In the corporate sector, there are teams who monitor risk to ensure the company has safeguards against potential harm to its reputation, processes, clients, employees, and the bottom line. The role of risk management and what it monitors differs for each company. And the prevailing reason to implement a risk management plan is to ensure the firm can quickly respond and adjust when there are outside and internal threats that affect its operations, reputation, and culture.

So, what is risk management? In the corporate sector, risk management is defined as the identification, evaluation, and prioritization of risks defined in ISO 31000, followed by coordinated and economical application of resources to minimize, monitor, and control the probability or impact of unfortunate events or to maximize the realization of opportunities (ISO 31000 is a family of standards relating to risk management codified by the International Organization for Standardization).

Nonprofits face risks just like corporations. There are a myriad of events that affect the nonprofit sector. With constant economic downturns, political events, both natural and manmade disasters, and shifting changes in society and regulations, nonprofit organizations need to start planning for risk management if it has not done so yet. Nonprofit organizations have contingency plans; scenario plans; strengths, weaknesses, opportunities, and threats (SWOT) analyses (to identify weaknesses and opportunities which sometimes include gaps in resources); continuity of business plans; strategic plans; and succession plans. A well-done risk management plan will incorporate all of the above-mentioned plans and identify what needs to happen in the event that any of those plans go haywire and or are no longer relevant.

For example, during last year’s shutdown due to the coronavirus (COVID-19), organizations had to quickly pivot to remote work. Unfortunately, many nonprofits did not have a plan to address how to adjust and continue providing critical services to their communities. It is true that no one expected a complete shutdown because of the pandemic, and yet, many corporations were able to implement remote work from home and continue their operations. How? These corporations were successful in adapting because they invested in risk management and had contingency plans in place. As those in the corporate sector know, it’s vital to always plan for when there are no blue skies. 

While some nonprofits did successfully transition to remote work and continued to deliver their services, many executive directors and boards were scrambling to figure out what to do to keep their organizations functioning. And this also led to risks impacting funding, staff morale, client services, donor management, volunteer recruitment and maintenance, relationship management, and board engagement. Not having a risk management plan compounded ambiguity in roles and responsibilities, miscommunications, misunderstandings, staff turnover, and importantly sometimes mission drift for some nonprofits.

So, what is a good risk management plan? How do you implement it, and who needs to be involved? With limited resources and staffing, who monitors the risks? How do you quickly implement the plan? Who do you communicate to and with to effectively implement the plan? What elements are needed in the risk management plan?

To learn the answers to these questions and find out why it is paramount to have a risk management plan, join me on Thursday, August 26 for Candid’s webinar, “Nonprofit Risk Management Essentials.” Register for the webinar.

About the Author(s)

BJ Sung (she/her) Founder and Principal Pinnacle Social Impact

Subscribe to our blog

When we publish a new blog post, you’ll get notified by email.

Interested in being a guest writer for our blog? Learn how