Follow us on Facebook Follow us on Twitter Follow us on LinkedIn AddThisShare A A A

Risk Management, Disaster Planning and Protecting Against Crime

Sections of This Topic Include

What's Risk Management?
Conducting Risk Management Assessments
Best Protection: Good Management, Personnel Policies and Insurance
Protecting Against Fraud, Forgery, Theft and Terrorism Disaster Planning (Regarding Facilities, Not Computing, etc.)
Legal Protection
Boards and Risk Management
Managing Risks in Financial Management
Managing Risks in Volunteer Management
Managing Risks in Fundraising
Resource Management (people, computers, records and facilities)

Additional Information for Nonprofits
General Resources

Also consider
Related Library Topics

Learn More in the Library's Blog Related to Risk Management

In addition to the articles on this current page, see the following blog which has posts related to Risk Management. Scan down the blog's page to see various posts. Also see the section “Recent Blog Posts” in the sidebar of the blog or click on “next” near the bottom of a post in the blog.

Library's Human Resources Blog

What's "Risk Management"?

Risk management is attempting to identify and then manage threats that could severely impact or bring down the organization. Generally, this involves reviewing operations of the organization, identifying potential threats to the organization and the likelihood of their occurrence, and then taking appropriate actions to address the most likely threats.

Traditionally, risk management was thought of as mostly a matter of getting the right insurance. Insurance coverage usually came in rather standard packages, so people tended to not take risk management seriously. However, this impression of risk management has changed dramatically. With the recent increase in rules and regulations, employee-related lawsuits and reliance on key resources, risk management is becoming a management practice that is every bit as important as financial or facilities management.

There are several basic activities which a nonprofit organization can conduct to dramatically reduce its chances of experiencing a catastrophic event that ruins or severely impairs the organization.

Conducting a Risk Management Assessment

Organizations should regularly undertake comprehensive, focused assessment of potential risks to the organization. This focused assessment should occur at least twice a year by a team of staff members representing all the major functions of the organization. The assessment should be carefully planned, documented and methodically carried out.

The most common risks are typically of the types listed below. Comprehensive checklists help a great deal to quickly review a wide range of organizational aspects. Other aspects require more careful review.

Checklists in the following sections cover almost 140 considerations to ensure a well run and highly protected organization.

Best Protection: Good Management, Personnel Policies and Insurance

Good Management:

Efforts undertaken to manage an organization well also contributes to sound risk management. For example, a fully attentive board with a wide range of skills may be the most important guard against major threats to an organization. See Governance (Board) Indicators to assess the quality of your board. Also reference Basic Evaluation of the Board.

Careful strategic planning and effective supervision helps ensure organizational resources are closely aligned to accomplishing the organization's mission, and that staff and volunteers are treated fairly and comply with rules and regulations. See Planning Indicators and Human Resources Indicators.

Up-to-date, Reviewed Personnel Policies:

Every organization must have up-to-date policies which guide the relationships between staff and management. There has been a noticeable increase in lawsuits regarding wrongful termination, harassment and discrimination, disagreements about promotions or salary actions, etc. Parties to lawsuits include the organization, management and/or board members. Therefore, personnel policies must be reviewed at least once a year by an outside advisor who is an expert about all of the employee-related laws and regulations. See Policies (Personnel).

Be sure that management is well versed about the policies. Typically, courts will interpret actions by organizational personnel as representative of the organization's preferred course of action and superseding related, documented policies.

Well-designed Insurance Coverage:

For a broad and basic overview of insurance, see Insurance Against Liability (legal/lia_insr.htm). You might first review this information and then invite an insurance agent (or better yet, an insurance broker) to visit your organization to provide you an overview of the types of insurance typically sold to nonprofits. Note that many insurance professionals might not understand the nature of nonprofits. Therefore, you might first ask a few people from fellow nonprofits for references.

As dreadful as it may sound, you must schedule two hours sometime during the year to close your door and study your insurance policies. Note any questions and pose them to your insurance professional. Ask him or her to provide you a written, clear description regarding any ambiguities and to do so on company letterhead with his or her signature.

Note that Directors and Officers Insurance (D & O, and covered in the above "Insurance Against Liabilities" section) is increasingly considered because of the increasing number of lawsuits. In addition, D & O insurance helps attract highly experienced board members. Be sure your D & O insurance covers "insured vs. insured" which covers employee-related lawsuits and also covers ongoing costs to address a lawsuit (rather than paying only when the outcome of a lawsuit has been decided).

Protecting Against Fraud, Forgery, Theft and Terrorism

Have up-to-date, Board-approved personnel policies for employees.

Personnel policies specify how personnel should be hired, supervised and fired in accordance with employment laws that ensure fair, equitable and legally compliant treatment of others. Personnel, particularly those who supervise others, should be trained on the policies.

Conduct background checks on potential new hires.

Background checks can detect if a person has committed crimes, major or minor in nature, which might suggest tendencies for how the person will act in the workplace.

Conduct Board orientations once a year for members.

Board orientations make members aware of the unique aspects of the Board and the organization, including the Board’s policies, for example, about ethics, conflict-of-interest, whistleblowers and document retention/destruction.

Establish a Whistleblower Policy.

The policy should specify how Board members, employees and others could safely report that an alleged or actual organizational behavior or practice is illegal, unethical or inappropriate, without retaliation to the whistleblower.

Establish a Board Ethics Policy.

The policy should specify the types of behaviors to conduct and/or to avoid in order to ensure that Board members conduct themselves in a manner that treats others fairly, equitably and that is legally compliant.

Establish up-to-date, Board-approved fiscal policies and procedures.

These procedures ensure that the activities in financial management are conducted in a highly thorough, accurate and useful manner that also minimizes the likelihood of malfeasance, including theft, fraud or misappropriation of funds.

Annually conduct a financial audit and/or review.

The audit or review verifies the usefulness and accuracy of some or all aspects of financial management and, thus, greatly increases the likelihood that financial numbers and reports are indeed accurate.

Fraud Symptom 1 – Insatiable hunger of CEO
Fraud Symptom 2 – A Weak CFO
Fraud Symptom 5 – Insufficient focus on organization culture and processes

Also consider
Addressing Financial Controls and Risk Management

Disaster Planning (Regarding Facilities, Not Computing, etc.)

Arkwright Mutual Insurance Company
Disaster Planning and Recovery
Disaster Preparedness Planning Guide for Facilities

Legal Protection

To conduct a general audit of legal-related matters in your organization, see Legal Indicators (org_eval/uw_legal.htm). Also see advice to boards about legal protection (legal/lgl_thot.htm).

Boards and Risk Management

The growing role of the board in risk oversight
A Framework for Board Oversight of Enterprise Risk
Handling a Corporate Crisis
Strategic Risk Management: A Primer for Directors
Board Oversight of Strategic Risk
Should Your Board Have a Separate Risk Committee?
Compliance and Ethics in Risk Management
Risk Oversight: A Board Imperative
Risk Management and the Board of Directors
Boards Play A Leading Role in Risk Management Oversight
Sarbanes-Oxley and Corporate Risk-Taking
Tech-Intelligent Board
Protecting the Board of Directors
Risk Management and the Board of Directors
Five Questions That Corporate Directors Should Ask
Risk Management general resources
All About Crisis Management

Managing Risks in Financial Management

Sound financial and asset controls help minimize theft, fraud and waste. See Financial Indicators.

Managing Risk in Volunteer Management

See the
Volunteer HR Management
Energize, Inc
Keeping Volunteers Safe From Harm: Street Smarts for Unfamiliar Turf
Tempting But Confusing and Dangerous: Paying Volunteers “Just a Little Something”

Managing Risk in Fundraising

See the Fundraising Indicators checklist. Also see the Top 10 Fundraising Risks for Nonprofits site which explains how to deal with a wide range of potential fundraising issues.

Resource Management (people, computers, records and facilities)


This aspect of risk management is often overlooked. Each key role in an organization should have some type of resource to back up performance of that role. For example, another person in the organization should have general understanding of another person's role in case that other person for some reason is not able to perform the role. The use of up-to-date job descriptions, todo lists and receiving regular status reports both help to ensure understanding of how others carry out their roles. Have a staff member back up another member who is on vacation. During staff meetings, have a staff member give a presentation about their role and how they carry it out. Ensure that each critical role has at least one backup person who can step in to conduct the role. The backup assignment should be part of the person's job description to help the person take the assignment seriously.


See Basic Computer Security


1. Record all records in a central location and well labeled.
2. Keep critical documents (e.g., board minutes, leases and contracts, Articles of Incorporation, ByLaws, letter from the IRS granting tax-exempt status, etc.) preferably in a fireproof box.
3. Personnel files should be locked in desk drawers with access granted to the Executive Director and his or her assistant.
4. Allocate two hours each year for staff to audit the agency's documentation for relevance, adequate labeling and reasonable organization.

General Facilities:

1. Always lock your doors. This seems obvious, but too many organizations fail to do so.
2. Ensure your fire protection systems are fully functional by scheduling to test fire alarms twice a year or demanding that your facility's owner test alarms twice a year. Note that certain electrical equipment can be severely damaged from water sprinklers. Arrange adequate covering or arrangement to minimize water seepage if overhead sprinklers open up.
3. Conduct inspections twice a year, including to:
a) Inspect floors for ripped carpets
b) look for cables or wires laying on the floor (tape over them if you have to)
c) Notice any electrical outlets with black soot hear outlets (this indicates electrical shortages)
d) Ask all staff if their office accommodations are sufficient, e.g., their chairs are entirely comfortable (tilted correctly for their backs and at the right heights), is lighting sufficient for desk and computer work, etc.
e) Notice any heavy items on or near the floor which staff must continually stoop to lift, e.g., boxes of paper for the copier or printers; open boxes before they're set on the floor or stack heavy items in a storage room on a shelf
f) Ensure all doors have fully functional door knobs (it's amazing how long people can tolerate something as small as a knob that continually jams so the door is difficult to open)
g) Ensure there is a well-stocked first-aid kit available to all staff
h) Post emergency numbers on the wall near the central phone
i) During the winter, ensure adequate ice removal, e.g., spread sand over ice or use salt to melt ice
j) Schedule ten minutes in a staff meeting once a year for the entire staff to reflect on the quality of the facilities

Additional Information for Nonprofits

Basic Overview of Nonprofit Risk Management
Nonprofit Risk Management Center (extensive collection of resources)
List of numerous online articles about nonprofit risk management
Overview of Liability Insurance

General Resources

Glossary of Risk Management and Insurance Terms
Insurance Glossary
Preparing Annual Risk Management Strategy
Senior Management Commitment to Risk Management
Your Personal Contingency Plan
Risk Management Strategy of Virgin Group
Soft Skill Trainings for Risk Managers

For the Category of Risk Management:

To round out your knowledge of this Library topic, you may want to review some related topics, available from the link below. Each of the related topics includes free, online resources.

Also, scan the Recommended Books listed below. They have been selected for their relevance and highly practical nature.

Related Library Topics

Recommended Books