Proper risk management is vital for all Credit Unions. This article looks at why it is important and the main steps of a risk management process.
Risk can be defined as, “the probability that something will occur which will have an impact on the organisation’s (Credit Union’s) ability to achieve its objectives and goals”.
Managing risk therefore links with the Credit Union’s Business Plan and Strategic Planning as risks will be barriers preventing you from achieving the goals you have set out in your Business Plan.
Every organisation has at least some form of informal risk management but in such a highly regulated and ever-changing sector there is a need for Credit Unions to adopt a formal approach.
Benefits of Risk Management
There are many benefits that can be gained from a formalised risk management process:
- Risk coverage- There are too many risks impacting on a Credit Union for any one person to be fully aware of every risk and as a result some may not be dealt with. A formalised risk management process can help identify risks so that they are treated appropriately.
- Focus on risk– The process of developing a risk register and regular reporting on the key risks can help focus the Credit Union on the risks currently facing the organisation and help ensure decisions are made with the risks in mind.
- Dealing with the key issues- The process of reviewing and documenting your risks and the controls can help identify where the Credit Union is unduly exposed to risk.
- Identifying wasted time and resources– Many processes are probably carried out in the same way as they have for years. Systems and risks change over time and you may find that some processes are redundant but are still being carried out. The risk management process can help identify controls which do not prevent any risk and which therefore are a waste of valuable resources. No organisation has resources to waste especially in the current climate.
- Understanding the organisation– The process of creating the risk register should use a cross-section of the staff and Board members as each will have an in-depth understanding of different elements of the organisation. The review of each area will help all those involved to get a better understanding of the Credit Union and its risks. This knowledge can only benefit the Credit Union’s decision-making process.
Risk Management Process
There are a number of steps to the risk management process:
- Establishing the Context- Before you consider the risks you must first establish the context in which the organisation operates. This stage links into your Business Plan where you need to consider a number of aspects including resources and your strengths, weaknesses, opportunities and threats.
- Risk Identification– The next stage is to identify the risks impacting on the Credit Union. Unfortunately, there is no perfect way of identifying all the risks and a range of methods should be considered. In addition, the number of risks effecting the Credit Union is enormous and unmanageable and a line needs to be drawn somewhere. Otherwise you will document the risk of a staff member getting a paper cut.
- Risk Assessment– Each risk then needs to be assessed and prioritised. Normally this involves scoring the risks using a combination of likelihood and impact of the risk. Risk registers are often used for this process.
- Risk Treatment-The next step is to ‘treat’ the risk. The standard responses to risk are: Transference; Avoidance; Reduction; Acceptance. The treatment will depend on both the level of risk that the organisation can accept and what it is willing to accept.
- Review Cycles– Risks are dynamic and therefore risk management should be a continual process and not left for annual or quarterly reviews.
If you require any assistance with risk management please contact Alexander Sloan. We have extensive experience in providing training to not-for-profit organisations on risk management and have developed a risk management framework to assist Credit Unions with their assessment of risk.