Small non-profits require processes monitoring the enterprise for loss, including missed opportunity. I have written a manual that puts risk management in the hands of the committees that manage the organization's operations. The processes outlined in this document include:
Weighing in at a total of seven pages, plus a two-page sample statement of risk appetite, this process covers a number of key processes from the King IV Report on Corporate Governance, a highly readable standard from South Africa. It includes:
Dispensing with abstractions such as risk registers and tedious stilted processes such as "risk management meetings", this is a manual designed for busy non-profits with limited budgets operating in uncertain times. Rather than task a "risk manager" with scolding the organization, it puts the risk management activities in the hands of the people who can do something about the potential issues identified.
About the author: I have written some sixty manuals of risk management policy and procedure for five organizations on two continents. I have negotiated working processes and policies with senior executives as well as external auditors. I have instituted risk control self-evaluation processes and obtained clean audits. I have worked with regulators and contributed to standards by which controls are evaluated. I wrote my masters dissertation on the effective use of risk control procedures. The process manual on this page represents a synthesis of work I've done spanning twenty years.