Step 1: Assess your risks
The first step is doing a risk assessment. A risk assessment identifies potential crises that would disrupt your organisation’s work. Sit down with your leadership and begin listing all relevant threats and vulnerabilities that could impact your work.
These might include:
- Safety issues: how could accidents in the field, but also epidemics or pandemics such as the COVID-19 virus influence your work?
- Security: how could political unrest, violence or criminal activity impact your work?
- Fiduciary: what is the risk of corruption, fraud or theft for your work?
- Legal/compliance: what would happen if you were accused of violating laws or regulations?
- Operational: what factors could hamper your organisation to achieve its objectives?
- Reputational: what could damage your organisation’s image and reputation?
- Information: what be the effects from loss of data on output, surveys or cyber insecurity (see our toolkit on Digital communication security)?
Each bullet point represents what we call a risk area. The following visual shows that some of these risk areas are interconnected: if once risk becomes a reality, other, interrelated, risks may more easily occur. Click on the image to enlarge it.
Source: USAID: NGO&Risks, 2019