PART III RISK FINANCING FOR NONPROFITS 249 Chapter 13 Fundamental Objectives and Alternatives

Step 3: Decide What to Do and Communicate

the risk management process 25

Australian Standard, suggests a way to consider frequency and magnitude in relation to each other.

exposures. For example, a nonprofit social organization concerned about the possibility of terrorists infiltrating its upcoming event may decide to:

■ hold its event in a more secure facility

■ restrict parking to those who have been issued permits

■ use student volunteers to search the bags and parcels carried by atten- dees at the event

■ hire a security firm to patrol the facility during the event

■ train a team of volunteers to patrol the facility during the event look- ing for suspicious behavior or items

■ install working or dummy security cameras at the facility

■ postpone the event

Although the options available to the event planners may seem limit- less, a closer examination reveals that all of the options can be characterized as falling into one of four broad categories: avoidance, modification, shar- ing, or retention.

Avoidance Avoidance is an appropriate risk management strategy when a downside risk (threat) to the nonprofit is significant in frequency and in magnitude and available risk management strategies are either too costly or too difficult to implement. Some nonprofits regard avoidance as the ap- propriate response when a downside risk is unacceptable. Avoidance may be selected as a risk treatment option in too many or too few instances. A nonprofit that is risk averse may miss opportunities to fulfill its mission be- cause it avoids activities in which harm could result. Other organizations are arguably too bold in their risk taking, believing that their history of op- erating without incident or loss in some way protects the organization from harm. Others may believe that they are protected from liability by their status as charities. A nonprofit should select avoidance as the treat- ment method whenever its leadership believes that the potential harm from some proposed activity presents too great a threat to the nonprofit’s mis- sion and survival.

Modification Modification, the most common risk treatment strategy, refers to any steps that either reduce the likelihood of a downside risk ma-

the risk management process 27

terializing, reduce the consequences should the risk materialize, or both.

For example, a nonprofit that delivers meals to homebound residents of a community may elect to use a special packaging system for its meals to re- duce the likelihood of leakage. It does so after examining an incident in which a service recipient slipped on her front porch after retrieving a meal that had leaked. The organization also adopts a policy of responding im- mediately to any reports of harm suffered by a recipient of a delivered meal.

It believes this approach will allow staff to respond compassionately and offer to provide appropriate help, thereby avoiding costly claims and law- suits. Modification strategies can be inexpensive and simple to implement, or they can be costly investments. If there is fear of a terrorist attack at an event, the use of volunteers to search the bags and backpacks of guests re- quires little or no financial investment by the nonprofit. What is required is time to instruct the volunteers in the process, and perhaps the risk of some lost goodwill by patrons who are subjected to the search process.

However, the nonprofit is likely to generate additional goodwill among participants who appreciate the organization’s efforts to keep attendees safe. A more costly approach would be the installation of active or dummy security cameras or the hiring of a professional security firm to search the premises before the event and patrol during the event. This strategy is also likely to both harm and bolster goodwill for the nonprofit.

Sharing Most risk management texts use the term transfer to describe the option of transferring the risk, in full or in part, to another party. We use the term sharing to emphasize the reality that a nonprofit can never fully transfer any of the risks it faces to someone else. When a nonprofit obtains a contractor’s written agreement to assume responsibility for the cost of harm suffered by passengers on the contractor’s buses, the nonprofit retains the potential threat to its reputation, credibility, and mission in the event the bus is involved in an accident and any service recipients are injured or killed. Even though the bus company has financial obligations stemming from the accident, the nonprofit’s reputation may be tarnished when a local news station reports that the nonprofit failed to check the references of the bus company, whose safety record was suspect. The organization may ex- perience a sudden drop in enrollment as parents look elsewhere in the community to provide recreational opportunities for their children.

Retention When a nonprofit retains risk, it does nothing to reduce ei- ther the likelihood or the consequences of a risk and instead deems the risk acceptable. Retained risks may include those that are either so remote that the organization deems the use of resources to address the risks imprudent, as well as risks whose consequences are negligible. The conscious retention of risk is an everyday occurrence in a nonprofit. The most important thing to remember about risk retention is that an organization should strive to re- tain risk by design, and not by default. The retention of risk after careful consideration of a threat’s magnitude and consequences is a thoughtful ap- proach. Retaining risks that were never considered by the nonprofit is re- taining risk by default.

phase 2: evaluate options

In Phase 2 the risk management committee or professional risk manager carefully examines the options available to address each of the nonprofit’s high-priority risks. In some cases the risks are sufficiently significant and the options so varied as to warrant a full cost-benefit analysis. For example, a nonprofit considering how to retrofit its building to accommodate disabled service recipients may compare the cost of installing an elevator and hand- icapped-accessible bathrooms inside the building to the cost of reconfigur- ing its operations to limit service delivery to the first floor and constructing necessary exterior ramps. The analysis may take into account how service recipients and others will view the nonprofit’s approach. Although retro- fitting the building to accommodate disabled clients on every floor is likely to be the most expensive option, the benefits of doing so may include al- lowing the nonprofit to expand its service delivery to include a population whose needs are a perfect match for the nonprofit’s capabilities.

phase 3: design risk management strategies

Phase 3 involves the development by the committee or risk manager of recommended strategies or techniques to address the organization’s prior- ities. In some cases the committee or staff professional will be empowered to implement these strategies without first obtaining buy-in or approval from the nonprofit’s boards. In other cases, perhaps due to the cost of the recommended strategy or its likely impact on various areas of operations, board approval may be necessary. In both instances, it is wise to focus on

the risk management process 29

the issue of communication. Almost without exception, risk management strategies involve a change in direction or the reliance on a new policy, training program, or piece of equipment. The change is more likely to gain broad acceptance if it is announced—along with the rationale for its selec- tion—prior to implementation. The committee or professional risk man- ager should explain how the policy or program works and why it was selected. For example, a nonprofit daycare center operating out of a church may decide to increase the rigor of its screening process for daycare work- ers and eliminate part-time positions from its payroll. The leadership of the organization may decide to take the latter step in recognition of the high cost of the new screening procedure and its experience with part-time workers, who the daycare believes are far more likely than full-time work- ers to quit before completing one year of service. The executive director meets individually with the current part-time workers to explain the ratio- nale for the new policy and offer each employee the opportunity to con- tinue on a full-time basis. For those who cannot work full-time, the executive director offers outplacement assistance and a small amount of severance pay. The executive director meets with the remaining staff to ex- plain the safety rationale for the new screening process and the timetable in which it will be implemented. She also explains why the organization has adopted the new policy and invites comment and feedback from the staff on implementing the new policy.

Phase 3 continues with the completion of detailed plans for imple- menting risk management strategies. For example, with respect to a non- profit’s adoption of a new, more rigorous screening strategy for prospective volunteers and staff, the implementation of the new strategy requires the development of:

■ A new application for paid and volunteer employment

■ Revised text for the staff and volunteer handbooks

■ A new interview guide for use by the volunteer coordinator and di- rector of human resources

■ New text for the organization’s hire letter and volunteer agreement

■ Training materials for all supervisors involved in the hiring process In addition, the nonprofit’s executive director, human resources direc- tor, and risk management representative must meet with the organization’s

outside counsel to review the new written materials for legal sufficiency before using the new materials.

phase 4: communicate

Many organizations make the mistake of waiting until implementation plans have been finalized before announcing to staff impending changes in process, policy, or equipment. Some managers believe this approach min- imizes the disruption of the organization, akin to removing a bandage quickly rather than pulling it off slowly. In most cases withholding infor- mation about new risk management strategies is a mistake because the or- ganization thereby increases the likelihood that the change will be viewed with suspicion and forfeits the opportunity to obtain early buy-in from the people affected by the change. Since many risk management strategies af- fect outside stakeholders, such as service recipients, donors, and others, gaining the support of paid and volunteer staff is a crucial first step to ob- taining buy-in from others outside the nonprofit.