Sections of This Topic Include
What’s Risk Management?
Conducting Risk Management Assessments
Best Protection: Good Management, Personnel Policies
and Insurance
Protecting Against Fraud, Forgery, Theft and Terrorism
Disaster Planning (Regarding Facilities, Not Computing,
etc.)
Legal Protection
Boards and Risk Management
Managing Risks in Financial Management
Managing Risks in Volunteer Management
Managing Risks in Fundraising
Resource Management (people, computers, records and
facilities)
Additional Information for Nonprofits
General Resources
Also, consider
Related Library Topics
Learn More in the Library’s Blog Related to Risk Management
In addition to the articles on this current page, see the following blog which
has posts related to Risk Management. Scan down the blog’s page to see various
posts. Also, see the section “Recent Blog Posts” in the sidebar of the blog or
click on “next” near the bottom of a post in the blog.
Library’s Human
Resources Blog
What’s “Risk Management”?
Risk management is attempting to identify and then manage threats that could severely
impact or bring down the organization. Generally, this involves reviewing operations
of the organization, identifying potential threats to the organization and the
likelihood of their occurrence, and then taking appropriate actions to address
the most likely threats.
Traditionally, risk management was thought of as mostly a matter of getting
the right insurance. Insurance coverage usually came in rather standard packages,
so people tended to not take risk management seriously. However, this impression
of risk management has changed dramatically. With the recent increase in rules
and regulations, employee-related lawsuits, and reliance on key resources, risk
management is becoming a management practice that is every bit as important
as financial or facilities management.
There are several basic activities that a nonprofit organization can conduct
to dramatically reduce its chances of experiencing a catastrophic event that
ruins or severely impairs the organization.
Conducting a Risk Management Assessment
Organizations should regularly undertake comprehensive, focused assessments of
potential risks to the organization. This focused assessment should occur at least
twice a year by a team of staff members representing all the major functions of
the organization. The assessment should be carefully planned, documented, and methodically
carried out.
The most common risks are typically of the types listed below. Comprehensive
checklists help a great deal to quickly review a wide range of organizational
aspects. Other aspects require more careful review.
Checklists in the following sections cover almost 140 considerations to ensure
a well-run and highly protected organization.
Best Protection: Good Management, Personnel Policies and Insurance
Good Management:
Efforts undertaken to manage an organization well also contribute to sound risk
management. For example, a fully attentive board with a wide range of skills may
be the most important guard against major threats to an organization. See Governance
(Board) Indicators to assess the quality of your board. Also, reference Basic
Evaluation of the Board.
Careful strategic planning and effective supervision help ensure organizational
resources are closely aligned to accomplishing the organization’s mission, and
that staff and volunteers are treated fairly and comply with rules and regulations.
See Planning
Indicators and Human
Resources Indicators.
Up-to-date, Reviewed Personnel Policies:
Every organization must have up-to-date policies which guide the relationships
between staff and management. There has been a noticeable increase in lawsuits
regarding wrongful termination, harassment, discrimination, disagreements
about promotions or salary actions, etc. Parties to lawsuits include the organization,
management, and/or board members. Therefore, personnel policies must be reviewed
at least once a year by an outside advisor who is an expert on all of the
employee-related laws and regulations. See Policies
(Personnel).
Be sure that management is well-versed about the policies. Typically, courts
will interpret actions by organizational personnel as representative of the
organization’s preferred course of action and superseding related, documented
policies.
Well-designed Insurance Coverage:
For a broad and basic overview of insurance, see Insurance
Against Liability (legal/lia_insr.htm). You might first review this information
and then invite an insurance agent (or better yet, an insurance broker) to visit
your organization to provide you an overview of the types of insurance typically
sold to nonprofits. Note that many insurance professionals might not understand
the nature of nonprofits. Therefore, you might first ask a few people from fellow
nonprofits for references.
As dreadful as it may sound, you must schedule two hours sometime during the
year to close your door and study your insurance policies. Note any questions
and pose them to your insurance professional. Ask him or her to provide you
with a written, clear description regarding any ambiguities and to do so on company
letterhead with his or her signature.
Note that Directors and Officers Insurance (D & O, and covered in the above
“Insurance Against Liabilities” section) is increasingly considered
because of the increasing number of lawsuits. In addition, D & O insurance
helps attract highly experienced board members. Be sure your D & O insurance
covers “insured vs. insured” which covers employee-related lawsuits
and also covers ongoing costs to address a lawsuit (rather than paying only
when the outcome of a lawsuit has been decided).
Protecting Against Fraud, Forgery, Theft
and Terrorism
Have up-to-date, Board-approved personnel policies for employees.
Personnel policies specify how personnel should be hired, supervised, and fired
in accordance with employment laws that ensure fair, equitable, and legally compliant
treatment of others. Personnel, particularly those who supervise others, should
be trained on the policies.
Conduct background checks on potential new hires.
Background checks can detect if a person has committed crimes, major or minor
in nature, which might suggest tendencies for how the person will act in the
workplace.
Conduct Board orientations once a year for members.
Board orientations make members aware of the unique aspects of the Board and
the organization, including the Board’s policies, for example, ethics,
conflict-of-interest, whistleblowers, and document retention/destruction.
Establish a Whistleblower Policy.
The policy should specify how Board members, employees, and others could safely
report that an alleged or actual organizational behavior or practice is illegal,
unethical or inappropriate, without retaliation to the whistleblower.
Establish a Board Ethics Policy.
The policy should specify the types of behaviors to conduct and/or to avoid
in order to ensure that Board members conduct themselves in a manner that treats
others fairly, and equitably and that is legally compliant.
Establish up-to-date, Board-approved fiscal policies and procedures.
These procedures ensure that the activities in financial management are conducted
in a highly thorough, accurate, and useful manner that also minimizes the likelihood
of malfeasance, including theft, fraud, or misappropriation of funds.
Annually conduct a financial audit and/or review.
The audit or review verifies the usefulness and accuracy of some or all aspects
of financial management and, thus, greatly increases the likelihood that financial
numbers and reports are indeed accurate.
Fraud
Symptom 1 – Insatiable hunger of the CEO
Fraud
Symptom 2 – A Weak CFO
Fraud
Symptom 5 – Insufficient focus on organization culture and processes
Also, consider
Addressing
Financial Controls and Risk Management
Disaster Planning (Regarding Facilities,
Not Computing, etc.)
Arkwright Mutual Insurance
Company
Disaster Planning and Recovery
Disaster Preparedness Planning Guide for Facilities
Legal Protection
To conduct a general audit of legal-related matters in your organization, see Legal
Indicators (org_eval/uw_legal.htm). Also, see advice
to boards about legal protection (legal/lgl_thot.htm).
Boards and Risk Management
The growing role of the board in risk oversight
A Framework for Board Oversight of Enterprise Risk
Handling a Corporate Crisis
Strategic Risk Management: A Primer for Directors
Board Oversight of Strategic Risk
Should Your Board Have a Separate Risk Committee?
Compliance and Ethics in Risk Management
Risk Oversight: A Board Imperative
Risk Management and the Board of Directors
Boards Play A Leading Role in Risk Management Oversight
Sarbanes-Oxley and Corporate Risk-Taking
Tech-Intelligent Board
Protecting the Board of Directors
Risk Management and the Board of Directors
Five Questions That Corporate Directors Should Ask
Risk Management general resources
All About Crisis Management
Managing Risks in Financial Management
Sound financial and asset controls help minimize theft, fraud, and waste. See Financial
Indicators.
Managing Risk in Volunteer Management
See the
Volunteer
HR Management
Energize,
Inc
Keeping
Volunteers Safe From Harm: Street Smarts for Unfamiliar Turf
Tempting
But Confusing and Dangerous: Paying Volunteers “Just a Little Something”
Managing Risk in Fundraising
See the Fundraising
Indicators checklist. Also, see the Top 10 Fundraising Risks for Nonprofits site which explains
how to deal with a wide range of potential fundraising issues.
Resource Management (people, computers, records, and facilities)
People:
This aspect of risk management is often overlooked. Each key role in an organization
should have some type of resource to back up the performance of that role. For example,
another person in the organization should have a general understanding of another
person’s role in case the other person for some reason is not able to perform
the role. The use of up-to-date job descriptions, to-do lists, and regular
status reports both help to ensure an understanding of how others carry out their
roles. Have a staff member back up another member who is on vacation. During staff
meetings, have a staff member give a presentation about their role and how they
carry it out. Ensure that each critical role has at least one backup person who
can step in to conduct the role. The backup assignment should be part of the person’s
job description to help the person take the assignment seriously.
Computers:
Records:
1. Record all records in a central location and well-labeled.
2. Keep critical documents (e.g., board minutes, leases and contracts, Articles
of Incorporation, ByLaws, letters from the IRS granting tax-exempt status, etc.)
preferably in a fireproof box.
3. Personnel files should be locked in desk drawers with access granted to the
Executive Director and his or her assistant.
4. Allocate two hours each year for staff to audit the agency’s documentation
for relevance, adequate labeling, and reasonable organization.
General Facilities:
1. Always lock your doors. This seems obvious, but too many organizations
fail to do so.
2. Ensure your fire protection systems are fully functional by scheduling to
test fire alarms twice a year or demanding that your facility’s owner test alarms
twice a year. Note that certain electrical equipment can be severely damaged
by water sprinklers. Arrange adequate covering or arrangement to minimize
water seepage if overhead sprinklers open up.
3. Conduct inspections twice a year, including to:
a) Inspect floors for ripped carpets
b) look for cables or wires lying on the floor (tape over them if you have
to)
c) Notice any electrical outlets with black soot hear outlets (this indicates
electrical shortages)
d) Ask all staff if their office accommodations are sufficient, e.g., their
chairs are entirely comfortable (tilted correctly for their backs and at the
right heights), is lighting sufficient for desk and computer work, etc.
e) Notice any heavy items on or near the floor which staff must continually
stoop to lift, e.g., boxes of paper for the copier or printers; open boxes before
they’re set on the floor or stack heavy items in a storage room on a shelf
f) Ensure all doors have fully functional door knobs (it’s amazing how long
people can tolerate something as small as a knob that continually jams so the
the door is difficult to open)
g) Ensure there is a well-stocked first-aid kit available to all staff
h) Post emergency numbers on the wall near the central phone
i) During the winter, ensure adequate ice removal, e.g., spread sand over ice
or use salt to melt ice
j) Schedule ten minutes in a staff meeting once a year for the entire staff
to reflect on the quality of the facilities
Additional Information for Nonprofits
Basic Overview of
Nonprofit Risk Management
Nonprofit Risk Management
Center (extensive collection of resources)
List of numerous online articles about nonprofit risk management
Overview of Liability
Insurance
General Resources
Glossary of Risk Management and Insurance Terms
Insurance Glossary
Preparing Annual Risk Management Strategy
Senior Management Commitment to Risk Management
Risk Management Strategy of Virgin Group
Soft Skill Training for Risk Managers
For the Category of Risk Management:
To round out your knowledge of this Library topic, you may want to review some related topics, available from the link below. Each of the related topics includes free, online resources.
Also, scan the Recommended Books listed below. They have been selected for their relevance and highly practical nature.