Do Nonprofits Need Risk Management?

The answer is yes. Here’s a sampling of opinion from respected sources around the United States.

Independent Sector:

“A charitable organization’s board should ensure that the organization has adequate plans to protect its assets – its property, documents and data, financial and human resources, programmatic content and material, and its integrity and reputation – against damage or loss. The board should review regularly the organization’s need for general liability and directors’ and officers’ liability insurance, as well as take other actions necessary to mitigate risks. . . . The board members of a charitable organization are responsible for understanding the major risks to which the organization is exposed, reviewing those risks on a periodic basis, and ensuring that systems have been established to manage them.”[i]

Standards for Excellence Institute:

“Organizations should make every effort to manage risk and periodically assess the need for insurance coverage in light of the organization’s activities and its financial capacity. A decision to forego general liability insurance coverage or Directors and Officers liability insurance coverage should be made only by the board of directors. The decision should be reflected in the minutes for the meeting at which the decision was made.”[ii]

Principles and Practices for Florida Nonprofit Excellence:

“Nonprofits should periodically assess their risks and purchase appropriate levels of insurance to prudently manage their liabilities.”[iii]

Illinois Nonprofit Principles and Best Practices:

“[Nonprofits should] develop and adhere to a risk management plan and regularly consider the need for insurance coverage and other actions to mitigate risk, taking into account the nature and scope of the organization’s activities and its resources.”[iv]

District of Columbia Bar and Public Counsel:

“Every nonprofit organization needs to create a risk management plan and review it annually. The organization should also review its plan after making a significant change to the types of activities it engages in, or when acquiring a piece of property, a new computer system, or other significant asset.”[v]

American Institute of Certified Public Accountants:

“[G]reater risk awareness is becoming an expected best practice in overall governance of an organization. . . . Because some of the calls for greater risk awareness appear to be coming from voices associated with for-profit corporations, some may naively conclude more effective risk oversight is a corporate issue that isn’t relevant to not-for-profits. That perspective is dangerously wrong.”[vi]

Nonprofit Quarterly:

“It is well past time for a full discussion of how to take on the responsibility of providing risk leadership when huge change is afoot.”[vii]



[i] Independent Sector Principles for Good, Principle 6 (and commentary) (2015).

[ii] Standards for Excellence®: An Ethics and Accountability Code for the Nonprofit Sector, Finance and Operations, Subsection E (Risk Management and Insurance) (2014). The Standards for Excellence have been adopted by numerous state nonprofit advancement organizations.

[iii] Principles and Practices for Florida Nonprofit Excellence 16 (FANO, 2013).

[iv] Illinois Nonprofit Principles and Best Practices Section 6e (2008).

[v] A Nonprofit’s Guide to Risk Management and Insurance at 3 (Joint Publication of Public Counsel and DC Bar Pro Bono Program).

[vi] Increasing Risk Awareness for Mission Critical Objectives of Not-for-Profit Organizations, American Institute for Certified Public Accountants, Not-For-Profit Brief (March 22, 2011).

[vii] Beyond Nonprofit Risk Management: How About a Little Risk Leadership? Nonprofit Quarterly (July 17, 2017).