For humanitarian organizations, the presence of risk in the operating environment can force difficult trade-offs between the needs of people they are trying to serve and the need to mitigate potential harm to their personnel, resources, and reputation.
Whether or not the risks to humanitarians have objectively increased in recent years (and there is evidence that they have), more to the point is how the organizations perceive their risk and how these perceptions have affected their work by dint of new policies and practices. These are the central questions of this study, undertaken by Humanitarian Outcomes on behalf of InterAction, and funded by the Office of US Foreign Disaster Assistance (OFDA) and the Bureau of Population, Refugees, and Migration (PRM).
Focusing on a participant-sample group of 14 major international NGOs, the study analyzes the current approaches to risk in humanitarian action through a systematic review of 240 relevant policy documents, interviews with 96 key informants, and a web-based survey of 398 humanitarian practitioners.
INGO risk perceptions: New threats and higher stakes
The findings reveal an international NGO sector whose major operators perceive a heightened level of risk, particularly manifest in the same, roughly half-dozen extreme environments: Afghanistan, Central African Republic, Iraq/Syria region, Somalia, South Sudan, and Yemen. These conflict-driven emergencies with highly politicized international dimensions tend to involve multiple types of risks—violence, corruption, diversion, and others—which can also be interlinked in complex ways.
INGO representatives overall also perceive a slightly increased risk aversion among their organizations and counterparts (though they were more critical of others than their own NGO in this regard). A majority of INGO staff surveyed agreed, at least somewhat, with the charge that humanitarians are becoming more risk-averse in general, to the detriment of programming.
Responses in policy and practice: The rise of risk management
In response to the new and intensified risks they perceive, this group of large international NGOs has begun to adopt increasingly sophisticated and professionalized “risk management” approaches, which cover not only the traditional areas of security and safety, but also fiduciary, legal, reputational, operational, and information risks. They broadly share a common underpinning methodology, borrowed from the private sector, which systematizes the assessment of risk in all areas at all organizational levels and builds in mitigation measures. Nearly all INGOs in the sample group, 13 out of the 14 organizations, have already instituted or are in the process of adopting an overarching risk management framework of this type. The frameworks are at varying levels of development and detail, but the most advanced among them generally include a global “risk register” type of tool for analyzing and prioritizing risks and planning mitigation measures. This is in turn connected to decision-making and implementation procedures as well as functions for follow-up and audit processes.
In terms of staff time and attention, the management of safety/security risk receives the most emphasis, with fiduciary risk management (prevention of fraud and diversion) ranking a close second. The reverse is true in a written policy, where more space is devoted to fiduciary risk. This is likely because INGOs see donors increasingly emphasizing fiduciary risk and are tightening internal controls and oversight mechanisms in turn. A majority of INGOs in the sample group felt supported by donors for security-related costs. The study found less overall emphasis and understanding of risk management in the areas of information security and legal (e.g., counter-terror legislation) compliance.
Missing pieces: Principles, partnerships, and program criticality
By and large the INGO representatives saw the risk-management trend as positive, enabling good humanitarian response, despite the inevitable increased administrative burden. Despite stated concerns about growing risk aversion, INGO staff do not associate risk management with reticence. On the contrary, most were keenly aware that risk management intends to enable rather than constrain action, and that improved risk awareness need not and should not lead to risk aversion.
They also indicated some gaps and problems with the approach, however. For one, the risk management frameworks tend not to explicitly address the risk of programming unethically or of violating humanitarian principles. This would seem an important area to consider, not least because avoiding security and fiduciary risk inevitably poses dilemmas for operating impartially and prioritizing the populations in greatest need. Additionally, the concept of “program criticality”—being willing to accept greater levels of residual risk for life-saving programming—is widely understood and generally brought to bear in decision-making, yet most INGOs’ formal policies and analytical mechanisms do not involve steps to ensure and facilitate this.
Other problems raised by the participating organizations include gaps in risk mitigation for national staff (e.g., off-hours transportation, communications, and site security at home) and weak support for national partners in their risk management, particularly given that risks are often transferred to these entities in difficult environments. In addition, INGOs noted the unhelpful organizational tendency to keep risk management areas siloed, even under framework models. In other words, decision-making is not always sufficiently joined-up between different departments (finance, human resources, security, etc.).
Finally, complications stem from the role of donors and political actors generally. Roughly two-thirds of respondents felt that counter-terror requirements influenced where and how they could work, compromising the principles of independence, impartiality, and neutrality. This is consistent with recent research undertaken by the Norwegian Refugee Council and OCHA that found that these regulations have a “chilling effect” on humanitarian actors (Mackintosh & Duplat, 2013). On the fiduciary side, donors’ formal stance of “zero tolerance” on corruption can pose a kind of moral hazard to humanitarian actors, whereby they must essentially choose between willful blindness/secrecy (because acknowledging that diversion takes place is unacceptable) or simply not acting to help those most in need.
This report concludes with the proposal for an additional practical handbook for INGOs on principles and promising practices in risk management, based on the gaps identified by this analysis and the consensus of participating INGOs gleaned in two workshops held in Washington, DC, and Dublin, January 2016.