Overview of Risk Management

• Risk Management is defined as the process of minimizing the adverse effect of a possibly financial loss by:
  • Identifying potential sources of loss;
  • Measuring the consequences of a loss occurring (financial or other: loss of reputation, inability to execute mission of organization);
  • Using controls to minimize actual losses or their financial consequences
• Risk Management traditionally has been thought of only in the context of insurance coverage and now viewed as an essential management practice. It is absolutely crucial that the “role” of risk manager for the organization is formally incorporated into an employee’s job duties
• Risk Management is often viewed as a subset of finance for corporations and while most initial implications of risk for nonprofits are financial in nature there is a broad potential impact beyond pure financial matters (i.e. loss of reputation, and inability to effectively represent its constituency).

Key Risk Management Terms

• Loss Prevention and Reduction:
  A risk management control procedure which emphasizes safety management. Its purpose is to reduce the frequency and severity of potential loss. An example of general liability loss prevention would be the posting of signs warning of wet, slippery floors. An example of employment practices liability reduction would be the formal implementation and distribution of an employee handbook.

• Avoidance:
  Another risk management technique which ensures that an individual or business does not incur any liability relating to a given activity by using common sense and sound business judgment to avoid the activity in question. However, in the real world, the risk control technique of avoidance is rarely practical. A more realistic approach is using a combination of loss prevention and reduction, self-insurance, and commercial insurance.

Risks for Nonprofit Associations

• BOARD GOVERNANCE
  
  Risks: Instances where boards do not act in a prudent manner or individual board members are inadequately informed with respect to their responsibilities. Within the realm of board governance, each director must conduct themselves utilizing the three basic duties of care, loyalty and obedience. The Business Judgment Rule protects directors if they acted with a good faith belief that their business decision was in the best interests of the nonprofit organization.
  
  Mitigation Techniques: Ensure that there are no inherent conflicts of interest that exist with the board and the nonprofit it governs. Assess the size of the board and whether it is appropriate to provide adequate guidance and oversight to the organization. Implement formal board orientation procedures including the following:
  • Communicate basic duties to board members (the duties of care, loyalty and obedience).
  • Define responsibilities and roles of authority between the board and association staff
  • Set a schedule of consistent board meetings and stipulate mandatory requirements for board member participation.
• HUMAN RESOURCES
  
  Risks: Employer/Employee related disputes are not isolated to for-profit corporations.  Many associations have issues because of poorly structured and implemented personnel policies.
  Disputes of this nature can involve accusations of wrongful termination, sexual harassment, failure to promote, and discrimination. Organizations who administer employee benefit plans are subject to liability under ERISA (the Employee Retirement Income Security Act), the federal law that governs employee benefit plans. Even with a participant-directed 401(k) plan fiduciaries can be held liable for a variety of reasons as follows: failure to properly enroll participants, lost investment income due to delay, failure to monitor a third party administrator, having an under- funded plan, and failure to notify employees of material changes or their ability to enroll.
  
  Mitigation Techniques: Regarding employment-related disputes, the association should have a comprehensive employee handbook and consistent documentation of employee performance issues. It is important for associations to consult legal counsel when developing any material for distribution to staff regarding employment practices and when employment issues arise so that there is consistency and proper documentation with respect to handling employment related disputes.  Legal counsel can also advise on how an organization can be sure to have updated personnel policies that address all of the issues relating to the following:
  • Title VII of the Civil Rights Act of 1964
  • The Americans with Disabilities Act of 1990
  • The Age Discrimination Act of 1967
  • The Equal Pay Act of 1963
  • Sections 503 and 504 of the Rehabilitation Act of 1973
• FINANCIAL OPERATIONS
  
  Risks:
  • Inadequate internal financial controls: One of the most frequent challenges for associations is the implementation of adequate financial controls to prevent instances of financial impropriety. Utilizing staff that have not been properly screened or lack adequate training can have a potentially disastrous effect on an organization.
    
    Mitigation Techniques: Establish safeguards to protect against employee dishonesty and have a senior level committee review the audited financial statements with an independent auditor.
    Specific safeguards to protect an association are as follows:
    • Split Duties that in combination could facilitate fraud
    • Never leave blank checks unsecured
    • Avoid use of signature stamps
    • Use lock box for deposit of incoming checks
    • Consider eliminating organization wide credit cards
    • Always verify references, professional credentials
    • Conduct background checks
  • Fiscal management issues: Instances where there are accusations of mismanagement of an association’s assets often fall to senior executives and the board to address. Questions regarding an association’s financial solvency can have a far-reaching negative impact on its reputation and ability to retain and increase membership.
    
    Mitigation Techniques: It is important that an association institute careful strategic planning with effective supervision. The use of an association’s assets should be closely aligned with its mission. If a deficit is present there should be a comprehensive assessment of why and for how long the association is operating with a deficit and how the deficit is being funded. An annual audit conducted by an outside audit firm familiar with expertise within the nonprofit industry will serve to uncover potential financial improprieties but will also ensure that the broader questions with respect to financial viability and overall association management and strategic direction get the proper attention from senior staff and the board of directors.
• MEMBERSHIP
  
  Risks: If an association has a formal program that sets standards for an industry or provides an accreditation or certification program, there is significant exposure with respect to member disputes over failure to obtain certification, etc.  In addition there can be allegations of membership discrimination.
  
  Mitigation Techniques: Consistency is absolutely crucial with respect to the operation of an accreditation or certification program and the criteria by which an entity or individual is awarded certification should be maintained in a highly structured manner. All criteria should be reviewed with legal counsel and an independent focus group of members prior to creating or altering such a program. With respect to preventing membership discrimination, it is important that an association ensure the membership application process is consistent, objective and transparent.
• EVENT EXPOSURE
  
  Risks: With respect to annual conferences and tradeshows there are risks associated with contract language agreed to by associations stipulating a complete risk transfer from the venue to the association. This is not in the best interest of the association as this language will absolve the venue of responsibility if an attendee gets injured at an association sponsored event and this was caused by an error by an employee of the venue.  If an association’s annual conference / tradeshow generates significant revenue for the association, then any risk to cancellation of the event due to natural disasters, terrorism, labor disputes, etc. can negatively impact the expected revenue from the event.
  
  Mitigation Techniques: Diligent contract review prior to ratification of the venue contracts is crucial. It is also important for an association to closely review the “force majeure” clause of each contract to ensure the association will be released from commitments from an expense perspective should catastrophic events occur that are beyond the association’s control.  Just as the  venue will request a certificate of insurance from an association, the association should obtain certificates of insurance from all exhibitors & vendors naming the association as an additional insured.  To protect an association’s revenue from a cancellation of a tradeshow/conference, the association should always maintain a list of alternative cities to hold the event(s).  An annual RFP process to canvas interested cities/properties is vital and allows an association’s meeting staff      to maintain a current list of locations that might fit their criteria. These criteria should include many variables but should be clear to identify those locations that are desirable from a geographic and logistical perspective. Certain locations are simply not feasible because of the size of an association’s tradeshow/conference so this annual exercise will allow a clear picture for     an alternative if in fact an event needs to be rescheduled. Lastly it is important to research available insurance coverage to specifically protect the anticipated revenue for an association’s events throughout the year.
• PHYSICAL PLANT & SAFETY
  
  Risks: There are a variety items to consider regarding the basic office operation. These issues vary depending upon the amount of space occupied, whether the association owns/rents the building and the size of the association’s staff.  Areas of attention should be the age of the building, safety of building as well as ease of entry/exit for staff, and the review basic duties of staff members to discern any exposure to physical injury as a result of job responsibilities.
  
  Mitigation Techniques: It is important to have a complete disaster preparedness plan and have periodically tested the effectiveness of such a plan throughout all business units of the association.   Implement a formal policy for employees to report work-related injuries and if an employee  is injured conduct a comprehensive investigation so that all available information is documented.  It is important to request a loss control visit to be conducted by the insurance carrier who provides the association’s business insurance to ensure adequacy of safety. It is also important to provide updated values to be reflected on the association’s insurance policy. When an association rents or owns a building they need to assess the value of their business personal property. Insurance coverage provides protection for risks of direct physical loss on a replacement cost basis (no deduction for depreciation). This business personal property coverage is designed to cover office furnishings and equipment, improvements & betterments, etc. but can convey to the building when owned by the association.

Scenarios for Exercise (Treasurer / CFO)

As a normal course of business, volunteers and staff from departments outside of finance are asked to assist in the collection of onsite registration fees for a conference/tradeshow.  Financial irregularities are discovered during a cursory review of the daily activity. What are the steps that could have been taken to prevent this from happening? What steps should be taken to address and resolve this issue?

An association’s website is a vital tool from a business operations standpoint.  It provides valuable information regarding the association’s accreditation program, educational opportunities for members, new member benefits, staff contact information, bookstore, blog, and job postings. One weekend, a virus attacks the website resulting in the website’s inability to function. It takes 60 days for the association’s website to be re-built to its former functionality.  Please describe in detail the impact that this will have from a financial and business operations standpoint to the association and what areas will be negatively impacted due to this interruption of business operations. Please also provide overview of financial analysis describing areas of impact and how the financial impact will be calculated?

An association is in the midst of printing the onsite brochure for their annual convention to be held in 3 months in San Francisco when the city is hit with a massive earthquake.  The association did purchase event cancellation insurance for the convention and now has to supply information relating to the potential loss. Describe the total financial impact by category if the convention needs to be cancelled and can not be rescheduled? Describe financial impact if the convention can be rescheduled but will need to be moved to an alternative city? How would this impact to annual revenue be communicated to the association senior staff or board of directors? Please describe the information the association’s finance department will need to provide to substantiate the financial impact of a full cancellation (or relocation to alternative city) to the insurance carrier in order for them to assess the extent of coverage.

By Amy Doherty, Senior Vice President, Aon Association Services.