In 2012, a well-known foundation ran into a series of dilemmas, from eliminating much-needed community grants to increasing its CEO’s salary by 64 percent. These events created distrust among the foundation’s supporters, leading to a decline in active participants and monetary contributions.
Risks like the above can potentially keep your organization from achieving its objectives and overall success. For many not-for-profit organizations, risk management is an ongoing, challenging process that needs special attention due to the harsh ramifications certain threats hold. As a not-for-profit leader, understanding your organization’s potential risks is the first step in creating an efficient process to manage and monitor risk.
The 13 risks that could be detrimental to the success of a not-for-profit:
- Questionable decision-making by organizational leaders
- Loss of positive reputation
- Increase in competition
- High turnover of key staff
- Employee theft
- Conflicts of interest within the board
- Management of the organization’s website and social media
- Data breaches, such as cyber and banking
- Increased costs of insurance coverages and banking safeguards
- Intellectual property that could benefit competitors
- Regulatory changes
- Loss of donors or members
- Lack of facility security
To reduce or eliminate the amount of damage the above risks can cause, it’s critical to identify your risk factors and guard against them. The best way to prevent risk is to know where they exist, internally and externally. Define the areas that are most susceptible and create solid policies and procedures, which provide a clear call to action and outline who is responsible to address risk concerns. Other information such as how to properly secure confidential documents, sensitive data and tangible property should be in place. You’ll then want to thoughtfully train your employees and board members.
Insurance is a necessity for all not-for-profit organizations, and policies are available to cover anything from meeting and event cancellations, to cyber breaches and financial reporting errors and omissions. It’s important to have a dedicated person in charge of the insurance coverages―someone who has a deep understanding of the organization’s coverage limits, deductibles and exclusions, so you aren’t caught off-guard should a risky situation arise.
Once your organization has identified and insured any potential risk, you must next control it. Consider a separation of duties to the extent of outsourcing payroll, legal, IT and human resources in an effort to remove any potential risk. A separation of duties can alleviate risk by allowing a third-party to objectively assess your organization and review your processes in a way you may have not considered. All organizations can be susceptible to risk, but you don’t have to accept it.