What nonprofits can do about risk in 2018

In the past two years, you’ve probably heard the phrases risk assessment, risk management or risk engagement a lot more in relation to the nonprofit sector. From major nonprofit closures, tax reform, the threat of funding cuts and social sector conferences focused on risk, nonprofits are discussing risk more openly than ever before.

At Community Resource Exchange, we believe that the first step to engaging with risk is to assess your vulnerability to it. Organizations can do this in a number of ways, including self-assessments, engaging a risk professional or appointing a “risk champion” in your workplace to start the process. Of course, the easier the process is, the more likely organizations are to begin to engage with risk. This is why we developed a digital risk assessment tool. We spent 2017 testing this tool with many New York City-based organizations; this test group was diverse in many ways: offering programs and services in different issue areas, varying budgets and various staff sizes.

The tool itself (the CRE Fitness Test, or CREFT), measures risk across six categories and 21 subcategories by asking 150 questions. Clear trends emerged from the results around the areas nonprofits are doing well in and other areas that pose a greater risk for the organizations.

The two most vulnerable areas that stood out were external environment as well as personnel and administration. Here’s how your organization can prepare for these risks in 2018.

External environment

Risks from the external environment originate from the community, everything from public relations to the weather. Negative media coverage can happen after an accident  on a program site. A staff member could improperly manage financial assets. Resulting media coverage could cost an organization public trust, program participation and even funding.

We need look no further than the devastation caused by Superstorm Sandy in 2012 to see risk at work. At a recent risk conference, CRE shared some of its findings from CREFT and a number of attendees noted that natural disasters and extreme events were areas that their organizations ignored, while at the same time admitting that their ability to deliver services would be greatly affected if an event were to occur again. It may not be possible to predict the timing or severity of such events, but it is important that nonprofits develop and review plans for maintaining delivery of services in the event of a disaster – weather-related or otherwise. It is essential to the success of any plan that staff at all levels are trained to respond to disasters because they help mitigate another type of risk category.

Personnel and administration

This is a wide-ranging category that captures vulnerabilities related to human resource management as well as other key administrative areas like facilities, cybersecurity and client safety. It is important to note that there are areas within this category that respondents also fared very well in, such as staying in compliance with labor laws and having strong policies around human resource management. Succession planning however remains an area for improvement.

The lack of a succession plan can have far-reaching consequences for nonprofits. If an organization’s leader suddenly departs, then important institutional knowledge, relationships with funders and other information important to the organization’s survival could be lost. Succession planning also forces an organization to anticipate such risks and then mitigate them. Institutional knowledge can be shared at various levels of leadership and funding can survive a lost relationship. A succession plan does this by helping to develop future leaders and spread knowledge and experience. A good succession plan includes executive staff and senior leaders in its development, creates a leadership pipeline that addresses staff development and integrates hiring, staff development and an organization’s overall strategy.

Of course, these areas of higher risk vulnerability are just a snapshot of what nonprofits reported, but they aren’t the only risks. There are certainly many things nonprofits have been doing well. One of the strongest responses we’ve had are the important conversations about risk that result from just taking the test. Engaging with vulnerabilities is, after all, the first step to mitigating them.

Ose Idigbe is a consultant at Community Resource Exchange.