In the excitement of fundraising, getting donor commitments and hosting events, nonprofit boards may overlook an issue that’s vital to the organization’s sustainability — risk management. Risk management is a proactive activity when it’s done well. Too often, boards unwittingly give risk management a backseat to more pressing matters. Risk management left unchecked can throw boards into a storm of reactivity, as it forces them to scramble to protect the organization from various kinds of losses.
Managers are essentially the front-line risk managers. Boards that leave the full responsibility for managing and addressing risk to their managers can’t assume they have all aspects of risk management covered. While managers should have a pretty good handle on managing risks and should be keeping the board informed, it takes a collaborative approach between the board and managers to manage risk well.
Nonprofit boards can choose to oversee risks on their own. They can also delegate risk management activities to a risk manager or risk management committee. Ultimately, risk management is the responsibility of the full board.
What Does a Risk Management Plan Entail?
A risk management plan details an outline of a nonprofit’s risk profile and risk appetite. Risk managers are the best individuals to assess risks in all of the organization’s programs and activities. It’s important for the board and managers to share a collective philosophy on the type and number of risks the nonprofit can manage successfully. The goal of the risk management plan is to identify risks before they become liabilities and threaten the livelihood and vitality of the organization.
Risk managers and risk management committees make recommendations to the board on how to mitigate or reduce the impact of risks. One of the common ways of mitigating risk is to purchase insurance to protect against loss. Not all risks can be insured against, so risk management committees need to proactively search for ways to protect the establishment.
Responsibilities of a Risk Manager or Risk Management Committee
Nonprofit boards that are weak in the area of risk management should add that characteristic to their list of needs for succession planning. Boards should appoint risk managers who have some degree of expertise in that field and can make responsible and informed decisions to the board. A risk committee is usually a standing committee. Some boards feel that a risk management committee is more desirable than a risk manager because it brings more perspectives to the table for discussion.
The risk manager or committee is responsible for identifying risks across the scope of the nonprofit. The executive director or CEO helps the risk manager to identify current and potential risks. Together, they assess risks as to their potential for occurrence, as well as their potential severity. In collaboration with the managers, the risk manager learns about the extent of risks and the current state of risk mitigation. Risk managers use this information to form an overall risk management strategy and to make recommendations to the full board.
The board, risk manager and management team work together to prioritize risks and the management team can take steps to mitigate risks so that they fall into the nonprofit’s risk management profile.
A Board Portal Provides an Online Platform for Risk Management Collaboration
Risk management is a team effort that requires ongoing communication and collaboration between the board members, management, and the risk manager or committee. A board portal provides an online platform where all parties can come together and share data, documents and strategies using a highly secure program.
The board portal provides a way for board members and managers to communicate any time of day or night using any electronic or mobile device. Risk management committees can easily share their agendas and meeting minutes, as well as other research they’ve found on managing risks.
BoardEffect’s board portal offers fully integrated software solutions for communications and meeting agendas and minutes that they can share in real time with the other parties. The portal has granular controls for user permissions, so board administrators have full control over who can access the portal. High levels of built-in security prevent hackers from accessing the risk management committee’s hard work.
BoardEffect’s board governance management system supports the board’s annual duties. The features support the board’s responsibility for assessing the risk management plan at least annually.
Areas of Risk for Nonprofit Boards to Consider
Nonprofit boards form risk management committees or appoint risk managers because risks transcend nearly every process and activity that nonprofits manage.
Those responsible for risk management assess whether the organization is conforming to the laws and according to the purpose they stated on their registration. As part of board oversight, the board must ensure that board members, managers, staff and volunteers abide by board policies. Boards must identify any conflicts of interest and real or potential unscrupulous behavior by key individuals.
Boards with strong risk management plans will assess the organization’s financial status and review internal controls to make sure they’re adequate.
One of the major ways that boards mitigate risk is through the purchase of insurance. Commercial insurance companies offer a large variety of insurance policies to protect nonprofit organizations. The policies and their wording can be very complicated, so it’s prudent for boards to seek outside counsel from a trusted insurance agent or attorney. Boards may also seek guidance from physical safety experts and tax advisors. Here are some of the types of insurance that help nonprofits protect against risk:
- Directors and officers’ liability
- General liability
- Commercial umbrella
- Child molestation (if they serve or work with children)
- Property coverage
- Employee theft
- Sexual misconduct
- Employment practices, e.g., wrongful termination, sexual harassment
- Fiduciary liability
- Auto coverage
- Workers’ compensation
- “Key man” life or disability – offers compensation for nonprofits that lose a key leader due to death or disability
Risk managers look for risks in every activity and department of the nonprofit’s operations, including its employees, operations, public relations and physical safety.
Overall, when managers do their best to identify, mitigate and eliminate risks, and boards fulfill their responsibility for responsible oversight, it makes the duties of the risk management committee far easier.
It’s a well-known fact that where there is risk, there usually also lies opportunity. In having a solid risk management plan run by responsible risk managers, boards can address each new opportunity as it presents itself.