Internal Auditor’s blogs reflect the personal views and opinions of the authors. These views may differ from policies and official statements of The Institute of Internal Auditors and its committees and from opinions endorsed by the bloggers’ employers or the editors of Internal Auditor.

​​From Risk Management to Risk Leadership

Comments Views

​My congratulations go to NonProfit Quarterly for their interview this month with David Renz [1].

"From Risk Management to Risk Leadership: A Governance Conversation with David O. Renz" has great content, not only for nonprofits but for all of us. Here are some excerpts (emphasis added):

  • The imperative here is to embrace risk leadership rather than just risk management. The question is, are we taking the most appropriate risks our constituents and stakeholders deserve from us, as well as engaging in an appropriate level of fiduciary care
  • The risk-averse — and, frankly, risk-agnostic — character of board behavior leads organizations to continue operations in program areas beyond the time when they are really delivering the greatest value to and for the stakeholder and client communities they exist to serve. There is less perceived risk in being slow to act to make change; organizations seem to think it's safer to make the move to new and different kinds of programming — innovative and entrepreneurial new strategies — only when it's extremely clear that such change is necessary and well advised. But the risk is that of mission performance. You may well be short-changing your clients in a world where the changes in client need warrant earlier and more dramatic changes in programs and services.
  • For me, the bottom line is that there is a myriad of elements that combine to affect how well a board and its members address the issue of risk in the governance of a nonprofit organization. Some are the result of varying levels of knowledge, experience, and overt attention that boards and their members bring to the consideration of risk and what is warranted and appropriate for their organization; and some are the result of seemingly irrelevant factors, such as group and interpersonal dynamics. And they all affect organizational effectiveness. It's time for executives and boards to consider how to more fully and effectively prepare boards to engage in the increasingly important work of risk leadership as well as risk management. Our organizations' futures depend on doing this well.

What I like is the recommended shift from traditional risk management thinking — what might go wrong — to a focus on whether the right levels of the right risks are being taken (something I discuss at length in World-Class Risk Management) — the result of informed and intelligent decision-making.

Those involved in nonprofit leadership will benefit from the discussion of board functions at those organizations, but several of the points also are relevant for other organizations, including whether group dynamics affect board decisions.

I close my in-person presentations with a slide that asks whether you are helping your organizations succeed.

The focus of risk practitioners has to be answering this same question: "Are you helping your executives, board, and management across the extended enterprise make informed and intelligent decisions that drive the organization to success —​ the achievement of its objectives by intelligent risk-taking?"

Making executives or the board risk-averse is paving the path to failure, not to success.

Please contrast this article and discussion with my other post on Positioning risk management to succeed.

I welcome your comments.

Please join the conversation by clicking on the Subscribe button, below.

[1] David Renz is the Beth K. Smith/Missouri Chair in Nonprofit Leadership and the director of the Midwest Center for Nonprofit Leadership, an education, research, and outreach center of the Department of Public Affairs in the Henry W. Bloch School of Management at the University of Missouri-Kansas City.

Internal Auditor is pleased to provide you an opportunity to share your thoughts about these blog posts. Some comments may be reprinted elsewhere, online or offline.



Comment on this blog post

comments powered by Disqus
  • CRMA-Launch-October-2021-Blog-1
  • All-Star-Conference-October-2021-Blog-2
  • IT-General-Controls-October-2021-Blog-3