Enterprise risk management plan for Greenpeace Norway

Abstract

Greenpeace Norway is the Norwegian branch of one of the largest independent environmental organisations in the world. The organisation has a common mission to work towards protection of the environment and prevention of the climate crisis. This paper aims to create an enterprise risk management plan for Greenpeace Norway, which at present has no plan for risk management. Mixed methods were used to gain a comprehensive understanding of relevant factors in order to create a functional enterprise risk management plan. Primary data was collected through three in-depth interviews with five participants and a questionnaire completed by 152 individuals. This allowed for the identification of risks and provided descriptive information on individuals in the target population, such as on their awareness of the organisation, the relevant market, donation habits, and more. Secondary data was collected from annual reports for information on the financial status of Greenpeace Norway compared to similar environmental organisations, and to supplement the primary data in the process of identifying risks. Forty-two relevant risks related to the day-to-day operations of Greenpeace Norway were identified and assessed, and mitigation for each of these risks were suggested. Risks were ranked and assessed according to whether they were internal or external and the likelihood, impact, and vulnerability of the organisation to the risk. To make the enterprise risk management plan as legible as possible for the end users, risk registers and risk mitigation logs were divided into five departments: programming, fundraising, communication, IT, and all. A final enterprise risk management plan that can stand alone is presented for the organisation to follow, to thereby contribute to increased value for the organisation. Monitoring practices and suggestions for implementation of the risk management to garner the support of staff and volunteers and for the maintenance of consistent risk mitigation practices are also provided.