Risk, risk management and control
Risk and control
Overview of risk
Risks represent some level of uncertainty for a sports organisation. It can be helpful to categorise types of risk so as to help understand the specific aspects of your operations that may be affected, as well as helping to identify how to manage these different forms of risk. For instance, you may think of the following categories of risk:
- governance risks
- operational risk (e.g. health and safety)
- accidental loss or damage
- finance risk
- environmental and external risk
- reputational risk
- safeguarding risk
- law and regulation compliance risk
- staffing risks (e.g. inability to recruit)
- terrorist activities or hoaxes
Risks arise for different reasons, some directly related to the primary purpose of an organisation, such as operational risks or safeguarding risks in sports. All risks should be understood in the context of the organisation and of the sector. In other words, while many of the risks above are common to many different organisations, you should understand the specific context in which your sport operates to fully understand the risks it faces and how to manage them.
One important factor that influences how risk is managed is your organisation’s ‘tolerance’ for risk.
Risk can never be fully eliminated and will be something all sports organisations have to deal with, but different sports organisations may have varying levels of tolerance for risk. Indeed, this is true for pretty much all organisations. The fewer resources or certainty you have, the more difficult it is to recover from poor decisions and therefore low-risk options are often favoured in most decision situations. Larger organisations or those in a strong financial or participation position may be able to ‘afford’ to take risks, as they have the resources or reserves required to recover from unsuccessful decisions. Other factors that may influence your organisation's risk tolerance include history and cultural appetite for risk, the background and experience of the board in evaluating alternatives and risk, as well as the current economic climate.
Boards should explicitly consider their collective tolerance for risk. Individual board members may have different levels of risk tolerance which will influence the board’s position. It is worth considering:
- Is the organisational risk appetite defined, understood by board members and aligned appropriately to the strategy of the organisation?
- Are the risk tolerance levels defined, understood by board members and aligned appropriately to the ongoing operational activities of the organisation?
- Has the board considered both the individual risks and the cumulative risks of all activities and internal and external factors?
- If risk appetite and/or risk tolerance has not appeared on your board agenda within the last six months, you should ensure it appears on the next agenda.
You may also consider trends in sports and how these manifest as specific risks to the organisation.
The most common risks facing sports organisations include:
- Finance – loss of funding, such as that from sports council funding or from commercial partnerships, or due to diminishing income. Reliance on a single source of funds – or too few sources – can also be risky.
- Health and safety – all sports carry a degree of physical risk. In the case of adventure sports such as parachuting or mountaineering, contact sports, or those which involve equipment or high speeds, these can be significant, requiring specialist knowledge and risk management procedures.
- Safeguarding – the protection of children and vulnerable persons from physical and mental abuse has become an increasing concern in sport, with greater emphasis being placed on the responsibility of sports organisations to actively manage their systems and structures to prevent such abuses and to provide programmes that offer safe, transparent opportunities for sports participation. (For more on safeguarding, see our of the knowledge base on this topic).
- Declining membership and participation – with so many alternative leisure activities and social interests available to people – especially young people – sports bodies now find themselves in a competitive marketplace, having to develop innovative ways to attract and retain participants.
Also of concern to sport organisations, are risks associated with:
- Corruption – both management or governance corruption and athlete/participant corruption are significant risks to an organisation’s reputation, integrity, sustainability and role in society.
- Doping – at all levels, sports organisations should be cognisant of the potential for performance-enhancing substance abuse, be it inadvertent or deliberate.
Strategic and operational risk
Risk can be strategic or operational. Strategic risks include external factors such as significant shifts in public policy on sports leading to changes in funding and access to public or National Lottery funds. The risks faced may well be determined by the strategies that your organisation pursues – for example, a national governing body (NGB) may choose to focus on grassroots development, reducing potential access to elite sport funding.
Operational risks arise through ineffective controls within the processes and systems of an organisation’s operations. One example is the risk of cybercrime. According to the Government’s Office of Cyber Security and Information Assurance, cybercrime costs UK businesses £21 billion a year. Sports organisations of all sizes are vulnerable to this type of crime. The introduction of the General Data Protection Regulation (GDPR) from May 2018 places clear and unequivocal responsibility on organisations for the protection of personal data.
Control is often thought of as a function of management and as being the formal mechanisms in structures, systems or policies which guide employee or volunteer behaviour. However, it is useful to think of control more holistically. Formal controls are only one way in which control can be exercised. There are four levels of control operating in all organisations:
- Administrative: formal mechanisms, internal or external to the organisation.
- Examples of administrative controls are policies, organisation structure, legislation and codes of conduct.
- Social: social controls arise through social interaction, as employees and volunteers interact and negotiate the meaning and legitimacy of administrative controls in the organisation.
- Examples of social controls include emotions, identification and social norms.
- Self: self controls are individuals’ personal motivations underpinning their behaviours and attitude.
- Examples of self-controls include similar mechanisms as social controls but focus more on individual behaviour rather than the dynamics and mechanisms at play in exchanges between people.