds that support the organizations continuation into the future, ‘Insurance Company X’ must strike a balance between investing funds into financial growth strategies, and saving to cover for current liabilities – such as claims costs. (2)

Once an internal risk capital framework is established, an organization can determine its risk appetite in an attempt to mitigate/control the impact of poor pricing that proves detrimental to business operations. (5)


Appropriate pricing ultimately protects against liquidity risk, which for any organization becomes an issue when current, mid term or long-term payment obligations cannot be met. (2)

For major financial organizations, refinancing would need to be considered – at the risk of a higher interest rate applying.  NPI’s however would rely on the mercy of its stakeholders to continue funding operations; otherwise the organization would simply cease to exist. (2)   


At ‘Insurance Company X’, this mitigation approach is complimented by enterprise level initiatives that promote ‘diversification’ and ‘actualization’.(2)

Diversification is a term used to describe the practice of limiting the impact of any one single source of risk by ensuring that the development and acceptance of risk, is neutralized by the positive business development opportunities present in others (risks). This essentially means the avoidance of disproportionately large risks by establishing the ‘risk appetite’, which specifies what level of risk is acceptable in the pursuit of profit. Failing to do so would see ‘Insurance Company X’ falling short on meeting liability payments, and becoming insolvent. (2,5)

Actuarial practices compel ‘Insurance Company X’ to consider internal and external segment (industry) performance that forecasts future trends likely to result over the preceding 12 months. This ensures Underwriters are well informed of market influences and price accordingly. Failures in this process become evident when underwriting profitability (premium) is less than expected and results in outgoings that exceed that exceed in goings (claims costs/management costs vs. premium). (2,5)


Mismatches in the timing of cash payments and funding obligations can be a contributing factor, which ‘Insurance Company X’ attempts to mitigate using local asset management systems designed to ensure that client’s assets and liabilities are adequately matched. Also, excess liquidity (capital) is centrally pooled and can be transferred to specific operating sectors if necessary. (2,5)


If we were align ‘Insurance Company X’ tendency to risk behavior based on its risk appetite and in accordance to grid and group typology, it would be deemed a ‘Corporate Body’ that demonstrates internal and external relationship patterns that conform to a ‘hierarchical’ way of life. (6)

For the ‘Not-for-profit’ X organization, there is a ‘fatalistic’ underlying tone, given the vacancy of shareholders to dictate directives… instead, in their place are the needs of the community that compel and pull the organization into action. More significantly however is the egalitarian influence over the organization, which is most evident at the operational levels whereby the group is compelled to enter environments of high personal risk in the pursuit of goals. (3,6)    


  1. Reporting and recording systems:

Due to resources limitations (capital), ‘non-compliance’ due to poor financial data quality/collection is a possible risk for organizations like the ‘Not-for-profit’ X organization. For NPI’s this can result from technical system failure (computers and processing systems) due to a reliance on makeshift programs and donated computers. As the implementation of updated processing systems/ technical support is not always an accessible option (due to a lack of funding), NPI’s can be left with no other option but to fine tune existing systems, and if necessary – implement manual reporting methods, in an effort to satisfy SOX requirements under the Act. (2,5)  

This is achievable through the implementation of operational guidelines and checklists that ensure reporting and recording of information is completed adequately. (5)


  1. BCP & Disaster Planning:

The justification process for continued investment into BCP is demonstrable in organizations improved resilience and capacity to respond to business interruptions/ disasters – which otherwise bear the potential to disrupt the achievement of business objectives. (7)

This is evident in the effective, efficient and automatic actions that aim to minimize the initial spread/growth of the disruption in its early stages.  Improvements attributable to BCP can be measured against previously slower response time frames, and greater costs/ losses – where disaster/disruption responses haven’t been considered or prepared for. (7)

As such, the return on investment calculation will display non – BCP supporting organizations as experiencing greater costs – exponentially, than those organizations that do invest in BCP as a worthy risk management tool. (7)

Addressing the risk event with a predetermined plan will impact the spread of the disruption. (7)


  1. Occupational Safety and Health:

Whilst the success of OSH initiatives is more pertinent for mitigating loss in NPI’s given the obvious environmental differences, financial organizations carry equal expectations to minimize costs arising from employee illness and injury. As such the appointment of in-house Occupational Health and Safety specialists or the implementation of OSH policies help to reduce the risks associated with workplace injury. Such occurrences can exposes the individual to temporary or long-term harm; the organization to increased insurance costs; litigation action on the basis of negligence; reduced workplace morale; and regulatory sanctioning. (2,3)  


For the ‘Not-for-profit’ X organization, the risk of injury to aid workers is high, especially for those who engage with the public, where the associated hazards are prevalent. In this regard workers are required to enter environments that are privy to hazardous elements such as violence, drug use, disease, and depression. (2)

Emotional/ psychological trauma is a common adversity experienced by staff that directly engage and counsel those in need, particularly those who facilitate the ‘addiction programs’ involving needle exchanges, withdrawal programmes, and counselling for the youth, correctional clients, intravenous drug users, women and the homeless. (2)

Metal and physical, fatigue related injuries caused from stretched staffing resources or inadequate tools can at the very least, cause high claims costs.  These injuries varied widely from exhaustion, to motor vehicle accidents, to neck and shoulder strains. Strains and sprains are a prevalent cause of long term claims in the aged care sectors due to the physical labor required to complete common manual handling tasks such as lifting people in and out of ‘low care’ beds’. Claims are also caused from crouching into cramped spaces to operate equipment, as well as the more acute back strains sustained from catching a falling patient.  (7)


Whilst the likelihood of any significant OSH occurrences are low for financial organizations, the development of OSH policies and procedures will still benefit business objectives as well as lower the premiums associated with mandatory Workers Compensation polices.
For the ‘Not-for-profit’ X organization however, regular review and update of OSH policies and procedures is necessary as a minimum line of defense – which is usually carried out by an in-house OSH Specialists. The efforts of the OSH Department can be complimented by; transferring risk over to insurance policies; appointing First Aid Officers; supplying PPE; and consulting with mediators such as Risk Management Consultants and Insurance Brokers. (3,5)    


  1. In-house legal department:

Contractual agreements such as those associated with outsourcing arrangements have a complex implementation process, which in itself bears substantial legal risks. Direct and indirect losses pivot around possible litigation outcomes for major financial organizations as well as NPI’s, such as:

-          Capital loss from rulings,

-          Reputation damage from media releases/ publicly accessible court records, and

-          Productivity reduction from imposed sanctions.

This justifies the investment into a legal risk advisory team, as a risk management mitigation tool to prevent such outcomes. The appointment of such individuals would enable high-level assessments & audits to be conducted on contracts and agreements as well as auditing on established agreements. (5)

A legal risk analysis will identify key legal risk events involved with; service delivery terms, bidder proposals, tender proposals, negotiations and dispute resolution. (5)

The investment is justifiable by comparing the losses incurred by other organizations (information accessible from court records) that engage in similar agreements – but did not seek legal advice beforehand.  The ROI calculation would appear as follows:


ROI = Potential legal costs/losses imposed by magistrate – annual costs of appointing a legal team

Cost of legal team (inc establishment costs)


%ROI = 3 million dollars – $500,000



= 500% return on investment












Proactive risk management is vital for every organization in today’s progressive global marketplace. As the recent worldwide financial crisis demonstrated, companies that fail to effectively anticipate and mitigate their risks are endangering their business assets, the jobs of their employees, and their existence. (5)


For larger financial corporations, investment into mitigation strategies that address risk from all levels (corporate to operational level) can be crucial to ensuring the success of multi-million dollar development initiatives. Without a comprehensive plan to identify, analyze, and manage potential risks, these issues could prevent important products and services from reaching the market in a timely fashion. Sustainable business success can be achieved for large financial organizations if the right balance between financial investment and risk investment is achieved. Too much investment into risk management strategies will diminish the organizations commercial success (outgoings exceed top line profits), yet too little attention can expose the organization to extensive commercial loss. (2,5)


For non-financial institutions, mitigation strategies can mean the difference between the sustainable continuation of much needed community aid, and the extinguishing of resources altogether. Compounding these challenges is the increasing complexity of the global market, as well as significant marketplace pressure to introduce new, safe and effective products as quickly as possible.(3,5)


By prioritizing and planning for major risks as a usual corporate process, the risk management department has a greater chance of reducing or avoiding undesirable risks entirely. Well-designed risk mitigation strategies and solid contingency plans greatly increase the chance that quick and appropriate responses are enacted when problems occur. It is hoped that even unexpected issues can be handled successfully with robust risk management procedures (contingency planning) in place. (5)

Written by

Comments are closed.