Not-for-Profit: Assessing NFP risk

This article was originally published on Australian Institute of Company Directors.


While most charities are squeaky clean, the ones that are not tend to capture the public mind. This almost always ends with the ruination of the not-for-profit (NFP) in question.

The Shane Warne Foundation’s experience comes to mind. Consumer Affairs Victoria investigated the foundation after questions were raised about whether only a small portion of funds raised by the charity were going to its beneficiaries. While this was found not to be the case, the NFP has since ceased operating, demonstrating how reputation risk can kill an NFP. But it’s far from the only risk charitable entities face.

Assistant commissioner, general counsel for the Australian Charities and Not-for-profits Commission (ACNC) Murray Baird FAICD, says the differences between the risks faced by for-profit and NFP entities are not as vast as one might expect.

“There are differences, but all boards have much in common. For instance, there’s a growing conversation in all boardrooms about creating value for shareholders as well as doing maximum good in the community. At the same time, charities must now make a profit to be financially sustainable, as well as maintain their moral licence to the community,” he says.

Baird advises NFP directors to look at risks as hurdles that have the potential to prevent the organisation from achieving its mission. “While risks vary between organisations, the approach ought to be the same for for-profit and NFP entities,” he argues.

While similarities abound, the main difference between a charity and a company is that shareholders are the main concern of for-profit groups, while NFPs are beholden to stakeholders.

Says Baird: “NFPs have a responsibility to their beneficiaries. They have a responsibility to donors and funders and so, in balancing their mission and risks, they have to take into account a wide range of stakeholders and ensure everyone receives the appropriate weighting in decision-making.”

Identifying and planning for risks

Alex Jones MAICD is the chief information officer at the Department of Economic Development, Jobs, Transport and Resources. He is also a council member of Curtin University and a member of Curtin’s Audit and Compliance Committee, whose charter includes risk management oversight.

He reminds directors that risk is relative to the organisation’s purpose, a perspective that must inform planning for risks.

“Risk is about managing uncertainty. But you have to take on risk if you’re going to create value. So construct a risk management framework in the context of what creates value for the organisation, considering stakeholders’ risk appetites,” says Jones.

“Risk management is scientific. You need to have the right principles in place, and a governance framework that includes a risk subcommittee of the board and the internal audit function. You need a formal risk management framework and the board oversees risk management. It’s management’s role to manage risk. But the board sets the rules,” he adds.

When it comes to risk planning, all boards must set aside the time to understand their role in managing risks, develop a clear understanding of their mission and have a clear process to identify and deal with their risks.

Barbara Pesel MAICD is on the board of two NFPs, Lort Smith, one of the world’s largest animal hospitals, and boutique opera company, Lyric Opera.

She says it’s not enough to create a comprehensive risk register. While going through the risk discovery process is important, what’s key is to prioritise risks.

“Focus on the risks the organisation can influence, because you can’t influence everything. Look at the risks that are likely to impact the business and undertake issues management as part of crisis preparedness. So many NFPs don’t go down that path,” says Pesel, who concedes this is sometimes because the body doesn’t have the capacity or funds to undertake this process.

When it comes to determining the organisation’s risk tolerance Pesel agrees it requires a balanced approach. “If you don’t take any risks, you’re probably not going to achieve what you set out to do. But if you stick your neck out too far you’re going to fail.”

Baird says the board needs to understand the balance of its skill set to properly manage risk.

“Clearly you need someone who is highly financially literate. But you also need people with a deep understanding of the mission and the beneficiaries.”

It’s also worth understanding that the risk of disharmony in NFP boards is high because people are often passionate about and highly invested in the organisation’s purpose.

“You get strong views and I would hope boards emphasise teamwork. I have seen charity boards think their job is to be the constant devil’s advocate. That’s a recipe for disharmony,” says Baird.

“Robust examination of issues doesn’t need to lead to internal factions, which is one of the important risks to watch. You need a board that’s fit for the purpose of the particular charity,” he adds.

Managing specific risks

While NFPs share many risks with their for-profit brethren, they also face risks that are peculiar to the sector.

For instance, the fragility of reputation is a particular risk NFPs face. Charities are particularly vulnerable when their reputation is damaged because that could affect their lifeline: public donations and donations from funders such as government. So charities need to place particular emphasis on reputation.

Pesel agrees reputational risk is heightened for charities. “They are more vulnerable to reputational risk than large, listed companies because they rely on donations, volunteers and community goodwill. Reputation impacts all of those.”

At the same time, financial risk is very real for NFPs. Many charities run on small financial reserves and rely on uncertain funding sources.

“You do not know what money is coming in. With short funding agreements, you don’t know whether they will end next year or the year after and that raises funding source risk,” says Baird.

The ACNC’s figures show about eight per cent of charities’ revenue comes from gifts and bequests, and about 40 per cent comes from government funding.

This is a difficult dynamic to manage and Baird’s advice to boards is to pay close attention to the organisation’s reserves and capital to make sure the NFP can weather the financial storms that buffet charities.

Pesel says threats to donations are especially acute given some have charters or missions and vision statements that don’t allow them to build financial reserves.

“The way to mitigate those risks is for boards to look at trends. With NFPs, income streams can be influenced by changes of government, changes in policies and community trends. So, I recommend these factors stay on boards’ radars,” Pesel adds.

Key person risk also matters for charities. However Baird says if the mission is clear and the brand is well regarded, this risk is manageable.

Pesel identifies “founder syndrome” as a particular NFP risk. “People who establish NFPs are altruistic and compassionate. But sometimes they lack business skills, which can lead to serious mismanagement if boards don’t step in.”

Charities face growing risks in a world where there is tough competition for funds and volunteers, and reputational damage is only one social media post from a disgruntled beneficiary away.

Directors of NFP boards must not wait until crisis hits to ask the tough questions about the risks the charity faces. So now is the time for NFP boards to ensure risk management becomes part of their watching brief before a threat becomes real and endangers the organisation’s existence.

Risks for NFPs to watch

  • Funding risk from donors, gifts and government sources.
  • Reputational risk related to mismanagement.
  • “Founder risk” whereby the organisation’s original benefactor doesn’t have the required business and financial skills to run the charity appropriately.