When I talk with campaigners, policy specialists and advocacy managers, they all agree that advocacy, while having the potential to achieve major changes, also entails significant risks.
Organisations risk their reputations by speaking out – their analysis is exposed to all to see and may be seen as flawed or biased, and their objectives or methods may be perceived as being ‘too political’. This may lead to loss of support, reduced funding or an inability to work in certain areas.
More seriously, if the advocacy threatens to be successful, a backlash may come from those whose power or vested interests are being challenged. Advocates and affected communities (especially their leaders or representatives and their families) may suffer intimidation, imprisonment, violence or even death. These security risks are real and cannot be ignored.
But when I ask them what processes they have in place to monitor and manage those risks, some confess that they do nothing, while many others admit that their safeguards are limited to some ad-hoc sign-off procedures.
There are two possible results to this. The first is that people and organisations are exposed to unnecessary and unacceptable risks. The second is that organisations become overly cautious, scaling back their advocacy efforts and failing to exploit opportunities to make change happen. Sometimes both results can happen in the same campaign!
We don’t want to eliminate risks altogether. If there is no risk, it is probable that our asks are too modest or our methods too timid. A risk management system, properly applied, can (strange as it seems) both reduce risk and encourage risk taking.
A proper risk management system involves three stages:
First, all the potential risks need to be identified. We need a long and comprehensive list to ensure that no risks are being ignored.
Secondly, the risks should be assessed against two factors:
a) How likely is it that the risk will take place?
b) How serious would it be if the risk takes place?
For each of these factors we can assign a score on a scale of 1 – 5 or 1 – 10, which should then be multiplied together to give an overall risk score. When we have done this with all the identified risks, we have the risk profile for the campaign.
Thirdly, starting with the highest scoring risks, we identify actions that we can take to both reduce the likelihood of the risk occurring and the impact of the risk if it does occur. We can then re-assess the risks and decide if the resulting risk profile is acceptable or if we should drop the campaign. If our risk assessment identifies significant risks to the livelihoods or safety of others, then they should be consulted on how acceptable the risks are to them.
Advocacy managers should not sign off any advocacy plans that do not include a robust and comprehensive risk assessment and management plan – it is one of their key responsibilities as a manager. But I have to ask why so few appear to demand this of their staff when the process can be so straightforward?