Risk Management for Your Organization

Jun 15, 2021 | Business Health, Non-Profit

In order to fulfill their charge to provide direction and guide an organization, the Board of Directors must manage risk.  Effective risk management involves a process of planning, prioritizing and protecting.

In the planning stage, it’s important to identify all the risks facing the organization.  This might include things like:

  • fraud
  • theft
  • injury
  • reputation
  • cybersecurity
  • product obsolescence
  • investment market volatility
  • disaster loss
  • employee dissatisfaction
  • customer dissatisfaction

A nonprofit organization might add others like:

  • tax compliance
  • grant compliance
  • medical billing compliance
  • volunteer dissatisfaction
  • donor dissatisfaction
  • conflicts of interest

It’s unproductive to try to tackle everything at once, so the next step is to prioritize the risks that have been identified.  This is a subjective process, so there’s no one right way to do this.  Many organizations assign two separate criteria to each risk: one for likelihood and the other for impact.  Likelihood can be assigned several levels- certain, likely, possible, unlikely or rare.  Impact can be assigned as insignificant, minor, moderate, serious, and catastrophic.  Once put in grid form, it’s easy to see which items need to be addressed first and which the organization can wait to deal with or accept risk for.

Once priorities have been established, the hard work begins.  In general, risks can be avoided, accepted, reduced or transferred.  Risks should be individually analyzed to determine the best way to manage them.   For example, fraud risk over cash might be controlled by training and internal controls to ensure that no one person can receive it, record it, and disburse it.  Injury risk might be controlled by facility maintenance and insurance.  Each problem will need to be solved individually.

The Board has the ultimate responsibility to guide the organization in the best possible way to fulfill its mission and protect its assets.  Being proactive about risk and establishing a process to mitigate it is critical to an organization’s viability, health and resilience.

Article submitted by Donna Buzby, CPA, RMA, CGMA

Photo by Ben Collins on Unsplash

Subscribe to our Accounting, Tax and Business Insights Newsletter

Email Address:
Name(Required)
Privacy(Required)
This field is for validation purposes and should be left unchanged.
An Update on Employee Retention Credit Claims

An Update on Employee Retention Credit Claims

Did you claim the ERC (Employee Retention Credit) and are you still waiting for it to be processed? The IRS suspended processing of ERC claims submitted after September 14, 2023, amid allegations of widespread fraud. There is good news for the businesses that were...

read more
Listen Up Employers, RetireReady is Here!

Listen Up Employers, RetireReady is Here!

If you are a New Jersey employer with 25 or more employees, you may have received a notice that you are required to register your business with RetireReady NJ or certify that you are exempt.  This program was established by the Legislature to help workers in the state...

read more