Risks and Controls in NGOs

Key Concepts

• Threat: A potential cause of harm.

• Risk: Likelihood and impact of a threat occurring.

  • Internal risks: Personnel or technology issues.

  • External risks: Economic, legal, political, environmental factors.

• Residual Risk: Risk remaining after mitigation.

No organisation is completely risk-free.

---

Types of Risks in NGOs

• Ethical Risk

• Operational Risk

• Reputational Risk

• Safety Risk

• Security Risk

• Fiduciary Risk

• Legal/Compliance Risk

• Information Risk

---

Risk Management

• Risk Management/Mitigation: Organisational practices and policies that reduce the chance or effect of risk.

• Enterprise Risk Management: Integrated approach combining all types of risks (security, fiduciary, etc.) to strategise and implement mitigation.

• Risk can be reduced but not eliminated.

Why Have a Risk Management Policy?

• Required for donor audits or due diligence.

• Builds awareness and culture of risk understanding.

• Encourages staff ownership.

• Acts as a governance tool.

---

Risk Management Process

1. Risk Universe Analysis

2. Risk Identification

3. Risk Assessment (Matrix of likelihood vs. impact)

4. Prioritise Risks

5. Risk Response (Maintain Risk Registers)

6. Define Staff Roles

7. Monitor and Report

---

Internal Controls

• “Checks and balances” on staff, vendors, and processes.

• Types:

  • Preventive: To stop errors before they happen.

  • Detective: Identify issues after they happen (e.g., audits, reconciliations).

  • Corrective: Fix issues post detection.

Benefits:

• Early warning

• Prevent fraud

• Reduce audit findings and penalties

Limitations:

• Collusion

• Human error

• Unexpected events

---

Key Areas for Internal Controls in Charitable Organisations

• Legal Compliance

• Governance

• Budget and Budgetary Controls

• Income

• Expenditure

• Procurement

• HR Management

• Asset & Inventory

• Accounting

• Cash & Bank

• Donor Reporting

• Program Implementation

---

Legal Compliance Controls

• All registrations valid (12AB, 80G, PAN, FCRA, etc.)

• Timely filings (ITR, TDS, EPF, etc.)

• Monitor legal proceedings

• Stay updated on law changes

Governance Controls

• As per bylaws

• Documented meetings

• Notify changes to authorities

• Risk systems in place

• Avoid conflicts of interest

Budget Controls

• Understand budgeting purpose and process

• Monitor variances

• Allow for course correction

Grants and Income Controls

• Designated bank account

• Grant reconciliation

• Maintain donation records

• Accurate reporting

Expenditure Controls

• Match spending to project plans

• Qualified finance team

• Track utilisation

• Maintain bills/vouchers

---

Procurement Controls

Procurement Steps:

1. Define specifications

2. Budget allocation

3. Appoint purchase team

4. Research suppliers

5. Solicit bids

6. Evaluate bids

7. Issue purchase orders

8. Receive and inspect goods

9. Approve invoice and pay

Controls:

• Check budget

• Vendor vetting

• Maintain vendor database

• Transparent bidding

• Accurate POs

• Use procurement tracker

---

HR Management Controls

• HR planning

• JD-based hiring

• Proper induction

• Avoid nepotism

• Capacity building

• Performance appraisals

• Exit procedures

• Social security compliance

---

Fixed Asset & Inventory Controls

• Policies for asset/inventory

• Annual verification

• Maintain registers and ID marks

• Remove disposed assets from records

---

Accounting Controls

• Accurate book-keeping

• Use of accounting software

• Compliance with rules

• Ensure transparency and audit readiness

---

Cash & Bank Controls

• Secure storage

• Minimise cash use

• Proper voucher system

• Monthly bank reconciliation

• KYC and signatory updates

---

Donor Compliance Controls

• Timely, accurate reports

• Adhere to donor formats

• Data linked to program goals

---

Program Implementation Controls

• As per proposal and LFA

• Track events' impact

• Monitor with audits

• Proper assessments

• Outcome reporting