First, a risk management policy can be a useful tool for an organization of a certain size. It should define the organization’s relationship to risk. Most non-profit organizations intrinsically have risks, and must manage them well. Example areas of risk include contractual, mismanagement, fraud, reputation, interpersonal and management of funds.
A sustainable non-profit organization will have a risk management plan that:
- Identifies major risks faced by the organization;
- Compares them for significance by likelihood of occurrence, and by magnitude of impact if they occur;
- For each major risk, identifies approach to its management, who is responsible for regular monitoring of the organization’s handling of it;
- Identifies the responsibility for periodic revisions of the risk management plan, drawing input from all stakeholders;
- Identifies where insurance is needed; and
- Ensures facilities and asset protection.