When risk is discussed at the board table, financial risk is usually top of mind, including cash flow, fundraising efforts, earned revenue strategies, and COVID’s impact on the bottom line.
However, in addition to financial risk, there is a myriad of risk management protocols that nonprofit boards and chief executives should examine to minimize vulnerability, errors, mismanagement, and fraud within the organization.
While the onus is on management to have a plan in place, the board plays a strategic role in collaborating with the chief executive to ensure planning happens. This kind of proactive thinking recognizes risk management protocols as good business practices, effective administrative processes, and simply smart management and governance.
Our team surveyed a client’s grant recipients, and found the following to be true of the survey participants:
- 67% reported they do not have a crisis communication plan.
- 41% reported they do not have an emergency response plan or evacuation plan.
- 74% reported they do have an accounting manual/internal controls documentation.
Given the heightened level of risk that we have all experienced with the pandemic, we strongly encourage boards and chief executives to add strategic risk topics to board meeting agendas.
The following list of risk topics can serve as a starting point for discussion:
- Audits and Internal Controls
- Audits are an assessment of management practices. Does the entire board meet with auditors to fully understand their opinions and findings?
- Internal control and financial practice documentation are critical elements to protect against mismanagement or fraud. There should be procedures for cash management, deposits, bank reconciliation, credit card usage, etc.
- Lines of Credit
- Does the organization need to use a line of credit to manage cash flow because of timing or because of a structural issue where expenses consistently exceed revenue?
- Risk Tolerance
- Capital campaigns are a calculated risk. Has the board talked about tolerance for risk before engaging in a campaign? There can be varying opinions about how much debt to take on and/or how large the goal should be.
- Fire, Tornados, Earthquakes, Hurricanes, and Floods
- When was the last time the organization practiced a fire drill? Do staff and volunteers know how to exit or where to seek shelter?
- If the organization presents programs in facilities outside of its own, have practice drills been conducted at that location? Is there a plan for how participants exit the site, especially those of different ages and abilities?
- Does the organization have an alert or communication system to notify staff, volunteers, and/or participants about a threat and what they should do to remain safe?
- Active Shooter and Domestic Terrorism
- Has the organization met with the state or local office of Homeland Security and Emergency Management to understand what resources they can provide?
- Has the organization met with local law enforcement to learn how to manage an active shooter or other threat? Whether in the workplace or a program site, running drills and determining lines of communication are critical to saving lives.
- What are the organization’s practices for off-site file storage, redundant back-ups, remote access to servers and software, and other digital access should sites and facilities be shut down or inaccessible because of an emergency situation?
- Has the organization implemented two-factor authentication on your email systems and server access? Identity theft, ransomware, and other cyber threats can greatly impact operations.
- Does the organization have a crisis plan, and if so, how often is it reviewed? Is it reviewed by the board and staff and does it include various scenarios?
- Does the organization have a crisis communication plan and a PR firm that you can call upon should it be needed? Media relations training is essential because the organization could suddenly be thrust into the spotlight because of an emergent situation or crisis.
While this list is just the beginning of risk topics, we hope it sparks conversation and creates new solutions to the threats nonprofits must navigate.
Article by: Kerri Laubenthal Mollard, Founder & CEO