What risks do enterprises and investors face in seeking to create impact? How can they evaluate and mitigate these impact risks? The data categories under the ‘Risk’ impact dimension help us address these questions.

The content on this page has moved to Impact Frontiers.

You will be redirected in five seconds, otherwise, click here: https://impactfrontiers.org/norms/five-dimensions-of-impact/risk/

The ‘Risk’ impact dimension assesses the likelihood that impact will be different than expected, and that the difference will be material from the perspective of people or the planet who experience impact. This page provides guidance on the ‘Risk’ data categories that enterprises and investors can use to identify, assess and mitigate risks. If you are unfamiliar with the impact dimensions (and their respective data categories), we recommend first visiting the short section What is Impact.

Introduction: The ‘Risk’ Impact Dimension

The data categories under the ‘Risk’ dimension help enterprises and investors assess and mitigate impact risks.

When enterprises and investors set financial goals, they always face the risk of not achieving them. The same is true for impact.

While financial risk assessments may capture impact risks, this is not always the case. A simple example illustrates the point. A financial risk assessment may point to raising prices to increase profitability, with clear implications for customers at the bottom of the economic pyramid. Conversely, if the enterprise (or investor) would have also considered impact risks, the assessment may have pushed the management team to explore other alternatives (such as a cross-subsidy model) to prevent pricing out those who are likely to benefit the most from the product or service. 

Neglecting an impact risk may jeopardise the outcomes that people or planet experience; therefore enterprises and investors need to consider these separately from financial risks. The three data categories under the ‘Risk’ impact dimension provide enterprises and investors with a roadmap for assessing and mitigating impact risks. These categories are:

By collecting data across these categories, enterprises and investors can gain a nuanced understanding of the potential risks and actively work towards decreasing their likelihood and severity. This process enables enterprises and investors to maximise their impact on people and planet.

The remaining sections provide enterprises and investors with guidance on how they can implement the three ‘Risk’ categories.

IMP - Two categories of risk

What types of impact risks do enterprises and investors face?

Enterprises and investors are exposed to nine types of impact risks.

Impact risk is the likelihood that impact will be different than expected, and that the difference will be material from the perspective of people or the planet who experience impact.

For example, what is the likelihood that trainees will not obtain a long-term, decent employment opportunity after graduation? What are the consequences for patients if medicine is not delivered on time?

For each outcome they seek to deliver, enterprises and investors are exposed to one or more of the following risks:

IMP - Nine types of risk

Identifying – as well as assessing and mitigating – risks is not a one-time exercise but an ongoing learning process that requires re-evaluating risks as the project (or policy) develops. 

In the next section, we discuss how enterprises and investors can assess risks, the second category in managing impact risks.

How can enterprises and investors assess impact risk?

To assess impact risks, enterprises and investors need to consider the likelihood and consequences of not achieving a specified social or environmental outcome.

To assess impact risks, enterprises and investors need to consider:

  • The likelihood of the risk happening
  • The consequences for the stakeholder should the risk materialise

Enterprises and investors can classify these risks into ‘Low’, ‘Medium’ or ‘High’, as per the diagram below. A very likely and severe risk would be classified as ‘High’, whereas a very unlikely and not severe risk would be classified as ‘Low’.

IMP - Likelihood of impact risk

Deciding how to rank risks – and which risks to act upon – will be organisation-specific. However, the following guidelines may prove useful during the assessment process:

1. Each outcome will be exposed to one or more risk(s), although not all of them will be material. Enterprises and investors need to conduct a risk assessment for each outcome that they deliver. 

2. If a risk is classified as ‘Low’, then the risk would not be considered material. However, it should be regularly reviewed to ensure it remains under the same classification.

3. It is often practical to start with assessing evidence risk (i.e. the probability of insufficient high-quality impact data) by considering the availability of impact data across the other dimensions (‘What’, ‘Who’, ‘How much’ and ‘Contribution’).

  • If evidence risk is classified as ‘High’, then it is likely that other data-related risks – drop-off, execution, unexpected impact and efficiency risks – will also be classified as ‘High’. When this is the case, enterprises and investors may not find useful to consider these other four risks separately, as their assessment depends on sufficient data availability.
  • Conversely, if evidence risk is ‘Medium/Low’ or ‘Medium/High’ (i.e. there is some impact data available), then these four data-related risks will add a level of depth to the assessment, and can help enterprises and investors focus resources on high-risk outcomes.

4. Stakeholder participation risk, external risk, endurance risk, and alignment risk can be assessed based on the enterprise’s model and operating environment, regardless of the available evidence.

5. As point 3 illustrates, risks do not exist in isolation. Assessing the relationship between risks will provide more accurate classifications (e.g. does a ‘High’ drop-off risk precipitate efficiency risk?).

6. Enterprises and investors can use scenario planning to avoid a narrow assessment of risks (e.g. would the level of risk change if a certain parameter was changed?).

Once risks have been identified, assessed and prioritised, they need to be mitigated. The next section covers concrete steps for risk mitigation. 

How can enterprises and investors mitigate impact risk?

Mitigating impact risk requires adjusting an enterprise’s business model based on the risk assessment. 

Mitigating risk is a two-stage, iterative process that builds on the risk assessment.

The first step requires enterprises and investors to fill in the data gaps identified in the risk assessment. As several impact risks can be mitigated with additional data, conducting further analysis is a useful starting point.

The second step uses the new insights to adjust the business model — whether that is tweaking prices, hiring staff, extending an initiative, or strengthening health and safety safeguards.   

How the Education Outcomes Fund mitigates risks

Launching in 2019, the Education Outcomes Fund for Africa and the Middle East (EOF) aims to improve educational attainment by scaling up proven and innovative education solutions. EOF plans on partnering with impact investors, philanthropic organisations and aid agencies to fund interventions across multiple countries and at all levels of education.


EOF recognised early on the need to understand its impact risk exposure, to ensure the success of the initiative. To this end, EOF carried out a four-fold approach to identify, assess, and mitigate risks:


1. Using the education evidence base and expert interviews, EOF first compiled a comprehensive list of risks that it could face at each stage of the initiative — from design to implementation to monitoring and evaluation. 


2. Having identified a total of 64 risks that could jeopardize the initiative’s impact, EOF ranked them according to their likelihood and severity.


3. Based on these findings, EOF went back to the research to fill in the data gaps and re-assess risks more accurately.


4. The team organised a list of existing and new procedures that could mitigate the risks.


Out of the 64 risks identified, EOF found almost half to fall under stakeholder participation and unexpected impact risk types. The analysis also showed that a significant proportion could be mitigated by preventive procedures. While acknowledging the limitations in predicting risks, EOF has derived significant value from the exercise. enabling them to put in place a risk mitigation plan. 


Source: Education Outcomes Fund (2018)