Risk Management, Disaster Planning and Protecting Against Crime

Sections of this topic

    Risk Management, Disaster Planning and Protecting Against
    Crime

    Sections of This Topic Include

    What’s Risk Management?
    Conducting Risk Management Assessments
    Best Protection: Good Management, Personnel Policies
    and Insurance

    Protecting Against Fraud, Forgery, Theft and Terrorism
    Disaster Planning (Regarding Facilities, Not Computing,
    etc.)

    Legal Protection
    Boards and Risk Management
    Managing Risks in Financial Management
    Managing Risks in Volunteer Management
    Managing Risks in Fundraising
    Resource Management (people, computers, records and
    facilities)

    Additional Information for Nonprofits
    General Resources

    Also consider
    Related Library Topics

    Learn More in the Library’s Blog Related to Risk Management

    In addition to the articles on this current page, see the following blog which
    has posts related to Risk Management. Scan down the blog’s page to see various
    posts. Also see the section “Recent Blog Posts” in the sidebar of the blog or
    click on “next” near the bottom of a post in the blog.

    Library’s Human
    Resources Blog


    What’s “Risk Management”?

    Risk management is attempting to identify and then manage threats that could severely
    impact or bring down the organization. Generally, this involves reviewing operations
    of the organization, identifying potential threats to the organization and the
    likelihood of their occurrence, and then taking appropriate actions to address
    the most likely threats.

    Traditionally, risk management was thought of as mostly a matter of getting
    the right insurance. Insurance coverage usually came in rather standard packages,
    so people tended to not take risk management seriously. However, this impression
    of risk management has changed dramatically. With the recent increase in rules
    and regulations, employee-related lawsuits and reliance on key resources, risk
    management is becoming a management practice that is every bit as important
    as financial or facilities management.

    There are several basic activities which a nonprofit organization can conduct
    to dramatically reduce its chances of experiencing a catastrophic event that
    ruins or severely impairs the organization.

    Conducting a Risk Management Assessment

    Organizations should regularly undertake comprehensive, focused assessment of
    potential risks to the organization. This focused assessment should occur at least
    twice a year by a team of staff members representing all the major functions of
    the organization. The assessment should be carefully planned, documented and methodically
    carried out.

    The most common risks are typically of the types listed below. Comprehensive
    checklists help a great deal to quickly review a wide range of organizational
    aspects. Other aspects require more careful review.

    Checklists in the following sections cover almost 140 considerations to ensure
    a well run and highly protected organization.

    Best Protection: Good Management, Personnel Policies and Insurance

    Good Management:

    Efforts undertaken to manage an organization well also contributes to sound risk
    management. For example, a fully attentive board with a wide range of skills may
    be the most important guard against major threats to an organization. See Governance
    (Board) Indicators
    to assess the quality of your board. Also reference Basic
    Evaluation of the Board.

    Careful strategic planning and effective supervision helps ensure organizational
    resources are closely aligned to accomplishing the organization’s mission, and
    that staff and volunteers are treated fairly and comply with rules and regulations.
    See Planning
    Indicators
    and Human
    Resources Indicators.

    Up-to-date, Reviewed Personnel Policies:

    Every organization must have up-to-date policies which guide the relationships
    between staff and management. There has been a noticeable increase in lawsuits
    regarding wrongful termination, harassment and discrimination, disagreements
    about promotions or salary actions, etc. Parties to lawsuits include the organization,
    management and/or board members. Therefore, personnel policies must be reviewed
    at least once a year by an outside advisor who is an expert about all of the
    employee-related laws and regulations. See Policies
    (Personnel).

    Be sure that management is well versed about the policies. Typically, courts
    will interpret actions by organizational personnel as representative of the
    organization’s preferred course of action and superseding related, documented
    policies.

    Well-designed Insurance Coverage:

    For a broad and basic overview of insurance, see Insurance
    Against Liability
    (legal/lia_insr.htm). You might first review this information
    and then invite an insurance agent (or better yet, an insurance broker) to visit
    your organization to provide you an overview of the types of insurance typically
    sold to nonprofits. Note that many insurance professionals might not understand
    the nature of nonprofits. Therefore, you might first ask a few people from fellow
    nonprofits for references.

    As dreadful as it may sound, you must schedule two hours sometime during the
    year to close your door and study your insurance policies. Note any questions
    and pose them to your insurance professional. Ask him or her to provide you
    a written, clear description regarding any ambiguities and to do so on company
    letterhead with his or her signature.

    Note that Directors and Officers Insurance (D & O, and covered in the above
    “Insurance Against Liabilities” section) is increasingly considered
    because of the increasing number of lawsuits. In addition, D & O insurance
    helps attract highly experienced board members. Be sure your D & O insurance
    covers “insured vs. insured” which covers employee-related lawsuits
    and also covers ongoing costs to address a lawsuit (rather than paying only
    when the outcome of a lawsuit has been decided).

    Protecting Against Fraud, Forgery, Theft
    and Terrorism

    Have up-to-date, Board-approved personnel policies for employees.

    Personnel policies specify how personnel should be hired, supervised and fired
    in accordance with employment laws that ensure fair, equitable and legally compliant
    treatment of others. Personnel, particularly those who supervise others, should
    be trained on the policies.

    Conduct background checks on potential new hires.

    Background checks can detect if a person has committed crimes, major or minor
    in nature, which might suggest tendencies for how the person will act in the
    workplace.

    Conduct Board orientations once a year for members.

    Board orientations make members aware of the unique aspects of the Board and
    the organization, including the Board’s policies, for example, about ethics,
    conflict-of-interest, whistleblowers and document retention/destruction.

    Establish a Whistleblower Policy.

    The policy should specify how Board members, employees and others could safely
    report that an alleged or actual organizational behavior or practice is illegal,
    unethical or inappropriate, without retaliation to the whistleblower.

    Establish a Board Ethics Policy.

    The policy should specify the types of behaviors to conduct and/or to avoid
    in order to ensure that Board members conduct themselves in a manner that treats
    others fairly, equitably and that is legally compliant.

    Establish up-to-date, Board-approved fiscal policies and procedures.

    These procedures ensure that the activities in financial management are conducted
    in a highly thorough, accurate and useful manner that also minimizes the likelihood
    of malfeasance, including theft, fraud or misappropriation of funds.

    Annually conduct a financial audit and/or review.

    The audit or review verifies the usefulness and accuracy of some or all aspects
    of financial management and, thus, greatly increases the likelihood that financial
    numbers and reports are indeed accurate.

    Fraud
    Symptom 1 – Insatiable hunger of CEO

    Fraud
    Symptom 2 – A Weak CFO

    Fraud
    Symptom 5 – Insufficient focus on organization culture and processes

    Also consider
    Addressing
    Financial Controls and Risk Management

    Disaster Planning (Regarding Facilities,
    Not Computing, etc.)

    Arkwright Mutual Insurance
    Company

    Disaster Planning and Recovery
    Disaster Preparedness Planning Guide for Facilities

    Legal Protection

    To conduct a general audit of legal-related matters in your organization, see Legal
    Indicators
    (org_eval/uw_legal.htm). Also see advice
    to boards about legal protection
    (legal/lgl_thot.htm).

    Boards and Risk Management

    The growing role of the board in risk oversight
    A Framework for Board Oversight of Enterprise Risk
    Handling a Corporate Crisis
    Strategic Risk Management: A Primer for Directors
    Board Oversight of Strategic Risk
    Should Your Board Have a Separate Risk Committee?
    Compliance and Ethics in Risk Management
    Risk Oversight: A Board Imperative
    Risk Management and the Board of Directors
    Boards Play A Leading Role in Risk Management Oversight
    Sarbanes-Oxley and Corporate Risk-Taking
    Tech-Intelligent Board
    Protecting the Board of Directors
    Risk Management and the Board of Directors
    Five Questions That Corporate Directors Should Ask
    Risk Management general resources
    All About Crisis Management

    Managing Risks in Financial Management

    Sound financial and asset controls help minimize theft, fraud and waste. See Financial
    Indicators.

    Managing Risk in Volunteer Management

    See the
    Volunteer
    HR Management

    Energize,
    Inc

    Keeping
    Volunteers Safe From Harm: Street Smarts for Unfamiliar Turf

    Tempting
    But Confusing and Dangerous: Paying Volunteers “Just a Little Something”

    Managing Risk in Fundraising

    See the Fundraising
    Indicators
    checklist. Also see the Top 10 Fundraising Risks for Nonprofits site which explains
    how to deal with a wide range of potential fundraising issues.

    Resource Management (people, computers, records and facilities)

    People:

    This aspect of risk management is often overlooked. Each key role in an organization
    should have some type of resource to back up performance of that role. For example,
    another person in the organization should have general understanding of another
    person’s role in case that other person for some reason is not able to perform
    the role. The use of up-to-date job descriptions, todo lists and receiving regular
    status reports both help to ensure understanding of how others carry out their
    roles. Have a staff member back up another member who is on vacation. During staff
    meetings, have a staff member give a presentation about their role and how they
    carry it out. Ensure that each critical role has at least one backup person who
    can step in to conduct the role. The backup assignment should be part of the person’s
    job description to help the person take the assignment seriously.

    Computers:

    See Basic
    Computer Security

    Records:

    1. Record all records in a central location and well labeled.
    2. Keep critical documents (e.g., board minutes, leases and contracts, Articles
    of Incorporation, ByLaws, letter from the IRS granting tax-exempt status, etc.)
    preferably in a fireproof box.
    3. Personnel files should be locked in desk drawers with access granted to the
    Executive Director and his or her assistant.
    4. Allocate two hours each year for staff to audit the agency’s documentation
    for relevance, adequate labeling and reasonable organization.

    General Facilities:

    1. Always lock your doors. This seems obvious, but too many organizations
    fail to do so.
    2. Ensure your fire protection systems are fully functional by scheduling to
    test fire alarms twice a year or demanding that your facility’s owner test alarms
    twice a year. Note that certain electrical equipment can be severely damaged
    from water sprinklers. Arrange adequate covering or arrangement to minimize
    water seepage if overhead sprinklers open up.
    3. Conduct inspections twice a year, including to:
    a) Inspect floors for ripped carpets
    b) look for cables or wires laying on the floor (tape over them if you have
    to)
    c) Notice any electrical outlets with black soot hear outlets (this indicates
    electrical shortages)
    d) Ask all staff if their office accommodations are sufficient, e.g., their
    chairs are entirely comfortable (tilted correctly for their backs and at the
    right heights), is lighting sufficient for desk and computer work, etc.
    e) Notice any heavy items on or near the floor which staff must continually
    stoop to lift, e.g., boxes of paper for the copier or printers; open boxes before
    they’re set on the floor or stack heavy items in a storage room on a shelf
    f) Ensure all doors have fully functional door knobs (it’s amazing how long
    people can tolerate something as small as a knob that continually jams so the
    door is difficult to open)
    g) Ensure there is a well-stocked first-aid kit available to all staff
    h) Post emergency numbers on the wall near the central phone
    i) During the winter, ensure adequate ice removal, e.g., spread sand over ice
    or use salt to melt ice
    j) Schedule ten minutes in a staff meeting once a year for the entire staff
    to reflect on the quality of the facilities

    Additional Information for Nonprofits

    Basic Overview of
    Nonprofit Risk Management

    Nonprofit Risk Management
    Center (extensive collection of resources)

    List of numerous online articles about nonprofit risk management
    Overview of Liability
    Insurance

    General Resources

    Glossary of Risk Management and Insurance Terms
    Insurance Glossary
    Preparing Annual Risk Management Strategy
    Senior Management Commitment to Risk Management
    Risk Management Strategy of Virgin Group
    Soft Skill Trainings for Risk Managers


    For the Category of Risk Management:

    To round out your knowledge of this Library topic, you may want to review some related topics, available from the link below. Each of the related topics includes free, online resources.

    Also, scan the Recommended Books listed below. They have been selected for their relevance and highly practical nature.

    Related Library Topics

    Recommended Books