In a prior post, we shared the risk management process we implement with our customers. But while staff performs most risk management tasks, what are the risk management roles of a nonprofit board of directors? A Board has three important obligations.
1. Ensure staff is performing risk management. Staff performs daily risk management. A Board, however, is responsible for making sure that staff is performing that task. The Board should hold a CEO or executive director responsible for adopting a risk management process, and should periodically confirm that the process adopted is actually functioning.
2. Make decisions on important risks. Staff does not have to keep a board apprised of all risks facing the organization. The Board, however, should receive periodic reports about the most significant risks facing the organization. Where appropriate, the Board should discuss and make decisions about those important threats and opportunities.
As detailed in other posts, we advise customers to have staff create a risk register. We don’t advise staff to share that entire register with its Board. Instead, we recommend that the executive director periodically share the five or so top threats and opportunities with the Board. This exchange can lead the Board to commit or shift resources to address emerging issues. It may lead to crucial policy or governance decisions. Moreover, even if the discussion does not lead to direct Board action, the process of sharing increases a Board’s sense of engagement with the nonprofit. This, in turn, makes Board members better stewards and ambassadors of the organization among their personal and professional connections.
3. Model and set a tone of compliance, ethics, and responsibility. Finally, Board members must take seriously their role as stewards. The Board should live the organization’s values. It should model proper decision-making, governance, and commitment to risk management. Furthermore, the Board should provide guidance to staff about how much risk they want staff to take in the pursuit of organizational objectives. Staff needs to know whether to pursue conservative or aggressive strategies and tactics. Ultimately, those decisions (called “risk appetite“) are governance decisions for the Board.
If you found this post useful, please share it. We want to build stronger nonprofits. If you share this, you help us with that mission.