The Committee of Sponsoring Organizations of the Treadway Commission (COSO) defines risk management as follows:
“Enterprise risk management is a process, effected by an entity’s board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity and manage risk to be within its risk appetite, to provide reasonable assurance of the achievement of entity objectives.”
Historically, nonprofit board members tended to view risk management as the need to ensure that the entity has sufficient insurance coverage. In this new age of board member accountability, risk management needs to fit the COSO definition.
The nonprofit board, through the efforts of its members, must understand the types of events that might push the organization into a condition where achievement of its mission, its financial health and its support from the community may be compromised.
What should the board consider as it looks at its future risks? Some important considerations:
* Does it understand the professional management team, its strengths and weaknesses and the succession mechanism in place for all of the key roles in the management hierarchy?
* Does it know the requirements for the financial security of the organization? Important information on key revenue sources and major donors must be part of the information evaluated in determining the organization’s future financial security.
* Has it considered the impact on the entity’s goodwill that will be made with each major decision involving changes in strategy?
* Have changes to current strategies been proposed by management? If so, the board must address the financial, operational and constituent ramifications.
* Is it time to elect new members to the board? If so, it must ascertain what skills and knowledge are required to keep the board relevant to the challenges the organization faces.
* Has it kept in mind that, at the end of the day, the board is responsible and accountable for the organization and its overall well-being?
No one expects every strategic and operational initiative to succeed. The board meeting is the venue where success and failure are considered. If it has not looked at the ramifications of a failed initiative, the board has not addressed its risk management responsibility. The board has the task of challenging new and revised strategies proposed by management or others.
In its risk analysis, the board needs to understand the metrics for measurement of mission fulfillment. The profit analysis of the commercial world does not exist for nonprofits; yet government, significant donors and others are critically interested in proof of effectiveness.
As the organization evolves and changes, the board has to track these changes into the effect on the mission. Development of a metric system that is responsive to the mission is critical for the board to understand various components of the risk equation. Should changes occur in the services provide, funding sources of the past may not desire to continue their participation.
Recent corporate failures indicate that those companies’ boards were not up to the challenge of risk management. Those boards acquiesced to new strategic directions without challenging management’s assumptions. In your nonprofit entity, new strategies and operational changes require the board’s critical eye. The board must provide the oversight that its constituents expect, without micromanaging the professionals who make up the organization’s management.
A risk management program does not seek to eliminate all of the risk in your organization but instead provides a framework for understanding and balancing risks that are inherent in operating a nonprofit organization.
Additionally, this program is the most effective method for aiding the organization’s professional staff in dealing with those risks.
Mark Murovitz ([email protected]) is CEO of Tauber & Balser P.C. With more than 30 years of professional experience, he has provided audit services on initial public offerings, public companies and nonprofit entities. He has also performed financial investigations of both for profit and nonprofit matters. Murovitz has served a number of substantial nonprofit entities, including the Jewish Federation of Greater Atlanta, Theatre Gael and the Marcus Jewish Community Center of Atlanta. Reach him at (404) 814-4940 or www.tbcpa.com.