Non-Governmental Organisations operating in East Africa face a complex and evolving risk environment. From donor compliance requirements to operational risks in fragile contexts, the need for a structured Enterprise Risk Management (ERM) framework has never been greater.
Why ERM Matters for NGOs
Donors — including USAID, EU, DFID, and UN agencies — increasingly require grant recipients to demonstrate robust risk management practices as a condition of funding. Beyond compliance, a well-implemented ERM framework:
- Protects the organisation's assets and reputation
- Enables proactive rather than reactive management
- Strengthens governance and board oversight
- Improves programme delivery outcomes
Key Risk Categories for NGOs
Financial Risks
- Foreign exchange exposure on multi-currency grants
- Donor fund misappropriation and fraud
- Inadequate financial controls and segregation of duties
- Over-reliance on a single donor
Operational Risks
- Staff safety and security in field operations
- Supply chain disruptions
- IT systems failures and data breaches
- Partner organisation capacity and compliance
Compliance and Regulatory Risks
- NGO Board registration and reporting requirements
- Tax obligations (VAT, PAYE, withholding tax on service fees)
- Anti-money laundering and counter-terrorism financing requirements
Reputational Risks
- Safeguarding failures
- Programme quality and impact measurement
- Community relations
Building Your ERM Framework
A practical ERM framework for an NGO typically includes:
- Risk Appetite Statement — defining how much risk the organisation is willing to accept
- Risk Register — a living document capturing all identified risks, likelihood, impact, and mitigation measures
- Risk Owner Assignments — ensuring accountability at management level
- Monitoring and Reporting — quarterly risk reviews reported to the board
Our Experience
Matengo & Associates has developed and reviewed ERM frameworks for organisations including IEBC, Mwalimu National DT Sacco, the Insurance Regulatory Authority, AERC, and KNBS. We bring practical, implementable frameworks — not just theoretical models.
Contact us to discuss an ERM assessment for your organisation.
