For this month’s Toolkit Thursday, I feature a strategic resource for organizations to help them identify and mitigate risks. I did a deep dive on this tool back in October, but I wanted to include it in the Toolkit posts to give a really simple intro into the Whos, Whats, and Whys.

Who can use it? Boards and staff who are looking to get insight into the risks, both internal and external, that are impacting their organization.

What is it? A Risk Registry is a very important strategic resource for organizations to help them identify and mitigate risks. It helps internal stakeholders look at the entire organization holistically and identify any internal or external risks. It’s important to note that not all risks need to be mitigated. It is up to the organization to decide which risks are either high enough likelihood or high enough impact that they require mitigation or if monitoring the risk on a regular basis is enough to meet your own internal best practices. You will start by highlighting the risks that are present and then ranking them by likelihood and impact. Once you know which are the highest priority, you will attempt to mitigate the risks by either reducing the likelihood or impact. For example, employee turnover will always be a risk, but you can reduce likelihood by understanding why employees might leave and addressing those concerns or reducing the impact by putting processes and documentation in place to minimize disruption and accommodate a straightforward handover/training process.

When to use it? All organizations should have a conversation about risk at least annually. It can be a focus of a board meeting or take the form of an all day retreat. It really depends on the size of the organization and the risk tolerance of the business. 

Why? It’s important to be aware of risks and be transparent about the potential threat to the organization. When volunteers and staff are aware of risk, it’s easier to get buy in and prioritize mitigation activities.

For more details on how to implement a risk registry, see this article I wrote in October that goes into more detail about the Hows and Whys.