Annual Report 2022/Story: Risk analysis – A better prepared organization
I den här storyn fokuserar vi på det inledande arbete som skett med att förbereda föreningen för olika risker. Detta genom att utveckla en omfattande riskanalys samt upprätta processer och rutiner för ett aktivt arbete med riskminimering.
An organization like Wikimedia Sverige is exposed to a number of risks of very different nature, which thus have to be handled in different ways. For example, the association is at the technological forefront and the legal situation is not always crystal clear. Technical systems may break down, which may limit our ability to do our work. The health of our staff or board members may change. We work on disseminating information on all sorts of topics, which is consumed by a huge amount of readers. This means that our work affects society in many different ways and can sometimes lead to substantial outrage. The general public has a very bad understanding of the degree of influence that Wikimedia Sverige has on the content on the Wikimedia platforms. In the public eyes, we represent the Wikimedia platforms, so whatever happens there can have a direct impact on our organization. In the recent size, we have grown in both size and visibility; as a result, we're more well known, which in turn increases various sorts of risks.
Since 2013, our association has a general crisis plan in place which provides a basic distribution of responsibilities and focuses on crises of a personal nature within the organization as well as on how we should handle negative attention of a certain magnitude. More specific plans for work during the pandemic were produced when they were needed, and the same applies to plans for protecting our technical systems and personal data.
In connection with various larger project, we have done targeted risk analyses in order to identify so-called minirisks. Not least when applying for external project funding, the funders usually request that a targeted risk analysis for the specific project is included in the grant application. However, many of those risks are not limited to the projects in question, but could impact all of our work in general. For this reason, our work with limiting project-specific risks has contributed to risk minimization in the entirety of our organization.
We have also put a lot of effort into minimizing different sorts of financial risks, as well as worked with annual analyses and compilations of risks connected to the work environment and stress among the staff.
What's been mostly missing is a risk analysis for the entirety of our operations. A risk analysis where the threats are identified and presented in a structured way, one that makes it clear whether there any parts of our operations that are especially sensitive, how big the expected probability and consequences of specific types of risks are, how these risks can be reduced, what risk-reducing measures need to be taken and what needs to be maintained or created to minimize the risk.
Such an analysis was produced during the year. Sixty risks were identified, analyzed and listed. We are now going to work systematically on the risks we assessed as most important, so that they can be avoided, reduced or (if they are unavoidable) shared or insured against. The board has decided that the risk analysis shall be updated annually and that the executive director shall inform them continuously if anything changes over the year.
Our risk analysis is inspired by those created by some other Wikimedia organizations, but we have developed it further and it's much more extensive. That's why we're planning to share out insights and suggestions for measures with other executive directors after the first round of revisions in 2023.