"Avoid a Wipeout: Risk Management for NPOs "
Presenter: Wes Doak, CFRE/CPM/MLIS
Event: Academy of Fundraising 2003
Event Sponsor: Capitol Chapter, Association of Fundraising Professionals [AFP]
No endorsement of any link or service or product on this page is intended by Mouse Magic!,
Access Sacramento, the Nonprofit Resource Center, AFP nor the website authors. Last updated 02June03
Definition(s) of Risk Management
Risk elements
What can go wrong?
Topics of note
Insurance Coverage
A quick comment on where risk management plans fit into the overall nonprofit/nongovernmental organization planning grid. The most common cascading, or timing, of plans looks like this:
  1. Strategic Plan
  2. Development Plan
  3. Technology Plan
  4. Risk Management Plan
While I agree about the sequencing of the first three, I suggest that risk management be part of all those plans rather than a fourth tier plan. More thoughts, and/or discussion during our session.

 Return to the top of this page

A. Definition(s) of Risk Management for NPOs

  1. "Risk Management is the systematic process of identifying, analysing and responding to project risk. It includes maximising the probability and consequences of positive events and minimising the probability and consequences of events adverse to project objectives. it includes the processes of risk management planning, risk identification, qualitative risk analysis, quantitative risk analysis, risk response planning and risk monitoring & control". PMI PMBOK 2000
  2. "...any uncertainty about a future event that threatens your organzation's ability to accomplish its mission." [People/Property/Income/Goodwill] Alliance for Nonprofit Management FAQ document.
  3. "The possible deviation from what you expect to occur" California...
  4. "A process that includes the four functions of planning, organizing, leading, and controlling business losses on that organization at reasonable cost." Dr. George Head, Insurance Institute of America
  5. "Pondering 'What If...' Limiting Risks to your Agency, Staff, Clients & Volunteers" Texas Association of Nonprofit Organizations.
  6. "Its mission is to help nonprofit organizations in Japan become aware of, and manage risk inherent with their organizations so that these organizations can achieve their mission to make our society better" Risk Management Office for Japanese Nonprofits.
  7. Risk management is a discipline for dealing with the possibility that some future event will cause harm" Nonprofit Risk Management Center.
  8. "...the measure of the possibility that the future may be surprisingly different from what we expect" Nonprofits' Insurance Alliance of California.
  9. "Risk management is attempting to identify and then manage threats that could severely impact or bring down the organization. Generally, this involves reviewing operations of the organization, identifying potential threats to the organization and the likelihood of their occurrence, and then taking appropriate actions to address the most likely threats." Management Assistance Programs for Nonprofits.
 Return to the top of this page

B. Risk (management program) elements (traditional)

  1. Identification
  2. Measurement
  3. Assessment
  4. Evaluation
  5. Transfer or ?
  6. Finance
In the Texas "Nonprofit Legal Toolkit" the following sequence was outlined:
(First) evaluate risks then address each risk by:
  1. Avoidance of the activity, (Rent rather than buy)
  2. Modification of the risk, or (Use expert advice)
  3. Transfer of the risk to another entitity." (Insurance)

The Alliance for Nonprofit Management lists seven steps:

  1. Establish the purpose of the RM program
  2. Assign responsiblity for the RM program
  3. Acknowledge and identify risk(s)
  4. Evaluate and prioritize risk(s)
  5. Decide how to manage your risk(s):
    • Avoidance
    • Modification
    • Retention
    • Sharing
    • Risk transfer
  6. Implement your RM plan
  7. Review and revise the RM as needed
Still another way of looking at the big picture was developed by the Colorado Chapter of the Public Risk Management Association. In their publication "Benchmarking, Best Practices, and Performance Measurements for Public Entity Risk Management...Guidelines" November 1999 [not copyrighted]. They broke down the risk elements into the following categories:
  1. Property Exposures
  2. Workers' Compensation
  3. (Vehicle) Liability
  4. Public Officials' Liability
  5. General Liability
  6. Law Enforcement
  7. General Safety
  8. Risk Management Administration
  9. Environmental Health, and
  10. Emergency Management

Below you will find a grid I hope you find useful when reviewing the risks facing your organization. We'll use it as we review the "What Can Go Wrong" and "Topics of Interest" sections of this exercise. We will discuss its use during our session.

High Impact
Very High
Medium Impact
Low Impact
Very Low

Low Possibility
Medium Possiblity
High Possibility
(c) 2003 Mouse Magic; Advanced Resources & Technologies

 Return to the top of this page

C. What can go wrong?

  1. Reputation [SEE Allianceonline FAQs on risk management in the nonprofit sector, pp 1&3]
    • Ability to hire good employees
    • Ability to attract good volunteers
    • Status in community at large
    • Ability to contribute to planning, law, administrative rules, et al
  2. Resources
    • People
      • Board
      • Employees
      • Donors
      • The public at large
    • Property
      • Buildings
      • Vehicles
      • Grounds
      • Intellectual property
    • Equipment
      • Office
      • Technology
      • Medical/scientific/etc.
  3. Income
    • Contacts
    • Contributions
    • Grants
    • Sales
    • In-kind contributions

 Return to the top of this page

D. Topics of interest for NPOs (cardinal not ordinal)

  1. Collaboration risks. SEE Wilder Foundation publications.
    • Confirm compatibility
    • Understand motivations
    • Conduct due diligence
    • Interpret the message
    • Clarify expectations
    • Put it in writing (policies and procedures)
  2. Controls; internal and otherwise
    • Span of control
    • Delineate roles
    • Prudent reserves (not just $$$)
  3. Coping with cutbacks/financial uncertainty. This outline, with just one or two detailed lists, is taken from a free Wilder Foundation website listing 185 cutback strategies. I encourage you to check out the site, read the more detailed lists then contribute your own ideas. The caveat mentioned on the website is "Just because we've listed a strategy, don't think we endorse it. In fact, we dislike some, and some may conflict with your mission, values, or human resource policies." Ditto! SEE ALSO "Weathering funding reductions..." in bibliography below.
    • Financial Strategies: Cut or control costs
      • Analyze purchasing
      • Adjust payables
        • Consolidate or restructure debt
        • Negotiate delayed or reduced payments
        • Barter for needed services
      • Evaluate facilities and infrastructure
      • Modify staffing and related costs
      • Reduce services
    • Financial Strategies: Increase revenues
      • Manage money differently
      • Increase fees
      • Initiate or accelerate fund-raising
      • Expand or add services
      • Increase productivity
    • Structural Strategies
      • Modify the mission
      • Modify the organization's structure
      • Modify the organization's culture
    • Engagement Strategies
      • Engage other nonprofits
      • Engage the community
      • Engage the business community
      • Engage the public/government sector
  4. Disaster recovery
    • Civil strife
    • Terrorism
    • Natural disaster
    • Physical plant
    • SEE ALSO technology issues
  5. Events: social and special

  1. Financial issues
    • Chart Of Accounts [COA]
    • Government regulations
    • GAAP
    • Fund accounting
    • Prudent reserves
  2. Human resources management (consistent employment practices)
    • Hiring/Firing
      • "...employment-related allegations account for more than 75% of NPO claims"
      • "...wrongful termination represents 60% of claims...sexual harassment and discrimination are the next leading causes of employment practices claims."
    • Disabilities
    • Volunteers
    • Board
      • Accountability
      • Discontent
      • Orientation and training
    • Consultants/Contracts
    • Conflict management
    • Vehicle records for all employees and volunteers driving on the NPO's behalf
  3. Legal issues, not covered elsewhere in this document
    • Copyright (Library of Congress)
    • Fair Use (Stanford Universisty)
    • Filters on the Internet (InfoPeople)
    • Appropriate use policies (obtain from a good public library website)
  4. Technology
    • PCs
    • Networks PAN/LAN/MAN/WAN/still others!
    • Data
    • Passwords
    • Backups
      • Attended
      • Unattended
    • Virus protection software
    • Disc utility software
    • UPS NOT surge protectors!
    • Firewalls
    • Turn them on and use them....
  5. Theft; insider and otherwise
    • Why?
      • Greed
      • Financial loss
      • Revenge
      • Thrill seeking
    • How?
      • Fictitious vendors or consultants or staffers
      • Check theft
      • Credit card fraud
      • Cash theft
      • Indentify theft
    • Prevention
      • Protect against "how" above
    • Cost
      • "...fraud accounts for two-thirds of all crime." "...workplace crime...$300M in 1966...."
  6. Injuries to Clients, Employees, Volunteers and the Public
  7. Scope changes/"Scope Creep"
  8. Fraud (basically organized theft)
 Return to the top of this page

E. Insurance coverage. Purchasing insurance is not synonymous with risk management. Many risks are not insurable such as goodwill, financial support, loss of tax exempt status and some theft.

Budget enough money to buy good insurance, then be sure everyone knows the limits of insurance.

  Return to the top of this page

F. Resources for further investigation/exploration....

No endorsement of any link or service or product on this page is intended by Mouse Magic!,
Access Sacramento, the Nonprofit Resource Center, AFP nor the website authors. Last updated 2June2003
  1. Books/publishers: (be sure to check out Amazon and/or Barnes & Noble!)
  2. Journals/magazines:
  3. Organizations:(don't forget to use Google or Alltheweb to search for your own items!)
  4. Websites: (don't forget to use Google or Alltheweb to search for your own items!)

 Return to the top of this page
 Return to the Mouse Magic! Training page

 (c) Wes Doak, Mouse Magic! 2002/2003/2004