As a board member, you play a vital role as a steward of your nonprofit’s mission and its funds. Risk management is an essential responsibility for all nonprofit boards of directors. The people that your nonprofit serves have very little voice in choosing your nonprofit’s leadership. They count on your board of directors to manage risks so they can be sure that your nonprofit will continue to be able to provide the community services they need. Your donors and supporters are also interested in sound risk management to ensure that their investments in your nonprofit are being put to good use.
Conducting an organizational risk assessment is an important activity that can help your board build and maintain the trust and confidence of your stakeholders.
As part of your organizational risk assessment process, you’ll have to evaluate and address all the direct and indirect risks that could affect your donors, employees, volunteers, and other stakeholders. If you proceed with your organizational risk assessment, you’ll find that it’s easy to plan for some risks, and it’s impractical or impossible to plan for others. On both accounts, meaningful risk management practices are essential for the health and vitality of your nonprofit and the protection of your nonprofit’s reputation.
Why Your Nonprofit Should be Concerned with Risk Assessment
Let’s dig a little deeper into the definition of risk with this common definition of risk:
“A probability or threat of damage, injury, liability, loss, or any other negative occurrence that is caused by external or internal vulnerabilities, and that may be avoided through preemptive action.”
Businesses and nonprofits alike need to be concerned with risks and risk management. As your nonprofit strives to grow and improve, your board will face many different kinds of risks in varying degrees. Even a minor risk can thwart your progress or threaten your nonprofit’s livelihood.
There are 4 ways for boards of directors or risk management committees to manage risks:
A risk appetite refers to the degree of risk that your nonprofit chooses to accept. A risk assessment is a formal process for identifying, evaluating, and controlling risks. Businesses and nonprofits alike define a risk appetite and conduct an organizational risk assessment as part of good risk management practices.
If your nonprofit has the funds, you can hire a risk manager. Be aware that hiring a professional risk manager does not relieve your board of its responsibility for the oversight of risk management.
Best practices for risk management will help your organization to be resilient and make it easier for you to get financial support if you should face an unprecedented crisis. With that in mind, let’s look at some sound reasons for performing an organizational risk assessment:
- The practice of identifying risks and opportunities will help your nonprofit identify your most important priorities.
- Understanding the risks that your nonprofit is facing is essential in the strategic planning process.
- A proper risk assessment process demonstrates to your donors that you’re exercising good student stewardship over your financial resources.
- An organizational risk assessment will help your organization remain sustainable currently and keep your organization viable so you can continue providing services to your community in the future.
- A risk assessment may help your board identify areas of risk that you can manage by insuring them, which is a means of transferring risk.
There are two types of risks that boards need to be concerned with—inherent risk and residual risk. Inherent risk is the amount of risk that an organization faces without consideration for risk management. Residual risk refers to the amount of risk that is left once risks have been managed according to one of the four ways to manage risks as mentioned previously. Your board needs to factor both types of risks as part of an organizational risk assessment.
How to Conduct an Organizational Risk Assessment
It’s not difficult to conduct an organizational risk assessment. For most nonprofits, it’s merely a matter of actually getting it done. The best way to do that is to develop a timeline for completing your organizational risk assessment and make it a priority.
It’s common for risk-related issues to surface during board discussions. When this happens, it’s important to view them as more than a passing comment. It’s the board’s responsibility to weigh the risks around every program and activity and consider the worst-case scenarios, as well as any opportunities risks might bring.
An organizational risk assessment is something a board can take the lead on, but for the sake of getting multiple vantage points, including the outsider perspective, many boards opt to hire an external facilitator.
The first step on your timeline is to identify the potential risks. Next, you need to score and prioritize risks according to the degree of risk and the potential for them to occur. This is called a risk register. A basic rating process that ranks risks according to low, medium, high, or major is sufficient for prioritizing and scoring risks.
Once risks have been identified and scored, the next step is to figure out whether to avoid, retain, share, or transfer each risk to reduce or control the exposures.
Finally, the last step is to identify the resources the board needs to ensure strong risk management for the current time and for the future. Boards that are committed to risk management use their first organizational risk assessment as a foundation which they can use to increase the sophistication of risk assessment programs in the future.
Ultimately, the main goal of doing an organizational risk assessment is to come away from it with detailed recommendations, action steps, and strategies surrounding risk management that help to strengthen the organization’s mission and achieve its key objectives.
A Board Management System Helps to Keep Risk Assessment Activities on Track
A risk assessment template is a valuable tool for helping you complete your organizational risk assessment process. With unlimited cloud storage, a board management system by BoardEffect is a secure place where you can store your template for building on your current risk assessment plan. You might consider that much of your risk assessment planning can be done before your official risk assessment planning meeting. With a BoardEffect board portal, you get a built-in survey tool that you can use to gather information from board members about identifying risks, scoring risks, and brainstorming strategies to manage risks before your official planning meeting.
These are just a couple of ways that your BoardEffect board portal helps to streamline your board meetings and board activities. BoardEffect designed an all-in-one secure platform that addresses all your board activity needs including creating your board meeting handbooks, streamlining communication processes, storing documents, and all of your other important board responsibilities.