Below I have inserted a nonprofit and governmental organization focused chart from a Protiviti paper – Executive Perspectives on Top Risks 2019.
Of course every entity is different and has different risks. And I would list and evaluate nonprofit entities separate from governmental entities, but it is not a purpose of this post to question or criticize the chart format.
Instead, from a nonprofit perspective I found the first and fifth listed risks interesting, and the second through fourth listed risks not surprising. For example, I would expect privacy, security, and top talent retention risks to be listed.
But the first and fifth listed risks identify broad and important organization culture and governance wide risks which would really concern me if I was a nonprofit board member, including: that resistance to change may restrict the organization from making necessary adjustments to the business model and core operations; and that the organization’s culture may not sufficiently encourage the timely identification of risk issues that have the potential to significantly affect core operations and achieve strategic objectives. If I’m sitting on a board and I don’t feel comfortable that the entity can timely identify risks that have the potential to significantly affect core operations, or that the organization’s culture and governance will allow it to make necessary changes to the business model and core operations, I would be feeling pretty exposed to criticism that board efforts, including my efforts, to oversee the governance and risk management of the organization are lacking or are ineffective.
Two additional comments: (1) as the chart also applies to governmental entities, I have to add that my above-stated concerns in the context of a nonprofit definitely also apply equally for governmental entities, and (2) I was surprised to not see on the list for nonprofits the risk that the organization might not have, or be able to maintain, or be able to develop sufficient funding sources to meet operational needs or for sustainability, and that important current funding sources might be reduced or lost in the future.
Immediately below you will find the chart from Protiviti, and below the Protiviti chart you will find a summary risk management framework chart that I prepared and which you might find useful.
Thank you for reading this post. If you have found value in this post, I ask that you also pass it along to other people who would be interested as it is through collaboration that great things and success occur more quickly. And please also subscribe to this blog and my other blog (see below), and connect with me on LinkedIn and Twitter.
Every case situation is different. You do need to consult with professionals about your particular situation. This post is not a solicitation for services inside of or outside of California, and, of course, this post only is a summary of information that changes from time to time, and does not apply to any particular situation or to your specific situation. So . . . you cannot rely on this post for your situation.
Best to you, David Tate, Esq. (and inactive California CPA) – practicing in California only
Blogs: California trust, estate, and elder abuse litigation and contentious administrations http://californiaestatetrust.com; D&O, audit committee, governance and risk management http://auditcommitteeupdate.com