Back to Insights
Risk Management 2 min read

Enterprise Risk Management for NGOs Operating in East Africa

NGOs face a unique set of operational, financial, and reputational risks. A robust Enterprise Risk Management framework is no longer optional — donors increasingly require it.

B

Dr. Constantine M. Barasa

22 January 2025

Non-Governmental Organisations operating in East Africa face a complex and evolving risk environment. From donor compliance requirements to operational risks in fragile contexts, the need for a structured Enterprise Risk Management (ERM) framework has never been greater.

Why ERM Matters for NGOs

Donors — including USAID, EU, DFID, and UN agencies — increasingly require grant recipients to demonstrate robust risk management practices as a condition of funding. Beyond compliance, a well-implemented ERM framework:

  • Protects the organisation's assets and reputation
  • Enables proactive rather than reactive management
  • Strengthens governance and board oversight
  • Improves programme delivery outcomes

Key Risk Categories for NGOs

Financial Risks

  • Foreign exchange exposure on multi-currency grants
  • Donor fund misappropriation and fraud
  • Inadequate financial controls and segregation of duties
  • Over-reliance on a single donor

Operational Risks

  • Staff safety and security in field operations
  • Supply chain disruptions
  • IT systems failures and data breaches
  • Partner organisation capacity and compliance

Compliance and Regulatory Risks

  • NGO Board registration and reporting requirements
  • Tax obligations (VAT, PAYE, withholding tax on service fees)
  • Anti-money laundering and counter-terrorism financing requirements

Reputational Risks

  • Safeguarding failures
  • Programme quality and impact measurement
  • Community relations

Building Your ERM Framework

A practical ERM framework for an NGO typically includes:

  1. Risk Appetite Statement — defining how much risk the organisation is willing to accept
  2. Risk Register — a living document capturing all identified risks, likelihood, impact, and mitigation measures
  3. Risk Owner Assignments — ensuring accountability at management level
  4. Monitoring and Reporting — quarterly risk reviews reported to the board

Our Experience

Matengo & Associates has developed and reviewed ERM frameworks for organisations including IEBC, Mwalimu National DT Sacco, the Insurance Regulatory Authority, AERC, and KNBS. We bring practical, implementable frameworks — not just theoretical models.

Contact us to discuss an ERM assessment for your organisation.

Need professional advice?

Our team can help you apply these insights to your specific situation.

Contact Us
Enterprise Risk Management for NGOs Operating in East Africa | Matengo & Associates