Risk Happens! – 5 Key Points On Managing It
About the Authors:
Adam Bulkiewicz is an Associate Lawyer at Willis Business Law whose practice focuses on labour and employment, not-for-profit and public sector law.
Dana Young is a lawyer of Council at Willis Business Law whose practice focuses on not-for-profit, public sector, procurement and privacy law.
Your organization’s risk management framework should not amount to a crisis response plan. Instead, risk management should work to avoid crises. The following points highlight some key considerations when developing an effective risk management framework for your organization:
Key Point #1: Charitable Immunity Does Not Exist In Canada
Many charities, non-profits and the volunteers who help them, think because they are doing good, they are shielded from risk and liability. This is called charitable immunity – it is an old legal doctrine that had a short-lived tenure in England and some places in the US but has never been operative in Canada. To the extent this was unclear, the Supreme Court of Canada provided clarity on this point in 2005, indicating there is no such doctrine in Canada. Do-gooders are not immune from risk and liability, so risk management is critical.
Key Point #2: The Board Of Directors Has A Lead Role In Risk Management
Risk management is a lot like strategic planning – different sides of the same coin. Both strategic planning and risk management look at how to best position an organization to achieve its mission and vision. Strategic planning focusses on opportunities, whereas risk management focusses on what might get in the way of achieving the mission and vision. As with strategic planning, the board of directors is responsible to ensure that there is a proper risk management framework in place. The board of directors has a lead role in risk management.
Key Point #3: Avoiding All Risks Is Not Risk Management
Risk management by non-profits and charities can sometimes take on a bizarre and illogical quality. Schools are often the target of media reports in this regard. For example, Toronto’s Earl Beatty Public School banned balls in reaction to a parent suffering a concussion after being hit by a soccer ball. When risks are looked at without regard to the mission and vision, organizations end up indiscriminately avoiding all risks. Ironically, it is this type of risk management that can result in the biggest risk of all: the failure of an organization to deliver on its mission and vision. Risk management is not about avoiding all risks.
Key Point #4: Risks Are Contextual
The impacts of risks when they materialize are not necessarily the same for all organizations. Consider the paramedic waiting outside of a hospital who leans up against the “No Smoking Within 9 Metres” sign, while he or she lights up a cigarette. This is a clear violation of the law. Perhaps the hospital should have a 24/7 patrol of its premises to stop this type of infraction. In all likelihood, the hospital has more important things to focus on – life and death in the operating room, for example. However, if instead of it being a hospital, the paramedic lit the cigarette at a fuel storage facility, then the proper response might be quite different. It is important to contextualize risks and focus on what is most critical to an organization.
Key Point #5: Risks Management Is A Process
Risk management is a process. It involves: identifying risks; assessing how likely identified risks are to occur and if so, the level of impact on your organization; determining a risk response; and monitoring risks to inform appropriate adjustments. Risk management is a proactive process undertaken on a continual basis – not a re-active event.
Being risky is not the same thing as taking risks. All organizations face risk. Risk management is about taking risks safely. It is about putting in place a framework and process that proactively manages risk. Don`t wait for a crisis to start risk management at your organization.
Adam Bulkiewicz & Dana Young
 The tasks that a board must undertake to fulfill its governance responsibility have evolved over time and while there are generally recognized themes, they are variously described and not entirely aligned. Commentators generally agree that the board is responsible for ensuring that an organization engages in risk management and has a framework in that regard. Generally, it will be appropriate for the board to task the ED/CEO with developing and implementing such a framework. Within such a framework, generally, the Board will be well positioned to identify and assess certain types of risks, such as those related to governance, giving the board a secondary role in connection with risk management.
***DISCLAIMER***: The content within this Governance Matters bulletin is provided for general information purposes only and does not constitute legal or other professional advice or an opinion of any kind. Readers of this Governance Matters bulletin are advised to seek specific legal advice by contacting their legal counsel regarding any specific legal issues. The authors and Willis Business Law do not warrant or guarantee the quality, accuracy or completeness of any information provided in Governance Matters, and said information should not be relied upon as accurate, timely or fit for any particular purpose. The information published in this Governance Matters bulletin is current as of the time of writing, but should not be relied upon as accurate, timely or fit for any particular purpose.
Accessing or using this Governance Matters bulletin does not create a lawyer-client relationship. Although your use of the bulletin may facilitate access to or communications with members of Willis Business Law via e-mail transmissions or otherwise, receipt of any such communications or transmissions by any member of Willis Business Law does not create a lawyer client relationship. Willis Business Law does not guarantee the security or confidentiality of any communications made by e-mail or otherwise through electronic means.
This Governance Matters bulletin may contain links to third party web sites. Monitoring the vast information disseminated and accessible through those links is beyond our resources and Willis Business Law does not attempt to do so. Links are provided for convenience only and Willis Business Law does not endorse the information contained in linked web sites nor guarantee their accuracy, timeliness or fitness for a particular purpose.
Copyright © 2018, Willis Business Law, All rights reserved.