How to ensure financial sustainability and nonprofit healthPublished: January 2017 | Last reviewed: June 2018
Financial risk management requires thinking about, and planning for, those things you hope will never happen — from property loss to embezzlement. However sobering, taking a close look at even the most unpleasant financial scenarios is a key way to ensure stability and longevity for your nonprofit.
To cast it in a more positive light, consider three primary goals of nonprofit financial risk management:
- Preventing the loss of financial assets
- Reducing the financial cost of those losses
- Reducing the impact of those losses on your clients/beneficiaries
What are a nonprofit's primary financial risks?
Nonprofits face any number of major and minor financial risks. Here are some of the most common:
Financial fraud is the most common crime perpetrated against nonprofits. Legally, fraud is a category of theft in which perpetrators misrepresent themselves or otherwise lie in order to steal money or property. Employees or volunteers within an organization may attempt to defraud their employers, or someone outside the organization might try to take funds or property as part of a scam.
Organizations that have endowments run the risk of making poor or fraudulent investments. Consider the New Era scandal, a Ponzi scheme in which several U.S. Christian charities were defrauded. Other investments — such as junk bonds or investments in companies involved in illegal or unsavory activities — may result in major financial liabilities.
Meanwhile, charities need to ensure any investments are in line with their ethos. In the U.K., Comic Relief attracted much negative press coverage in 2013 over concerns they were investing in arms and tobacco shares.
Mismanagement of funds
Even if not explicitly fraudulent, the misuse of funds may have serious consequences. Misuse might include overspending on gala events, food and drink, or travel. Even in the service of fundraising, overspending on luxuries such as restaurants and hotels can appear as serious financial mismanagement by a service-oriented organization. What is seen as wining and dining a potential major donor by one person may be seen as exorbitant waste of money by another — all expenditure needs to be able to be shown to be in the best light for the charity and its beneficiaries.
Loss of physical assets
All physical assets represent risks for an organization. Theft or destruction of major possessions, such as office equipment and computers, may be costly. In addition, lack of controls on assets or inventory may result in a loss of physical assets through negligence.
U.S.: Although American nonprofits are typically tax-exempt, they're still responsible for employee payroll taxes. Unrelated Business Income Tax (UBIT) might be a concern if fee-for-service efforts earn too much income. In addition, various activities — such as paying profits to individuals associated with your organization or spending more than 5 percent of your time or budget lobbying to influence legislation — could jeopardize your tax-exempt status.
U.K.: Charities with employees are liable for PAYE/National Insurance, and charities aren't always exempt from VAT and corporation tax. It's wise to seek professional advice on tax liabilities.
What are some ways to mitigate the risks?
However serious, you're not at the mercy of your financial risks. Together with the board of directors or trustees, consider these tactics:
Establish internal controls
Financial risk management centers around internal financial controls, such as reliable accounting and bookkeeping practices and financial checks and balances. Your finance staff should be qualified and trustworthy. Key indicators should be prepared and monitored to facilitate financial reporting.
All procedures regulating internal controls should be clearly documented, including a list of people or roles responsible for implementation and maintenance of the controls. They should also be reviewed on a regular basis to ensure they are fit for purpose and accurately reflect how processes are actually carried out.
Once internal controls are implemented, be sure to:
- Follow through on established procedures
- Include responsibility for internal controls in job descriptions and performance evaluations (as appropriate)
- Actively monitor compliance
- Provide regular staff training
- Update controls as needed
- Encourage leadership and staff to be alert to — and speak up about — potential cases of fraud, risky investments or unethical practices
Plan for financial risks
Good financial risk management includes planning for the unexpected and then rating the likelihood of those events.
One option is to construct a risk management grid. Identify events that pose a high risk (such as theft or poor inventory control) and those that pose a low risk (such as large-scale investment fraud). Then, do the same with cost.
Another option is a rating system that takes into account various factors specific to your organization. You can then build a rating scale that extends from "rare" to "certain" (with categories such as "possible" and "likely" in between).
Consider these examples from the Nonprofit Quarterly of common risks and how to assess their likelihood in your organization:
|Risks||Factors affecting likelihood|
|Internal or external fraud||Organizational culture and ethics|
|Misuse of assets||Ongoing compliance|
|Inadequate monitoring or understanding of investments||Policies|
|Incomplete, unreliable or improperly reported information||Internal controls|
|Damage to reputation||Workforce awareness and knowledge|
|Violation of legal requirements||Employee intent|
Maintain adequate insurance
Liability insurance is another essential component of financial risk management. General liability insurance covers some costs, such as claims made against an organization in cases of injury or property damage. In addition, directors and officers insurance (commonly known as D&O) — or trustees' liability insurance in the U.K. — partially covers board members if a claim could result in board members being held personally liable as a result of their board service. D&O can also cover claims of harassment, abuse or wrongful termination by board members, staff and volunteers. Depending on the policy, purchase of separate employment practices liability coverage may be required.
However, there are plenty of costs that won't be covered in the event of a major crisis — such as salaries for missed employee working hours. Other financial costs are more challenging to determine and may result from damage to an organization's reputation or status. In these cases, it's important to have enough assets on hand to meet any costs not covered by insurance policies (and to take the steps described above to avoid such crises in the first place).
Finally, good risk management is simply good management. Educate the staff, the board and your stakeholders about risk management procedures, maintain a culture of ethics and accountability, and be responsible about your finances.
This article draws on the expertise of Andy Nash Accounting & Consultancy. Based in Cardiff, Wales, the firm offers specialized accounting and financial consultancy services to small and medium sized nonprofits.
Public Counsel: A nonprofit's guide to risk management and insurance
Nonprofit Quarterly: Risky business: Why all nonprofits should periodically assess their risk by Joshua Mintz (2012)
Charity Commission: Charities and risk management (CC26) (2010)