JFL Conference Presentation - October 27, 2014

8/10/2019 JFL Conference Presentation - October 27, 2014

1/28

Risky Business

Risk Management 101

32 nd Annual Conference oAssociation o


2/28

Why focus on Risk Management today?

Free loans face low catastrophic risk, but are subject variety of risks

**have large volunteer boards****small nucleus staff **

** efficiency and effectiveness challenges**

Well run non-profits are expected to establish strongovernance practices and effective risk management oversig

** more effective and efficient****face fewer negative surprises**

**better able to successfully deliver on their strategic objectives**


3/28

Topics to be Covered

A Word About Risk

Institutionalizing Risk Management

Building a Risk Plan


4/28


5/28

What is Risk Management

Risk management is about identifying, assessing managing all types of risks that could negatively impactoperational performance and achievement of strategic objectiv

The benefits of effective risk management areReducing surprises by identifying potential risks in advanceEnabling determination if satisfactory controls are in placeMitigating impact and speeding recovery when risk materializes


6/28

Goal - Institutionalized Risk Management

How:an established

risk managementprogram

Getting th

Create and f

a Risk P


7/28

Risk Management Program Is an Ongoing

businessactivities

strategic

prioritiesplanning

To be effective:Ongoing process. Continreview and changeReflect emerging experienand environmentIntegral to managing oper

planning all decision maPart of organizations cultusize and complexity

Comprises policies and prcommunicated and complaccountabilities


8/28

Risk Plan Is a Point in Time Look

Risk Plan comprises: Outline of risks and their potential impa Outline of risk management practices (or

controls) used to reduce likelihood andmitigate impact

Details of strategies/actions to be execuaddress priority risk management issues

Details of accountabilities for implemen Details of responsibilities for monitorin

implementation progress

Risk Plan .

. .


9/28

Institutionalizing Risk Management

Creating a Risk Plan

Codify key business activities, strategic priorities and stakeholders Perform a review of key risks and their potential impact, assess theeffectiveness of risk controls and create a focused action plan toenhance controls on a prioritized basis

May want to submit a summarized risk plan to key stakeholders

Establishing a Risk Management/Governance Program Codify policies and procedures to effectively identify, assess, manag

and monitor risk, and govern JFLTs operations, on an ongoing basisRisk plan may set out phased implementation plan


10/28

How to Develop A Risk Plan Establish a group to focus on risk management/risk plan

Periodic progress reports to Board and potentially other key stakeholders

Codify key activities, strategic priorities, key stakeholders

Identify and assess potential risks and impacts Survey, selected interviews, review of strategic plan, review of past experien Group discussion and consensus

Review and assess risk controls and create action plan Review of policies and procedures to determine effectiveness ratings Group discuss of tolerances, control gaps and priority action plans in group

Codify decisions in risk plan and assign accountabilities


11/28

A Risk Plan Illustration for a Jewish Free Loan Soc

CodifyingKey Business ActivitiesStrategic PrioritiesKey Stakeholders


12/28

Illustrative Key Business Activities Underwriting loans Servicing loans Managing problem loans Marketing services Securing funding Investing reserve funds Managing human resources

and programs

Are there any activities that we could not live without? Over what tim

Financial reporting Reporting to/liaising wi

funding partners and do Complying with laws,

regulations and funderrequirements

Governing operations


13/28

Illustrative Strategic Priorities

Enhance loan offerings and quality of client service

Modernize and increase effectiveness of marketing Enhance governance practices

What could take any of these off the rails?


14/28

Illustrative Key Stakeholders

Major funding partners

Members/donors Volunteers

What could seriously damage relations with any of these groups?

Clients

Employees Broad Jewish comm


15/28

A Risk Plan Illustration for a Jewish Free Loan So

Risk Plan TemplateRisk RegisterRisk AssessmentsPrioritized Action Plans


16/28

Risk Plan Template

Risk Likelihood ofOccurrence

Key ExistingRisk Controls

Effectivenessof Controls

PotentiaImpact

Key Control Gaps Priority toClose

PlannedActions

Com

Identified risks and potential impact, risk controls andeffectiveness, control gaps and action plans


17/28

Risk Plan Template (contd)




PotentiImpac

Very likely Likely to happen multiple times in a year

Likely Likely to happen once every year or two

Unlikely Could happen once every several years (i.e. 3-5 years)

Very unlikely Could happen once in 10+ years


18/28





PotentiImpac

Avoid Avoid activity that creates risk

Reduce Put in place operational policies and procedures to reduce likor potential impact of risk

Transfer Contractual arrangements that move risk to external partyinsurance, outsourcing with performance guarantees

Accept Accept potential impact as likelihood is remote and potential not severe based on cost/benefit analysis


19/28

k l l


20/28

Risk Plan Template (contd) Risk Likelihood of

OccurrenceKey Existing

Risk ControlsEffectivenessof Controls

PotentImpa

Financial Access to short term liquidity, long term funding

Operational Ability to carry out business activities in short/med term

Reputation Reputation and relationship with key stakeholders

Strategic Ability to effectively execute on strategic priorities

High Significant damage to reputation, severe impact on cash-flow, materiallong term funding commitments, inability to operate for extended time

Moderate Strained relationship with major funder or majority of donors moderate in cash-flow or funding commitments, inability to operate for shorter p

Low Limited impact in all areas

i k l l


21/28


Key Control Gaps Priority toClose

Planned Actions CompletiDa

High Must have; to be addressed quickly

Medium Should have; can be addressed with lower priority

Low Nice to have; not a priority


22/28

Ri k R i Fi i l Ri k


23/28

Risk Register Financial RisksRisk Description Some things to think aboutShort termreserves/liquidity

Insufficient cash-flow to cover operationalexpenses and loan demands

What could cause a material cashflothe agency frequently run at a defici

Long Termfunding

Reduction or funding from key partners, lossof key funding partner, loss of donor base ordollars

What could cause a loss of funding fHow long could the agency run withprogram offerings be impacted?

Capital securityinvest. Return

Market value losses in reserve funds, orreduced investment income

Does the agency have an appropriatepolicy?Is their appropriate oversight of inve

Loan Losses High losses on loans due to defaults Does the agency have loan loss experienloan, period of underwriting, Other kIs the agencys underwriting policy sprocedures followed; for applicants aDoes the agency have a clear procesloans in arrears and is it followed?

Ri k R i t St t i Ri k


24/28

Risk Register Strategic Risks

Risk Description Some things to think abou

Demand forservices offered

Reduced client demand for loansMaterial reduction in client base

Is there a size when the agency bfor major funders to bother with?

Awareness ofagency

Lack of client and referring group awareness ofagency services

Is the agency effectively marketito the right groups?Do the clients referred to the ageloans meet key basic criteria?

Ri k R i t O ti l Ri k


25/28

Risk Register Operational RisksRisk Description Some things to think aboHumanResources

Adequacy and expertise of staff and BoardKey person risk Executive Director, President,Chair, Admin staff

What is at risk if an individuaAre policies and procedures doAre staff cross-trained? Are volappropriately trained?Is there a code of business condthat is signed off on by staff/vo

Regulatory andothercompliance

Compliance with laws and regulations pertainingto charitable organizations, terms of fundingarrangements, internal policies and procedures,

Board governing documents

Is there an inventory of all requmechanism to ensure all complIs there a process to keep abrea

regulatory/legal changes?Businessdisruption

Severe weatherDamage to premisesBomb or other threats

If the office is unavailable or sycan you conduct essential businIs there a set plan to deal with c

Data security Breach of confidentiality of client dataLoss of critical client, financial or other data

Is there adequate security?Is there appropriate off-site dataIs there a response plan should

Ri k R gi t O ti l Ri k


26/28

Risk Register Operational Risks (contdRisk Description Some things to think aboutEmployee andvolunteer safety

Physical harm from threats orsecurity breach

Are employees/volunteers trained for emergency sIf agency is small, are employees/volunteers meetipotential clients which may be unstable?

OutsourcingPerformance

Non-performance of outsourcingpartners

What critical functions have been outsourced?Are there performance guarantees, and is performaWhat would happen if outsourcing partners not ablHas a risk assessment of outsourcing partners been

Fraud and theft Staff or volunteer theft,Client fraud

What controls are in place to minimize this risk?What can be done to minimize impact in the event

Relationship withkey partners

Breakdown in communications,non-delivery of requirements,reputational damage

How does the agency ensure these remain strong?Have there been any issues in past?Do staff/volunteers know who can speak for the ag

Governance Ineffective oversight by Board/Executive Committee

Does the Board feel they have enough knowledge to effectively oversee operations and strategic prioIs there an effective mechanism for making key de

Concl ding Messages


27/28

Concluding Messages

Well run non-profits are expected to have strong governa

practices and effective risk management oversight

Jewish Free Loans may want to institutionalize risk managpolicies and procedures and prepare a risk plan as a first step

journey will be as important as the destination

You will become more effective and efficient, face fewer negativesurprises and be better positioned to successfully deliver on yourstrategic objectives


28/28

Questions and AnswersThank You

Documents

JFL Conference Presentation - October 27, 2014