A Guide to Effective Risk Management for Nonprofit Board Members

Risk management is the process of identifying, assessing, and managing risks that could impact a nonprofit’s ability to achieve its mission and goals.

Board members play a crucial role in overseeing and guiding the risk management efforts of an organization. Their role involves setting the organization's risk appetite and tolerance levels, insisting effective risk management policies and processes are in place, monitoring the organization's risk profile, and making strategic decisions to address significant risks.

Learn some key components of an effective risk management framework that could help strengthen your board and your organization.

First, identify the risks

The first action involves identifying and documenting potential risks that could affect the organizations’ mission, operations, and stakeholders. Identification of these potential risks to the organization can be either internal or external, and board members should take into account both possibilities.

Internal risks

• Financial risks can be inadequate funding or mismanagement of funds
• Operational risks include improper policies and procedures or lack of internal controls
• Governance risks may be conflicts of interest or board mismanagement

External risks

• Economic risks could involve economic downturns and changes in funding sources
• Legal and regulatory risks such as noncompliance with laws and regulations
• Reputational risks, including negative public perception or damaging media coverage

Assessing, analyzing, and prioritizing risks

The next part of the process requires evaluating the likelihood and potential impact of identified risks and prioritizing them for further action. As a nonprofit board member, I found this part difficult, as all the risks identified were important to the organization and needed to be addressed.

Board members should assess and analyze risks by weighing the likelihood of that particular risk factor occurring and then assessing the potential impact of the risk on the organization. Once that has been completed, the next step is to prioritize the risk by ranking them based on their likelihood and impact. Risks identified as high priority should get immediate attention.

Risk mitigation and control

After the risks are prioritized, developing and implementing strategies and controls to reduce the impact of risks is next. This can involve using risk management policies and procedures, implementing internal controls and safeguards, and establishing contingency plans and disaster recovery measures.

Many nonprofit boards look at the possibility of different insurance policies to help mitigate risks to their organization. Some of these policies include property, professional indemnity, and cyber insurance.

Another potential way to mitigate risk is by shifting certain risks to another party through contractual agreements. Overall, the board should consider all these possibilities and determine what might be appropriate for your organization.

Monitoring and reviewing risks

To round out this process, board members need to continuously monitor and review the effectiveness of risk management efforts to make sure they remain relevant and up to date. This involves regularly reporting on risk management activities to the board and monitoring internal and external risks and those indicators.

Conducting periodic reviews of risk management processes and incorporating lessons learned and potential changes identified is an imperative part of the process that should not be neglected. In my experience, boards often put the first three steps into action and then forget to revisit things and determine if they are working or if changes are needed.

Board members and management should work hand in hand, providing guidance and support throughout the process to seamlessly integrate risk management practices into the organization's overall functioning.

Ultimately, risk management for board members is about verifying the organization has a comprehensive and proactive approach to identify, assess, address, and monitor risks that could impact its strategic objectives and long-term success. It involves active oversight, decision-making, and collaboration to promote effective risk management practices throughout the organization.

Risk management is only one of the responsibilities a nonprofit board member has; see The Top 8 Board Duties to Help Improve Nonprofit Outcomes for additional insights.

How we can help

At your next board meeting, add risk assessment as an agenda item and see where your organization is at. CLA’s consulting team is always willing to help your organization through this process. We can help your board understand the key risks to your organization — and develop a sustainable process to manage them. Learn effective risk management for nonprofit boards, including identifying, assessing, and managing risks to achieve your organization’s mission and goals.