NGOs & Charities

The Presence of Risk in an Operating Environment

Thursday October 8, 2020

For humanitarian organisations, the presence of risk in the operating environment can force difficult trade-offs between the needs of people they are trying to serve and the need to mitigate potential harm to their personnel, resources, and reputation. Whether or not the risks to humanitarians have objectively increased in recent years (and there is evidence that they have), more to the point is how the organisations perceive their risk and how these perceptions have affected their work by dint of new policies and practices. These are the central questions of this study, undertaken by Humanitarian Outcomes on behalf of InterAction, and funded by the Office of US Foreign Disaster Assistance (OFDA) and the Bureau of Population, Refugees, and Migration (PRM).

Focusing on a participant-sample group of 14 major international NGOs, the study analyses the current approaches to risk in humanitarian action through a systematic review of 240 relevant policy documents, interviews with 96 key informants, and a web-based survey of 398 humanitarian practitioners.

INGO risk perceptions: New threats and higher stakes

The findings reveal an international NGO sector whose major operators perceive a heightened level of risk, particularly manifest in the same, roughly half-dozen extreme environments: Afghanistan, Central African Republic, Iraq/Syria region, Somalia, South Sudan, and Yemen. These conflict-driven emergencies with highly politicised international dimensions tend to involve multiple types of risks—violence, corruption, diversion, and others—which can also be interlinked in complex ways.

INGO representatives overall also perceive a slightly increased risk aversion among their organisations and counterparts (though they were more critical of others than their own NGO in this regard). A majority of INGO staff surveyed agreed, at least somewhat, with the charge that humanitarians are becoming more risk-averse in general, to the detriment of programming.

Responses in policy and practice: The rise of risk management

In response to the new and intensified risks they perceive, this group of large international NGOs has begun to adopt increasingly sophisticated and professionalized “risk management” approaches, which cover not only the traditional areas of security and safety, but also fiduciary, legal, reputational, operational, and information risks. They broadly share a common underpinning methodology, borrowed from the private sector, which systematises the assessment of risk in all areas at all organisational levels and builds in mitigation measures. Nearly all INGOs in the sample group, 13 out of the 14 organisations, have already instituted or are in the process of adopting an overarching risk management framework of this type. The frameworks are at varying levels of development and detail, but the most advanced among them generally include a global “risk register” type of tool for analysing and prioritising risks and planning mitigation measures. This is in turn connected to decision-making and implementation procedures as well as functions for follow-up and audit processes.

In terms of staff time and attention, the management of safety/security risk receives the most emphasis, with fiduciary risk management (prevention of fraud and diversion) ranking a close second. The reverse is true in written policy, where more space is devoted to fiduciary risk. This is likely because INGOs see donors increasingly emphasising fiduciary risk and are tightening internal controls and oversight mechanisms in turn. A majority of INGOs in the sample group felt supported by donors for security-related costs. The study found less overall emphasis and understanding of risk management in the areas of information security and legal (e.g., counter-terror legislation) compliance.