It’s a best practice for strengthening NPOs
Nonprofits working domestically or internationally do so in increasingly complex and dynamic environments. They are confronted with a variety of risks such as lack of funding, harm to staff and beneficiaries, loss of assets caused by crimes, repetitional harm due to allegations of sexual harassment, and, inability to carry out mission activities due to adverse political conditions.
These circumstances show that each nonprofit’s leaders need to have an effective way to identify and handle risks. Establishing a risk management program will improve the ability to address risks and will also provide additional benefits that strengthen the organization.
A risk management program implements a defined process across all departments and levels of an organization to proactively identify, assess, and prioritize organizational risks; develop, implement, and monitor mitigation measures; and, leverage the beneficial opportunities that are revealed during the process. The most effective programs are tailored to suit the organization; led by a member of senior management; provide risk management training to staff; and, supported by the board of directors.
The fundamentals of the process include information gathering methods, such as surveys, interviews with staff and others, and reviews of documents to identify actual or potential risks. Risks are assessed and prioritized based on criteria that incorporate the organization’s goals, tolerance for the particular risk, the frequency of the risk’s occurrence, and the magnitude of the impact if the risk event occurs.
The prioritized risks and their mitigations are recorded on a log or other format and the progress of the mitigations are monitored. The full process is periodically repeated to address emerging risks or to re-prioritize risks.
Tailoring A Risk Management Program
These fundamentals should be incorporated within a program that is tailored to suit the organization. For example, the leadership at a large nonprofit with reliable donor funding, a multi-million-dollar annual budget, and a mission to deliver aid in disaster situations around the world, will implement a risk management program in a different way than those at a small community-funded nonprofit that provides art education locally. These organizations have different missions, financial resources, and priority risks.
The main risks faced by the large nonprofit are staff security and loss of deliverables due to instability and violence in places where it delivers aid. Given the frequency of occurrence and magnitude of the impact of these risks, the organization has a risk management budget and employs a professional risk manager to implement its program.
The primary risks faced by the community nonprofit are a lack of funding and personal injury incidents caused by the disrepair of the building that it occupies. Due to its lean resources, the program is run by a volunteer who serves as an art instructor and risk manager.
Each organization should document its tailored program and process including the roles and responsibilities of staff and the board of directors, in a Risk Management Policy and Procedures plan that is available to donors, collaborators, auditors, insurance brokers, and others.
The benefits of an active risk management program include, reducing harm and costs; improving project-level efficiency and effectiveness; addressing enterprise-level threats and informing institutional strategic planning; and strengthening reputation and competitive advantage for winning funding.
A. Reduce Harm and Costs
A risk management program will help the organization’s managers reduce or eliminate harmful and costly occurrences. For example, as a result of information gathering, risk and mitigation analysis conducted by leaders of the large nonprofit before undertaking a relief project in a new country, it was determined that the safest and most effective way to deliver the aid was to engage a respected in-country group rather than to send staff into a dangerous environment.
This mitigation measure eliminated risks of physical harm to its staff, financial losses caused by the destruction or theft of deliverables, and harm to its reputation.
B. Improve Efficiency and Effectiveness at the Project Level
The risk management process can be applied to increase efficiency and effectiveness in project-level planning and execution. In the case of the community nonprofit, a volunteer used the process to help complete a building repair project on time and on budget. After checking references for several local contractors, the volunteer hired a contractor with an excellent reputation. The signed contract identified risk events that could cause delays and increase costs, measures to manage these events, and a project-monitoring plan. Following these measures throughout the project led to a successful outcome.
C. Address Enterprise-Level Threats and Inform Institutional Strategic Planning
When applied at the enterprise level, the risk management process identifies risk events that have significant impacts on the overall organization such as occurrences that prevent the performance of critical functions, or a major mission objective, or that threaten its existence. Leaders of the well-funded, large nonprofit identified violence caused by political instability as the highest risk to the ability to fulfill its aid-delivery mission, while leaders at the community nonprofit that operates in a low crime area identified lack of funding as the most significant threat to its existence.
The proactive identification of risks to the enterprise allows personnel at each organization to develop and implement mitigation measures in a timely manner.
Risk information is a valuable resource for identifying opportunities and for making long-term strategic plans.After considering the recent event that caused it to rely on an in-country group to deliver aid, managers of the large nonprofit determined that expanding the scope of collaboration with the group would provide additional benefits.
A formal collaboration with the group was established to monitor the results of the recent project and to undertake other projects in the country.The organization’s leaders also decided that a long-term strategic priority is to expand its relationships and delivery mechanisms across the globe to better enable it to meet the increasing challenges of delivering aid in troubled environments.
D. Enhance Reputation and Competitive Advantage
Having a risk management program will enhance the organization’s reputation for responsible management and can improve its competitive advantage for winning funding. Donors were impressed when they learned that the community nonprofit was the only nonprofit in the town that had a risk management program, and that the volunteer risk manager carried out routine inspections of the facility to identify defects and establish procedures to help prevent personal injury incidents.
They were also impressed that the success of the recent building repair project was facilitated by using the risk management process, and that the organization’s insurance premiums were decreased because the underwriter saw the program as a prudent means for liability reduction. The donors renewed or increased their donations because they believed that the community nonprofit was being better managed than other similar organizations in the town. They believed that their donations would be more responsibly utilized by the community nonprofit.
All nonprofit organizations face risks. Adopting a risk management program will help them to better identify and address their risks and will bring other benefits to the organization.
Patricia C. Vaughan, Esq., is vice president, general counsel and secretary of the Population Council in New York City.
