Things can go wrong in even the best-run organisations. That’s part of being human — our imperfections and limitations will always be there. But how we prepare for and respond to risk is what sets successful organisations apart.
Why Risk Management Matters
In today’s world, especially in the West, risk management has become a core tool for planning and good governance. The most successful organisations often have the most robust risk management in place.
“Taking risks is not the issue – it’s how that risk is managed that helps keep organisations afloat.”
Risks will always exist. Even the best planning can’t stop them from happening. But when risk is well-managed, organisations are in a much stronger position to handle the fallout.
Good management of risks means the organisation is better placed to weather the storm when it comes.
My Journey With Risk
I trained in a Big 4 accountancy firm where I audited risk management across local government, housing, central government agencies, and education providers. Later, I moved to a FTSE giant as a senior internal auditor, reviewing risk registers across EMEA and leading workshops for large, complex operations – including the North Sea business.
Now, in the charity sector, I help strengthen governance and share my professional experience. It’s encouraging to see many international NGOs (INGOs) recognising the need to manage risks – even if they are still behind other sectors.
“INGOs try to punch above their weight when it comes to risk management – and that effort matters.”
Understanding Where Risks Come From
A common issue I see is organisations misunderstanding what their relevant risks actually are. Many adopt academic or copy-paste approaches, turning risk identification into a box-ticking exercise.
“Identifying risk becomes a tick box exercise, often ignoring the internal and external needs of organisations.”
Risk registers often focus heavily on threats and weaknesses, ignoring the strengths and opportunities that come with being bold.
Sometimes organisations need to be bold to succeed. This may require taking risks.
Every organisation is different – shaped by its history, people, leadership, values, and external relationships. Risks should reflect that uniqueness.
Managing the Risks – Properly
Another pattern I see is the over-reliance on listed controls. Risk registers get filled with controls, but without assessing how effective those controls really are. This creates a dangerous illusion of safety.
“Listing controls is not risk management – it can become a false sense of security.”
Real risk management is hard work. It involves testing controls, identifying gaps, and taking meaningful action to improve. Effective risk management leads to more work, more investment, more focus – and more hunger to succeed.
In the INGO sector, proper risk management isn’t just good practice. It can have real-world consequences for people on the ground.
“Being able to manage risks can mean the difference between life and death, a full belly or an empty one.”
The Bigger Picture
When risks are understood and managed properly, the funds raised by INGOs go further. Objectives are met more effectively. And the people who depend on these services are better supported.
My work with INGOs continues because I believe that with better governance and stronger risk management, their impact can grow.
“The difference good risk management makes isn’t just internal – it’s felt by the most vulnerable.”
Nasir Rafiq is a financial governance expert and the founding director of Dua Governance Chartered Accountants, specialising in the charity sector and internal audit.
