Delivery in day(s): 4
How Nonprofit Organizations Manage Risk Authored by
How Nonprofit Organizations Manage Risk
Ron Matan, CPA
Bridget Hartnett, CPA
The objective of this white paper is to define risk as it applies to the
nonprofit sector, identify the key areas of risk unique to these
organizations and provide a detailed analysis of the types of risk
faced by the nonprofit community.
The authors include suggested methods and processes for efficiently
and effectively managing the juggling act required by all nonprofit
leaders to balance risk and reward.
Table of Contents
1. Define Risk Management and Enterprise Risk Management for
Nonprofit and Social Services Organizations
2. Provide a Detailed Analysis of the Areas Vulnerable to Risk in the
3. Discuss Solutions for Managing and Balancing Risk and Reward
4. Case Study
5. Sample Risk Management Plan
8. About the Authors
9. About Sobel & Co.
1. Define Risk Management and Enterprise Risk Management for
Nonprofit and Social Services Organizations
A recent article, Increasing Risk Awareness for Mission Critical Objectives
of Nonprofit Organizations, published by the America Institute of Certified
Public Accountants (AICPA), states, greater risk awareness is becoming an
expected best practice in overall governance of an organization. Knowing that
organizations, including not-for-profits, must assume risks if they want to further
their mission, executives are now seeing the strategic value of being more
informed about those risks that might positively or negatively affect their mission
goals and objectives.
It is obvious that the nonprofit community is as susceptible to the dangers posed
by potential risks as they work to achieve their goals, as is the for-profit business
However, the concept of risk and risk management is seen through a unique
lens when applied to the nonprofit sector because, unlike the corporate world
where business owners and CEOs determine policy, in the nonprofit world so
many of these critical decisions are left to the volunteer leadership, such as
board members, and to paid staff. It is this group of nonprofit influencers who
will be ultimately held responsible for deciding how conservative or adventurous
the nonprofit should be, what approach to take regarding managing risk, and
how the risk can be shared by the organizations stakeholders. This distinction
between the for-profit and nonprofit decision makers is important to bear in mind
Risk Management is defined as the process that is adopted to plan for the
possibility that events may cause harm to an organization, focusing specifically
on risk associated with board members and volunteers, staff, programs and
events, services offered, operations, technology and financial management
Enterprise Risk Management (ERM) as a process goes one step further,
enabling nonprofit leaders to ensure that their objectives are being met while
identifying and managing both internal and external risks across the entire
organization. By analyzing the vulnerability of the entire enterprise, the
leadership is able to link all of the related risks to the organizations key
initiatives and by doing so can better and more efficiently mitigate the impact of
risk within each circumstance.
For the purposes of this white paper, risk is more broadly defined and complex
than simply ensuring protection against disaster by instituting Directors and
Officers insurance policies, safeguarding funds, or obtaining the accurate
coverage in the organizations Property and Casualty plan. While it is more
common to focus on insurance policies that safeguard the organization from
law suits of all kinds, nonprofits also need to address the more subtle risks
that are often taken to enable them to achieve their mission. If, for example, they
assume too conservative an approach they may follow a path that limits the
ability of the group to reach its goals. On the other hand, an unreasonable
amount of risk may be equally as poor a strategy.
It makes more sense that nonprofits that integrate corporate governance,
strategic planning and risk management are better able to meet their mission
and achieve their vision as they strike a balance between pursuing their growth
goals and addressing the risks related to those initiatives.
Each organization can scrutinize the most obvious areas that are likely to have
risks associated with them such as strategic activities, financial activities,
operational activities, compliance initiatives and reputational concerns.
According to Charles Tate, in an article entitled So What is Risk Assessment?
these activities can be defined as follows:
Strategic activities which include the quality of programs, the organizations
physical capacity, the success with which the nonprofit achieves its mission, the
demographics of donors, the transparency of the group, and the management
of the changing expectations of donors, clients and staff, especially when
funders are seeking quantitative measurements as proof of impact and different
outcomes prevail rather than as initially anticipated;
Financial activities which include efficient use of office space, personnel,
deferred capital maintenance, cost of capital (debt), cost of programs and
services, management of endowments, cost of new technologies and the use of
Operational activities which include systems related to finance, technology and
administration along with internal controls, security, internet access, electronic
records (ex., donor databases), human resources and succession;
Compliance concerns which include regulatory accountability and
implementation of processes that can impact the ability to attract federal funding,
tax exemption status, and contracts;
Reputational concerns which include mistakes in any of the above areas,
leading to damaging or diminishing the organizations reputation and perhaps
future fund raising.
2. Provide a Detailed Analysis of the Traditional and Non-Traditional
Areas Vulnerable to Risk in the Nonprofit Community
Identifying and assessing areas at risk is a key to managing the process for
nonprofits, especially as new, more complex assessments are proving to be
important for decision making. Nonprofit leaders must keep an eye on traditional
sources of risk while also learning to link mission critical strategies with key risks.
Reviewing the organizations top strategic initiatives (programs, events, service
offerings) is one way to begin identifying those areas of greatest exposure for the
Here are some of the most common areas that have a high potential for risk:
Special Events and Other Fundraising Risks
A nonprofit can be at risk on several different levels regarding both individual
fundraising and fund raising through special events.
When hosting a major event such as a Gala, a blood drive, a golf outing, a
Bowl-a-thon or any other similar program, there is always risk attached.
No matter how well planned, the event can be a disaster if anything goes
wrong. To side step the possibility of risk, the nonprofit can adopt some
preventative measures when preparing for any event.
To begin with, the event must be mission appropriate. Keep in mind that the
event represents the organization and supports its vision. The event must be
carefully crafted and thoughtfully executed so that it can not only promote
the organization but also meet its social and financial goals. The bigger the
event, the bigger the audience, thus the more planning that is required
for success. To accomplish this, there should be an event director and a
committee, whenever possible, devoted to planning, directing and managing
every logistic detail and ensuring continuous communication. In addition, all
activities surrounding the event must be reviewed for safety precautions to
eliminate the possibility of injury.
There are other types of risk surrounding fundraising besides those that
occur during a special program. Of course, not all fundraising is done through
major events. In fact, most nonprofits count on individual donors for the
majority of their revenue generation. Whether using a list broker for direct
mail and email campaigns or sending messages to Twitter followers,
nonprofits can run into all sorts of challenges and risks when interacting
with donors on a personal level.
The laws governing nonprofit solicitations and the deductibility of individual
contributions have grown much more complex over the years. Current
regulations require donors and beneficiaries to keep precise records and
to report on the scope of their financial involvement.
When communicating with individual donors, the nonprofit should avoid
aggravating the donor with repeated solicitations or violating privacy
concerns; accepting a donation from someone who doesnt embrace the
same values and ethics as the nonprofit, or handling bequests inappropriately.
Donations of real property can also be a source of risk for a nonprofit
either because the organization doesnt conduct appropriate due diligence on
donated property when valuing the benefits of such a donation or because
there is a potential legal liability if the donated property is found to contain
environmental hazards. Remember that real estate donations may not end
up being as lucrative as they appear and take all precautions to alleviate risk.
Volunteers are the life blood of the nonprofit world. Many organizations rely
heavily on their volunteers to take on formal responsibilities, such as when
they accept the role of board member, as well as to drive many of the
programs and fund raising efforts. While most volunteers are passionate
about the mission and dependable regarding their duties, nonprofits need to
be aware that there can be some surprises if they do not prepare properly.
Understaffed and overworked nonprofits can tend to accept volunteers
based on the warm body theory taking any warm body and putting them
to work on projects and programs. This can lead to incredible risk if there is
no vetting process to ensure that volunteers meet a certain criteria. And even
with a process for checking out the volunteers in place, there can still be
issues that put the group at risk. There is always the possibility that the most
energetic and engaged volunteers can land the organization in hot water if
they are not given the appropriate tools and education.
With this in mind, training programs should be mandatory for volunteers,
depending on their role within the organization. All board members should
attend orientation programs where they learn of the scope of their
participation and the expectations regarding their contributions of time and
Insufficient internal controls, programs that continuously run at a deficit or
ineffective fundraising activities can all put the organization at risk.
It is equally as important for executive directors and boards of nonprofits
to have strong internal controls in place to deter or prevent fraud as it is for
the for-profit business owner or CEO. The waste or theft of the organizations
assets can be avoided with proper controls and separation of duties. This is
particularly important for organizations that have only a few staff members
performing all the administrative tasks. Under these circumstances, the
bookkeeper may be opening the mail, paying the bills, handling the incoming
revenue, and even preparing payroll. If so, the organization is in an extremely
That trusted employee, given the right conditions, can begin to take
advantage of the boards trust and the opportunities they have for
mishandling funds due to few checks and balances on their daily activities.
Costly and inefficient programs can also put the organization in a dangerous
financial situation as can fund raising activities that are not carefully
managed and measured. To mitigate these issues, nonprofits can rely on
accurate budgets and financial forecasts to keep them out of trouble.
The budget, prepared by the treasurer or others with a strong financial
background, should reflect the organizations ability to accomplish its mission.
Reasonable (conservative) opportunities for generating revenue, including
fundraising, donations and grants, as well as a realistic assessment of all
costs related to achieving the groups mission, are all a part of the budget
process. Resources are distributed and programs developed based on the
picture that is portrayed by the budget. If the budget does not reflect a
truthful representation of the groups financial standing, the organization can
be at risk.
Lastly, while poor financial decisions and investments can always pose a
problem, as can unexpected economic shifts (as we have been experiencing
for the last few years), with careful use of outside professional advisors such
as financial management experts, this risk can frequently be minimized.
Employers at both for-profit and nonprofit organizations are always
vulnerable to claims from angry employees, but the nonprofit sector, with its
reputation for carrying out the greater good, bears an additional burden of
responsibility to staff. Because of this reputation for perpetuating good will,
nonprofits face additional obstacles regarding fair treatment. Employees may
unfairly anticipate that the nonprofit environment will be more nurturing and
supportive than that of a corporate institution. Many future employees also
expect that a nonprofit organization will offer a more informal, easy-going
atmosphere than that of a typical business environment. Sometimes nothing
could be further from the truth! Nonprofits are forced to do more with less,
and executive directors are stretched beyond their limits as they deploy
limited resources to provide much needed programs and services for their
constituents, while in many instances relying on sometimes undependable
volunteers to fill in the gaps. Instead of a warm, welcoming and relaxed
atmosphere, employees may find themselves in tense situations as they
scramble to attract donors and serve the community at the same time in
order to carry out the organizations mission.
It is not surprising that 85% of all insurance claims filed under Directors and
Officers (D&O) Liability policies are employment related. The percentage is
high, indicating that any nonprofit is at risk in this area.
To address the concern of staffing risk, nonprofit leaders need to institute the
same employment practices as their for-profit counterparts. Even though this
may seem especially burdensome for a small organization, nonetheless, they
should adopt reasonable employment practices, including the following:
-Write and continuously review employee manuals and handbooks for both
paid staff and volunteers (having written manuals ensures consistency and
helps avoid ambiguity and confusion) that include all personnel policies
-Write and continuously review hiring, disciplinary and termination procedures
-Develop written job descriptions, complete with specific areas of
-Support the board of directors who are engaged in performance reviews for
the Executive Director and include a written evaluation and compensation
-Remind all staff of both the nonprofits anti-harassment policy and its whistle
blower protection policy
-Provide a safe, clean, healthy environment that is designed to prevent
-Involve the board of directors in all staffing decisions and policy making
Restricted Grants Risk
Nonprofit organizations struggle to gain adequate funding, and in many cases
are very eager to apply for grants that can help them close the gap between
revenue and costs.
With current government cut backs and individual donations slowing, many
nonprofits have turned to grants as an alternative. The competition is fierce
and the desire to gain the grant may cause some nonprofits to over promise
when they are making their case.
If the grant is awarded and the nonprofit cannot fulfill its part of the
bargain, the leadership is putting the entire organization at risk. Restricted
grants, by their very definition, have strings attached. It is the responsibility
of the nonprofit to recognize these limitations and weigh the costs and
benefits associated with the grant before applying. This means reading
the application completely to gain a full understanding of the expectations of
Complicated scenarios are becoming more common, and the burden is on
the nonprofit to manage the funds provided by the restricted grants
appropriately. Here are some suggestions provided by the Nonprofit Risk
Organization regarding restricted grants:
-Pursue restricted grants with caution and accept the temporary nature of all
projects supported with restricted funds. (Be especially careful when hiring
project specific staff for programs that may not be sustainable)
-Acknowledge, identify and monitor the strings which accompany a restricted
grant. Read all agreements, donor letters and other funding documents.
-Carefully monitor all expenditures for restricted grant projects to ensure that
spending does not exceed grant revenues.
-Avoid restricted grants that require institutional growth or projects that may
not be sustainable once the funding cycle is over.
-Plan carefully and communicate expectations to key parties.
-Always assess your grant-seeking practices, prospective funders, and
partnership opportunities in relation to the organizations mission and goals.
Reputation risk in the nonprofit sector can bring a loss of confidence in the
organization, resulting in a decline in demand for its services, diminishing
donor support, fewer volunteers, or even a withdrawal of strategic alliances
and collaboration partners. The nonprofit may not even be aware that its
reputation is being tarnished until some of the situations described above
occur repeatedly. Most assume that they are protecting their good reputation
and keeping it from risk by providing good services for constituents and
following established policies. But this is not always the case, especially in
todays technology driven climate. Poor scores on sites like Charity Navigator,
inadequate or missing information on GuideStar, the voice of bloggers,
unhappy donors who take to complaining on Facebook, or even a special
event gone awry can all bring reputation risk to even the most well regarded
To combat these challenges, nonprofit leaders must listen to their
stakeholders, ask their board for advice, and consider all feedback as
essential. Every nonprofit should provide communication channels that
encourage compliments, complaints and concerns as well as suggestions for
Conducting an occasional survey of donors and volunteers can help bring
their opinions to light. In this way, a nonprofit can identify what they are
doing that is effective, what their supporters most appreciate, and if they
refer others to the group (the sign of a truly loyal supporter is a referral).
It is important to remember that a dollar value cant be placed on a good
reputation - and it isnt covered by an insurance policy as some other
risks are! A strong reputation is key to attracting donors, volunteers and
constituents by building credibility, confidence and trust.
To protect its reputation from risk, the organization needs to be proactive,
ask questions, listen to answers, and stay in touch with all stakeholders,
encouraging an open and candid dialogue.
3. Discuss Solutions for Managing and Balancing Risk and Reward
Before presenting solutions for managing risk, two questions that beg an answer
are How much risk is appropriate? and Who should determine the level of
While volunteers, staff and donors may make this determination, as stewards for
the community, they are acting on behalf of all those who benefit from their
mission. This responsibility complicates the situation. The ambiguity of who
bears the risk, and what levels of risk taking are appropriate, impacts directly on
nonprofit decision making notes Dennis Young in his working paper for the
Nonprofit Studies Program at Georgia State University.
Whether leaning toward a conservative approach because they are reluctant to
take chances with resources entrusted to them by others or embracing a more
entrepreneurial approach founded on the idea that they are expected to lead
social change, the influencers with the nonprofit need to carefully weigh all
options and elect a systematic, strategic approach that supports their mission
without being irresponsible.
To begin such a process, the nonprofit can establish a committee to develop
its risk management program. Committee members should be included from
various segments of the nonprofit, including administration and operations,
finance, volunteers, programming, and development. Select board members and
the executive director should be included as well.
The next step to managing risks is identifying those situations (perhaps isolate
the Top 10) where it is anticipated that risk is most likely to impact the nonprofit
organization, from loss of grants to special events to facilities management to
volunteer management to fundraising and everything in between.
There are also unanticipated situations that can occur. Perhaps changes in the
community have taken place and they are contemplating offering new programs
to address shifting issues; perhaps it is necessary now to expand capacity; a
change in vision may necessitate the firing of the Executive Director, or
diminishing funds may encourage collaborating or even merging with another
organization with a similar mission. In each of these unexpected scenarios, the
nonprofit needs to be able to execute a fair decision that will lead to success
without incurring unacceptable levels of risk.
Each organization may have its own concerns, but they also need to be alert
to common risk issues such as being responsible for a guest becoming injured
at a fund raising event, a technology glitch that breached the confidentiality
of donors gifts, or an employee theft. The smart nonprofits will assess all
possibilities and prepare for them.
This also means disaster preparedness. For further information on this, please
see our white paper, Disaster Planning and Business Continuity for Nonprofit
Organizations: Preparing for Disruption published in Spring 2010.
The third step necessary is for the committee to assess each area of risk and
determine how likely it is to occur. This is critical because the list for potential
risky situations is long, and given the nonprofits limited resources and time,
the expectation of risk must be prioritized to allow attention to be paid to those
areas that will do the most harm.
In the current environment, risk and risk management are board responsibilities.
As such, for those nonprofits that have an audit or finance committee, or an
executive committee that assumes these functions, these committees should be
expanding their role to include not only financial reporting, but also assessing
the organization for risk. While the Sarbanes-Oxley Act of 2002 does not
mandate an internal audit for nonprofits, many organizations of all sizes are
enforcing some component of risk assessment and the implementation of
internal controls at a level practical for their size and resources.
For the board in general and the audit committee specifically, identifying risk is
a good start, but the critical step is to develop the policies that in all likelihood
will prevent it from occurring. Controls are only effective when they are
implemented consistently and updated and reviewed regularly. Everyone
involved must understand the risk management processes and adhere to
them without exception. Training may be needed to ensure responsibilities are
4. Case Study
In order for an organization to determine its long term goals and identify the
best approach for achieving those goals, it is imperative to align its strategic
direction with its key risks. Successful strategic initiatives must be designed
to accommodate the views and requirements of a variety of constituents. In
other words, organizations need to implement a process that is designed
to attain long term goals while managing those key risks that prohibit the
organization from attaining its mission. In order to achieve these strategic growth
milestones, organizations will be faced with roadblocks which form the
cornerstone of an organizations risk assessment.
Whether it is a for-profit or nonprofit entity, certain risks will be prevalent in all
organizations, while other risks are unique to the organization and its objectives.
In addition, nonprofit organizations face a regulatory and operational environment
that is constantly changing. As a result, they should always be seeking ways
to improve the efficiency, effectiveness and security of their operations. One of
the best ways to do this, and stay ahead of the inevitable changes, is to perform
an annual risk assessment.
A Risk Assessment is the process of identifying all the risks to and from an
activity while assessing the potential impact of each risk.
As this real world case study demonstrates, the first step in implementing a
risk assessment is to become familiar with the organizations strategic plan and
any risk factors or deficiencies identified by their external auditors. Additional
considerations should be made as to whether there has been turnover in key
management positions and the overall moral of the employee base.
What the initial interaction showed was that this nonprofit client had a strategic
growth initiative that focused on competing for discretionary dollars in a weak
economy, continuing to remain a viable entity, implementing the right mix of skills
and diversity found within the Board of Trustees, and having an overall cohesive
vision. These strategic initiatives are common in many non-profit organizations
and certain key risks are associated with these initiatives.
The following were the risk categories that were identified as integral to the
nonprofits strategic growth initiative:
Operational Risk: The possibility that sloppy, inadequate, ineffective
or incompetent back office activities will interfere with normal healthy
Strategy Risk: The risk that the organization hasnt carefully
established viable plans for operations, finance and asset/liability
Fraud Risk: The possibility that deals made are not genuine or
bonafide. Fraud risk also includes the chance that deals are not arms
length, that deals are not legal or that there is increased risk of
misappropriation of assets.
Market Risk: The risk that investments, etc. will decline as a result of
fluctuating markets and/or the risk of not being properly hedged.
Compliance/Regulatory Risk: The possibility of engaging in
transactions that violate laws, statutes, etc.
Legal Risk: The possibility of lawsuits.
Environment Risk: The possibility of environmental issues arising in
real estate owned or on properties which the organization operates.
Management Risk: The possibility that the competency, judgment
and integrity of management and their actions will jeopardize the value
of net assets.
To proceed, meetings were scheduled with the operations and line staff, the
executive team and members of the board to disclose the risk tolerance of
the organization. This information, coupled with the information gathered during
the planning stage, was pivotal to indentifying and scoring the individual risks
and risk categories.
At the onset of the risk assessment, an employee from the organization identified
the risk categories that were affecting the organization and determined the risk
factors for each risk category. Risk factors were the criteria used to identify the
relative significance of, and likelihood that, conditions/events may occur that
could adversely affect the organization. Risk factors for this nonprofit included:
Managements Tone from the Top: This is the ethical (or unethical)
atmosphere in the nonprofit environment as perceived by the
employees and board members. Management's tone has a trickle-
down effect on everyone involved, which means it is likely that if top
managers uphold ethics and integrity so will employees. But if upper
management appears unconcerned with ethics and focuses solely on
the generating of funds or donations, employees will be more prone to
commit fraud because they feel that ethical conduct isn't a priority.
Complexity of Process: The scope and complexity must be
measured, so each process should be reviewed and a determination
made as to how complex the process is. Each process should be
rated based on this assessment, (high, moderate, or simple).
Volatility of Process: This risk factor poses the question regarding
how easily the process can change. Each process should be rated
based on this assessment (high, moderate, or simple).
Materiality of Process: To determine materiality, the organization
must be able to address the financial impact of the process on the
nonprofit. The materiality of each process should be rated high,
moderate or low, based on this assessment.
Volume: To address volume, the organization must understand how
many units are at risk and how often is the process performed within
the organization. Each process should be rated based on an
assessment of volume as high, moderate, or low.
After the nonprofit had a clearer understanding of the risk categories and risk
factors it potentially faced, and had an understanding of how much risk the
key people in the organization were willing to accept, it was time to focus on
their operations manager and their business processes.
The nonprofit developed a scoring system for the risk factors, typically (1 for high
risk, 2 for moderate and 3 for low). While documenting these risks the nonprofit
categorized the risks (operational, financial, strategic, etc.) and subsequently,
scored the risks. After the risk activities were scored, the nonprofit ranked the
risks from high to low risk.
As a result of this process, the board of directors gained a solid understanding
of the risks in the organization and a roadmap to improve their internal control
structure. As importantly, this nonprofit understood the obstacles / roadblocks
to accomplishing their strategic initiatives and directives.
5. Sample Risk Assessment Plan Outline
This outline below, provided as a template from the Risk Management Tool Kit
website, provides some guidance and ideas for nonprofit leaders to consider
when drafting their own plan.
TABLE OF CONTENTS
1.1 Purpose and Objectives
(A Risk Management Plan should begin with a forthright statement that explains
the groups philosophy concerning risk and risk management. This introduction
sets the tone for the plan, by laying a foundation based on the organizations
approach to risk.)
2.0 PROGRAM SUMMARY
2.2 Acquisition Strategy
2.3 Program Management Approach
3.0 RISK-RELATED DEFINITIONS
3.1 Technical Risk
3.2 Schedule Risk
3.3 Cost Risk
3.4 Risk Ratings
4.0 RISK MANAGEMENT STATUS AND STRATEGY
4.1 Risk Management Status
4.2 Risk Management Strategy
5.1 Program Office
6.0 RISK MANAGEMENT STRUCTURE AND PROCEDURES
6.1 Risk Planning
6.2 Risk Assessment
6.3 Risk Handling
6.4 Risk Monitoring
Risk Management Information System (RMIS), Documentation, and Reports
With all the changes taking place today, nonprofits face risk from many different
situations. Along with the traditional risks that accompany financial decisions,
managerial activities or human resource issues rising from interaction with staff
or volunteers, there are other less traditional types of risk that are appearing on
For instance, quickly growing technological advances have brought great
advantages as well as the potential for major consequences. Nonprofits have to
carefully guard their databases, protecting the confidentiality of donors. Names
and contact information cannot be shared, and caution has to be taken against
the dangers of hackers and other technological glitches that jeopardize the
volunteers, donors and constituents.
Other technological advances, such as the increased use of social media,
provide opportunities for nonprofits at the same time they create critical concerns.
Through technology such as Facebook, Twitter, websites and blogs, donors and
constituents can easily locate a nonprofit organization, spread the word regarding
its mission, sign up to get involved or engage in on-line giving. However, all of
these amazing communication tools have a dark side that presents risk for the
organization. Once a statement is made on-line it becomes public, taking on a
life of its own and reverberating throughout the local, regional and even global
community in seconds. Bloggers are free to speak their mind with little or no
censorship and friends can share good news and gossip on Facebook that
can enrich or destroy the nonprofits reputation.
Competition from other similar nonprofits also creates a risky situation. There
are more nonprofits now than ever before, and all compete for the mind share
and heart share of the same audience. In any economy, the fight for the
discretionary dollar is intense.
Finally, the demand for better measurement and transparency has caught up
with the nonprofit world just as it has impacted the for-profit business community.
Websites like Charity Navigator gather information about nonprofits from sources
like the 990 forms and, by implementing an elaborate rating system, evaluate
and judge the effectiveness of the nonprofit. Their independent and unbiased
recommendations regarding the viability and trust worthiness of the organization
can have a significant positive impact on the groups success, or can put it at
tremendous risk for loss of reputation and standing in the community it serves.
To address all of these types of scenarios, the smart leaders of nonprofit
organizations, both large and small, are assuming a more structured, disciplined
approach to managing all risk factors across the entire organization wherever
they routinely occur, while putting simple processes in place to prevent risk from
happening in the first place.
Enterprise Risk Management on a Budget. Corey Reinker. May 2011.
So What is a Risk Assessment? Charles Tate. January 2010.
Managing Risk Within Nonprofit Organizations. White Paper Nonprofit Series.
Pacific Continental Bank.
How Nonprofit Organizations Manage Risk. Dennis R. Young. June 2003.
Georgia State University. Andrew Young School of Professional Studies.
Managing a Nonprofit Means Managing Risk. Leigh Tucker. July 2009.
Managing Risk in Budget Forecast. The Nonprofit Risk Management Center.
Managing Risk. Thomas A. McLaughlin. The NonProfit Times. February 2008.
Staffing the Nonprofit Workplace Steering Clear of Pitfalls.
Why Risk Management in Relation to Volunteers?
Financial Risk Management: Key to Your Nonprofits Health
The Road to Safety
Managing Special Events Risk
Managing Restricted Grants: Routine or Risky Business?
The Eye of the Beholder: Managing Reputation Risk
Dont Be Ensnared By the Risks of Fundraising
Case Study provided by Noah Kessler, Sobel & Co.
8. About the Authors
Bridget Hartnett, CPA, a member of the Firm at Sobel & Co., has more than
thirteen years of experience in public accounting which she draws on to
provide high level services for clients.
Experience in the Nonprofit Niche
Bridget spends most of her time working closely with clients in social
services and nonprofit areas, including educational institutions. As a member
in the firms Nonprofit and Social Services Group, Bridget supervises the
audit engagements conducted by Sobel & Co. for the Cerebral Palsy
Association of Middlesex County, the Youth Development Clinic of Newark
and Catholic Charities of the Trenton, Metuchen and Newark dioceses,
Freedom House, and C.J. Foundation. In addition, she handles all of the
firms education audits and holds a Public School Auditors license. Bridget
is also responsible for reviewing and overseeing the preparation of nonprofit
Philanthropic and Social Service Commitment
Bridget carries her commitment to social services beyond the work place to
include her personal involvement in several areas, such as at St. Benedict's
school in Holmdel where she is always available for volunteering for projects
and special events as needed as well as giving her resources and time to
various childrens charities, such as the New Jersey Chapter of Make-A-Wish
and others. She is also a volunteer with professional business groups in
the New Jersey community, including Monmouth Ocean County Nonprofit
Committee and the Western Monmouth Chamber of Commerce where she
helped to found the successful Young Professionals Group and currently
serves as Co-Chair and founder of their newly formed Nonprofit Committee.
Bridget is also an active member of the New Jersey CPA Societys Nonprofit
As a licensed Certified Public Accountant in New Jersey, Bridget is a member
of both the American Institute of Certified Public Accountants (AICPA) and the
New Jersey Society of Certified Public Accountants (NJSCPA).
Bridget graduated with her Bachelor of Science degree from Montclair State
Ron Matan, member in charge of Sobel & Co.s Nonprofit and Social Services
Group, brings a unique blend of public accounting and business acumen to
every client engagement. A key member of Sobel & Co.s Leadership Team
since joining the firm in 1997, Ron works primarily with non-profit
organizations, including United States Department of Housing and Urban
Development (HUD) projects, A-133 engagements, and low income housing
tax credit programs (LIHTC).
Experience in the Nonprofit Niche
As member in charge of the firms Nonprofit and Social Services Group
(A-133 and HUD audits and LIHTC programs), Ron is responsible for the
firm-wide quality of this practice area and is the firm liaison for the AICPAs
Government (Nonprofit) Audit Quality Center. With over 35 years experience
in public and private industry and accounting experience with all types of
nonprofit and social service organizations, Ron brings a unique blend of
knowledge and insight to these specialized engagements. Ron is a Certified
Tax Credit Compliance Professional and is listed in the Guide which is
circulated to all State Agencies Allocating Tax Credits as well as the Internal
Revenue Service. He has also taken courses in advanced training for peer
reviews and performs peer reviews of other accounting firms.
Philanthropic and Social Service Commitment
Ron is a member of the Board of Directors of First Occupational Center where
he serves as Treasurer and is a member of the Education Committee for the
Mid-Atlantic Chapter of the Society of Association Executives. Ron is a
member of both the Plainfield Neighborhood Health Center Board (where he
serves as Treasurer) and Union County Educational Services Foundation
Board. Ron was the former treasurer and board member of Kids Peace
Treatment Centers for emotionally disturbed children, located in Bethlehem,
Ron is a Certified Public Accountant licensed to practice in New Jersey,
New York and Pennsylvania. He is a member of the American Institute of
Certified Public Accountants and the New Jersey Society of Certified Public
Accountants (NJSCPA). Ron has been elected as Vice-Chairman of the PKF
North Americas Nonprofit Committee, and in June 2004, Ron was appointed
to the New Jersey Society of Certified Public Accountants Peer Review
Executive Committee. Ron is also a member of the NJSCPAs Nonprofit
Ron is a graduate of Kings College in Wilkes-Barre, Pennsylvania, where he
received a Bachelor of Science Degree in Accounting
9. About Sobel & Co.
Sobel & Co. is a middle market accounting and consulting firm with
headquarters in Livingston, New Jersey that has been providing nonprofit and
social service organizations in the New York/New Jersey metropolitan area
with audit, accounting, tax and advisory services since its inception in 1956.
The firm is distinctive in its approach to the nonprofit community because of
its sincere passion for serving this sector. As it says on the Sobel & Co.
website, We work with the nonprofit sector because we feel good helping
those who do good; we have a passion for helping nonprofit organizations
achieve their mission of helping the world's most vulnerable.
The firm currently works with more than 175 nonprofit organizations with
revenues ranging from $100,000 to over $60,000,000. Based on this depth of
experience, the professionals in the nonprofit group are keenly familiar with
the issues facing nonprofits and they will apply this knowledge to bring added
value to every engagement.
As a further demonstration of the firms commitment to the nonprofit
community, several complimentary programs are offered throughout the year.
These include quarterly webinars, roundtable discussions and an annual
symposium on timely and relevant topics. Newsletters, articles, benchmark
reports, surveys and white papers are also distributed to the nonprofit sector
to provide them with access to cutting edge information.