Risk Management Policy

Safeguarding Our Mission Through Proactive Risk Identification and Mitigation

Blessed Day Relief Foundation

Risk Management Policy

Effective Date: January 2025

Foundation Commitment to Risk Management

The Blessed Day Relief Foundation recognizes that effective risk management is fundamental to achieving our humanitarian mission and maintaining the trust of our stakeholders, donors, beneficiaries, and partner organizations. As a humanitarian organization operating in complex and often challenging environments, we are committed to implementing a comprehensive and systematic approach to identifying, assessing, managing, and mitigating risks across all dimensions of our operations. This policy establishes the framework through which we protect the Foundation's operational integrity, financial stability, and reputation while ensuring the safety and dignity of the communities we serve. Our approach to risk management reflects our core values of accountability, transparency, and responsible stewardship of resources entrusted to us.

Policy Contents

1 Policy Objective & Scope
2 Risk Categories & Classifications
3 Risk Identification & Assessment
4 Risk Mitigation Strategies
5 Monitoring & Continuous Review
6 Roles & Responsibilities
1

Policy Objective & Scope

Establishing the Foundation's Risk Management Framework

This Risk Management Policy establishes a structured, comprehensive, and proactive approach to identifying, assessing, managing, and mitigating risks that may affect the Blessed Day Relief Foundation's operations, strategic objectives, reputation, beneficiaries, staff members, volunteers, or financial integrity. The policy is designed to embed risk awareness into the organizational culture at all levels and ensure that risk management considerations inform decision-making processes throughout the Foundation.

The primary objectives of this policy are to protect the Foundation's ability to fulfill its humanitarian mission, safeguard the interests of all stakeholders including beneficiaries and donors, preserve organizational assets and resources, maintain regulatory compliance across all jurisdictions of operation, and ensure the continuity of essential services and programs. This policy applies to all personnel, operations, programs, projects, partnerships, and activities undertaken by or on behalf of the Blessed Day Relief Foundation, regardless of geographic location or funding source.

"Effective risk management is not about eliminating all risks but about understanding, prioritizing, and managing them in a way that enables the Foundation to pursue its mission with confidence while protecting those we serve and those who make our work possible."

Core Principles of Risk Management

The Foundation's approach to risk management is guided by several core principles that inform all risk-related activities and decisions. We are committed to a proactive rather than reactive approach, seeking to identify and address potential risks before they materialize into actual problems or crises. Our risk management processes are integrated into strategic planning, operational management, and day-to-day decision-making rather than treated as a separate or isolated function. We maintain transparency in our risk assessments and management decisions, ensuring that relevant stakeholders are informed about significant risks and the measures being taken to address them. Our approach is proportionate, with the level of risk management effort corresponding to the severity and likelihood of potential risks. Finally, we embrace continuous improvement, regularly reviewing and enhancing our risk management practices based on lessons learned, emerging best practices, and changes in our operating environment.

2

Risk Categories & Classifications

Understanding the Spectrum of Organizational Risks

The Blessed Day Relief Foundation operates in complex environments where multiple types of risks can affect our ability to deliver programs effectively, maintain operational continuity, and uphold our commitment to stakeholders. To ensure comprehensive coverage and appropriate management strategies, we categorize risks into distinct but interconnected categories. Each category requires specific assessment approaches, mitigation strategies, and monitoring mechanisms tailored to the nature and characteristics of the risks involved.

Understanding these risk categories enables staff at all levels to recognize potential threats and opportunities within their areas of responsibility and to contribute to the organization's overall risk management efforts. The following categories represent the primary domains of risk that the Foundation systematically addresses through this policy framework.

Operational Risks

Operational risks encompass threats to the Foundation's ability to execute programs and activities effectively. These risks arise from internal processes, systems, personnel, or external events that can disrupt service delivery or impair operational efficiency. Operational risks can affect program quality, timeliness, and the Foundation's capacity to meet its commitments to beneficiaries and donors.

Common Examples
  • Supply chain disruptions affecting program materials
  • Key personnel departure or unavailability
  • Infrastructure failures or facility issues
  • Partner organization capacity limitations
  • Logistics and transportation challenges

Financial & Fraud Risks

Financial risks relate to the Foundation's fiscal health, funding sustainability, and financial management practices. This category includes risks of fraud, misappropriation of funds, financial mismanagement, and external economic factors that could affect the organization's financial stability or its ability to maintain donor confidence and meet financial obligations.

Common Examples
  • Internal or external fraud and embezzlement
  • Funding shortfalls or donor withdrawal
  • Currency fluctuation in international operations
  • Inadequate financial controls and oversight
  • Budget overruns and cost management failures

Legal & Regulatory Risks

Legal and regulatory risks arise from the complex landscape of laws, regulations, and compliance requirements governing non-profit organizations and humanitarian operations. These risks include potential legal liabilities, regulatory violations, contractual disputes, and failure to meet legal obligations in various jurisdictions where the Foundation operates or receives funding.

Common Examples
  • Non-compliance with charity regulations
  • Employment law violations or disputes
  • Contractual breaches with donors or partners
  • Tax and reporting requirement failures
  • Liability claims from program activities

Reputational Risks

Reputational risks threaten the Foundation's standing, credibility, and public perception among stakeholders including donors, beneficiaries, partners, regulators, and the general public. Reputational damage can result from actual events, perceived failures, or association with controversial individuals or organizations, significantly impacting fundraising capacity and stakeholder relationships.

Common Examples
  • Negative media coverage or public criticism
  • Social media controversies or viral incidents
  • Association with disreputable partners
  • Program failures or beneficiary complaints
  • Perceived lack of transparency or accountability

Safeguarding Risks

Safeguarding risks encompass potential harm to vulnerable individuals, particularly children and adults at risk, who interact with the Foundation's programs, staff, or representatives. This critical category includes risks of abuse, exploitation, harassment, and failure to provide adequate protection measures for those the Foundation serves and employs.

Common Examples
  • Staff misconduct toward beneficiaries
  • Inadequate background checking procedures
  • Insufficient supervision of program activities
  • Failure to report or respond to concerns
  • Weak safeguarding policies or training

Technology & Data Security Risks

Technology and data security risks relate to the protection of organizational information systems, digital assets, and sensitive data. In an increasingly digital environment, these risks include cyber attacks, data breaches, system failures, and inadequate data protection practices that could compromise confidential information or disrupt operations.

Common Examples
  • Cyber attacks and ransomware incidents
  • Data breaches exposing personal information
  • System outages and technology failures
  • Inadequate backup and recovery procedures
  • Unauthorized access to sensitive systems
3

Risk Identification & Assessment

Systematic Approach to Understanding Organizational Risks

The Blessed Day Relief Foundation conducts periodic and comprehensive risk assessments to ensure that potential threats are identified early, evaluated accurately, and addressed through appropriate mitigation strategies. Our risk identification and assessment process is designed to be thorough yet practical, enabling the organization to allocate resources effectively and prioritize risk management efforts based on the relative severity and likelihood of different risks.

The risk assessment process involves multiple stakeholders across the organization, drawing on the expertise and perspectives of staff members who have direct knowledge of operational realities, external factors, and emerging challenges. This collaborative approach ensures that assessments are grounded in practical experience while also benefiting from strategic oversight and analytical rigor.

1

Identification of Potential Threats

The first stage involves systematic identification of potential risks across all categories and operational areas. This process utilizes multiple sources of information including staff input, incident reports, external environment scanning, stakeholder feedback, and review of sector-wide trends and challenges. We maintain a risk register that catalogs identified risks and provides a foundation for ongoing monitoring and management. Identification is conducted at organizational, program, and project levels to ensure comprehensive coverage.

2

Evaluation of Likelihood and Impact

Each identified risk is assessed for both the probability of occurrence and the potential severity of impact if the risk materializes. Likelihood is evaluated based on historical data, current conditions, and predictive factors, while impact assessment considers effects on operations, finances, reputation, stakeholders, and mission delivery. This dual evaluation enables prioritization and ensures that high-consequence risks receive appropriate attention regardless of their probability, and that frequently occurring risks are addressed even when individual impact is moderate.

3

Prioritization of Mitigation Strategies

Based on the combined assessment of likelihood and impact, risks are prioritized to guide resource allocation and management focus. The prioritization process considers the organization's risk tolerance, available resources for mitigation, and the relationship between different risks that may compound or interact. Priority rankings inform the development of mitigation strategies and determine the frequency and intensity of monitoring activities. High-priority risks receive immediate attention and dedicated resources for mitigation and contingency planning.

Risk Assessment Matrix

Minor Impact
Moderate Impact
Significant Impact
Severe Impact
High Likelihood
Medium
High
Critical
Critical
Medium Likelihood
Low
Medium
High
Critical
Low Likelihood
Low
Low
Medium
High
Very Low Likelihood
Low
Low
Low
Medium

Assessment Frequency and Triggers

Formal risk assessments are conducted on a scheduled basis, with comprehensive organizational assessments occurring at least annually and program-level assessments conducted prior to major project launches or significant operational changes. In addition to scheduled assessments, ad hoc reviews are triggered by significant incidents, near-misses, material changes in the operating environment, new program initiatives, entry into new geographic areas, or major organizational transitions. The frequency and depth of assessments are proportionate to the risk profile of the activity or area under review, with higher-risk operations subject to more frequent evaluation. All assessment results are documented, communicated to relevant stakeholders, and integrated into planning and decision-making processes.

4

Risk Mitigation Strategies

Comprehensive Measures to Reduce and Manage Risks

The Blessed Day Relief Foundation employs a multi-layered approach to risk mitigation, implementing controls and safeguards designed to reduce the likelihood of risks occurring, minimize the impact when risks do materialize, and ensure rapid and effective response to incidents. Our mitigation strategies are tailored to the specific characteristics of each risk category while maintaining consistency with organizational values, capacity, and resource constraints.

Mitigation measures are designed to be proportionate to the level of risk, practical to implement within our operational context, and sustainable over time. We recognize that risk mitigation is not a one-time activity but an ongoing commitment that requires regular review, adaptation, and reinforcement. The following key mitigation strategies form the foundation of our risk management approach.

Internal Controls & Segregation of Duties

We maintain robust internal controls that ensure no single individual has complete authority over critical processes or transactions. Key functions such as authorization, custody, and record-keeping are separated among different staff members to prevent errors, detect irregularities, and reduce opportunities for fraud or misuse of resources. Regular review of control effectiveness ensures continued protection.

Secure Payment & Data Systems

All financial transactions and sensitive data are processed through secure, approved systems with appropriate encryption, access controls, and audit trails. We implement multi-factor authentication for critical systems, maintain secure backup procedures, and regularly update security measures to address evolving threats. Data handling practices comply with applicable privacy regulations and donor requirements.

Policy Enforcement & Monitoring

Organizational policies are consistently enforced across all operations, with clear procedures for reporting and addressing violations. Compliance monitoring activities verify that policies are being followed and identify areas requiring additional attention or training. Non-compliance is addressed promptly through appropriate corrective actions, and patterns of non-compliance trigger review and strengthening of relevant controls.

Staff & System Oversight

Regular oversight of staff activities and organizational systems ensures that operations remain aligned with policies and expectations. This includes performance monitoring, supervisory reviews, periodic audits, and management oversight of high-risk activities. Oversight mechanisms are designed to support staff while identifying issues early and providing opportunities for coaching, correction, and improvement before problems escalate.

Training & Capacity Building

All personnel receive training on risk awareness, organizational policies, and their specific responsibilities for risk management. Training programs are tailored to different roles and regularly updated to address emerging risks and lessons learned. Capacity building extends to partners and volunteers to ensure consistent risk management practices across all Foundation activities and relationships.

Contingency & Business Continuity Planning

The Foundation maintains contingency plans for responding to major risk events and ensuring continuity of critical operations. Plans identify essential functions, alternate resources, communication protocols, and recovery procedures. Regular testing and updating of contingency plans ensures readiness for various scenarios, from localized incidents to major disruptions affecting multiple operations.

"Risk mitigation is most effective when embedded in daily operations and organizational culture rather than treated as a separate compliance exercise. Every staff member has a role in identifying, reporting, and helping to manage risks within their sphere of responsibility."

5

Monitoring & Continuous Review

Ensuring Risk Management Remains Effective and Responsive

Effective risk management requires ongoing vigilance and systematic monitoring to ensure that controls remain effective, emerging risks are identified promptly, and the organization's risk management approach evolves in response to changing circumstances. The Blessed Day Relief Foundation maintains a comprehensive monitoring framework that provides timely information on risk status, control performance, and areas requiring attention or adjustment.

Monitoring activities are integrated into routine operational processes and supplemented by periodic reviews and assessments. This multi-layered approach ensures that risk management is both embedded in daily operations and subject to independent evaluation. The following framework guides our monitoring and review activities.

Continuous Operational Monitoring

Program managers and operational staff maintain ongoing awareness of risk indicators and report significant observations through established channels. This includes monitoring of key performance indicators, incident tracking, stakeholder feedback, and environmental factors that may affect risk levels. Continuous monitoring enables early detection of emerging issues and prompt corrective action before risks escalate.

Quarterly Risk Reviews

Management conducts quarterly reviews of the risk register, evaluating the status of identified risks, the effectiveness of mitigation measures, and any changes in risk profiles. These reviews consider incident reports, audit findings, and operational feedback to inform updates to risk assessments and mitigation strategies. Quarterly reviews also identify any new or emerging risks requiring attention.

Annual Comprehensive Assessment

A comprehensive annual risk assessment examines all risk categories, evaluates the overall effectiveness of the risk management framework, and identifies strategic priorities for the coming period. This assessment involves input from across the organization and considers external developments including regulatory changes, sector trends, and the broader operating environment. Results inform strategic planning and resource allocation decisions.

Board-Level Risk Reporting

The Board of Directors receives regular reports on risk management activities, significant risks and their status, and any material incidents or concerns. The Board reviews and approves the overall risk management framework, sets the organization's risk tolerance, and provides oversight of management's risk management activities. Board-level engagement ensures appropriate governance attention to risk management.

Triggered Reviews and Adaptive Updates

In addition to scheduled reviews, the Foundation conducts ad hoc assessments when triggered by significant incidents, material changes in operations, regulatory developments, or other events that may affect the risk landscape. Controls and mitigation measures are updated as needed to reflect lessons learned, emerging best practices, and changes in organizational capacity or context. This adaptive approach ensures that risk management remains relevant and effective.

6

Roles & Responsibilities

Governance Structure for Effective Risk Management

Effective risk management is a shared responsibility that requires engagement at all levels of the organization. While specific accountabilities are assigned to particular roles, every staff member, volunteer, and partner has an obligation to contribute to the Foundation's risk management efforts within their sphere of activity. The following table outlines the key responsibilities assigned to different organizational roles.

This distribution of responsibilities ensures appropriate oversight, clear accountability, and practical engagement with risk management throughout the organization. It reflects the principle that risk management is most effective when integrated into normal operations rather than concentrated in a specialized function isolated from day-to-day activities.

Role Responsibilities
Board of Directors The Board holds ultimate responsibility for risk oversight and governance. Key responsibilities include approving the risk management policy and framework, setting organizational risk tolerance and appetite, reviewing significant risks and management's response, ensuring adequate resources for risk management activities, and overseeing the overall effectiveness of risk management across the Foundation. The Board receives regular risk reports and addresses risk management in strategic planning.
Executive Director The Executive Director is accountable to the Board for implementing effective risk management throughout the organization. Responsibilities include championing a risk-aware culture, ensuring integration of risk management into strategic and operational planning, allocating resources for risk mitigation activities, reporting on risk status to the Board, and making key decisions on risk responses. The Executive Director sets the tone for organizational commitment to risk management.
Senior Management Senior managers are responsible for implementing risk management within their functional areas. This includes identifying and assessing risks relevant to their operations, implementing and monitoring mitigation measures, ensuring staff compliance with policies and controls, escalating significant risks and incidents to executive leadership, and contributing to organizational risk assessments and planning. Managers model risk-aware behavior and support staff in fulfilling their risk management responsibilities.
Finance & Administration The Finance and Administration function has specific responsibility for financial controls, compliance monitoring, and administrative risk management. This includes maintaining internal controls over financial transactions, ensuring regulatory compliance, managing insurance and contractual protections, supporting audits and assessments, and maintaining accurate records for risk monitoring. Finance staff provide expertise on financial risk matters and coordinate with external auditors.
Program Staff Program staff are responsible for identifying and managing operational risks within their program activities. Responsibilities include following established policies and procedures, reporting incidents and near-misses, identifying emerging risks and improvement opportunities, participating in program-level risk assessments, and implementing safeguarding measures in beneficiary interactions. Program staff provide critical frontline insight into operational risks and control effectiveness.
All Personnel Every individual working with or for the Foundation shares responsibility for contributing to effective risk management. This includes understanding and following organizational policies, promptly reporting concerns or incidents, participating in training and capacity building, maintaining awareness of risks relevant to their activities, and supporting a culture of transparency and accountability. Collective engagement in risk management strengthens organizational resilience.

Our Commitment to Proactive Risk Management

The Blessed Day Relief Foundation is committed to maintaining a robust, responsive, and continuously improving risk management framework that protects our mission, our stakeholders, and the communities we serve. Through vigilant identification, careful assessment, effective mitigation, and ongoing monitoring of risks, we ensure that resources entrusted to us are used wisely and that our humanitarian work proceeds with the highest standards of integrity, safety, and accountability. This commitment reflects our recognition that effective risk management is not merely a compliance requirement but a fundamental aspect of responsible organizational stewardship.

Document: Risk Management Policy Approved By: Board of Directors Review Cycle: Annual
Version 1.0 — January 2025