Risk can come from anywhere but, in a nonprofit, it usually comes from two sources: People or process.
According to Melanie Lockwood Herman in “Ready…Or Not: A Risk Management Guide for Nonprofit Executives,” process failures are easier to detect and address. If something isn’t working, you simply need to determine the issues and address them as needed.
Risks from employees are a little bit trickier. According to Herman, people risks are most effectively addressed through prevention, detection, and correction. This is done through the following four steps:
- Creating policies and procedures that clarify job responsibilities and standards of permitted and prohibited conduct.
- Communicating the nonprofit’s policies through written policy materials, online resources, and in-person briefings. You should also consider making policies available in multiple formats.
- Designing employee and volunteer training to address key aspects of the job and recommended approaches for coping with adversity and undesirable circumstances.
- Holding all personnel accountable for the organization’s key risk management policies.