In order to fulfill their charge to provide direction and guide an organization, the Board of Directors must manage risk. Effective risk management involves a process of planning, prioritizing and protecting.
In the planning stage, it’s important to identify all the risks facing the organization. This might include things like:
- fraud
- theft
- injury
- reputation
- cybersecurity
- product obsolescence
- investment market volatility
- disaster loss
- employee dissatisfaction
- customer dissatisfaction
A nonprofit organization might add others like:
- tax compliance
- grant compliance
- medical billing compliance
- volunteer dissatisfaction
- donor dissatisfaction
- conflicts of interest
It’s unproductive to try to tackle everything at once, so the next step is to prioritize the risks that have been identified. This is a subjective process, so there’s no one right way to do this. Many organizations assign two separate criteria to each risk: one for likelihood and the other for impact. Likelihood can be assigned several levels- certain, likely, possible, unlikely or rare. Impact can be assigned as insignificant, minor, moderate, serious, and catastrophic. Once put in grid form, it’s easy to see which items need to be addressed first and which the organization can wait to deal with or accept risk for.
Once priorities have been established, the hard work begins. In general, risks can be avoided, accepted, reduced or transferred. Risks should be individually analyzed to determine the best way to manage them. For example, fraud risk over cash might be controlled by training and internal controls to ensure that no one person can receive it, record it, and disburse it. Injury risk might be controlled by facility maintenance and insurance. Each problem will need to be solved individually.
The Board has the ultimate responsibility to guide the organization in the best possible way to fulfill its mission and protect its assets. Being proactive about risk and establishing a process to mitigate it is critical to an organization’s viability, health and resilience.
Article submitted by Donna Buzby, CPA, RMA, CGMA
Photo by Ben Collins on Unsplash