Boards encounter many different types of risks of varying degrees while managing a nonprofit organization. In fact, the founding board took a huge risk in starting the organization in the first place. As nonprofit organizations grow, more risks emerge. Boards must accept risk in some form and degree in order to grow and prosper. Nonprofit boards have the responsibility to keep the nonprofit sustainable despite the challenges that risks pose. The board’s job is to balance the risks against the rewards. A risk committee is the best forum for identifying, mitigating and managing risks.
The Board’s Role in Risk Management
Nonprofit board directors must address the full cycle of risk. They must understand the types of risks the organization could face and the degree of negative impact that they could have on the organization. This information should give them the necessary information to set a reasonable threshold for the risk the organization can take on. The next logical step is for boards to plan for those risks and ensure that they have policies in place to manage them responsibly. Nonprofit boards manage risks better when they set high ethical standards for managing risks and monitor managers and other staff as they deal with risks.
Understanding Nonprofit Risk
Realizing success and achieving goals demands that nonprofit boards take risks. This doesn’t mean that it’s wise to throw caution to the wind. Boards need to assess risks carefully and to take a prudent and wise approach to taking risks.
Wise boards will assess each category of risk and mitigate the potential hazards of known risks.
Conducting a Risk Assessment
Nonprofit boards may conduct a formal or informal risk assessment. The important thing is to have a risk assessment routine that the board reviews on a regular basis — at least annually. The risk assessment should identify existing, new and emerging risks. Some risks may have little or no impact on the organization. Other risks could have a devastating impact on the organization. A risk assessment allows the board to focus on the risks that have the highest potential for negative impact on the organization.
Reducing Risks and Developing a Risk Management Plan
Risks for nonprofit organizations typically fall into one of the five following categories:
The risk management plan should identify the types of processes or reports that boards will use to help them assess risk. Examples of this include incident reports, audit reports, accreditation reviews and funder audits, among other tools.
Boards will need to find adequate sources to support each category. Board policies are good tools to use to help mitigate risk. The process of reducing risks includes having fair policies and consistent practices for hiring and firing the CEO or executive directors and volunteers. Relevant funders or accrediting bodies may also have policies that the board needs to be aware of and consider. Managers also play a big role in risk management. Boards would be remiss if they failed to train managers on how to apply these policies.
Safety is of utmost concern. When assessing safety risk, boards need to consider the safety of staff, visitors, clients and the community. In addition to physical safety, the definition of safety includes issues such as workplace violence, risks in the community, emergency preparedness, occupational risks of slips and falls, chemical risks, infection control, medical risks, risks related to children, accidents and transportation risks.
Whistle-blower policies mitigate risks from insider wrongdoing. Boards can ensure safety by having a designated process for how they handle complaints and how they channel them upward to the board when necessary.
How Insurance Helps to Mitigate Risks
Mitigating risks requires board directors to be informed about the nonprofit’s facilities, and whether they are owned, rented or leased. Insurance companies appreciate organizations that maintain a written inventory of the organization’s assets, including intellectual property, trademarks and copyrights.
Many different types of insurance policies offer protection against risk for nonprofit entities. Unless a nonprofit board has an insurance professional on the board or on an advisory board, boards should seek the advice and counsel of a licensed insurance professional before purchasing insurance policies. Depending on the type of nonprofit organization, boards should discuss the following types of insurance with an industry expert:
- Liability insurance: insurance protection against bodily injury, property damage, personal injury and advertising injury
- Business auto: insurance protection for owned, hired or non-owned autos used for nonprofit business
- Professional liability: insurance protection against mistakes made by employees, volunteers and contractors
- Sexual abuse and molestation: protection for nonprofits that serve children
- Directors and officers insurance: protects directors and officers from unintentional acts or decisions made in the course of board service
- Workers’ compensation: covers injures sustained while working for a nonprofit organization
- Umbrella policy: excess liability insurance
- Property insurance: protects the physical property of the nonprofit, including electronics and office equipment
Plan for Records, Business Continuity and Staffing Backup
Records are important to the current and future viability of the organization. Nonprofit boards need to establish a process for records management and document retention. They should also have a backup plan for natural disasters like fires and floods. Many nonprofits find that the best way to accomplish this is by utilizing board management software programs or board portals. These systems use secure, cloud-based systems, which also usually provide unlimited storage.
It’s a wonderful thing when nonprofits can rely on professional managers, staff and key board members. Unfortunately, emergencies or other urgent issues may surface that cause the loss of key individuals, either temporarily or permanently. It’s the board’s responsibility to identify backup plans or individuals to take over key duties and responsibilities when the primary parties are unable to do so. Cross-training with checks and balances in place should be part of the internal controls process for nonprofit organizations.
Create a Culture of Risk Management
Nonprofit board directors are the primary individuals for creating a culture of risk management. While the culture begins with the board and managers, they should be communicating a risk management culture throughout the entire organization. Board directors accomplish this by producing accurate reports and reviewing them in a timely manner. Board directors must be consistently aware of their fiduciary duties and be willing to address conflicts of interest immediately. A culture of ethics should be evident in all communications, actions and decisions by the board.
Board directors accept the primary responsibility for managing risk; however, everyone involved in a nonprofit organization has some responsibility for managing and preventing risks. The best defense against risk is creating a culture of risk management that infiltrates every aspect of the nonprofit’s work. Ultimately, taking a collective approach to risk management brings the nonprofit’s members closer together and strengthens their cause.