Chapter 10: Hope for the best, prepare for the worst: risk management

Risks in non-governmental organizations 

Nowadays, the activities of any organization are increasingly associated with risk, which is primarily the result of the increasing volatility of the environment of virtually any kind. Risk can be seen as insufficient effectiveness of the organization’s activities from the point of view of its goals. Risk management is in consequence becoming an integral part of the management of any modern organization. Managing risks is not a one-time action or a set of activities. It is rather an ongoing, elaborative process that every non-governmental organization should be carrying out.  

As a rule, non-governemtnal organizations are placed in between the public structures (governemnt, authorities) and free market economy. In resutl, mangement in NGOs, including risk management, is quite specific and different from risk management as understood in public institutions and private, comercial companies. 

Characteristics of NGOs that make risks specific to this sector are as follows:

  • NGOs are base don social capital that is the foundation of trust and the ability design and implement joint civic action
  • NGOs operate as a combination of autonomy and social unity
  • NGOs in their nature focus on the grassroots activities and are supported by the beneficiaries of their actions and initiatives
  • NGOs are not profit oriented and towards the achievement of a greater, common community good

Main categories of risks 

When it comes to designing and implementing community-based projects in urban setting, there are some key areas that typically are connected to high risks:

Human resources

risk of having inadequate number of staff and volunteers whose competences and professional capacities may not be sufficient to run a quality project 


risk of not having enough financial means to efficiently implement projects, inadequate way of spending money, lack of documentation to prove expenses, inability to fulfill all the requirements set up by donors, grant dependency (lacking own funds means that most NGOs need to apply for external funding without which they are not able to function in a sustainable way)


risk related to communication between the staff and with the stakeholders, most notably donors and direct beneficiaries; risk of not having sufficient means/competences to effectively planning and implementing project publicity 


risk connected to not having means/competences to build a public image of the organization that would communicate reliability and attract donors and beneficiaries


risk of becoming so dependent on external funding that the organization is not able to choose to implement projects that are connected to the organizational mission, vision, and values. 

Main risk factors

Apart from external risk factors that are connected to political and economic context as well as unforeseen circumstances, there are many risk factors within the organization that you need to identify before you do any projects:

  • Low level of organizational culture and inefficient management. 

This includes lack of clear tasks and responsibility division, lack of accountability, poor team cooperation, lack of transparency and inadequate communication schemes. 

  • Inadequate planning of the project. 

This includes mistakes in designing the budget, unrealistic goal setting, lack of research and community need assessment, unrealistic timeline of the project. 

  • Lack of competences among staff to efficiently run projects 
  • Inadequate preparation to face the risks as well as the inability to stay flexible and implement mitigating measures to the risks during the project implementation 
  • Low level of change management

This includes the inability to stay open to new methodologies and solutions as well as being too committed to do things “in the old way” even when the circumstances have changed. 

Risk management as a process 

A project is a series of activities undertaken to achieve clearly defined goals over a set period of time with the help of an allocated budget. In order to be successful, efficient, and sustainable in a long term perspective, the project should have: clearly defined target groups of ultimate beneficiaries, clearly defined coordination, management and financing, monitoring and evaluation system, financial and economic justification (supported by conducted analyses) indicating that the benefits of the project exceed its costs. In order to implement European projects, beneficiaries (including NGOs) receive targeted grants in the form of an advance or reimbursement, which involves different risks at each stage of the project (project management/project life cycle).

Before deciding on a project, it is necessary to find answers to the following questions: 

  • what kind of project to implement in order to achieve the NGO’s goals and not lead to a dangerous deterioration of its financial situation? 
  • what should be the structure of the project’s financing sources (own financing and external financing)?
  • what is the acceptable period of project implementation?
  • What is the foreseen project impact on environment, culture, and society?
  • is the project in accordance with the EU and/or national and local policies on relevant topics?
  • does implementing this project will help you to achieve your organizational goals?
  • is it in accordance with the mission, vision, and values of your NGO?

Once you will have answered all these questions, it will become easier for you to choose projects wisely and focus on the actions that are realistic, sustainable (also in terms of financing) and in accordance to your organizational values. Being able and competent to assess whether you should undertake a project or not greatly diminishes risks related to management. 

Risk assessment in urban projects

Before implementing any project it is of crucial importance to identify and assess the risks, as well as develop mitigating measures to address them. Risk assessment analysis should be run before each new initiative or while developing new project idea. However, to increase the professional capacities we recommend you run a general risk assessment in your organization at least once every year to make sure that you are react to the ever changing environment in which you operate and that you are ready and equipped to face new challenges.

Stages of risk assessment and management:

  • Identifying the risks 

Risks can be identified at the level of the entire organization and also within individual projects. The identification of possible risks is worth carrying out within the areas of NGO management, namely organizational development and improvement, team management, financial management, communication, and building quality relations with donors. 

Various methods are used to identify risks. Among those most commonly used are brainstorming, which is popular in many companies, as well as the Delphi method (seeking advice from experts).

  • Analyzing and prioritizing the risks

In qualitative analysis, you determine the magnitude of the probability and impact of a given risk, while in quantitative analysis you determine quantifiable values. By conducting both of these analyses, you have the opportunity to create a risk hierarchy, conduct a “what if” analysis and determine the level of necessary reserves. In order to carry out the analyses effectively and efficiently, reliable data is essential, and you should be equipped with it.

  • Planning reactions and developing mitigating measures 

When you know the risks and how they can affect the course of work related to the implementation of the project, you can find solutions. Thanks to them, any risk will be limited, and the chances of success will be greater. In this case, four strategies are usually used:

    • risk avoidance – attempts to eliminate all risks,
    • risk transfer – transferring the consequences of a risk to another entity,
    • risk mitigation – reducing the probability or consequences of a risk (the most popular strategy)
    • risk acceptance – accepting the consequences, resulting from the occurrence of risk.
  • Monitoring and evaluation 

The final stage is to track whether the risks identified in the plans actually occur during the course of the project, and to implement solutions to mitigate their effects. Also at this stage, new risks are identified, and it is monitored whether any project assumptions made are up to date or perhaps need to be modified. This makes it possible to control the process and respond appropriately to any unexpected situations.