By adopting proactive risk management practices, nonprofits can improve their organizational resilience to better sustain their impact in the face of an increasingly complex economic and operational landscape.
Understanding Nonprofit Risk
Now that the pandemic is over it’s tempting to slip back into “business as usual” with programming, fundraising, and strategizing. However, the global crisis in our rear view mirror should be a stark reminder that anything can happen at any time, and nonprofits must be prepared for a multitude of organizational risks, including:
Make no mistake, challenges, difficulties, and obstacles are coming, so your organization needs to take proactive steps to get ready for whatever is coming next.
Nonprofit Risk Management Strategies
Obviously, some risks will require unique actions to protect an organization. (For instance, preventing a cybersecurity attack will require putting employees behind a firewall in the office or having them use a VPN when they are working remotely.) However, when looking at overall risk management for nonprofits there are eight key things every organization needs to do to be protected and prepare for threats:
1. Creating a Risk Management Framework
Organizations should develop a comprehensive nonprofit risk management framework that aligns with their mission, values, and strategic objectives. This framework should include clear policies, procedures, and guidelines that are communicated to all employees and volunteers to identify, assess, and mitigate risks across the organization at large.
Additionally, the framework should include any technology that employees are using to do their jobs and volunteers and/or program participants are using to engage with the organization. In these areas special attention should be paid to cyber security procedures, as IT-related attacks have become especially prevalent over the last few years at nonprofit organizations of all sizes.
2. Embedding Risk Awareness into the Organizational Culture
Remember, risk management is everyone’s job! Fostering a risk-aware culture allows the risk management framework to be put into practice at all levels of the organization. Nonprofit leaders must demonstrate and prioritize open communication so that employees are encouraged to report potential risks or issues when they arise. The goal is to facilitate a culture where threats are quickly identified and effectively mitigated to strengthen the organization from the inside.
3. Conducting Regular Risk Assessments
Regular risk assessments enable nonprofits to proactively identify potential threats, vulnerabilities, and uncertainties. By systematically evaluating possible risks, organizations can more effectively allocate resources towards risks that pose the biggest threat to their effectiveness. While each nonprofit will need to decide how often to conduct a risk assessment, most will want to do them at least quarterly to maximize their effectiveness.
It is important to note that organizations should examine not only the risks that they face but also the strength of the procedures in place to combat them. Therefore, internal financial controls should always be evaluated as part of an nonprofit’s ongoing risk assessment procedures. Just like for-profit companies, nonprofits should implement robust financial controls, including separation of duties and regular financial audits. Strong internal controls not only protect the organization financially to ensure they have the funds needed to execute their mission but also ensure regulatory compliance and create a culture of accountability among staff.
4. Diversifying Funding Streams
Overreliance on a single funding source increases a nonprofit’s vulnerability. By diversifying revenue streams, organizations can decrease their exposure to financial risks, which can help them better weather the storm when an unexpected challenge or problem arises (whether that risk is financial in nature or not). Exploring new fundraising initiatives, forming strategic financial partnerships, and applying for additional grants can provide the kind of added funding that an organization needs during challenging times to remain stable and flexible.
5. Improving Board Governance
Strong board governance is a fundamental component of effective nonprofit risk management. Nonprofits should aim to recruit board members with diverse skillsets and a firm commitment to risk oversight. Boards should actively engage in risk discussions with the Executive Director or CEO, monitor existing risk mitigation strategies, and provide guidance on all risk-related decisions. Where boards do not have members with significant risk experience, nonprofit board advisors can be brought in to consult on how to improve risk management strategies.
6. Establishing Strong Partnerships
Partnerships can either help or hurt risk mitigation efforts. Before engaging in a partnership or collaborative effort, ensure that the organization in question will help, not hurt, your own risk preparedness. Simply put, partner up, not down!
Building strategic partnerships with other risk-aware nonprofits, government agencies, and reputable private entities can enhance your risk management capabilities. Collaborative efforts with these types of partners can enable the sharing of resources, knowledge, and best practices, ultimately strengthening the resilience of both parties.
7. Developing Contingency Plans
Nonprofits should develop contingency plans (“if this then that” scenarios) that outline specific actions to be taken in the event of a crisis or disruptive event. These plans should address key areas such as emergency response, business continuity, reputation management, and stakeholder communication. Plans should include as much detail as possible related to who will do what and when it needs to be done. As such, they should be updated regularly to keep current with personnel and staff roles.
Where possible, these plans should be tested occasionally to measure their effectiveness and provide critical feedback on how they can be improved. Tests can be conducted either announced or unannounced to gauge employees’ ease of implementing them and feedback regarding their perceived effectiveness.
8. Pursuing Continuous Improvement
It is crucial to remember that risk management is an ongoing process. Nonprofits should establish a risk management framework to monitor, evaluate, and adapt their risk management strategies as the environment around them evolves. Regular monitoring and evaluation of risk mitigation efforts allow organizations to identify gaps, address emerging risks, and optimize their risk management practices to be better prepared for whatever tomorrow brings.
If your board would benefit from additional guidance regarding risk mitigation, please take a look at our board advisory services and reach out to us for more information. Our team brings extensive strategic and operational experience to the work we do in partnership with the clients we serve.
THE LATEST FROM VALTAS
You are welcome to subscribe to get the latest news, updates and insights from our team.