For those in the nonprofit sector, risk management is every bit as important as for those in for-profit industries. While business may have their profits undermined by poor risk management, a nonprofits’ mission is at stake when threats are not properly identified, planned for, and minimized.
For nonprofits, risk mitigation strategies can be separated into three distinct spheres:
1) Money & Financial Management
Fundraising—as well as fund management—is a big focus for nonprofit risk managers. The laws governing solicitation are complex and require high levels of record keeping.
For example, with so many donations being collected online, you might need to register in more states than previously considered. In-kind donations, especially real property, are another area of potential risk because not all nonprofit organizations can properly conduct the due diligence necessary to assess value and environmental liability.
Fundraising events can have a high reward if everything goes according to plan. To mitigate risk, there should be an event director supported by a dedicated committee to review safety, logistics, communication, and coordination. The committee should also evaluate the need for special event insurance.
In terms of financial management, internal controls, including separation of duties, should also be in place to adequately control the risk of fraud and waste. Budgets prepared by staff or partners with strong financial backgrounds will provide an accurate picture of the organization’s financial risk, and an internal controls study can illuminate areas of concern regarding fraud.
2) Volunteers & Employees
Volunteers are the backbone of nonprofit organizations. For many, volunteers not only provide the means of delivering the main service or mission but also provide guidance and management through board membership.
In either case, the mere dedication of these people cannot be the only determinant of success. All volunteers should meet certain criteria clearly communicated through policy. For example, if your organization involves volunteer interaction with children, background checks and a strong child protection policy must be in place.
Volunteer education is also important. Volunteers should be onboarded with some form of mandatory training—whether it’s how to safely sort food during a shift at a food bank or how to appropriately communicate with other board members during a service term on the board.
People attracted to employment opportunities at nonprofit organizations might be motivated by the notion of carrying out a greater good. This idea may unfairly translate into an expectation that a nonprofit would be a more nurturing, supportive, and easygoing place to work.
However, effective nonprofit organizations are just as strict with their human resource policies as they are with their financial policies. The board must regularly review and update employment policies, job descriptions, performance evaluations, employee handbooks, and whistle-blower protection policies.
3) Reputation Preservation
While other risks can be covered with specialized insurance, your reputation cannot. A strong reputation improves demands for services, volunteer and donor support, and options for partnering.
Maintaining open, trusted communications channels across your organization is imperative in order for staff at all levels to be aware of, and able to respond to, a reputational crisis. However, it’s critical to do the advance work and have a proactive approach — this can include building out a comprehensive crisis management plan as well as working with a public relations partner who is familiar with your organization and can leverage their expertise to mitigate damage. Speed can be critical to defusing a crisis, and you don’t want to spend precious time getting staff and partners up to speed on the issues at hand.
Finally, 2020 has brought about a massive increase in remote work and with it, a new level of risk when it comes to cybersecurity. Proprietary information can be vital to your mission, and employees and volunteers often have access to sensitive documents and data. Annual cybersecurity training can protect your organization from a damaging data breach.
Whether you’re incorporating a not-for-profit entity or are managing a well-established organization, Dembo Jones’ specialized team can help you build out the necessary internal controls to ensure your nonprofit can properly manage risk while maximizing your mission. Contact us today.