Risks? What Risks? We’re a Not-for-Profit!Jul 27, 2021
The mere possibility of serious risk to an organization’s health seems anathema to many not-for-profit agencies.
Yet the reality of organizations, both large and small, going out of business is becoming increasingly common.
Even short of bankruptcy or closing, is the very real risk of impaired service due to reduced resources and support.
What is risk and risk management?
Simply stated, a risk is any future event that may cause harm to the organization. Essentially, this is a threat faced by you that will prevent you from fulfilling your mission.
The examples are many and wide-ranging. They can be obvious such as embezzlement. They can be less obvious, such as the unanticipated and quick departure of the Chief Executive Officer and the lack of a succession management plan.
Fraud is top of mind. And theft.
But so too are conflicts-of-interest, especially when board members or senior staff do not follow appropriate policies and benefit personally from their decisions.
And then there is less tangible reputational damage, which can affect regular funding, donors, talent recruitment, services and programs, even use.
Cybersecurity is becoming a more common concern too – especially regarding privacy and patron/customer/user records and donor records. Little is more sacrosanct than one’s personal health and financial records and trust in the organization holding them. With libraries it can be about what people (meaning individual customers) are reading and viewing.
These tend to be related. Cybersecurity is an issue, there is a breach, reputation is consequently damaged, confidence and trust are eroded, funding is called into question, the CEO decides to leave.
Aren’t you glad that you are on that board?
How do you manage risk?
Essentially you want to protect your assets against damage and loss.
Well, what are your values and mechanisms for oversight, including
- conflict-of-interest policies?
- your policies for risk management and consequences for lack of compliance?
- your financial policies, protocols, controls, and monitoring systems?
Do you have a robust performance monitoring and reporting system?
And when was the last time you performed a risk inventory, just listing all of the possibilities and the controls in place to mitigate potential disaster?
Remember though, your due diligence is policy, frameworks, and oversight controls, not mucking about in day-to-day operations.
Failing all that, do check on your director/trustee liability insurance!
What are your main “pain points” dealing with risk management? Do your colleagues take risk management seriously? What advice would be most helpful to you? And we always assume that you are asking for a friend!
Get in touch. We’ll address your questions and concerns in an upcoming blog post.
New Cohort Available!
Your accelerated path to competence and confidence.
In this one-month course, you will move from feeling reticent and tentative to competent and confident, asking good questions and making great contributions.
The course complements and reinforces your on-site orientation and opens new channels of communication and discussion. Four weeks. Eight lessons.
Now offered every second month: September, November, January, March, May.
We are currently addressing these 10 Critical Questions Boards Need to Ask Themselves:
1 Why are you here?
2 Who is your employee?
3 What is your role?
4 Why are you meeting?
5 How do you ensure sustainable resources?
6 What are your KSFs?
7 How do you manage risk?
8 How do you ensure transparency?
9 How do you foster a culture of inquiry and assessment?
10 How do you continue to improve?
See our other blog posts for more insights.
May I ask a tiny favour?
Would you mind sharing this blog with one person? I would love it. You can post the links in your Facebook Groups, LinkedIn, or even send an email.