Risk Management
Risk management is attempting to identify and then manage threats that could severely impact or bring down the organization. Generally, this involves reviewing operations of the organization, identifying potential threats to the organization and the likelihood of their occurrence, and then taking appropriate actions to address the most likely threats.
Traditionally, risk management was thought of as mostly a matter of getting the right insurance. Insurance coverage usually came in rather standard packages, so people tended to not take risk management seriously. However, this impression of risk management has changed dramatically. With the recent increase in rules and regulations, employee-related lawsuits and reliance on key resources, risk management is becoming a management practice that is every bit as important as financial or facilities management.
There are several basic activities which a nonprofit organization can conduct to dramatically reduce its chances of experiencing a catastrophic event that ruins or severely impairs the organization.
Organizations should regularly undertake comprehensive, focused assessment of potential risks to the organization. This focused assessment should occur at least twice a year by a team of staff members representing all the major functions of the organization. The assessment should be carefully planned, documented and methodically carried out.
The most common risks are typically of the types listed below. Comprehensive checklists help a great deal to quickly review a wide range of organizational aspects. Other aspects require more careful review.
Checklists in the following sections cover almost 140 considerations to ensure a well run and highly protected organization.
Efforts undertaken to manage an organization well also contributes to sound risk management. For example, a fully attentive board with a wide range of skills may be the most important guard against major threats to an organization. See Governance (Board) Indicators to assess the quality of your board. Also reference Basic Evaluation of the Board.
Careful strategic planning and effective supervision helps ensure organizational resources are closely aligned to accomplishing the organization's mission, and that staff and volunteers are treated fairly and comply with rules and regulations. See Planning Indicators and Human Resources Indicators.
Every organization must have up-to-date policies which guide the relationships between staff and management. There has been a noticeable increase in lawsuits regarding wrongful termination, harassment and discrimination, disagreements about promotions or salary actions, etc. Parties to lawsuits include the organization, management and/or board members. Therefore, personnel policies must be reviewed at least once a year by an outside advisor who is an expert about all of the employee-related laws and regulations. See Policies (Personnel).
Be sure that management is well versed about the policies. Typically, courts will interpret actions by organizational personnel as representative of the organization's preferred course of action and superseding related, documented policies.
For a broad and basic overview of insurance, see Insurance Against Liability (legal/lia_insr.htm). You might first review this information and then invite an insurance agent (or better yet, an insurance broker) to visit your organization to provide you an overview of the types of insurance typically sold to nonprofits. Note that many insurance professionals might not understand the nature of nonprofits. Therefore, you might first ask a few people from fellow nonprofits for references.
As dreadful as it may sound, you must schedule two hours sometime during the year to close your door and study your insurance policies. Note any questions and pose them to your insurance professional. Ask him or her to provide you a written, clear description regarding any ambiguities and to do so on company letterhead with his or her signature.
Note that Directors and Officers Insurance (D & O, and covered in the above "Insurance Against Liabilities" section) is increasingly considered because of the increasing number of lawsuits. In addition, D & O insurance helps attract highly experienced board members. Be sure your D & O insurance covers "insured vs. insured" which covers employee-related lawsuits and also covers ongoing costs to address a lawsuit (rather than paying only when the outcome of a lawsuit has been decided).
To conduct a general audit of legal-related matters in your organization, see Legal Indicators (org_eval/uw_legal.htm). Also see advice to boards about legal protection (legal/lgl_thot.htm).
Sound financial and asset controls help minimize theft, fraud and waste. See Financial Indicators.
See the Fundraising Indicators checklist. Also see the Nonprofit FAQ (http://www.eskimo.com/~pbarber/npofaq/index.html) site which explains how to deal with a wide range of potential fundraising issues.
This aspect of risk management is often overlooked. Each key role in an organization should have some type of resource to back up performance of that role. For example, another person in the organization should have general understanding of another person's role in case that other person for some reason is not able to perform the role. The use of up-to-date job descriptions, to do lists and receiving regular status reports both help to ensure understanding of how others carry out their roles. Have a staff member back up another member who is on vacation. During staff meetings, have a staff member give a presentation about their role and how they carry it out. Ensure that each critical role has at least one backup person who can step in to conduct the role. The backup assignment should be part of the person's job description to help the person take the assignment seriously.
1. Record all records in a central location and well labeled.
2. Keep critical documents (e.g., board minutes, leases and contracts, Articles of Incorporation, By Laws, letter from the IRS granting tax-exempt status, etc.) preferably in a fireproof box.
3. Personnel files should be locked in desk drawers with access granted to the Executive Director and his or her assistant.
4. Allocate two hours each year for staff to audit the agency's documentation for relevance, adequate labeling and reasonable organization.
