Risk Management Analysis: How Boards Can Spot Red Flags
With over 1.5 million nonprofits to choose from, donors have an abundance of organizations they can choose to support. Considering that, it stands to reason that donors have a greater call for transparency and accountability in the nonprofits they support. Nonprofits that follow best practices for governance, risk management, and financial responsibility are less likely to engage in irresponsible or unethical activities. As a result, donors are more inclined to support them.
Risk management is an essential component of good governance. New or emerging risks can crop up at any time. Nonprofits that are intentional about spotting red flags over risks gain opportunities to mitigate them before they become problematic. A risk management plan that incorporates an annual comprehensive risk management analysis demonstrates to donors that they’re committed to good governance practices.
How to Spot Red Flags for Risks
It doesn’t take much for a small risk to turn into a major problem, and it can happen rather quickly. A responsible risk management analysis process should send up a few red flags. Your board should take note of them and quickly identify the potential for risks so you can make a concentrated effort to mitigate them early.
Here are 11 ways to spot red flags for risks during your risk management analysis process:
- Review your articles of incorporation periodically. Look for red flags that indicate potential compliance problems and conflicts with your nonprofit’s mission and purpose.
- Ensure that bylaws contain a clause that indemnifies board members. This means the nonprofit will pay any legal costs, including defense expenses, settlements, and judgments from claims that arise from their board service. The red flag here is the failure to purchase D&O insurance to protect board members and back up this promise.
- Review your nonprofit’s bylaws periodically. Your nonprofit’s bylaws form the foundation of how your entire organization functions. As part of your risk management analysis process, ensure that your bylaws reflect your nonprofit’s current circumstances and activities and that everyone involved in the organization is following them. A failure to follow the nonprofit’s bylaws puts the board and the entity at legal risk. This is a type of risk where D&O insurance won’t cover individual board directors.
- Review the current conflict of interest policy. Review the wording and also that board members are reporting conflicts as they surface. Affirm that board members take conflicts seriously and they know what to do if one occurs.
- Establish a social media policy. Employees and volunteers don’t always think before they post, and even well-intentioned posts can cause risks. Review all social media platforms for posts that have risk potential. Social media postings can lead to copyright or trademark infringement. Posts can also cause privacy or discrimination allegations.
- Annually review the IRS Form 990 and ensure the nonprofit continues to legally qualify for tax-exempt status. Be sure that all board members understand the restrictions imposed by the tax laws. Your nonprofit’s policies and procedures should be responsive to tax-exempt laws and regulations. Failure to comply could cause your nonprofit to lose tax-exempt status and the ability to receive tax-deductible contributions.
- Assess your nonprofit’s involvement in lobbying and political activity. Many nonprofits play a strategic role in advocacy. However, the federal laws for nonprofits limit political activism. Nonprofits aren’t legally allowed to engage in political campaign activities and there are limitations on the lobbying efforts nonprofits can participate in. Red flags around political activities can also cross over to other types of risks as they relate to gifts, campaign finance, and ethics.
- Proactively review and assess risks that could be associated with third-party sexual harassment. The “Me Too” movement and recent high-profile cases of sexual harassment allegations in the media indicate a red flag for third-party sexual harassment claims within your nonprofit. This type of risk may surface in the form of sexual harassment by anyone connected with your organization as a victim or a perpetrator. Make sure that you have a sexual harassment policy that’s broadly worded and specifically addresses third-party harassment. Review any past claims of sexual harassment to be sure they were handled thoroughly and expediently. It’s also wise to set up training for all staff and volunteers in the area of sexual harassment.
- Review policies and practices concerning limits on contracting authority. In most cases, the staff handles contractual matters. The board’s role is to be sure that the staff is properly educated about the common risks connected with contracts. The board and staff should also be aware of the types of risks that call for expert legal advice. Any agreement that’s not in writing should be construed as a red flag for contractual risk. Review all contracts for the following components:
- The obligations of each party
- Benchmarks for measuring performance
- Clear payment terms
- Description of who owns and can use any intellectual property connected with the agreement
- A reasonable exit strategy
The board should also be clear on who has the authority to sign legal contracts and limit the authority to a select few people.
- Over-relying on the goodwill and promises of others. It’s common for corporations and nonprofits to partner with other nonprofits. These affiliations can expose your nonprofit to legal risks, especially if there’s an assumption that the other party has insurance that will cover certain people or activities. The red flags here point back to solidifying partnerships and agreements using well-crafted written contracts. Assumptions can put your nonprofit on dangerous legal ground, and they should send up huge red flags.
- Protect your nonprofit’s intellectual property by registering trademarks and copyrights. Registering copyrights is fairly easy and inexpensive. Registering trademarks costs more in time and expense, but these steps will reduce the risks associated with copyright and trademark infringement.
We’ve provided some good guidelines for spotting the red flags in your risk management analysis process, your board simply can’t afford to be lax in the area of risk management. Due diligence and ensuring that your practices are consistent with your policies will also help to prevent red flags for risks.
Considering the importance that risks play in your nonprofit’s sustainability, there are a lot of issues for your board to oversee. There’s no better or more efficient way for your board to address risks than by implementing a board management system by BoardEffect. A board portal gives them a secure all-in-one platform for collaborating around the issue of risk management. It provides all the tools that boards need to support all board activities and cycles in addition to risk management.