Share
    Document / Guidance

    Selecting a Practical Process for Managing Risk in a Land Trust

    Posted 2020
    Source
    Land Trust Alliance
    About This Guidance

    Selecting one of the following three approaches is the starting point for developing a risk management plan. These approaches are not mutually exclusive. Elements of all three approaches are found in most risk management programs. The approaches simply offer a framework or path that can be helpful to the land trust’s internal risk management champions.

    © 2020 Land Trust Alliance, Inc. All rights reserved.

    Selecting one of the following three approaches is the starting point for developing a risk management plan. These approaches are not mutually exclusive. Elements of all three approaches are found in most risk management programs. The approaches simply offer a framework or path that can be helpful to the land trust’s internal risk management champions. The three approaches are: 

    1. Goal-oriented approach 

    2. Risk program component approach 

    3. Process approach 

    Goal-Oriented Approach

    One way to embrace and understand the discipline of risk management is to focus on the specific goals the land trust is trying to achieve through its risk management program. A goal-oriented approach is straightforward and may appeal to leaders who want to make sure that the risk management program begins with and remains guided by a laser-like focus on specific results. Generally speaking, there are two broad, overreaching goals that guide the development of a risk management program: 

    1. Reducing the likelihood of negative results and increasing the likelihood of positive results. For example, land trust leaders may decide to heavily post the boundaries of a conserved property that has suffered repeated trespass and damage by neighbors and others. These boundary markers are specifically intended to decrease the likelihood of future trespass. 

    2. Preparing the land trust to respond to surprisingly negative or positive events. For example, land trust personnel may prepare a series of simple, customizable draft press releases that can be sent promptly whenever the violation on conserved land, faces a significant trespass or other issue or when announcing the donation of a key parcel of land in the community. 

    There is a tendency among some organization leaders to focus most, if not all, of their attention on the first goal, above, and often on the first aspect of the first goal: reducing the likelihood of negative results. The downside to this approach is that it fails to appreciate the potential for surprisingly beneficial results, and it also fails to appreciate the importance of preparing for downside results that the organization is unable to avoid. While some writers might describe activities under the second goal as falling within the discipline of crisis management, for our purposes, activities that enable an organization to respond effectively when downside risks can’t be avoided are included within the discipline of risk management. 

    After defining the specific goals of a risk management effort and making certain to include specific goals under each of the broad headings, above, the next step is to consider how the organization will achieve its risk management goals. For example, the land trust may develop specific policies, identify capacity needs, design training for staff or research critical categories of exposure. The risk management program consists of the organization’s answers to why it is embracing risk management and how it intends to do so, considering both its capacity to engage and its limit of tolerance for negative results. For example, the accredited Columbia Land Trust, working in Oregon and Washington, engaged in a sophisticated planning process that also involved risk analysis, as well as specific risk mitigation activities. The land trust emerged from the process with a matrix that functions as a risk management plan. It lists the organization’s multiple strategies over five years to advance its mission with activities, risks, mitigation strategies and budgets for each year.  

    Risk Program Component Approach

    A second common approach to developing a risk management program is to identify the program’s core components and to focus attention on developing each component, in turn. For example, applying a risk program component approach, land trust leaders may decide to establish a program consisting of a risk management committee and a risk management plan. 

    As a brief reminder: first, establish goals for each approach, and, second, appoint a risk management committee to take the lead on the process. 

    Once the land trust has a committee and goals, one of its first tasks will be to craft a risk management plan that outlines the land trust’s risk management philosophy, goals, objectives, capacity, risk tolerance and core strategies. The risk management committee of a land trust may work on the development of a plan using the risk management template or using an online tool, such as “My Risk Management Plan” developed by the Nonprofit Risk Management Center. The plan may also include sections describing the organization’s risk management activities related to specific categories of risk, such as landowner liability (for example, bodily injury and property damage claims), governance risks, employment practices, financial management, fundraising/donor relations and crisis management. Many risk management plans also include a summary of the organization’s insurance program or at least its philosophy and overall approach to financing insurable risks. 

    Sample Land Trust Risk Management Goals

    Nova Scotia Risk Management Assessment Goals Risk Assessment

    Step 1: Identify the risks connected with an activity (administration, property visits, fundraising, stewardship).

    Step 2: Assess the relative significance of all risks.

    Step 3: Eliminate or mitigate identified risks. Our primary goal should always be to work to eliminate the risk. If that is not possible or feasible, then we must take steps to minimize the risk.

    Step 4: Provide insurance as protection against unavoidable risks to the extent practical.

    Steps 1 to 3 are most important: Controlling and managing risk.

    Identified risks are assessed both in terms of likelihood of occurrence and impact or severity if risk does occur. Ranking will assist effective prioritization.

    Process Approach

    This approach invites leaders to see the design of a risk management program as a series of sequential steps. The process does not have a beginning and end, but rather is a perpetual loop that continues throughout the lifetime of the organization. Many leaders seeking to improve risk management or undertake a new risk management plan are drawn to a process approach. They prefer to see the risk management discipline as a series of logical steps that organization leaders always follow to ensure that they fully explore and understand the risks facing the organization, as well as possible strategies to address risk. 

    With the process approach, there are many potential variations. Some process diagrams include feedback loops for communication, while others include communication as part of one step in the process (for example, “decide what to do and communicate”). A land trust may decide to define its own custom process. Because this iterative, flexible process is not only an approach but also a set of procedures when facing risk that all approaches adopt, the steps are expanded below. 

    Figure 1 offers one possible set of steps for a risk management process.

    Establish the Context 

    The risk management process begins with a focus on things other than risk. In order to recognize risks and take practical steps to manage the organization in the face of risk, leaders must be grounded in the mission and assets of the land trust. In essence, they need to appreciate what is at risk in order to take practical steps to manage it. Recognizing the context for risk requires a clear understanding of overall organizational goals, as well as the strategies selected to achieve those goals. Establishing the context also refers to the culture, history, resources, services and nature of the organization—factors that influence the land trust’s capacity for risk taking, its tendency to embrace risk taking or be risk averse and its ability to implement sound risk management strategies successfully. For example, leaders of a land trust who have faced a series of costly suits by aggrieved employees will have a different perspective on the risks arising from the hiring and supervising of personnel than the leaders of a land trust who have never faced such a suit nor have any staff. And the leaders of a land trust who have faced repeated bodily injury claims from trespassers, licensees and invitees on land trust property will have an understandably cynical point of view about permitting unsupervised use of the land trust’s property. 

    Organizational history and experience with loss can be powerful motivators for risk management, and the lack of experience with disgruntled stakeholders, injured plaintiffs or litigation by corporate interests intended to punish or prevent political opposition can lead to apathy about the need for preparation and a structured risk management program. 

    Another component of the first step of the risk management process is to consider the commitment from the land trust’s senior leadership. Ideally, the board of directors and any paid staff or most committed volunteers should support and encourage the use of effective risk management techniques. Many experts in the field note that sound risk management starts with the “tone at the top,” while recognizing that organizations that are best prepared to deflect or cope with life’s “what- ifs” are those that view addressing hazards and seizing opportunities as important and shared responsibilities of the entire organization. 

    Establishing the context for risk management within a land trust also includes considering the relationships between the organization and key constituency or stakeholder groups. Every land trust relies on the support and participation of organizations from a variety of realms to advance its mission. Keen awareness of the evolving perspectives, expectations and concerns of stakeholders underpins a successful risk management effort in a land trust. An organization that is widely respected and held in high regard by adjacent private landowners, donors, partner organizations and regulators alike will have an easier time protecting its reputation than a land trust that has come under fire for questionable practices or controversial actions or policies.  

    Some of the questions leaders might ask to identify and document the context for risk management in a land trust include: 

    • What is the board’s view of risk and risk taking? Is risk something to be avoided or a natural part of the organization’s operations and mission? Does it vary depending on context? 

    • How supportive are the board of directors and other land trust personnel with respect to the need to increase risk awareness and upgrade the risk management program? Will these key leaders have to be sold on the idea? Is a small minority on the board driving the commitment to better risk management? 

    • What barriers or potential barriers exist to the development of a risk management program? What issues will make it particularly challenging for the land trust to establish a risk management program? 

    • Are there any signs or motivating factors that will increase the organization’s receptivity to risk management activities? 

    • Are stakeholder perspectives, concerns and expectations well understood? Which stakeholders (or stakeholder groups) should be involved in the development of a risk management program? 

    • What resources are available to support the land trust’s risk management efforts? At what cost? 

    • What other land trusts or similar organizations can internal leaders consult about establishing a risk management program? 

    • What organizational strengths will support a risk management program? 

    • What organizational weaknesses may impair the land trust’s ability to establish a risk management program? 

    • What is the organizational capacity to implement a risk management plan? 

    Appraise the Risks (or Identify and Prioritize Risks) 

    Risk identification is essentially the process of brainstorming possible future results that differ from assumptions, expectations and goals. A risk identification brainstorming session is likely to ask: What might happen? Why? How? The essential task at hand is to identify possible strategy- or mission-impacting events or situations. Most groups tasked with risk identification grapple with the challenge of making certain that all possible events or situations facing the organization are included and nothing is overlooked. There are several ways of making certain that the leaders of a land trust risk management initiative cover as many bases as possible, while recognizing the impossibility of creating a definitive list. 

    Identify Risks

    One approach is to first identify the functional areas in the organization, such as governance, fundraising, land protection, stewardship, special programs, facility management, public/community advocacy, financial management and other essential land trust programs. These functional categories may be useful as headings for the risks identified in the brainstorming process. Another approach is to identify the land trust’s major asset categories, such as people, property, income and goodwill, and then identify and group risks by these major categories of assets. 

    Yet another approach is simply to ask: What uncertainties threaten our mission? What uncertainties could propel our mission forward if they unfold? After a long list of risks (events or situations) has been identified, the land trust’s risk management committee can then assign appropriate headings. 

    There is no right or wrong way to go about the process. The goal of risk identification is to consider and articulate the downside and upside risks facing the organization, without neglecting any potentially serious likely risks. For example, the risk management committee of a land trust that has recently acquired a large parcel of previously privately held land might identify the following risks: 

    • The risk of a SLAPP suit by adjoining landowners who fear too much public use of the parcel under the land trust’s stewardship 

    • The risk of a breach of contract claim arising from vague terms and lack of understanding by land trust personnel of the contract terms 

    • A claim by an unhappy donor alleging breach of implied contract and diversion of donor funds contributed to fund a wildlife program (versus property acquisition) 

    • A lawsuit alleging gross negligence in the wake of serious injury suffered by a volunteer engaged to help the land trust document wildlife and vegetation on the newly acquired parcel 

    Identifying categories of risks before a risk identification exercise or simply grouping risks into categories after common practices. The use of categories or labels is a tool for giving the risk management team confidence that no significant issues have been left out.  

    Risk Identification

    the process of brainstorming possible future results that differ from expectations and goals.

    Rating, Ranking and Mapping Risk 

    As shown with the use of a simple risk matrix, an important component of appraising risks is rating, ranking or somehow evaluating and prioritizing the land trust’s risks. Prioritization is necessary because, even if it were possible to identify every single risk facing a land trust (an impossible task!), it would be impossible to address—through management controls, policy changes or other methods—every identified risk. And risks change. Attempting to do so would leave no time for the core mission of the land trust. Given that reality, land trusts need a prioritization exercise to help determine which risks require immediate attention and which risks must be monitored but require no immediate action. 

    Do some risks rise to the top as priorities because of their emotional nature (for example, the risk of an invitee’s or volunteer’s injury or death)? Are the leaders’ perceptions of what risks put the mission and assets of the land trust in jeopardy reasonable or based on a purely emotional response? Not every risk facing a land trust is likely to materialize. Some risks may be more likely, but their consequences not especially severe (for example, a minor injury by a volunteer working outdoors on a land trust parcel). The second step in the risk management process—“appraise the risks”— invites the evaluation of the likelihood of a risk materializing and its potential severity. 

    The fundamental goal of risk assessment is to create a workable, practical list on which to focus an organization’s risk management efforts. A group of four or five knowledgeable individuals can easily compile a list containing several dozen risks. If a group spends hours at this exercise, the list can easily cover many pages. At first glance, all of the items on the list may appear to be high-priority risks requiring the organization’s immediate attention. It’s essential to take a closer look and begin to prioritize identified risks. 

    There are various ways to create a priority-ranked list of risk issues, but no precise mathematical way to accurately prioritize risks. Risk prioritization requires heaping doses of human judgment and humility. The following steps offer one approach to prioritizing a list of identified risk issues:

    • Step 1: Review each identified risk to assign a score for likelihood or frequency. Ask: How often is this event or result likely to materialize? Think in terms of the risk actually happening, not the fact that it could happen. For example, if the risk is the potential for a visitor’s car to be vandalized in a land trust parking area, is this event likely to occur twice a year or once a decade? 

    • Step 2: Assign a frequency score that reflects the team’s gut feeling about the answers in step 1. Some organizations use a ranking scale of 1 to 10, while others prefer the less precise scale of high/medium/low. For example, if you decide that damage to or theft of a vehicle in a parking lot is likely to occur less than once per year, the team might consider assigning a low frequency grade or a 2 using the 1-to-10 scale. 

    • Step 3: Review each risk and consider how much it might cost both in monetary and nonfinancial terms. What is the severity or impact of this risk occurring? Ask the following question: How significant would it be if it did happen? Think again in terms of the actual risk (event) happening. For example, if the average value of a vehicle parked in a land trust parking area is $25,000, a theft occurring once every five years would be an average annual property loss of $5,000. Be sure to also consider nonmonetary effects, such as reduction in productivity, if a downside risk materialized. For example, when a land trust faced a food poisoning incident, one executive director spent 15 to 20 hours managing the situation—time they could have more productively spent managing the land trust’s holdings. 

    • Step 4: Assign a score for severity or impact based on the group’s assessment about the answers to the above question. Consider using 1 to 10 as your scale. Or, you could also use high, medium or low. For example, if the maximum financial loss to the organization would be $5,000, then a rank of medium or 5 might be appropriate. 

    • Step 5: Plot the frequency (likelihood) and severity (impact) scores for each identified risk on a risk map (also known as a heat map) and color-code each risk based on the team’s assessment of preparedness. For example, a risk for which the organization is poorly prepared would be color-coded in red. A risk for which the organization feels fully prepared would be coded in dark green. By plotting identified risks along the impact (severity) and likelihood (probability) axes and color-coding for preparedness, the team will be in a best possible position to determine which risks require immediate attention. 

    • Step 6: Assign a risk tolerance score. 

    Risk assessment

    the collective activity of risk identification and prioritization

    Three examples of a risk map appear below. Figure 2 simply shows four quadrants, while figures 3 and 4 illustrate the plotting of actual risk issues and assignment of color-coding based on the team’s assessment of preparedness. 

    Figure 2. Risk Map

    Figure 3. Risk Map

    Figure 4. Risk Map

    Decide What to Do and Communicate 

    The third step is the most creative phase of the process, whereby the leaders of a land trust identify and select specific strategies to either minimize the likelihood of a downside risk materializing (or maximize the likelihood of a better-than-hoped-for result), minimize the possible impact or cost of risk and formulate the responses and actions that will take place when risk avoidance fails. 

    An essential aspect of this step is to communicate actively and openly with key stakeholders about the land trust’s analysis of risks and the risk management strategies selected by the organization. Doing so isn’t necessarily easy, but when undertaken with care, stakeholder communications about risk issues and strategies can help the organization increase stakeholder confidence in the organization. Consider role-playing to practice the skill of communicating difficult messages to stakeholders. And keep in mind that donors, members and volunteers want to know that the land trust is thinking ahead and considering the consequences of its policies and actions. 

    Risk management action steps can generally be grouped into one of four categories: 

    • Risk avoidance. Strategies intended to help a land trust avoid negative results altogether are risk avoidance strategies. A strategy in this category is appropriate for a risk for which the organization has a low tolerance but a high degree of influence or control, such as the risk of noncompliance with a grant. To ensure compliance, the organization assigns responsibility for compliance to a senior leader and requires timely status reports.

    • Risk mitigation. Most risk management strategies fall under this category. Mitigation refers to changes in policy, procedure or practice to either reduce the likelihood of a downside risk materializing or lessen the severity should the risk materialize. Examples of risk mitigation include providing training and support to reduce the likelihood of injury, installing signage on land regarding hazards and providing first-aid equipment to assist a visitor or volunteer who suffers an injury or providing safety training to all land trust personnel who visit or work on land. 

    • Risk sharing. This term refers to instances where an organization shares the responsibility and/or cost for a downside risk, such as through a contract outlining the respective responsibilities of two organizations or the purchase of insurance coverage that assigns financial responsibility for certain losses to an insurer. Another example of risk sharing is obtaining waivers of liability that shift or share responsibility for some potential harm to the party signing the waiver. 

    • Risk retention. This term refers to accepting the consequences of risk taking without making any changes in policy or practice. A deductible is an example of risk retention. 

    Risk mitigation

    changes in policy, procedure or practice to either reduce the likelihood of a downside risk materializing or lessen the impact should the risk materialize.

    Risk sharing

    instances where an organization shares the responsibility and/or cost for a downside risk, such as through the contract outlining the respective responsibilities of two organizations or the purchase of insurance coverage that assigns financial responsibility for certain losses to an insurer.

    Usually most risk management is a dynamic combination of all of these steps. Examples of risk management responses aimed at reducing the likelihood or severity of a downside risk include: 

    • Posting signs on land trust properties to alert visitors to inherent dangers 

    • Providing a detailed map to visitors planning self-guided tours of land trust property 

    • Erecting trail markers and path indicators to guide visitors 

    • Conducting an orientation for all volunteers who will assist with land trust–sponsored events and programs 

    • Conducting thorough environmental due diligence, including soil and water testing, before proceeding with the acquisition of land 

    • Installing sprinkler systems in land trust–owned historic properties 

    • Written policies and implementation reporting 

    • Obtaining waivers of liability from users, if possible, or posting disclaimers, such as “enter at your own risk” 

    • Safety training 

    Key considerations in designing and selecting risk management strategies include: 

    • Does the strategy, policy change or approach suit the culture of the land trust? 

    • Can the strategy be implemented consistently? 

    • Does the land trust have the resources and capacity required to implement the strategy? 

    • What barriers to implementation exist and how will the land trust overcome those barriers and at what cost? 

    Act on Your Decision 

    Now it is time to implement the top strategies identified in the prior steps. A particular strategy, such as the posting of warning signs indicating dangerous areas, may be selected because it reflects the land trust’s goals of balancing the desire to provide access to land trust property with the concern it has about the potential for preventable accidents and exposure to liability claims. 

    Follow Up and Adjust 

    As depicted in figure 1, risk management truly is a continuous loop. Each of the five steps of the risk management process is connected to the steps that precede and follow it. The team assigned to risk management should periodically review the techniques and strategies it has selected and implemented and consider whether changed circumstances, outlook or negative reaction to new policies warrant consideration of varying approaches. One of the most important steps in embracing risk management is to commit to learning from past experience, which is especially important when an organization experiences an accident or near miss. It is essential to take time to examine what happened in order to determine whether any changes are required in policy, procedure or common practice, so that a similar incident may be prevented in the future. This examination should not be an exercise to assign blame; rather, it should examine systems and policies for improvements. Consider evaluating the adequacy of risk management policies and strategies at least annually.