How To Do a Nonprofit Risk Assessment

Every organization carries risk, and it is up to the organization to responsibly assess and mitigate that risk. If they do not, they may find themselves in legal or financial trouble when something unthinkable happens. It is important to note that risk varies greatly from organization to organization, even among similar types of nonprofits. The specifics of the programs, policies, and funding all create different types of risk. Conducting a thorough nonprofit risk assessment can help each organization understand the potential risks and put plans in place to reduce that risk.

Brainstorm possible risks

The first step to mitigating risks is to understand what risks exist within your organization. As unappealing as it is, this means discussing the worst-case scenarios — things we all hope will never happen, but we need to be prepared if they do.

For each aspect of your organization, each program, each grant you award, you need to consider all the possible things that could go wrong. If participants or volunteers are present on your property or at events, this could include accidents or injuries. If kids are involved, there is always the risk of a child being harmed. If animals are involved, staff or volunteers may be bitten. If driving is involved, there is risk of accidents and injury to the driver, passengers, and other drivers.

Foundations that award grants and do not have other programming may be tempted to think they do not carry risk. However, this is not true. They are responsible for seeing that the money awarded is used for the stated purpose also known as expenditure responsibility. They are accountable to the IRS for the tax-exempt money and ensuring it is used as stated. If it is not, they have to file the proper paperwork and retrieve that money or risk fees and penalties themselves.

Reduce risk where possible

After brainstorming all the possible worst-case scenarios, it is time for the organization to look for ways to mitigate the risk.

First, the board and all of its members need to operate within the bylaws of the organization. Actions that are taken that contradict the bylaws of an organization open the board to more risk rather than reducing the risk.

Policies, procedures, and training are often the first line of defense in reducing risks. These are practical measures that can be put into place. For example, have everyone working with children go through a complete background check and all volunteers go through child safety training. Check the driving records of all drivers. Be sure that the board is trained on conflict of interest. Having such policies in place and ensuring all staff and volunteers follow them will prevent many accidents or incidents from happening and can also help deal with any situations that do arise.

There are several important policies that all nonprofits need to have:

● Conflict of interest

● Financial policies

● Minutes policies

● Crisis communication

● Background checks

● Code of conduct/ethics

● Social media policies

While this list isn’t exhaustive, it is a list that applies to nearly every organization. By having and following these policies, many situations can be avoided altogether.

Identify ways to transfer risk

After creating policies to reduce risk, the next step is finding ways of transferring risk to protect the organization. Primarily, this comes in the form of insurance policies. Your relationship with your insurance agent must be one of constant communication. If they do not know what risks are involved in your organization, they will not be able to recommend adequate insurance for you. If you have not relayed all the risks to them, chances are you could have a hole in your coverage that will leave you exposed.

Important policies that most nonprofits carry include directors and officers insurance, general liability, event insurance, and business continuity insurance. Understanding each policy and what it does and does not cover is crucial to being sure you are covered. For example, many businesses sought claims from business continuity insurance when there were government-mandated shutdowns during the pandemic. However, that was considered an act of government and was excluded from most policy payouts.

Regular review of your insurance policies is critical to proper coverage. Policies change, exclusions change, and sometimes your programming changes. Reading all policies when they are renewed and taking time to understand exclusions will help you understand what coverage you do and don’t have. Ask your agent questions about exclusions and what they mean so you are not blindsided when a claim is denied. When you make an addition to your programming, it is a great time to contact your insurance agent and find out if the new program would be covered under current policies or if you need to extend coverage.

Beyond insurance, participation waivers are a tool to transfer risks. By informing participants, staff, and volunteers of inherent risk in participating in your organization, you can prevent legal action when those events occur. After COVID, we saw many waivers beginning to include language relating to illness in addition to injury, so participants could not sue if they contracted COVID during an event.

Risk is a part of life. No organization will ever be completely without risk. However, a thorough nonprofit risk assessment allows nonprofits to reduce risks and transfer risk. No one likes the thought of worst-case scenarios happening, but considering all possibilities can prevent them from happening in the first place.