Confident When Being Courageous

Amnesty’s International’s Global Strategic Framework outlines that “we will be courageous – taking intelligent risks, designing, and testing new approaches”. In acknowledging that we must take risks to achieve our mission, we need to understand the nature of these risks, how we can reduce the likelihood and – most importantly – impact of them happening, to achieve the best outcomes and avoid unknowingly walking to crisis. As a result, evident management of risks – as a minimum; legal, financial, and reputational – and the regular reporting of their management to operational and strategic decision makers is a core standard 22.

What Are Risks and What is Risk Management?

Risks are uncertain events that may impact the achievement of an organisation’s objectives – in our case, human rights work. Risks may arise from external events (e.g., changing legislation, security threats, or political shifts) or internal events (e.g., changes in organisational strategy, structure, or policies).

Risk management comprises of the activities undertaken to identify and respond to the level of risk which an organisation faces. Ensuring a regular assessment, mitigation and reporting of risks is a vital practice at Amnesty for us to maximise our impact. Risk management is principally the approach to delivering a strategy in the face of uncertainty and is essential practice for providing resilience, confidence, and a multitude of other benefits, including:

Who Should be Managing Risk and How?

Everyone. Risk management is a fundamental must have for any organisation. As Human Rights defenders we are all responsible to ensure the successful achievement of Amnesty’s Mission and the protection of its achievement from risks. There is an additional accountability to Senior Management and Board Members – as part of their fiduciary duties - in setting a risk-culture and for overseeing the management of Amnesty’s risk exposure.

There are many actions we can and must take to best ensure Amnesty can take intelligent risks, prioritise our efforts and ensure we are not unknowingly walking into crisis. Our often rapidly evolving and high-risk operating environment makes it vital that we:

Once risks have been identified, we encourage staff and Board members to consider using the following methods as a first step in determining sensible actions for bringing the likelihood and/or impact of an incident occurring:

The four approaches above may be applied individually or in combination to bring risk exposure to an acceptable level.

Risk Registers

It is recommended that those in charge with strategy, governance, and assets (both people and financial) regularly discuss risks to the organisation’s objectives and actions to make intolerable risk exposure, tolerable. The best tool to begin support this discussion in a comprehensive and directed way is a risk register.

A risk register is a tool for documenting risks and the assessment of the impact/likelihood, mitigation strategy, treatment and ownership associated with each risk along with a timeline for implementation.