The Real Cost of “Business as Usual”

Matthew Oleniuk is a former senior public service executive with over 15 years of experience leading and providing oversight on high-stakes government programs. Today, he runs The Risk Insider, where he helps public sector and nonprofit leaders protect their boldest goals from quiet internal failure. Drawing on real-world experience inside complex, high-risk initiatives, Matthew brings practical insight into what it really takes to deliver in the public sector — beyond reports, risk registers, and best-case assumptions.

Big missions deserve better protection. Too many nonprofit leaders take on incredibly ambitious goals — but without the structures, planning, or foresight to shield those goals from internal friction, resource gaps, or quiet derailment. I want your audience to walk away with a new mindset: That risk management isn’t red tape — it’s how we defend what matters most. If we want to make bold promises to our communities, donors, and teams, then we also need to lead with clarity, courage, and a willingness to confront what could go wrong before it does.

More at – https://theriskinsider.com 

 

The Interview Transcript

Hugh Ballou:
Welcome to the Nonprofit Exchange. This is episode number 454. We’ve been doing this over nine years. And in that nine years, I have interviewed some amazing people with amazing information. Now my guest, I’ll let him tell you where he is and I’ll let him pronounce his last name because I forgot to ask him before we went on here. But Matthew has a message that we’ve not covered in these 453 previous episodes. So our topic, the title for today’s interview is a fascinating, fascinating title. And Matthew, I don’t know how you arrived at the title, but tell us a little bit about your topic and first about yourself today. Matthew, how do you say your last name?

Matthew Oleniuk:
Well, I’ll help you with the pronunciation of both my first and last because my first is actually Matthew. So it’s Matthew Oleniuk. And so thanks very much for having me. It’s great to be on the show. So I am Well, let’s just start with what I do. I’m in project risk management. I provide coaching and consulting services as well as customized training for public sector and nonprofit individuals who are looking to get a better handle on their project risk management. And I’ll get into in just a second why that kind of drew me and what were the kind of pressure points that led me to pick this specific niche. So I had spent the first half of my career or so kind of bouncing around the world doing a lot of project management and client services on the delivery side. And that was both for the profit and non-profit, not-for-profit sectors. Eventually, I found myself back in Canada’s capital. I’m originally from Niagara within Canada, but I found myself in Ottawa and got drawn in by the biggest industry in town, which is the public sector there. I started designing some learning events as well as learning materials for the audit community, for the federal public service. After a little while, I actually was pulled over there and I actually started working in audit, internal audit, which I did for the next 15 plus years. And what I discovered, most of my, I’d say the overwhelming majority of the work that I did was within projects, and discovered that it was a very, an avoided topic. There were far more people who just wanted to treat it as a compliance exercise than anything meaningful. So they’d fill out their forms, and they got the right approvals, and they gave it to whoever needed it, and then they just forgot about it and went on with the quote-unquote real work. And on the audit side, of course, everybody’s kind of screaming about how this is the most important thing that you could possibly do. You know, you can’t avoid it. That’s their passion. And having kind of lived in both worlds, I discovered that there was a set of two different narratives running in parallel here. And a big part of that was the attitude from everyone involved that risk management really was just this compliance exercise. So even the proponents really just pushed the formality and the systems approach to it. Not saying that that’s irrelevant in risk management, but what I found is in public sector as well as nonprofit, So many of the activities, so much of the machinery is human-based. So it’s not about plug some numbers in and this automated system is going to take it for the next six months and you just something spits out at the end. Everything relies on human intervention, which means that these systems are still going to be disrupted every single time a person touches it. So it really doesn’t come down to this big corporate system and it doesn’t come down to alignment and public reporting, which is really what often happens. And so when I decided to leave the public service and set up my own coaching and consulting practice, it really was about marrying the two because what I discovered in auditing billions and billions and billions of dollars in public sector projects, most of which were either struggling to get across the finish line or to be quite honest, abject failures. What I discovered is most of them had supposedly excellent risk management on paper. You’d go in, they had all the right tools, they did all the right steps, and yet they were missing the biggest risks. And why was that? It’s because they were treating risk as a parallel exercise. What risk is, is really something that can get in the way of preventing you from achieving your goals. And if we boil it down to something simple like that, then it becomes a lot more intuitive. It becomes a lot more judgmental. It becomes a lot more attuned to leadership behaviors as opposed to following some sort of routine process. And so that’s kind of the trigger for me. That’s where I decided this is what I want to talk to people about because lots of people are talking about audit. Lots of people are talking about project management. Nobody is really trying to marry those two worlds to serve something bigger in the sense that risk management doesn’t mean scaling back. It means protecting what you want to achieve.

Hugh Ballou:
Wow, there’s a whole lot of stuff to unpack in that. I think to begin with, to talk about process and project management as a process, I’m always fascinated, is a good word maybe, to find out that so many people don’t even have a written strategic plan in the non-profit sector. We just have really good work and people are going to give us money. We help a lot of people, but we are compromised by our own blind spots and having strategy. I think having the strategies for me as a conductor, having the score, everybody knows what to do and I know how to guide the process. Then I can be fully creative. So to me, the anchor of it all is a strategy. Then from that, we can design a fundraising plan, a marketing plan and projects. So we need to have project management. So talk about the overlap, the blind spots first. What do we need to know about project management and how does risk fit in that? And what are some of the gaps that we don’t know about in that whole process?

Matthew Oleniuk:
Well, so I’d say that, again, when it comes to project management and when it comes to risk management, I’d say that there is, generally speaking, a lot of infrastructure that is provided. So you’ve got the general formats, you have the general principles, you have the general procedures that are developed. The issue is that they’re treated as two separate things. And the project management, I would say most of the time it’s fairly rigorous and it’s well-established. I have seen, I mean, you talk about not having a strategic plan. I have seen projects worth well over a hundred million dollars that two years into delivery are finalizing their business case. to get the funding, which they’ve already received. So it becomes just this circuitous paper activity rather than something that would actually drive the project. So that’s a whole other track. Most of the time they’re developed because they have to be, because the money generally isn’t released unless they get it. And same thing with risk management. What are the risks? Well, very often they are pointed towards the organizational framework, the enterprise risk management framework, and they’re kind of given a menu. Okay, here are the risks that we’ve decided are pertinent to our organization. pick seven, or whatever the number is. And so they look at this menu, and just like going to a buffet versus, you know, a five-star French restaurant, you’re just going to have some things that, you know, they kind of appeal to what you want, but it’s not going to really hit the mark the way you want it to. You’re not going to have the chef’s attention, right, to the meal that you’re going to order. And it’s the same type of thing with these enterprise risk management frameworks, that they’re talking about the alignment towards the organizational goals versus the project goals. And projects, I mean, as we know, are one-shot deals, right? They’re not something that are meant to go on in perpetuity. but the mandate of the organization is. So those right away, we’re at a crossroads of the purpose and what’s really gonna do impede the project. So we’ve got a menu that doesn’t apply. And then we’ve got systems that again, aren’t gonna apply. And what that does is, is that it forces a project manager to A, just kind of falsify really what the risks are because they don’t believe in them necessarily. And secondly, just kind of dismiss them as say, well, the system is not taking care of that. And they might have risks that are popping around in their brains, things that they’re worried about, but because they’re treating it in just a contextual brain activity, it’s going to be haphazard. It’s not going to be communicated across the team. And so it’s not going to be tackled head on. It’s not going to be addressed as something that the project needs to deal with. It’s just going to be something that makes the project leader uncomfortable. And then that diminished importance means that everything is kind of falling by the wayside. The main things that could present real issues to the project are treated as kind of a side hustle.

Hugh Ballou:
So let’s take a real situation that’s very common. And that’s a project that’s funded by a grant. And this could be any kind of organization. It’s just one of the primary funding sources for nonprofits around the world, government anyway. So we have a project that has a very specific target outcome. We’ve promised to deliver certain things. So this is a project. So we’re talking about non-private leaders, and we don’t have all of this infrastructure. Oh, we got money and we’re going to do this thing. So talk about that. How do we then put that project in place? And the risk piece is if we don’t achieve our goals, if we don’t have the land the marks, the milestones that we promised, we have to report back to the funder who isn’t pleased if we don’t reach those. So there’s a risk here that we aren’t going to satisfy the requirements of the grant. So is that a good situation to talk about your work?

Matthew Oleniuk:
Absolutely. Absolutely. And so the irony there is a lot of organizations who do rely on external funding are impelled to develop a risk management plan. you know, very often both the organization and the funding organization don’t really apply a lot of scrutiny to it. We’re looking for form over function here most of the time. We’re looking for existence rather than effectiveness. So do they have a risk management plan? Yes. Does it seem semi-relevant? Yes. Done. The problem there is that maybe that would support getting the funding, but as you mentioned, it’s not going to support the actual delivery of the milestones. And so the easy win at the beginning might end up chaining themselves to a perilous ending because of the fact that they haven’t really thought about things in that meaningful way. And the existence versus effectiveness quandary is really common. It’s all across the board. And folks who are looking for some sort of framework or system that’s gonna get them through that are gonna be left wanting. Because as I said, I firmly having looked at so many billions of dollars of spending in the public sector and towards nonprofits as well. And I have personally audited many funding programs for not-for-profits. they are unique and what they really require are leadership behaviors. The folks who are looking at the delivery, the milestones of the projects themselves or the activities themselves as unique, as unique endeavors, unique to the team, the team composition, where it’s sitting in the organization, how the money’s being delivered, the external pressures that are realities, not just some kind of headline or category, which is often what’s assigned, but the day-to-day practical and strategic risks that face the organization. Those don’t fit very neatly into an annual report. They don’t fit very neatly into something that applies to other organizations or to other units within the organization. And that’s where that kind of tailor-made custom approach to specific projects is absolutely essential to achieving those successful milestones.

Hugh Ballou:
So there’s a gap. You mentioned the people part of this earlier on. And so I find in the strategy world that people might have a written strategy, but it lives on a shelf or in a drawer. The integration of that into performance, which is, as a conductor, that’s my specialty. So it would seem to be, is there a model with what you do? People have an academic plan. a structure, but how do we then connect it to the people and how we function?

Matthew Oleniuk:
Yeah, well, I think that every leader has to ask a filtering question about pretty much everything they do in any project. And that is, is this activity that I’m undertaking going to bring me one step closer to the project or is it just gonna divert my resources, i.e. waste my time? And if we’re writing these intensive strategies or risk management documents or performance measurement strategy, anything, If we build them just to put them on a shelf, then they’re not purposeful. So why do we do it in the first place? And it’s understandable, again, if it’s meant to just serve a compliance requirement that might be off track, a compliance requirement that doesn’t necessarily align with the goals of the organization or the team, fine. We do what we have to do to get the funding and to get going. But if project leaders are truly vested in the outcome of the project, and in my experience, that’s the overwhelming majority of project leaders in public and not-for-profit sectors, if they’re truly vested in it, then no, they don’t necessarily have to you know, adhere to that compliance piece that they were given. But they need something, right? They need if the organizational template or whatever is too restrictive or too broad, or it doesn’t give them an actual tool that they need. that gap needs to be filled. And so put the broad thing that you don’t agree with on the shelf if that’s the case, but you need something tailored, something that’s gonna drive your strategic direction as well as your day-to-day activities. Otherwise, you’re flying by the seat of your pants. And in my experience, that’s just a recipe for disaster.

Hugh Ballou:
It is. And one of the, I don’t care what sector it is, one of the issues that I’ve, question leaders about is, do you have to have all the right answers? And that means you don’t have to have all the right skills. I’m a skills and gaps person. You got a skill, if it’s a gap, then you find somebody that’s better at that to outsource it to or to bring on your team. So it would appear that oftentimes, visionary leaders are not tactical. And so this project management and risk mitigation is a tactical. And so what do you do for people? Do you help them train somebody to be tactical? Do you work with them? How do you help fill that gap? Does that make sense?

Matthew Oleniuk:
Yeah, it does. Although I would say that we’re talking both strategic as well as tactical, because we do have to look long term. Talk about, I mean, we’ve seen, you know, agree or disagree. We’ve seen significant changes in direction for spending and the US federal government just with a single election. So programs that were reliant on funding don’t have it. Now there are new programs that are being funding that didn’t have it before. So one, you know, I don’t wanna call it a small event, but one almost transaction, which is an election, disrupted strategic plans for countless organizations. And so there are very high-level strategic risks that are involved. Now, how do we actually address it? Well, it becomes very similar to a project management plan. We’ve got big goals that we wanna deliver, but how do we get there? If it’s a two-year project, we can’t just think about it for two years. We have to break that into the day-to-day as well. So what I do is I encourage, you’re absolutely right, there are lots of leaders who are excellent with the visions and they need that extra skill set of the tactical. Perhaps that capacity exists on the team, the capability exists on the team. And so I would encourage those folks to delegate that element. They still have to own it though. And when I talk about risk and being on top of it, again, we’re not talking about a document here. We’re talking about a mindset and a set of behaviors. And part of that is even just a monthly pulse. So I call it a pulse, having a very informal conversation, say once a month with key decision makers within the team or key points within the team. What should we be nervous about for the next month? What are we not aware of and what are we not doing? So just to have those quick conversations drives it into a, what are my blind spots here? And what are some things that we need to start doing? Some things that we need to change. Big infrastructure movements are not generally gonna happen from month to month, from week to week, but little itchy feelings in the guts of leaders can. Some spidey sense tinglings can go off that, I’m not sure what that is, but that might pose a problem to my project at some point. We at least need to discuss it and think about it, even if we don’t have to do something today. Because if we’re operating off of a plan, and if that’s a static project management plan, a static risk management plan, a static strategic plan, Again, we’re setting ourselves up for failure because the world is dynamic, it’s not static, and we need to adapt on it on a regular basis. And we also have to acknowledge that, just like you say, we’re not going to necessarily have the skills, we also won’t have all the information. So to pretend that we kind of figured everything out at one point in time, and then one year later, nothing new has happened, we’re going to be fooling ourselves there. We’re going to learn everything. We’re going to be exposed to new risks, new information, new people. People are going to come in and out, whether they’re on our team or elsewhere. And we have to adapt to that. The only way we can adapt to it is by being curious and seeking that information rather than waiting for it to come to us.

Hugh Ballou:
Absolutely. And maybe the unintended or unthought of result of this is what’s referred to in the nonprofit world as capacity building. So it occurred to me that going through this process, if we are aware of how, what you’re talking about, implementing all of these things really helps improve our functioning as leaders.

Matthew Oleniuk:
Absolutely. And it makes the team better. And this is really what I talk about when trying to push, project risk management helps land ambitious projects. It doesn’t restrict them. It doesn’t reduce that ambition. It’s meant to help get them there. And that’s really what I’m always trying to communicate to the curious and the risk curious, we could call them. is that it’s not one or the other. It’s not, let’s be ambitious or let’s take care of our risks. No, by addressing our risks, by being open to them and trying to be proactive about them, that helps us aim for the moon. It doesn’t make us just want to stay grounded.

Hugh Ballou:
And there are people listening, when they hear the word risk, they get anxiety. Yes. I believe everything you’re talking about is lowering that risk. And it’s helping us recognize where it is so we can deal with it and in advance, hopefully.

Matthew Oleniuk:
Yeah, and it’s funny you bring that up because very often I like to avoid the word risk for that very reason. And so we don’t talk about what are your risks? What kind of risk management strategies are you doing? But rather, what could sink this project? What worries you about the project delivery? What’s something that could be a bump in the road? Talk about it like that and it drives it back towards the outcomes, drives it back towards the goals of the project. And then you don’t just kind of park it off. Well, have we got a system for the risks? I don’t need to worry about it. It brings the leader back into the reality. And hopefully it clicks that without knowing your risks, you don’t have a successful project. You don’t want to leave anything up to luck, especially if you’re talking, you know, a billion dollars and three years worth of effort. You want to be as ahead of the game as you possibly can.

Hugh Ballou:
Absolutely. And all those things, if you identify them, then you can now work to create a process to prevent them. Let’s go to, let’s go to your website and tell people what they’re going to find your website. It’ll be, by the way, I’ve just lost it. By the way, if you’re listening to this and you can’t capture all of these little fine tips, so many of them. There is a transcript on the page for this interview at thenonprofitexchange.org, T-H-E, nonprofitexchange.org. And so you can find the full transcript of this meeting there along with the soundbites. So we’re looking and you can find you can find Matthew at TheRiskInsider.com. TheRiskInsider.com. So Matthew, describe this for people listening on an audio podcast as well as looking at the video. Describe what they’ll find here.

Matthew Oleniuk:
Sure. Well, I have a little bit about my story, which you heard about a little bit already. But really, most importantly, we talk about how we can start addressing risk in a practical, but most importantly, in a productive way. So we talk a little bit about why we can’t rely on risk systems within the public sector and why we really need to step up as leaders rather than relying on the machinery supporting us, the infrastructure supporting us. So we’ve got some services that I offer, one-on-one coaching as well as group coaching. But it’s an interesting time. Within the next week, I’m actually releasing my first ever online training series called the Tactical Training Series, actually. I use it bringing up the word tactical again. And in that, there are three core offerings, one of which is how to stabilize a high-risk public project in 30 days. Another one, build a risk radar, a build a real risk radar, which is a lot of it digs in deeply into what I talk about here, but how we can’t rely on on the systems, we have to build it ourselves. And thirdly, how to stop project drift before it blows up. So those are all actually going on sale this week. So as I said, it is an exciting time. Those will be going up. And for those of you who just want to dip your toes in the water and want to see what risks you might be missing, we also have a free downloadable tool, which is called the Project Health Check, that has the 10 largest public sector risks. Ironically, they’re the 10 largest, but I don’t think I’ve ever seen any of them. on a project risk plan in the public sector. So massive blind spots there. So grab that tool for free and stay tuned because there is even more training news coming in about a month’s time.

Hugh Ballou:
Well, when people hear this podcast or see the video, these will already be launched. And people who do it a year or so from when we recorded this will absolutely find more stuff that you’re prolific. So I would like to highlight, when you talk about public sector, in the United States, nonprofits are public information. Everything we do is public. So, you know, it’s applicable. Everything you said about government is applicable to what we do in nonprofits. Matthew, you’ve given me a lot of useful information today, and I’m sure all of our listeners. What do you want to leave people with today?

Matthew Oleniuk:
Uh, well, I guess I’ll, I’ll reinforce one more time that, uh, that risk management is going to help you and not hinder. Uh, it’s something that, uh, the more we know, the more we can tackle, um, the more we think about it, the more we’re going to see. And the more that we proactively deal with it, the more success we’re going to achieve.

Hugh Ballou:
Yet again, we’ve got some jewels for everybody from this episode. Thank you so much for being my guest today on the nonprofit exchange.

Matthew Oleniuk:
My pleasure. Thanks so much for having me.