Assessing Risk in the NGO Sector of Uganda - Risk Management in NGO Programming – An overview of the IRMG Working Group
Known for its pragmatic strategy to rebuild institutions - where image is everything and safe programming is essential, the Internal Risk Management Group (IRMG) that boasts of over 70 member organizations has a brighter future than many thought. The sensitivity to which safeguarding and internal risk matters are concerned, requires effort, resources and structural adjustments to foster its appreciation.
To continue improving organizational culture concerning dealing with fraud and corruption, through implementing the recommendations great importance has often been geared towards carrying out assessments of best practices and gaps, on fraud and corruption prevention, detection, and management. The IRMG members are thus akin to this fact given that many organizations have placed more focus on finance rather establishing more robust systems that provide a more comprehensive approach towards risk management. As such our assessment have proven that: -
Risk management
frameworks have grown incrementally: 70% had, at least,
a fraud policy. However, only 30% had explicit risk management policies or
plans. In several cases, aspects of risk management were found across multiple
different policies dealing with different aspects of risk.
Recommendation:
IRMG could work towards establishing a minimum standard for what policies
should be in place to effectively manage risks. The IRMG Risk Management Manual
also provides guidance on what risk management framework should, ideally,
consist of along with templates for some key tools.
Risk management
frameworks and policies need to be implemented: Policies need to be
complemented by adequate resources and capacity development. Several NGOs noted
that this was often not the case when policies where externally imposed.
However, where donors have provided support to build internal capacity, NGOs
reported positive outcomes.
Recommendation:
While additional donor support for building internal capacities of NGOs for
internal risk management would be desirable, this can and should not be relied
on in the current context. Instead IRMG members should seek to pool resources
to deliver training and capacity development (something which is currently taking
place).
Continuous review
of risk management framework is needed: The risk
environment within which NGOs in Uganda operate is not static, yet few
organizations report that they regularly review the framework or policies put
in place to manage risk.
Recommendation:
NGOs should put in place processes for the regular review of their risk
management frameworks and associated policies and documents, including
assigning clear roles and responsibilities for this.
Insufficient
capacity to analyze and mitigate risk: Respondents
suggested that NGOs often deal with risks on an ad hoc basis and that there is
a need for a better understanding of how to understand the impact of conflict
and political dynamics on the delivery of interventions.
Recommendation:
Further training should be provided to NGOs on how to analyze risks and develop
risk management processes. The IRMG Risk Management Manual provides guidance
and tools. However, hands on training will be necessary along with developing
additional capacities of select staff within the respective NGOs to provide
sustainable longer-term capacity building and guidance to colleagues within
their respective organizations.
A strong board is
considered critical: A common factor identified as critical to
effective oversight and ensuring that adequate attention is paid to risk
management is having an active board in place, with committed board members who
bring a broad set of relevant skills to the table. A strong board ensures that
organizations are not owned by one individual (i.e., founder’s syndrome) and
can push for the adoption, implementation and continuous review of risk
management or related policies. Boards were also seen as playing an important
role on setting the tone and influencing broader organizational culture and
management practices.
Recommendation:
When NGOs identify the need, IRMG should explore the possibility of providing
support to raise awareness of the board on the role that they should play,
particularly as it relates to risk management, and developing the capacity of
board members to play a more effective oversight role.
A focus on
organizational culture is needed: Effective
internal risk management is as, if not more, dependent on organizational
culture and the attitudes and behaviors of the individual staff members as it
is on policies, processes, and systems. A major risk identified by NGOs was
staff ignoring existing risk management mechanisms or, as noted in relation to
capacity to analyze and mitigate risk, having come to accept a high level of risk
as the norm.
Recommendation: NGOs, from the
board down, should place emphasis on building and maintaining an organizational
culture focused on risk management and active compliance with related policies.
Accessibility of
information, policies and training should be considered: NGOs suggested that
consideration should be given to how information is consumed in the Ugandan
context and that there is an aversion to reading long documents. This applies
to NGO staff as well as rights holders. This will require innovative thinking
around how best to communicate on risk management frameworks and associated
policies and documents as these often tend to be lengthy and are at times
written in an inaccessible way. The same also applies to training and internal
communications.
Recommendation: As part of
developing its advocacy strategy, IRMG should consider innovative approaches to
communicating around risk management that does not rely on lengthy written
documents. Approaches taken by NGOs have included having discussions around
actual cases of fraud and corruption that have occurred within their
organizations, using it as a learning opportunity, and regularly reinforcing
the core values of the organization.
These in general, provide ground for setting
up standards and mechanisms that are effective, reliable and sustainable.
Comments