By Erin Gloeckner
Risk management is a team sport. A team approach encourages the consideration of alternative perspectives on risk, as well as integration of aligned risk management practices throughout your organization. Still, it helps to have an experienced risk management thought leader on board; this ‘risk champion’ can inspire buy-in from the whole team and ensure that your approach to risk management is understood and practiced consistently throughout your organization. If your team doesn’t have a risk champion, or if you’ve recently assigned a newbie to a risk-centric role, take a moment to learn from these nonprofit leaders who graciously answered our Risk Champion Q&A.
If nonprofit risk management was a TV show, these folks would be the Top Chefs of risk.
Risk Champion Roll Call
Gaetana De Angelo, Director of Risk at Girl Scouts of Greater Atlanta: Joined the ranks of risk champions after working at the Girl Scouts Council for a few years (her background was restaurant management). Gaetana then decided to go back to school and earn a degree in risk management.
John Enos, Director of Risk Management at Quest, Inc.: Entered the risk management profession after completing a degree program in occupational health and safety and working in the petrochemical industry as a field inspector and trainer. After a few years, John changed industries to work for a third party administrator as a loss control inspector for a self-insured workers compensation account. He worked very closely with an amazing underwriter who shared a wealth of risk management knowledge with him. For the past ten years, John has worked as a risk manager in both the construction and healthcare industries.
Carolyn Gulston, Director of Risk Management at National Multiple Sclerosis Society: Was tempted by a past client to try her hand at risk management. Carolyn worked as a property and casualty insurance broker until she was asked by one her clients to consider becoming their risk manager.
Robert Jones, Assistant Risk Management Director at The Salvation Army, Eastern Territorial HQ: Began his foray into risk management while planning his retirement from the United States Army. Robert was looking for a career field that offered diversity in day to day operations. Risk management seemed to fit the bill and he was 100% correct!
Dawn Fostmeier, Legal Manager/Risk Coordinator @ InterVarsity Christian Fellowship.
Q: What is the biggest challenge you face as a risk champion at your nonprofit?
After completing numerous risk assessments and other consulting projects for our diverse clients, we asked this question with some educated guesses in mind. It was no surprise when Robert Jones said his biggest challenge was, “the size of The Salvation Army along with all of the different types of programs and services offered to the public.” John Enos agreed that, “the biggest challenge for me is that Quest, Inc. offers very diverse services: from a variety of residential and employment options, to behavioral therapy and even a recreational summer camp. It can be difficult assessing the risk associated with so many different operations.”
Carolyn Gulston expressed a related sentiment, that her greatest challenges at National Multiple Sclerosis Society include “managing multiple chapters/subsidiaries as part of the risk management program and getting absolute buy-in from all.” Organizationwide buy-in is an all too common barrier for today’s risk champions. Gaetana De Angelo approaches this challenge by “balancing the use of risk management techniques to inspire confidence” amongst staff at Girl Scouts of Greater Atlanta. Dawn makes an excellent point that practicing both action and reflection can prepare your team to manage unpredictable upside and downside risks. Dawn Fostmeier also inspires confidence at InterVarsity Christian Fellowship, explaining that “InterVarsity does business all over the U.S. and overseas, and the legal team reviews many contracts and regulatory issues. Hotels and other vendor contracts ask us to accept responsibility for everything, including their acts of negligence. Legal helps our staff negotiate these contract terms that could harm the ministry. The increase of unfavorable terms makes reviewing contracts even more important.”
Q: In what ways is your nonprofit’s risk management function unique?
NRMC is a huge proponent of custom risk management policies and self-made risk management plans. We believe any organization’s approach to risk management should align with its unique mission, structure, and culture. This led us to ask the champions how their organizations practice risk management in distinctive ways.
Carolyn Gulston points out that though many nonprofits cannot hire staff to focus solely on risk management, prioritizing risk management from the top down can help you find your path. “What allows me to be effective in my role as risk manager is the support from the national board and leadership. They really take managing risk very seriously.” Carolyn’s situation is unique because in some organizations, conveying the importance of risk management to the board and leadership team is a struggle.
John Enos found uniqueness in Quest’s compelling approach to engaging staff in risk management.“Our philosophy on safety is what makes our risk management function unique. Quest’s safety motto is ‘At Quest, safety is you.’ Safety starts with you and ends with you, no matter what level you are within the organization. That philosophy enables our staff members to actively be involved in two key elements of risk management: hazard recognition and hazard control.”
Gaetana De Angelo also uses a down-to-earth approach to clearly communicate risk management and safety expectations amongst the Girl Scouts’ mega-squad of volunteers. “I feel that we have a very unique situation at the Girl Scouts. The large majority of our program delivery is through volunteers; in our council alone that is almost 17,000 adult volunteers! Various methods have to be employed to ensure that we communicate safety and risk information to our volunteers who are excited and energized about delivering the Girl Scout Leadership Experience. Parents who entrust their children to our volunteers have huge safety expectations. The challenge frequently arises that each adult volunteer comes to us with very different backgrounds and life experiences. I never use the phrase, ‘well that is just common sense,’ as I have come to learn that common sense is very different from one person to another!”
Whether you’re juggling safety concerns, stakeholder relations, or an emerging crisis, Dawn Fostmeier believes that risk champions need to take action. “InterVarsity’s staff and volunteer numbers are increasing and some risk decisions need to be made quickly. The other day I was dealing with a situation and I remember thinking “I wish I had a few hours or days to think through the issues.” Situations happen, and we need to think through all the issues to the best of our ability and use these circumstances to be better prepared for the future.” Dawn makes an excellent point that practicing both action and reflection can prepare your team to manage unpredictable upside and downside risks.
Q: What’s the most important element for creating an effective risk management function?
NRMC clients usually want to know the secret ingredient to best-in-class risk management. There’s no right answer for everyone, so we asked the risk champions what the secret ingredient is at their organizations. Robert Jones was a straight-shooter: “Communication is most important.” Gaetana De Angelo agreed with Robert that communicating the true purpose of risk management is essential. “Many people look at risk management as all the things you can’t do that would make life fun! But, I have always espoused the belief that good risk management makes anything possible. When I read this statement by Felix Kloman – ‘the fundamental purpose of risk management is to inspire confidence,’ I realized that those few words really do explain what risk management is and why it is necessary. The most important element for effective risk management is helping people understand that continual planning and evaluation are the best methods to ensure that we are inspiring confidence to try new things in a safe way.”
Carolyn Gulston also reflected on the purpose of risk management at the National Multiple Sclerosis Society. Her key element is viewing risk management through a strategic lens, and “getting all staff and leaders to see how the risk management process enables us to meet our organizational goals and mission. It is a necessary process that requires everyone to fully understand and adopt this perspective.”
Dawn Fostmeier recognizes that risk management at InterVarsity Christian Fellowship offers protection to the organization’s mission while supporting a positive environment for staff. “Risk plans are only good if they track with the realities of what your group does on the ground. It’s hard for risk staff to factor in those realities when our instinct is to focus on the tasks at hand and how they fit with industry best practice. We should find ways to protect our organizations without deterring the passion and enthusiasm of staff members.”
John Enos embraces not one, but three essential elements of risk management: “To achieve an effective risk management function, the following three elements must be embraced by an organization. We must be committed, we must be involved, and we must all be held accountable. Regarding risk or safety culture, people don’t buy what you do; they buy why you do it. People believe what you believe, which brings me back to our motto: ‘At Quest, safety is you.’”
Q: Can you describe a lesson you learned or a challenge you overcame while striving to improve your nonprofit’s risk management function?
Perhaps one of the best ways to improve your risk management function is to reflect on your greatest challenges and failures. NRMC’s executive director, Melanie Herman, preaches focusing on failures and challenges in order to identify potential areas for organizational growth. Our intrepid risk champions shared their own trials in hopes that our readers can learn from these experiences too. Robert Jones mentioned a common contextual challenge that faces The Salvation Army and probably resonates with most, if not all of our readers: “one of the challenges is trying to do more with less. We have to look at different ways to protect the organization’s liabilities on limited budgets.” Dawn Fostmeier agreed and offered us a suggestion for learning to thrive on limited assets: “As nonprofits, many of us have some level of lack of resources and staff. We can make contacts and check in with nonprofits similar to our own and find out what they are doing to deal with an issue.”
Carolyn Gulston recalled a specific challenge she faced while safeguarding the National Multiple Sclerosis Society. “Up until four years ago, we had different emergency response plans and no focus on how we would resume operations in the event of a disaster. Management realized the need to establish consistent procedures on emergency response and business continuity, and identify key roles/responsibilities in the event of an emergency. A task force was established and was given the resources to develop a comprehensive organization-wide disaster recovery and business continuity plan. It is probably one of the most challenging projects I’ve had the opportunity to lead, but by far the most rewarding professionally, as it increased our level of preparedness.”
John Enos’ experience at Quest confirms that not only is preparation vital to an organization’s survival, but so is the organization’s capacity to react thoughtfully to a crisis or incident. “One challenge that we continue working to overcome is to react appropriately to incidents. Each incident regardless of size needs to be analyzed to find the root cause. The key is not to overreact based on the information gathered. Classic overreacting is ‘we need to write a policy’ or ‘the staff needs “Regarding risk or safety culture, people don’t buy what you do; they buy why you do it.”
– John Enos retraining.’ An example: Sending your entire staff to classroom-style retraining when the incident was a single staff member’s failure to initial paperwork. The staff member had correctly initialed the paperwork 9,999 times before that one failure. The staff member does not need retraining on when to initial paperwork; training is only needed when there is a lack of knowledge and skills required to perform a task. Coaching should be used to help staff members gain greater competence and overcome barriers to improve their work output.”
Gaetana De Angelo faced culturally-embedded challenges at Girl Scouts of Greater Atlanta, including staff pushback against risk management activities. “During my 25 years here, my biggest challenge has been helping staff members and volunteers understand that my goal is not to limit what they do. My goal is to help them find safe ways to do what they want to do. We are trying to surpass the attitude of ‘do it and ask for forgiveness later,’ and instead look at the activity or process from all sides, and feel really confident that we are delivering the best possible service. This entails recognizing that when someone has a good idea, it may still need more work to fully develop it into something first class.”
“My goal is to help them find safe ways to do what they want to do.”
– Gaetana De Angelo
Q: What advice would you give to a new ‘risk champion’ or a nonprofit staff member who is new to risk management?
Here’s the gold you’ve been waiting for – counsel from champions. We’ll let them speak for themselves:
John Enos, Quest, Inc.: My advice to new risk managers is to avoid becoming the department of ‘NO!’ If your response to every question is ‘no,’ then your team members will stop asking for your advice. Try to work as a partner alongside your team so that together, the possible risks or exposures of a new opportunity can be explored and probably controlled.
Dawn Fostmeier, InterVarsity Christian Fellowship: During difficult situations, it can be helpful to think back to a particularly encouraging story from the people you serve. Those stories can keep us going.
Robert Jones, The Salvation Army: Try and gather as much information related to your organization’s risk management program. Attend seminars and other functions such as the Risk Summit. It’s always beneficial to share information with other nonprofits on how they function and handle their programs.
Carolyn Gulston, National Multiple Sclerosis Society: Continue to make it clear that the risk management process itself is vital to any organized entity that is looking to achieve a goal. You must always convey to staff and leaders how important it is to identify things that could prohibit you from reaching your mark, and then come up with methods to keep it from happening as best you can. Our motto at National Multiple Sclerosis Society is, ‘You hope for the best, but plan for the worst.’
Gaetana De Angelo, Girl Scouts of Greater Atlanta: Keep an open mind and start with the positives. As a new risk manager, I was always more concerned with ‘what are the bad things that can happen?’ That perspective sometimes overshadowed clear thoughts about potentially positive outcomes. I now try to look at all the good and all the confidence that can be inspired; then I look at what could go wrong—and I plan for that also.