Risk Management, Disaster Planning and Protecting Against
Crime

Sections of This Topic Include

What’s Risk Management?
Conducting Risk Management Assessments
Best Protection: Good Management, Personnel Policies
and Insurance
Protecting Against Fraud, Forgery, Theft and Terrorism
Disaster Planning (Regarding Facilities, Not Computing,
etc.)
Legal Protection
Boards and Risk Management
Managing Risks in Financial Management
Managing Risks in Volunteer Management
Managing Risks in Fundraising
Resource Management (people, computers, records and
facilities)

Additional Information for Nonprofits
General Resources

Also consider
Related Library Topics

Learn More in the Library’s Blog Related to Risk Management

In addition to the articles on this current page, see the following blog which
has posts related to Risk Management. Scan down the blog’s page to see various
posts. Also see the section “Recent Blog Posts” in the sidebar of the blog or
click on “next” near the bottom of a post in the blog.

Library’s Human
Resources Blog

What’s “Risk Management”?

Risk management is attempting to identify and then manage threats that could severely
impact or bring down the organization. Generally, this involves reviewing operations
of the organization, identifying potential threats to the organization and the
likelihood of their occurrence, and then taking appropriate actions to address
the most likely threats.

Traditionally, risk management was thought of as mostly a matter of getting
the right insurance. Insurance coverage usually came in rather standard packages,
so people tended to not take risk management seriously. However, this impression
of risk management has changed dramatically. With the recent increase in rules
and regulations, employee-related lawsuits and reliance on key resources, risk
management is becoming a management practice that is every bit as important
as financial or facilities management.

There are several basic activities which a nonprofit organization can conduct
to dramatically reduce its chances of experiencing a catastrophic event that
ruins or severely impairs the organization.

Conducting a Risk Management Assessment

Organizations should regularly undertake comprehensive, focused assessment of
potential risks to the organization. This focused assessment should occur at least
twice a year by a team of staff members representing all the major functions of
the organization. The assessment should be carefully planned, documented and methodically
carried out.

The most common risks are typically of the types listed below. Comprehensive
checklists help a great deal to quickly review a wide range of organizational
aspects. Other aspects require more careful review.

Checklists in the following sections cover almost 140 considerations to ensure
a well run and highly protected organization.

Best Protection: Good Management, Personnel Policies and Insurance

Good Management:

Efforts undertaken to manage an organization well also contributes to sound risk
management. For example, a fully attentive board with a wide range of skills may
be the most important guard against major threats to an organization. See Governance
(Board) Indicators to assess the quality of your board. Also reference Basic
Evaluation of the Board.

Careful strategic planning and effective supervision helps ensure organizational
resources are closely aligned to accomplishing the organization’s mission, and
that staff and volunteers are treated fairly and comply with rules and regulations.
See Planning
Indicators and Human
Resources Indicators.

Up-to-date, Reviewed Personnel Policies:

Every organization must have up-to-date policies which guide the relationships
between staff and management. There has been a noticeable increase in lawsuits
regarding wrongful termination, harassment and discrimination, disagreements
about promotions or salary actions, etc. Parties to lawsuits include the organization,
management and/or board members. Therefore, personnel policies must be reviewed
at least once a year by an outside advisor who is an expert about all of the
employee-related laws and regulations. See Policies
(Personnel).

Be sure that management is well versed about the policies. Typically, courts
will interpret actions by organizational personnel as representative of the
organization’s preferred course of action and superseding related, documented
policies.

Well-designed Insurance Coverage:

For a broad and basic overview of insurance, see Insurance
Against Liability (legal/lia_insr.htm). You might first review this information
and then invite an insurance agent (or better yet, an insurance broker) to visit
your organization to provide you an overview of the types of insurance typically
sold to nonprofits. Note that many insurance professionals might not understand
the nature of nonprofits. Therefore, you might first ask a few people from fellow
nonprofits for references.

As dreadful as it may sound, you must schedule two hours sometime during the
year to close your door and study your insurance policies. Note any questions
and pose them to your insurance professional. Ask him or her to provide you
a written, clear description regarding any ambiguities and to do so on company
letterhead with his or her signature.

Note that Directors and Officers Insurance (D & O, and covered in the above
“Insurance Against Liabilities” section) is increasingly considered
because of the increasing number of lawsuits. In addition, D & O insurance
helps attract highly experienced board members. Be sure your D & O insurance
covers “insured vs. insured” which covers employee-related lawsuits
and also covers ongoing costs to address a lawsuit (rather than paying only
when the outcome of a lawsuit has been decided).

Protecting Against Fraud, Forgery, Theft
and Terrorism

Have up-to-date, Board-approved personnel policies for employees.

Personnel policies specify how personnel should be hired, supervised and fired
in accordance with employment laws that ensure fair, equitable and legally compliant
treatment of others. Personnel, particularly those who supervise others, should
be trained on the policies.

Conduct background checks on potential new hires.

Background checks can detect if a person has committed crimes, major or minor
in nature, which might suggest tendencies for how the person will act in the
workplace.

Conduct Board orientations once a year for members.

Board orientations make members aware of the unique aspects of the Board and
the organization, including the Board’s policies, for example, about ethics,
conflict-of-interest, whistleblowers and document retention/destruction.

Establish a Whistleblower Policy.

The policy should specify how Board members, employees and others could safely
report that an alleged or actual organizational behavior or practice is illegal,
unethical or inappropriate, without retaliation to the whistleblower.

Establish a Board Ethics Policy.

The policy should specify the types of behaviors to conduct and/or to avoid
in order to ensure that Board members conduct themselves in a manner that treats
others fairly, equitably and that is legally compliant.

Establish up-to-date, Board-approved fiscal policies and procedures.

These procedures ensure that the activities in financial management are conducted
in a highly thorough, accurate and useful manner that also minimizes the likelihood
of malfeasance, including theft, fraud or misappropriation of funds.

Annually conduct a financial audit and/or review.

The audit or review verifies the usefulness and accuracy of some or all aspects
of financial management and, thus, greatly increases the likelihood that financial
numbers and reports are indeed accurate.

Fraud
Symptom 1 – Insatiable hunger of CEO
Fraud
Symptom 2 – A Weak CFO
Fraud
Symptom 5 – Insufficient focus on organization culture and processes

Also consider
Addressing
Financial Controls and Risk Management

Disaster Planning (Regarding Facilities,
Not Computing, etc.)

Arkwright Mutual Insurance
Company
Disaster Planning and Recovery
Disaster Preparedness Planning Guide for Facilities

Legal Protection

To conduct a general audit of legal-related matters in your organization, see Legal
Indicators (org_eval/uw_legal.htm). Also see advice
to boards about legal protection (legal/lgl_thot.htm).

Boards and Risk Management

The growing role of the board in risk oversight
A Framework for Board Oversight of Enterprise Risk
Handling a Corporate Crisis
Strategic Risk Management: A Primer for Directors
Board Oversight of Strategic Risk
Should Your Board Have a Separate Risk Committee?
Compliance and Ethics in Risk Management
Risk Oversight: A Board Imperative
Risk Management and the Board of Directors
Boards Play A Leading Role in Risk Management Oversight
Sarbanes-Oxley and Corporate Risk-Taking
Tech-Intelligent Board
Protecting the Board of Directors
Risk Management and the Board of Directors
Five Questions That Corporate Directors Should Ask
Risk Management general resources
All About Crisis Management

Managing Risks in Financial Management

Sound financial and asset controls help minimize theft, fraud and waste. See Financial
Indicators.

Managing Risk in Volunteer Management

See the
Volunteer
HR Management
Energize,
Inc
Keeping
Volunteers Safe From Harm: Street Smarts for Unfamiliar Turf

Tempting
But Confusing and Dangerous: Paying Volunteers “Just a Little Something”

Managing Risk in Fundraising

See the Fundraising
Indicators checklist. Also see the Top 10 Fundraising Risks for Nonprofits site which explains
how to deal with a wide range of potential fundraising issues.

Resource Management (people, computers, records and facilities)

People:

This aspect of risk management is often overlooked. Each key role in an organization
should have some type of resource to back up performance of that role. For example,
another person in the organization should have general understanding of another
person’s role in case that other person for some reason is not able to perform
the role. The use of up-to-date job descriptions, todo lists and receiving regular
status reports both help to ensure understanding of how others carry out their
roles. Have a staff member back up another member who is on vacation. During staff
meetings, have a staff member give a presentation about their role and how they
carry it out. Ensure that each critical role has at least one backup person who
can step in to conduct the role. The backup assignment should be part of the person’s
job description to help the person take the assignment seriously.

Computers:

See Basic
Computer Security

Records:

1. Record all records in a central location and well labeled.
2. Keep critical documents (e.g., board minutes, leases and contracts, Articles
of Incorporation, ByLaws, letter from the IRS granting tax-exempt status, etc.)
preferably in a fireproof box.
3. Personnel files should be locked in desk drawers with access granted to the
Executive Director and his or her assistant.
4. Allocate two hours each year for staff to audit the agency’s documentation
for relevance, adequate labeling and reasonable organization.

General Facilities:

1. Always lock your doors. This seems obvious, but too many organizations
fail to do so.
2. Ensure your fire protection systems are fully functional by scheduling to
test fire alarms twice a year or demanding that your facility’s owner test alarms
twice a year. Note that certain electrical equipment can be severely damaged
from water sprinklers. Arrange adequate covering or arrangement to minimize
water seepage if overhead sprinklers open up.
3. Conduct inspections twice a year, including to:
a) Inspect floors for ripped carpets
b) look for cables or wires laying on the floor (tape over them if you have
to)
c) Notice any electrical outlets with black soot hear outlets (this indicates
electrical shortages)
d) Ask all staff if their office accommodations are sufficient, e.g., their
chairs are entirely comfortable (tilted correctly for their backs and at the
right heights), is lighting sufficient for desk and computer work, etc.
e) Notice any heavy items on or near the floor which staff must continually
stoop to lift, e.g., boxes of paper for the copier or printers; open boxes before
they’re set on the floor or stack heavy items in a storage room on a shelf
f) Ensure all doors have fully functional door knobs (it’s amazing how long
people can tolerate something as small as a knob that continually jams so the
door is difficult to open)
g) Ensure there is a well-stocked first-aid kit available to all staff
h) Post emergency numbers on the wall near the central phone
i) During the winter, ensure adequate ice removal, e.g., spread sand over ice
or use salt to melt ice
j) Schedule ten minutes in a staff meeting once a year for the entire staff
to reflect on the quality of the facilities

Additional Information for Nonprofits

Basic Overview of
Nonprofit Risk Management
Nonprofit Risk Management
Center (extensive collection of resources)
List of numerous online articles about nonprofit risk management
Overview of Liability
Insurance

General Resources

Glossary of Risk Management and Insurance Terms
Insurance Glossary
Preparing Annual Risk Management Strategy
Senior Management Commitment to Risk Management
Risk Management Strategy of Virgin Group
Soft Skill Trainings for Risk Managers

For the Category of Risk Management:

To round out your knowledge of this Library topic, you may want to review some related topics, available from the link below. Each of the related topics includes free, online resources.

Also, scan the Recommended Books listed below. They have been selected for their relevance and highly practical nature.

Related Library Topics

Recommended Books