Assessing Risk in the NGO Sector of Uganda - Risk Management in NGO Programming – An overview of the IRMG Working Group

Known for its pragmatic strategy to rebuild institutions - where image is everything and safe programming is essential, the Internal Risk Management Group (IRMG) that boasts of over 70 member organizations has a brighter future than many thought. The sensitivity to which safeguarding and internal risk matters are concerned, requires effort, resources and structural adjustments to foster its appreciation.

To continue improving organizational culture concerning dealing with fraud and corruption, through implementing the recommendations great importance has often been geared towards carrying out assessments of best practices and gaps, on fraud and corruption prevention, detection, and management. The IRMG members are thus akin to this fact given that many organizations have placed more focus on finance rather establishing more robust systems that provide a more comprehensive approach towards risk management. As such our assessment have proven that: -

Risk management frameworks have grown incrementally: 70% had, at least, a fraud policy. However, only 30% had explicit risk management policies or plans. In several cases, aspects of risk management were found across multiple different policies dealing with different aspects of risk.

Recommendation: IRMG could work towards establishing a minimum standard for what policies should be in place to effectively manage risks. The IRMG Risk Management Manual also provides guidance on what risk management framework should, ideally, consist of along with templates for some key tools.

Risk management frameworks and policies need to be implemented: Policies need to be complemented by adequate resources and capacity development. Several NGOs noted that this was often not the case when policies where externally imposed. However, where donors have provided support to build internal capacity, NGOs reported positive outcomes.

Recommendation: While additional donor support for building internal capacities of NGOs for internal risk management would be desirable, this can and should not be relied on in the current context. Instead IRMG members should seek to pool resources to deliver training and capacity development (something which is currently taking place).

Continuous review of risk management framework is needed: The risk environment within which NGOs in Uganda operate is not static, yet few organizations report that they regularly review the framework or policies put in place to manage risk.

Recommendation: NGOs should put in place processes for the regular review of their risk management frameworks and associated policies and documents, including assigning clear roles and responsibilities for this.

Insufficient capacity to analyze and mitigate risk: Respondents suggested that NGOs often deal with risks on an ad hoc basis and that there is a need for a better understanding of how to understand the impact of conflict and political dynamics on the delivery of interventions.

Recommendation: Further training should be provided to NGOs on how to analyze risks and develop risk management processes. The IRMG Risk Management Manual provides guidance and tools. However, hands on training will be necessary along with developing additional capacities of select staff within the respective NGOs to provide sustainable longer-term capacity building and guidance to colleagues within their respective organizations.

A strong board is considered critical: A common factor identified as critical to effective oversight and ensuring that adequate attention is paid to risk management is having an active board in place, with committed board members who bring a broad set of relevant skills to the table. A strong board ensures that organizations are not owned by one individual (i.e., founder’s syndrome) and can push for the adoption, implementation and continuous review of risk management or related policies. Boards were also seen as playing an important role on setting the tone and influencing broader organizational culture and management practices.

Recommendation: When NGOs identify the need, IRMG should explore the possibility of providing support to raise awareness of the board on the role that they should play, particularly as it relates to risk management, and developing the capacity of board members to play a more effective oversight role.

A focus on organizational culture is needed: Effective internal risk management is as, if not more, dependent on organizational culture and the attitudes and behaviors of the individual staff members as it is on policies, processes, and systems. A major risk identified by NGOs was staff ignoring existing risk management mechanisms or, as noted in relation to capacity to analyze and mitigate risk, having come to accept a high level of risk as the norm.

Recommendation: NGOs, from the board down, should place emphasis on building and maintaining an organizational culture focused on risk management and active compliance with related policies.

Accessibility of information, policies and training should be considered: NGOs suggested that consideration should be given to how information is consumed in the Ugandan context and that there is an aversion to reading long documents. This applies to NGO staff as well as rights holders. This will require innovative thinking around how best to communicate on risk management frameworks and associated policies and documents as these often tend to be lengthy and are at times written in an inaccessible way. The same also applies to training and internal communications.

Recommendation: As part of developing its advocacy strategy, IRMG should consider innovative approaches to communicating around risk management that does not rely on lengthy written documents. Approaches taken by NGOs have included having discussions around actual cases of fraud and corruption that have occurred within their organizations, using it as a learning opportunity, and regularly reinforcing the core values of the organization.

These in general, provide ground for setting up standards and mechanisms that are effective, reliable and sustainable.

 

Comments

Popular Posts