With a recent national survey showing that the pandemic continues to profoundly impact the sustainability of not for profit organisations across Australia, a new grant opportunity could be the much-needed lifeline for many that are struggling to identify and address the risks they face during the current period of uncertainty and beyond.
The Community Business Bureau (CBB) has fast-tracked the next round of its Community Business Grants program, which offers risk-focussed grants in the form of pro bono consulting support and expert advice from CBB’s sector-leading business consultants.
It seems everything we read at the moment is talking about the global pandemic, technology changes, disruption, innovation and “pivoting” strategy.
In the pandemic, gin companies have shifted to making sanitiser and restaurants have moved to a takeaway product offering. But even before recent crises, there have been major shifts to disruptive technologies and business models going on for years.
In the past, you needed significant property assets to compete in the hotel business, but Airbnb has disrupted that sector without owning any property. Uber now undercuts decades old taxi companies without owning any vehicles. Netflix used online content to overtake the local Blockbuster store. Film camera company Kodak was overtaken by digital photography and consumers taking images on their phones instead of buying cameras.
All over the world, board members and CEOs are continually looking for the next competitive advantage only to discover that disruptive trends like this have changed the rules and challenged established business models. Continue reading…
My insurer has asked if we have a risk management policy – where do we start?
Does this sound familiar? Or maybe you have one and it is that time of the year to review it again. Or perhaps the health and economic crisis flowing from COVID-19 has you looking at the risk policy again and wondering if you could have been better prepared?
Whatever the case, it does beg to answer the question of what should go in the risk policy? Continue reading…
We’ve got a risk register and mitigation plans. We report to the Board on risk every meeting. We’ve got dozens of procedures that help us with compliance and work health safety. We’re accredited to the NDIS Quality and Safeguarding standards and maybe even another different accreditation body as well. We tick the boxes on what we need to do with clinical compliance. We even have a risk policy that was based on the international standard. Surely, we are doing everything we need to on risk management, right?
Maybe. If this example sounds like you, then you are certainly doing a lot of things right on risk management, and that is really important for minimising the risk of incidents and ensuring you achieve the objectives in the strategic plan that you are aspiring towards. Continue reading…
The articles describe allegations wherein the father of a senior employee was engaged to advise on the procurement of printing contracts for the organisation, and that he collected commissions from the printing company that were never disclosed to World Vision Australia.
The SMH article describes that a whistleblower made enquiries to meet with the CEO, but that the CEO’s office alerted the employee who was the subject of the allegation and did not investigate the matter appropriately.
Sadly, it is not just the corporate sector where organisations can fail to live up to their values, and the not for profit sector is not immune to this type of conduct. Continue reading…
Former Director of the FBI Robert S. Mueller, III, made the famous quote that:
“There are only two types of companies: Those that have been hacked and those that will be hacked.”
And others have since moved to suggest that the quote should now be: “There are only two types of companies: those that have been hacked and those that don’t know they have been hacked.”
It is unfortunate that not for profit organisations are sometimes the target of a cyber-attack. Given that not for profits often hold a lot of personal data, they can be seen as a soft target. Attackers also don’t need to have a lot of data about a person in order to perform identity theft, so the consequences can be significant if personal data is stolen.
Being the subject of a cyber attack can have wide ranging impacts on the organisation; including damage to reputation, financial losses and an inability to service clients during any downtime caused by the incident. Continue reading…
We are in control of all the risks, we know them all and we have strategies in place if they occur. There’s nothing we can’t handle. We have a risk minimisation/risk aversion position amongst our decision makers and the organisation has comprehensive policies and procedures in place that ensure we mitigate all risks. We have insurances in place as well as having developed and put in place an extensive number of control points to ensure very little can go wrong.
Sound familiar? Whilst all of the above makes it sound as though the organisation is in control, it can also be the organisation’s Achilles Heel… Continue reading…