Jon Osterburg
Jon Osterburg is chief operating officer at Jitasa, an accounting firm that offers bookkeeping and accounting services to nonprofits.
The best nonprofit risk management plans are proactive rather than reactive. Discover three key steps for risk assessment and mitigation at your organization.
In the context of operating a nonprofit or association, “risk” is something of a loaded word. Taking some risks can be beneficial and even necessary when you’re launching a new initiative or planning for growth. However, the term is more often used to describe situations that you hope to avoid because they could cause harm to your organization. Even the risks you choose to take can have damaging consequences if left unchecked.
To take all of this into consideration, your organization should first figure out how much risk you’re able and willing to take on. Then, you can develop strategies to manage any risks that are beyond your organization’s tolerance level.
As you begin the process of risk assessment and management for your association, make sure to follow these three steps:
Keep in mind that the best risk management plans are proactive rather than reactive. When creating yours, use foresight to determine not only the best procedure for mitigating risks when they arise but also ways to prevent those risks from causing problems in the first place. Let’s dive into each of the steps.
Before you can begin managing your risks, you first need to assess them. You can either conduct your own risk assessment using one of the many checklists available online or ask a third-party specialist to provide an external perspective.
Jitasa’s nonprofit risk management guide explains that during your risk assessment, you should look for the following types of risks:
Once you’ve identified what risks may be present at your nonprofit or association, determine how likely each risk is to occur and what the possible consequences could be for your organization. In addition to concrete impacts like financial losses and legal issues, remember that being involved in risky situations could damage your organization’s reputation in the community. Then, create a master list of all your risks with the most probable and impactful risks at the top.
After your risk assessment is complete, start at the top of your list of risks and brainstorm ways to handle each one. Some popular ways to mitigate nonprofit risks include:
Remember to document all of your organization’s risk mitigation guidelines for future reference, ensuring you can quickly take action if risky situations come up. Also, hold risk-management training sessions for staff and board members to ensure they understand the new system and can effectively apply these preventative measures to their work.
Due to the ever-changing nature of nonprofit work, risk management is an ongoing process. At least once a year, meet with your leadership team and board to reassess your priorities, your continued ability to prevent risky situations, and whether your mitigation strategies are still effective.
Additionally, consider conducting regular audits, even if your nonprofit isn’t required to do so. An independent audit can help provide external insights on what risks are likely to affect your organization and how prepared you are to handle them.
Although taking some risks is necessary for your association to expand and evolve, having a plan in place to manage the risks that are more harmful than helpful is essential for it to thrive. With a proactive approach to risk management, your organization can not only avoid financial and legal difficulties but also protect its reputation in the community.