Why is a risk management plan so important for your not-for-profit? More organizations are finding that having a defined strategy in place helps them mitigate internal and external threats, while identifying cost-effective solutions to other issues.
But not all risk management plans are created equal. Not-for-profits can have “right risks” that are vital to the overall success of an organization. For example, you may have made successful grants to important projects that were never sure things, but you took a chance on them anyway. Or it’s possible that some of your funds are thoughtfully invested in high-performing securities that others would consider risky.
That’s why your risk management plan must be specific to your organization and it must be cohesive, so everyone in your organization is on the same page.
Here are five tips to help you develop an effective risk management strategy tailored to your organization’s needs:
1. Start with the bottom line
Donors trust that your organization will help them meet their charitable goals by protecting donations and ensuring growth. But according to a global fraud study by the Association of Certified Fraud Examiners (ACFE), non-profits in 2014 reported a median loss of $108,000—an 8 percent increase from the previous study.
Start building your risk management plan around your financials. Consider any actions that could result in the loss of financial assets — including theft, fraud, misuse of funds, or poor investment decisions. Then establish policies and procedures to prevent such losses. Formal internal controls are essential, so create and document procedures for authorizing transactions, securing assets, and preventing and detecting fraud.
2. Get help from outside advisors
Complexity abounds in not-for-profits. The level of legal, accounting, and investing issues you’ll need to address will very likely require external advisement. It is important to have the right people at the table when evaluating risk. Outside experts can often provide a fresh perspective, and provide a more thorough and accurate risk assessment. These professionals can also help you refine your existing financial policies and procedures, train your staff, and point out inefficiencies in your operational model.
3. Involve the entire team
Culture is everything when it comes to risk management. Your organization’s values and risk culture are created at the top, by the board and leadership, and affect every level of staff. To ensure a cohesive and consistent response to risks, the entire team needs to understand how to manage and assess problems, and how to implement the policies and procedures in place. Foster a risk-aware culture when it comes to your financials, and incorporate a risk management plan review into the training and performance evaluations of staff and volunteers.
4. Use visuals when reporting risk
Without proper data, determining your organization’s risk will be a complicated task. But spreadsheets and text-heavy information don’t paint a complete picture. Tables, graphs and summaries can help users “see” every threat, and understand the severity and impact.
5. Change when there’s change
Changes in the economy, staffing, and donation agreements can all have a significant impact on an organization. Your risk management plan should have a way of quickly identifying the factors that increase risk during times of change. For example, a staffing change in any position you consider key to internal controls should trigger a process under the risk management plan. Having a testing process and documented policies and procedures in place can reduce the stress of change, and ensure that your organization is protected.
Risk management is something that is vital, and unique, to every organization. The ability to manage risk separates effective not-for-profit organizations from ineffective ones. Taking the time to develop a plan is a smart investment in your organization’s health and safety.