Nonprofit Management Center Vol. 23, No. 2, Fall 2014

My Policies My Risk Management Policies, Version 2.0 helps you create custom risk policies for your organization in a matter of minutes. Need well-written policies? This cloud app makes policy drafting easy. After completing the quick registration process, search by keywords, categories or peruse an alphabetized list of 150+ templates. Each template offers many options to consider. With My Risk Management Policies, Version 2.0, custom-fitting policy language to suit your nonprofit is easy and dare we say… fun! The Risk What’s New • Multiple users, one account — The new version has two levels of users: Fundamentals Account Holder and Added User. This means that two or more staff from Issue one organization can collaborate on the drafting of policies. • Policy drafting tips — Policy drafting tips and hints appear at the top of many templates. It’s like having a risk coach on your desktop. We Are the Champions, My Friends: • More policies than ever before — We have added nearly 50 new policy templates and updated many more, and Risk Champion Q&A we’re not stopping there! As always, we welcome your suggestions for new By Erin Gloeckner policy types, new policy language, policy options and more. Send your This special issue ofRisk Management understood and practiced consistently requests to [email protected]. Essentials is devoted to sharing the throughout your organization. If your To begin developing customized Risk Management Policies for message that risk management is a team team doesn’t have a risk champion, or your nonprofit, go towww. sport. A team approach encourages if you’ve recently assigned a newbie to myriskmanagementpolicies.org. the embedding of risk management a risk-centric role, take a moment to The one-time licensing fee for practices throughout your organization. learn from these nonprofit leaders who My Risk Management Policies is only $179 or just $29 if your nonprofit is Still, it helps to have an experienced risk graciously answered our Risk Champion an Affiliate Member of the Nonprofit management thought leader on board; Q&A. Risk Management Center. this ‘risk champion’ can inspire buy-in If nonprofit risk management was a from the whole team and ensure that TV show, these folks would be the your approach to risk management is Top Chefs of risk. continued on page 2

A publication of the Nonprofit Risk Management Center ©2014 Nonprofit Risk Management Center 204 South King Street • Leesburg, VA 20175 • (202) 785-3891 or (703) 777-3504 • www.nonprofitrisk.org 2 ❙ Risk Management Essentials • Fall 2014

We Are the Champions, My Friends: Risk Champion Q&A continued from page 1

Risk Champion Roll Call Q: What is the biggest Gaetana De Angelo, Director of Risk at challenge you face as a risk Girl Scouts of Greater Atlanta: Joined champion at your nonprofit? the ranks of risk champions after After completing numerous risk working at the Girl Scouts Council assessments and other consulting Vol. 23 • No. 2 • Fall 2014 for a few years (her background was Published three times annually by the projects for our diverse clients, we restaurant management). Gaetana then Nonprofit Risk Management Center asked this question with some educated 204 South King Street decided to go back to school and earn a Leesburg, VA 20175 guesses in mind. It was no surprise degree in risk management. Phone: (202) 785-3891 or (703) 777-3504 when Robert Jones said his biggest www.nonprofitrisk.org. John Enos, Director of Risk challenge was, “the size of The Salvation Management at Quest, Inc.: Entered Army along with all of the different Nonprofit the risk management profession after types of programs and services offered to Risk Management completing a degree program in the public.” John Enos agreed that, “the Center occupational health and safety and biggest challenge for me is that Quest, Staff Directory working in the petrochemical industry Inc. offers very diverse services: from a (All staff can be reached at 202.785.3891) as a field inspector and trainer. After a Melanie Lockwood Herman variety of residential and employment ■ Executive Director few years, John changed industries to options, to behavioral therapy and even [email protected] work for a third party administrator as a a recreational summer camp. It can be Erin Gloeckner ■ Project Manager loss control inspector for a self-insured difficult assessing the risk associated [email protected] workers compensation account. He with so many different operations.” Kay Nakamura worked very closely with an amazing ■ Director of Client Solutions Carolyn Gulston expressed a [email protected] underwriter who shared a wealth of risk related sentiment, that her greatest Emily C. Stumhofer management knowledge with him. For ■ Staff Attorney challenges at National Multiple Sclerosis [email protected] the past ten years, John has worked as a Society include “managing multiple Arley Turner risk manager in both the construction ■ Project Manager chapters/subsidiaries as part of the and healthcare industries. [email protected] risk management program and getting 2014 Board of Directors Carolyn Gulston, Director of Risk absolute buy-in from all.” Organization- President David S. Kyllo Michael A. Schraer Riverport Insurance Management at National Multiple wide buy-in is an all too common Chubb & Son Company Sclerosis Society: Was tempted by Warren, NJ Minneapolis, MN barrier for today’s risk champions. a past client to try her hand at risk Treasurer Robert O’Leary Gaetana De Angelo approaches this Lisa Prinz Philadelphia management. Carolyn worked as a Harleysville Insurance Companies challenge by “balancing the use of risk Insurance Boston, MA property and casualty insurance broker management techniques to inspire Harleysville, PA David Szerlip until she was asked by one her clients to Secretary Arthur J. Gallagher confidence” amongst staff at Girl Scouts Carolyn Hayes-Gulston & Co. consider becoming their risk manager. of Greater Atlanta. Dawn Fostmeier National Multiple Short Hills, NJ Sclerosis Society Robert Jones, Assistant Risk also inspires confidence at InterVarsity New York, NY Tara Thomas Teach For America Management Director at The Salvation Christian Fellowship, explaining that Peter Andrew Chicago, IL Council Services Army, Eastern Territorial HQ: Began “InterVarsity does business all over Plus, Inc. Jeffrey D. Weslow Albany, NY Housing Authority his foray into risk management while the U.S. and overseas, and the legal Insurance Group Kitty Holt Cheshire, CT planning his retirement from the United team reviews many contracts and Plan International USA Warwick, RI States Army. Robert was looking for a regulatory issues. Hotels and other Cynthia Koral career field that offered diversity in day vendor contracts ask us to accept 501(c) Agencies Trust to day operations. Risk management Cupertino, CA responsibility for everything, including seemed to fit the bill and he was 100% their acts of negligence. Legal helps our correct! staff negotiate these contract terms that Dawn Fostmeier, Legal Manager/Risk could harm the ministry. The increase Coordinator @ InterVarsity Christian of unfavorable terms makes reviewing Fellowship. contracts even more important.” continued on next page Risk Management Essentials • Fall 2014 ❙ 3

We Are the Champions, My Friends: Risk Champion Q&A continued from page 2

Dawn makes an excellent point that practicing both action and reflection can prepare your team to manage unpredictable upside and downside .

Q: In what ways is your They really take managing risk very nonprofit’s risk management seriously.” Carolyn’s situation is function unique? unique because in some organizations, conveying the importance of risk The Center is a huge proponent of management to the board and custom risk management policies and leadership team is a struggle. self-made risk management plans. We John Enos found uniqueness believe any organization’s approach to in Quest’s compelling approach to risk management should align with its engaging staff in risk management.“Our unique mission, structure, and culture. philosophy on safety is what makes This led us to ask the champions our risk management function unique. how their organizations practice risk Quest’s safety motto is ‘At Quest, safety management in distinctive ways. is you.’ Safety starts with you and Carolyn Gulston points out ends with you, no matter what level that though many nonprofits you are within the organization. That cannot hire staff to focus solely on philosophy enables our staff members to risk management, prioritizing risk actively be involved in two key elements management from the top down of risk management: recognition can help you find your path. “What and hazard control.” allows me to be effective in my role Gaetana De Angelo also uses a as risk manager is the support from down-to-earth approach to clearly the national board and leadership. communicate risk management and continued on page 4 4 ❙ Risk Management Essentials • Fall 2014

We Are the Champions, My Friends: Risk Champion Q&A continued from page 3

safety expectations amongst the Girl management. There’s no right answer Scouts’ mega-squad of volunteers. “I for everyone, so we asked the risk feel that we have a very unique situation champions what the secret ingredient is at the Girl Scouts. The large majority at their organizations. Robert Jones was of our program delivery is through a straight-shooter: “Communication is volunteers; in our council alone that is most important.” Gaetana De Angelo almost 17,000 adult volunteers! Various agreed with Robert that communicating methods have to be employed to ensure the true purpose of risk management that we communicate safety and risk is essential. “Many people look at risk information to our volunteers who are management as all the things you can’t excited and energized about delivering do that would make life fun! But, I the Girl Scout Leadership Experience. have always espoused the belief that Parents who entrust their children good risk management makes anything to our volunteers have huge safety possible. When I read this statement expectations. The challenge frequently by Felix Kloman – ‘the fundamental arises that each adult volunteer comes purpose of risk management is to to us with very different backgrounds inspire confidence,’ I realized that those and life experiences. I never use the few words really do explain what risk phrase, ‘well that is just common sense,’ management is and why it is necessary. as I have come to learn that common The most important element for sense is very different from one person effective risk management is helping to another!” people understand that continual Whether you’re juggling safety planning and evaluation are the best concerns, stakeholder relations, or methods to ensure that we are inspiring an emerging crisis, Dawn Fostmeier confidence to try new things in a safe believes that risk champions need to w ay.” take action. “InterVarsity’s staff and Carolyn Gulston also reflected volunteer numbers are increasing and on the purpose of risk management some risk decisions need to be made at the National Multiple Sclerosis quickly. The other day I was dealing Society. Her key element is viewing with a situation and I remember risk management through a strategic thinking “I wish I had a few hours lens, and “getting all staff and leaders to or days to think through the issues.” see how the risk management process Situations happen, and we need to think enables us to meet our organizational through all the issues to the best of our goals and mission. It is a necessary ability and use these circumstances to process that requires everyone to fully be better prepared for the future.” Dawn understand and adopt this perspective.” makes an excellent point that practicing Dawn Fostmeier recognizes that both action and reflection can prepare risk management at InterVarsity your team to manage unpredictable Christian Fellowship offers protection upside and downside risks. to the organization’s mission while supporting a positive environment Q: What’s the most important for staff. “Risk plans are only good if element for creating an they track with the realities of what effective risk management your group does on the ground. It’s function? hard for risk staff to factor in those Center clients usually want to know the realities when our instinct is to focus secret ingredient to best-in-class risk on the tasks at hand and how they fit continued on next page Risk Management Essentials • Fall 2014 ❙ 5

We Are the Champions, My Friends: Risk Champion Q&A continued from page 4 with industry best practice. We should they are doing to deal with an issue.” find ways to protect our organizations Carolyn Gulston recalled a specific without deterring the passion and challenge she faced while safeguarding enthusiasm of staff members.” the National Multiple Sclerosis Society. John Enos embraces not one, “Up until four years ago, we had different but three essential elements of risk emergency response plans and no focus management: “To achieve an effective on how we would resume operations risk management function, the in the event of a disaster. Management following three elements must be realized the need to establish consistent embraced by an organization. We must procedures on emergency response and be committed, we must be involved, business continuity, and identify key and we must all be held accountable. roles/responsibilities in the event of an Regarding risk Regarding risk or safety culture, people emergency. A task force was established don’t buy what you do; they buy why and was given the resources to develop or safety culture, you do it. People believe what you a comprehensive organization-wide people don’t buy believe, which brings me back to our disaster recovery and business continuity motto: ‘At Quest, safety is you.’” plan. It is probably one of the most what you do; they challenging projects I’ve had the Q: Can you describe a lesson opportunity to lead, but by far the most buy why you do it. you learned or a challenge rewarding professionally, as it increased – John Enos you overcame while striving to our level of preparedness.” improve your nonprofit’s risk John Enos’ experience at Quest management function? confirmsthat not only is preparation Perhaps one of the best ways to improve vital to an organization’s survival, but your risk management function is so is the organization’s capacity to react to reflect on your greatest challenges thoughtfully to a crisis or incident. “One and failures. The Center’s own fearless challenge that we continue working to executive director, Melanie Herman, overcome is to react appropriately to preaches focusing on failures and incidents. Each incident regardless of challenges in order to identify potential size needs to be analyzed to find the areas for organizational growth. Our root cause. The key is not to overreact intrepid risk champions shared their based on the information gathered. own trials in hopes that our readers can Classic overreacting is ‘we need to write learn from these experiences too. Robert a policy’ or ‘the staff needs retraining.’ Jones mentioned a common contextual An example: Sending your entire staff challenge that faces The Salvation Army to classroom-style retraining when the and probably resonates with most, if not incident was a single staff member’s all of our readers: “one of the challenges failure to initial paperwork. The staff is trying to do more with less. We have member had correctly initialed the to look at different ways to protect paperwork 9,999 times before that one the organization’s liabilities on limited failure. The staff member does not need budgets.” Dawn Fostmeier agreed and retraining on when to initial paperwork; offered us a suggestion for learning to training is only needed when there is a thrive on limited assets: “As nonprofits, lack of knowledge and skills required many of us have some level of lack to perform a task. Coaching should be of resources and staff. We can make used to help staff members gain greater contacts and check in with nonprofits competence and overcome barriers to similar to our own and find out what improve their work output.” continued on page 6 6 ❙ Risk Management Essentials • Fall 2014

We Are the Champions, My Friends: Risk Champion Q&A continued from page 5

My goal is to help them find safe ways to do what they want to do. – Gaetana De Angelo

Gaetana De Angelo faced from the people you serve. Those stories culturally-embedded challenges at Girl can keep us going. Scouts of Greater Atlanta, including Robert Jones, The Salvation Army: staff pushback against risk management Try and gather as much information activities. “During my 25 years here, my related to your organization’s risk biggest challenge has been helping staff management program. Attend seminars members and volunteers understand and other functions such as the Risk that my goal is not to limit what they Summit. It’s always beneficial to share do. My goal is to help them find safe information with other nonprofits on ways to do what they want to do. We how they function and handle their are trying to surpass the attitude of programs. ‘do it and ask for forgiveness later,’ and Carolyn Gulston, National Multiple instead look at the activity or process Sclerosis Society: Continue to make it from all sides, and feel really confident clear that the risk management process that we are delivering the best possible itself is vital to any organized entity that service. This entails recognizing that is looking to achieve a goal. You must when someone has a good idea, it may always convey to staff and leaders how still need more work to fully develop it important it is to identify things that into something first class.” could prohibit you from reaching your Q: What advice would mark, and then come up with methods you give to a new ‘risk to keep it from happening as best you champion’ or a nonprofit staff can. Our motto at National Multiple member who is new to risk Sclerosis Society is, ‘You hope for the best, but plan for the worst.’ management? Gaetana De Angelo, Girl Scouts of Here’s the gold you’ve been waiting for – Greater Atlanta: Keep an open mind and counsel from champions. We’ll let them start with the positives. As a new risk speak for themselves: manager, I was always more concerned John Enos, Quest, Inc.: My advice to with ‘what are the bad things that can new risk managers is to avoid becoming happen?’ That perspective sometimes the department of ‘NO!’ If your overshadowed clear thoughts about response to every question is ‘no,’ then potentially positive outcomes. I now your team members will stop asking for your advice. Try to work as a partner try to look at all the good and all the alongside your team so that together, confidence that can be inspired; then the possible risks or exposures of a I look at what could go wrong—and I new opportunity can be explored and plan for that also. probably controlled. Dawn Fostmeier, InterVarsity Erin Gloeckner is Project Manager at the Nonprofit Risk Management Center. She Christian Fellowship: During difficult welcomes your feedback and questions situations, it can be helpful to think about the topic of risk champions at back to a particularly encouraging story [email protected] or 703.777.3504. Risk Management Essentials • Fall 2014 ❙ 7

The Nitty Gritty of a Risk Committee

By Melanie Lockwood Herman “Let’s form a committee!” is the frequent it might be helpful to understand the battle cry of nonprofit leaders facing a traps that some of those who have come complex problem for which there are no before you have fallen into. Here are the obvious, immediate or cheap solutions. most common traps: When more than one brain is needed to ■■ Unrealistic Goals – If you’re ponder a perplexing problem, forming forming a Risk Management a committee seems to be a good first Committee to eliminate risk in step. But are risk committees worth the your nonprofit, you might as time and nurturing they require? At the well “call the whole thing off.” No Nonprofit Risk Management Center we organization can hope to achieve answer this question with a resounding, a charitable, community-serving “Yes!” That’s not to say that we haven’t mission without taking risk. If heard about some ineffective and you’re planning to close your doors, nearly useless committees in our many you need a winding down plan, not years as an advisor to nonprofits. But a risk management committee. the concept is sound and with a little ■ finesse, every nonprofit can recruit and ■ Lip Service – If you’re forming a deploy a committee that will strengthen, Risk Management Committee so that support and help sustain a strong and you can “tic the box” on an insurance effective risk management program. or accreditation application, or to tell your national organization that Steer Clear of the Traps you have a committee, think again. To help your committee chart a You’d be better off identifying a few meaningful and sustainable course, practical steps to take to improve continued on page 8 8 ❙ Risk Management Essentials • Fall 2014

The Nitty Gritty of a Risk Committee continued from page 7

risk awareness, enforce existing risk nonprofit launch its brand new policies, and finally tackle that long risk management committee. overdue Risk Management Plan. (If The leaders at the nonprofit were you need help with the latter, try surprised (shocked?) at the response www.MyRiskManagementPlan.org.) they received when they solicited ■■ Lack of Vision – I recently read that volunteers to serve as inaugural the focus of a school board should committee members. Representatives be on policies and activities that will from offices around the world provide the best possible educational contacted the risk manager to experience for the students’ children. express their interest and gratitude That’s right, the future (not current) for the opportunity! While it’s always students at the school. Although possible to round up the usual an effective risk management suspects for a risk committee—reps committee should consider how the from most operational departments, nonprofit learns from mistakes and someone from the executive team, prior losses, the bulk of its energy etc.—in our experience it is far better should be spent thinking about risk to take a risk and invite volunteers. taking and risk management on the Sometimes a committee formed future horizon. somewhat organically winds up ■■ Groupthink – There’s nothing being more diverse and effective than like being a member of a group of a hand-picked team. And remember Sometimes people with similar backgrounds that your risk committee needs and a committee and worldviews. And that may deserves an effective leader. be great when it’s time to decide 2. Draft a committee charter – A formed somewhat what TV show you’ll be watching committee charter is a tool for organically at home tonight, but it’s a recipe helping those who appoint the for disaster in a risk management committee and those who serve on winds up being committee. Risk is lurking it and support it develop a shared more diverse and behind every good idea and understanding of the purpose, every harebrained scheme at your scope, goals and authority of the effective than a nonprofit. A risk management committee. An effective charter has committee that brings a shared the following characteristics: hand-picked team. worldview and similar backgrounds ■■ Statement of overarching (e.g., finance, insurance-buying, The charter should workplace safety) is more likely to purpose – begin with a clear statement overlook some of the diverse risks of purpose. For example: The that could ensnare your mission. purpose of the Risk Management Risk Committee Success Formula Committee is to provide oversight 1. Determine the process and across the organization for all approach for appointing or categories of risk in order to recruiting members – One of the ensure that proper practices are in common misconceptions many place to surface, understand, and leaders have about risk management manage priority risks. committees is that very few people - OR - will be crazy enough to want to The Risk Management Committee participate. Recently I had the exercises shared responsibility opportunity to help an international for surfacing and managing continued on next page Risk Management Essentials • Fall 2014 ❙ 9

The Nitty Gritty of a Risk Committee continued from page 8

the operational risks facing the year point that half of the projects organization. Staff throughout or tasks have been accomplished the organization are invited to and there is a reasonable workload Sample #1 participate in the Committee. remaining. Keep the momentum Risk Management ■■ Frequency of meetings – The going with a plan that goes beyond Committee Agenda charter might indicate that the the start-up or “honeymoon” phase. 15 minutes Committee will meet 4, 6 or more 4. Plan a dynamic kick-off meeting Welcome and Introductions times per year for 90-120 minutes We will begin by going around the and stick to your schedule – Never per meeting, depending on the table and introducing ourselves. start any committee meeting by agenda. Ideally, the committee Tell us what you’re looking forward apologizing for having to meet or will meet on a consistent date and to learning and contributing during blaming someone for the existence of time (e.g., second Thursday of the your service on the Risk Management Committee. month at 10 am). Don’t meet too the committee. The discipline of risk often or unless there is something management has a bad rap as it is; don’t 15 minutes to do or discuss. contribute to that by making excuses, Draft Committee Charter Review blaming your insurers or accrediting What makes sense? What doesn’t? ■■ Specific goals and What changes do we want to propose? responsibilities – Outline the bodies, or worse, insinuating that committee’s specific goals and anticipating future events is unrelated 30 minutes responsibilities. to the mission of your nonprofit. If Our Goals for This Year ■■ Committee composition – risk management isn’t mission related We will continue by brainstorming mission-advancing goals for our Indicate who is eligible to in your nonprofit, maybe it’s time to use the endowment fund balance Committee, for the year ahead. participate, and how long members What projects and activities might on a gaming table in Las Vegas! The are expected or asked to serve. we undertake to advance our ■■ Committee authority – Note sidebars offers two sample agendas for shared vision of fortifying the risk the committee’s authority, such a kick-off or orientation meeting of management function? After blue-sky as: ‘The Committee makes the risk committee. Note that neither brainstorming, we’ll jointly agree on recommendations to the CEO or sample includes a dreary, hours-long five or six specific goals or projects. the Board of Directors,’ or ‘The review of an insurance policy. 15 minutes Committee is authorized to adopt 5. Resolve to involve – In Start With Committee Calendar We’ll review our proposed calendar new internal policies related to Why, author Simon Sinek writes that risk management.’ for the year, including meeting dates, “The single greatest challenge any times and locations. Do we need to 3. Develop realistic goals and a organization will face is… success.” make any adjustments? Next, we will practical plan – Nothing kills good Sinek is referring to the fact that as review our goals and decide which intentions faster than unrealistic organizations grow, decision-making topics and priorities will take center- plans. One way to give a boost and a necessarily becomes dispersed. stage at each of the meetings on our annual calendar. protective vaccine against failure to a CEOs of large organizations can’t risk committee—or any committee— personally screen every applicant or 15 minutes is to develop a set of clear goals or approve every purchase. The same Committee Norms projects for the group’s first year. holds true in risk management. As a We will close by discussing meeting norms and preferences. Cell phones nonprofit grows and succeeds, many Brainstorming those reasonable turned off? Meetings open to staff goals and an accompanying different people need to make risk- or volunteers who want to sit in timetable can be a key outcome for informed decisions, sometimes every and join our conversation? Rotating the kick-off meeting. Throughout the day. The risk takers in a growing, responsibility for follow-up, action- life of the committee it’s vital to show vibrant nonprofit fill auditoriums, oriented notes and reminders? where you are headed, what you’ve not a small conference room. Which accomplished, and what remains means an effective risk management to be done. There’s nothing better program can’t be “owned” by a small than seeing on paper at the mid- group of staff who meet monthly. continued on page 10 10 ❙ Risk Management Essentials • Fall 2014

The Nitty Gritty of a Risk Committee continued from page 9

Critical questions the committee meeting materials being shared should visit on a regular basis on a timely basis? include: Risk committees should be ■■ Who else should be involved celebrated examples of mission-focused in our risk assessment and risk collaboration rather than punchlines in management work? office jokes about endless meetings and ■■ Who needs training in this area depressing topics. A high energy, well- but hasn’t received it? run, and goal-orientated committee can set the tone and pace for other ■■ What points of view are missing collaborative efforts in a nonprofit. on the committee, but are critical The keys to success aren’t that hard to being as risk aware and risk to understand: avoid the traps that savvy as we aspire to be? suffocate the best intentions, and ■ ■ How can we effectively embrace a reasonable plan and approach communicate the “WHY” as well to emphasizing the great mission- as the “WHAT” and “HOW” in advancing work to be done. our risk management program to every staff member and volunteer Melanie Herman is Executive Director at who needs to know? the Nonprofit Risk Management Center. She welcomes your feedback and questions ■■ Are we hitting the mark with our about the topic of risk management meeting agendas and background committees at [email protected] material? Are pre- and post- or 703.777.3504.

Sample #2 – Risk Management Committee Agenda 15 minutes 30 minutes 30 minutes Meeting Overview Critical Risks Discussion Risk Accountability Overview of meeting agenda and work Our role and responsibilities will evolve How should we report and share our product goals for our inaugural meeting, as we work together, but it’s important to discussions, proposed actions and including reports to Board of Directors at acknowledge that we are NOT responsible recommendations? What can we do to its next meeting. for unearthing and documenting every more effectively communicate with people possible action or event that could impair throughout the nonprofit? 30 minutes our mission, strategies and objectives. Risk Management Lessons 15 minutes There is an expectation, however, that and Insights Action Steps and Assignments we will be talking about and learning as During this segment we will briefly review During this wrap-up segment we will much as we can about critical risks. With our recent risk management journey. review what we discussed, decided that in mind, during this segment we will We will then ask each member to share and identified as action steps for the discuss top risks identified in last year’s something about their hopes for the Committee. We will invite each member to risk assessment. Committee, such as: identify how they propose to move one or ■ ■ What have we learned from trying to more components of our agenda forward ■■ What I hope to learn while serving on better understand and manage these the Committee risks? in the weeks ahead. ■■ What I hope I’ll be able to contribute ■■ What has changed? while serving on the Committee ■■ Have any of these risks been ■■ How I’ll know we have been addressed effectively, such that they successful or made a difference are no longer priorities? Risk Management Essentials • Fall 2014 ❙ 11

Operational Risk Management: A Word from the Wise Guys

By Melanie Lockwood Herman Although a growing number of nonprofit 2. by critical risks or risk leaders profess to be ready for Enterprise management activity, such as: Risk Management, a far greater number aquatics, youth protection, internal admit that their controls management programs are far from To help understand the key challenges adequate. What is operational risk and “musts” in operational risk management? The term refers to risk management, I’ve reached out to two experienced, wise consultants: Diana identification, risk assessment and risk Del Be Belluz from Risk Wise Inc., management activity focused on day-to- and Michael Gurtler from Safe-Wise day activities and functions. There are Consulting. Both consultants boast various ways to organize and reflect on long track records of coaching and ORM work. Two common approaches advising nonprofit organizations. We within nonprofits are: are fortunate at the Center to be able to 1. by department or unit within lean on and turn to Diana and Mike for a nonprofit, such as: finance, practical advice and timely wisdom on a development, volunteer relations, etc. wide range of risk topics. continued on page 12 12 ❙ Risk Management Essentials • Fall 2014

Operational Risk Management: A Word from the Wise Guys continued from page 11

Q. What are the key activities of managing risks. Our culture at or components of effective nonprofits is driven by our staff and operational risk management? volunteers; they must be our risk management champions. For example, Diana. The first component is we don’t just put yellow ‘caution wet establishing clarity around objectives, floor’ signs out when it rains or when roles, and responsibilities. To achieve we mop; we do it for a reason – to help the goals of any important activity— prevent slips and falls, a leading cause of including risk management—every team injuries at nonprofits. Secondly, I’d add member needs to know exactly how he that we must be constantly reevaluating or she is expected to contribute. The our risks, processes and strategies. second component is to deliver excellent Nonprofits are moving in many different performance. This includes identifying directions and continuously evolving. the right resources (including people, Our risks frequently change too. How processes and systems) and managing we manage them and what we learn Effective nonprofits must be ready and resilient, because there will always be surprises and events will unfold that are different from what they expect. – Diana Del Bel Belluz

those resources according to an agreed from monitoring our successes is critical upon strategy. The third component information we can use to grow with is to develop capabilities to handle these changes. unexpected or uncontrollable factors. Q. What advice would you Mike. I think Diana hits the nail on offer the leaders of a nonprofit the head with her response. I’d add two to cope with circumstances things to compliment her suggestions. outside their control? I see many organizations struggle with risk management because it is not part of Diana. Effective nonprofits must be their culture. They think of it as this BIG ready and resilient, because there will thing and cannot get everyone to be part always be surprises and events will of it. So, I strongly suggest that after we unfold that are different from what they establish clarity around objectives, roles expect. The three strategies for dealing and responsibilities as Diana points out, with the unexpected include: we must train our staff and volunteers 1. Cultivating awareness of factors early and often. Risk management and trends in the external should be part of the onboarding and environment. This is the best way to orientation process. Make sure people anticipate new or evolving risks. know what they need to do and why they 2. Building relationships with need to do it. It’s not just good practice external stakeholders, including but there is a reason to do things; that key players in the community your way they’ll get a better understanding nonprofit serves, your donors and continued on next page Risk Management Essentials • Fall 2014 ❙ 13

Operational Risk Management: A Word from the Wise Guys continued from page 12

other funders, and any third party to react when bad things happen by that assists your organization to establishing protocols for response, deliver on its mission. Positive repair and resumption of operations. relationships are invaluable to a Most of all I think we must remember nonprofit and play a key role in that many incidents that we cannot helping the organization survive control are not the end of the world. We negative scrutiny or a crisis. need to stay calm, follow our plan with 3. Developing response capabilities. cautious optimism and move through This includes the development of the tough times. crisis management, disaster recovery and business continuity plans and Q. What are some key strategies skills to enable you to quickly realign or considerations for evaluating resources in the wake of a crisis. operational risks, particularly in Mike. Two parts of risk management a nonprofit organization where are prevention and control. Obviously everything seems to be changing prevention is keeping bad stuff from all of the time? happening. Most organizations Diana. Most operational environments understand that part better and can in the nonprofit sector are characterized generally figure out how to prevent by change. Of course some changes common risks from causing harm. are within an organization’s control The control part seems a bit more fluid (such as a restructuring), while others for some organizations and can be fall outside the entity’s control (such as more difficult to understand. Control new regulatory requirements, changing

We need to stay calm, follow our plan with cautious optimism and move through the tough times. – Mike Gurtler involves how we react to incidents to demographics, etc.). Scenario planning reduce negative outcomes. I also think can be an effective tool for anticipating it involves getting back to “normal” as how this will turn out. Nonprofit quickly as possible. Certainly accidents leaders should adopt the good practice do happen and many times we cannot of considering a range of potential do much to prevent them. Take the outcomes rather than focusing on a example of a severe weather event. We single scenario or potential outcome. A cannot keep the weather from damaging simple way to do this is to imagine both our building but we can plan ahead and the extreme, worst case scenario as well be ready to cope with the damage to as a typical or expected case, and then a lessen its impact on our mission. third outcome somewhere in between. We can “batten down the hatches” so Based on these three possibilities the to speak, we can keep abreast of risk team can identify what steps it oncoming events (cultivating awareness will take today to prepare for all three as Diana suggests), and we can be ready possibilities, and what changes or action continued on page 14 14 ❙ Risk Management Essentials • Fall 2014

Operational Risk Management: A Word from the Wise Guys continued from page 13

Go to the Risk Summit every year to learn from others and fill your risk management tank with fuel.

will be required if one of the three and professional publications. Oh, and outcomes becomes reality. go to the Risk Summit every year to learn from others and fill your risk Mike. As much as we like to think we management tank with fuel. are extremely unique, I usually find that many nonprofit organizations have Q. What are some of the more in common then they recognize. most common challenges in I think it is key to using our resources operational risk management? around us when we’re trying to identify Diana. One challenge is finding the level and manage risks. As a consultant I do of responsible risk-taking that avoids the not know all the answers (yeah, really) extreme positions of reckless gambling and but I usually know where to find them. risk aversion. Taking responsible risks, after Each organization has a network for all, is a necessary part of nonprofit life. A professional contacts and peers that have second challenge is the fact that risk cannot probably been down the road before. be measured directly. Risk must therefore Good risk managers keep their ears be estimated, and involves judgment. A risk open, read a lot and seek out other’s that is perceived as potentially significant to experiences to complement their own. a nonprofit warrants a greater commitment A strategy in identifying and evaluating to information-gathering and analysis risks is seeking out information. This and perhaps even the construction of a information is readily available from risk model. For smaller risks, leaders are peers, other organizations, insurance more likely to rely on past experience and agents, insurance companies, consultants judgment. continued on next page Risk Management Essentials • Fall 2014 ❙ 15

Operational Risk Management: A Word from the Wise Guys continued from page 14

The most common weakness in risk management is that risk practice is often ad hoc, rather than thoughtful and systematic.

Mike. A common challenge in Diana. All nonprofits manage dealing with the day-to-day is turnover operational risk to some degree, or they in leadership. Many organizations would not survive! However, the most experience turnover in the “boots on common weakness in risk management the ground” sector of their operation is that risk practice is often ad hoc, on a fairly regular basis. Keeping rather than thoughtful and systematic. people up-to-date and current on It’s important to remember that strong the risk management plan is difficult operational risk management programs when they are still learning their jobs. place equal emphasis on: identifying risks I also think that sometimes we can related to the delivery of services and get complacent about things when key functions in the organization, and we go through a period of what I call evaluating whether steps taken to date are “incident prosperity.” In other words, adequate to help the nonprofit respond during a long stretch when downside and rebound. Making an inventory risks haven’t materialized, we back off of top risk concerns and current risk on practices and procedures that were management steps, strategies and policies once considered minimum standards. is a good way to start the process. The “it doesn’t happen here” or “hasn’t Also, it’s incredibly important to happened here in ages” attitude starts to learn from risk events. Any crisis, loss take over. Besides, it’s always easy to say or failure offers potentially invaluable that our mission and budget are far more lessons. But to learn from these important. Why spend all that time experiences it’s vital to ask: on stuff that “never” happens!?! Those ■■ What gaps in our policies, practices thoughts, no matter how common, are a or management system led to this recipe for disaster... so says Mr. Murphy. negative outcome? ■■ What organizational blind spots Q. Are there additional tips prevented us from seeing this and suggestions you want to coming? offer nonprofit leaders who ■■ How can we avoid a similar loss in are trying to strengthen their the future? operational risk management Finally, the importance of a culture programs? that supports risk management is key. continued on page 16 16 ❙ Risk Management Essentials • Fall 2014

Operational Risk Management: A Word from the Wise Guys continued from page 15

Nonprofit leaders can encourage a feel like your risk management “water culture of risk management by taking wings” are beginning to deflate. There are three steps. lots of sources you can turn to for help. 1. Model good risk management One resource can be a risk management behavior. Codes of conduct and committee that has a clear directive, is statements of core values are led by an effective volunteer and actively meaningless in an instant when meets goals; this is a great asset to any leaders act in a way that contradicts organization. They can help provide the espoused values. view from 30,000 feet that operational 2. Articulate expectations for risk risk management sometimes misses. management behavior. Leaders Updating and fortifying your must communicate what constitutes operational risk management program good risk management behavior starts with acknowledging that your versus poor behavior. And rather nonprofit is already doing a lot to than pushing risk management understand and manage the risks that expectations on direct reports, arise from operations. And by taking the leaders should “pull” desired sage advice offered by Diana and Mike, behavior from them. How? By asking you can avoid the mistakes and false starts staff how they are meeting risk- that others have experienced. Finally, related expectations such as: don’t hesitate to reach out to our team at ❏❏ How are you integrating risk the Nonprofit Risk Management Center thinking into the key decisions for advice and support on your journey. you make? ❏❏ What are the significant risks in Melanie Herman is Executive Director your area of responsibility? at the Nonprofit Risk Management Center. She welcomes your feedback and questions ❏❏ What risk indicators are you about any risk management topic at monitoring to ensure that you’re [email protected] or 703.777.3504. prepared to respond if these risks materialize? Diana Del Bel Belluz and Michael Gurtler welcome your questions as well. 3. Be clear about the consequences and follow through. Human beings are motivated to act because they want to realize positive consequences and avoid negative ones. Make Diana Del Bel Belluz certain you’re absolutely clear from Risk Wise, about consequences, both good Inc. can be reached at Diana.Belluz@ and bad. And keep in mind that riskwise.ca when poor risk management is ignored, the nonprofit pays twice: first by exposing the organization to unnecessary risk, and second, by demotivating individuals who are Michael Gurtler from making a genuine effort to meet risk Safe-Wise Consulting management expectations. can be reached at mgurtler@safe-wise. Mike. Get help when you’re in over com your head or maybe even when you Risk Management Essentials • Fall 2014 ❙ 17 Photo Courtesy of Smithsonian Institution

Enterprise Risk Management: The Final Frontier

By Melanie Lockwood Herman It’s hard not to notice the growing use of A study of how ERM has evolved the term “Enterprise Risk Management” describes the two predominant views of among risk professionals. Yet there enterprise risk and the corresponding seems to be little agreement about what style of ERM program: that combination of three words really ■■ Organizations that adopt an means, and perhaps more importantly, enterprise-wide view of risk (i.e., whether the addition of “enterprise” want to understand each risk across to the more familiar term “risk all departments or functions) tend management” makes a bit of difference. to develop ERM programs that According to author Michael Power “take a more operational / financial (Organized Uncertainty: Designing a view, and manage risks through World of Risk Management, Oxford quantitative control.” University Press, 2007), ERM “… ■■ Organizations that adopt an signifies any aspiration for a form of enterprise-level view of risk (i.e., risk management practice which is want to understand risks to the all encompassing in scope, business- achievement of strategic goals focused, and is suggestive of a bird’s eye Author’s Note: and objectives and the long-term view of organizational life.” I owe a debt of gratitude to Diana sustainability of the organization) In the introduction to their book, Del Bel Belluz of Risk Wise Inc., for tend to develop ERM programs that “Enterprise Risk Management: Today’s her thoughtful review and helpful “take a mainly strategic view of risk, Leading Research and Best Practices for additions to the draft of this article. and manage it in a qualitative way.” Tomorrow’s Executives,” chapter authors Sign up for Diana’s terrific newsletter, and book editors John Fraser and Betty The concept of ERM is more than the Risk Management Made Simply J. Simkins write that “Enterprise risk a new term or a new label for an old Advisory at www.riskwise.ca/ management (ERM) can be viewed as a practice; it represents the potential to advisory-a-tips.html. natural evolution of the process of risk look at risk practice differently. This management.” is especially relevant and important continued on page 18 18 ❙ Risk Management Essentials • Fall 2014

Enterprise Risk Management: The Final Frontier continued from page 17 in nonprofit organizations, where risk management programs are often in dire need of modernization. Five Weaknesses in Nonprofit Risk Practice RISK During nearly 20 years of consulting UNDERLYING EVENT: CONSEQUENCES: CONDITIONS: work with both brand name and lesser Need to cut programs known nonprofit organizations, I’ve Sloppy donor Donor relations seeks Layoffs observed five common weaknesses in return Pressure to raise the risk management function. These Turnover in development team of $ more from existing fault lines include: donors Tendency to Loss of donors 1. Failure to define “risk” before overpromise talking about what to do in a world of continuing uncertainty – Many years ago my colleague Diana Del Bel Belluz introduced me to the concept of a bow tie as a shape to help illustrate how people in organizations see and understand the term ‘risk’ differently. At the center knot is the or avoid as much risk as possible risk-taking opportunities, than possibility of an action or event that – Countless nonprofit board and staff eliminating or avoiding risk altogether. threatens to substantially impair or leaders have told me of their efforts 3. Excessive focus on scoring risks advance your mission or objectives. to eliminate risk in order to pave a and finding a “tool” to automate The future “action” or “event” is a clear path to mission success. This risk management – Listing risk. For every risk, however, there thinking is flawed because risk and downside risks in a spreadsheet or are always underlying circumstances reward are inextricably linked. We table and assigning scores for risk or conditions that give rise to or take risks in nonprofits in order to likelihood/probability or impact/ influence the timing, magnitude create value for the communities we severity is a well-known practice or other aspects of the risk event. serve. In every decision or strategy within risk management. Yet the These underlying conditions might for which the outcome is uncertain, Center’s experience is that this be listed to the left side of the bow there is risk. Zero risk exposure approach, sometimes referred tie, along one of its broad edges. But means no opportunity for creating to as a “risk register,” does not there are also consequences—usually value. Whichever goals or strategy inspire timely action in the face of both negative and positive—when a nonprofit embraces, there will be uncertainty. Nonprofit leaders are risks materialize. These could be a set of opportunities and a set of motivated by many things, including listed to the right of the center knot, risks associated with it. The goal of the potential to serve a growing thereby giving shape to the bow enterprise risk management is to help client base, meet donor expectations tie. Unfortunately, when a group understand the particular risks that or demands, avoid legal liability convenes to talk about risk, they are associated with each strategic and more. I’ve yet to meet a leader often skip the first step: defining option in order to make informed motivated by an opinion-based the term. As a result, a typical list of and deliberate decisions about which score in a risk register. An associated nonprofit risks includes risk events objectives and strategies to pursue challenge with risk registers is the as well as underlying conditions and and the corresponding risks that fact that once tabulated, scores seem consequences. must be accepted and managed. In somewhat scientific. But whether 2. Misconception that risk my experience, high performing they are scribbled on a napkin or management’s focus is to eliminate nonprofits spend more time evaluating recorded in a risk register, they are continued on next page Risk Management Essentials • Fall 2014 ❙ 19

Enterprise Risk Management: The Final Frontier continued from page 18

generally arbitrary guesses about or practice is slim. Yet I find the member of the executive team or board the likelihood and potential value concept a bit befuddling, especially that risk may be falling between the (cost or benefit) of a future action since many risks are defined in cracks due to a siloed organizational or event. In my experience, risk unrealistically broad terms, such structure and culture that inhibits management is really about hard as “reputation risk.” Using this communication, coordination, and conversations that enable leadership example, it wouldn’t be surprising collaboration across functional or teams to make the best possible to see reputation risk assigned to departmental lines. This concern is decisions in the face of uncertainty— the Director of Communications at particularly warranted for risks that not finding or using the right a nonprofit. Yet it’s hard to imagine straddle functions, departments or units spreadsheet, software or system. an organization where such a leader and when teams feel pressure to keep their eyes trained to look for danger in 4. Conclusion that risk is harmful, or is able to capably and thoroughly the depths of their own silo. potentially harmful to a nonprofit monitor the landscape for reputation mission – Over the years I’ve written traps, forecast the ethical lapses Enlightened ERM of current or future leaders, or do and spoken about risk’s “bad rap.” So what steps are recommended to anything to keep a good reputation When the word “risk” comes up in embrace the benefits, while discarding conversation, it’s not unusual to see safe. Many risks don’t fit neatly into a the jargon of ERM? Here are a few a bead of sweat or a frown, and hear single person’s area of responsibility thoughts to help you get started on a a sigh of frustration. Lawsuits, the and require multiple ‘owners’ to journey to strengthen risk management admission of liability, the imposition act in a coordinated fashion to in your nonprofit. Whether you call it of liability and the arrival of lawyers understand the issue and take action. Enterprise Risk Management or RM 2.0, are the four horsemen of the risk A Bird’s Eye View of Risk if you follow these steps you have a great apocalypse. Yet no nonprofit takes Embracing Michael Power’s reference chance to see an improvement in your risk in order to suffer a loss. Risks to ERM as “aspiration for a form of program. are taken to advance, not erode a risk management practice which is all Step 1. Commit to the ERM Journey charitable mission. Therefore it is encompassing in scope, business-focused, Most organizations take 3-5 years to inaccurate to paint risk with the and is suggestive of a bird’s eye view of fully establish their ERM programs. broad brush of harm or despair, organizational life,” offers a wonderful While accountability structures and or to limit risk management to a starting point for nonprofit leaders who processes for identifying and managing discipline about what can go wrong. recognize the potential value of a stronger risk can be quickly put in place, it Furthermore, when a positive and more inclusive risk management takes much, much longer to make risk development occurs, there may be function in their organizations. management part of your organizational negative consequences that require Many Center clients seem to relate culture where risk is consistently and attention, and when a downside to the benefit of a bird’s eye view of risk systematically considered in every risk materializes, there may be in their organizations. They admit that decision and action. Implementing unexpected positive results as well. in some cases, the risk management ERM is very much a journey of culture Risk is far more nuanced that we function has become bogged down change. That means you need to have often recognize. in departmental functions, with no some skills in leading culture change 5. Perspective that a key to managing connective strategy. For example, the IT and plenty of patience. Don’t expect to risk is assigning risk “owners” team may be implementing safeguards get it all done in one easy step. Instead, – Nonprofits that turn to a “risk to protect proprietary systems and start small and build incrementally. register” or spreadsheet as a way confidential information and assume Take time to reflect and learn at each to track critical risks, generally that as long as they are focused, their stage of development. include a column where a risk’s counterparts in other departments or Step 2. Adopt a Shared Language “owner” can be named. The rationale offices have little need to understand Begin your ERM journey by agreeing for this practice is pretty clear: the IT risk management strategy. A what the term means in your nonprofit. without assigning accountability, common precursor to a request for An all-encompassing approach to risk the likelihood of change in policy an ERM engagement is concern by a management that extends far beyond continued on page 20 20 ❙ Risk Management Essentials • Fall 2014

Enterprise Risk Management: The Final Frontier continued from page 19

insurable risks? Risk management focused Step 6. Start with the on risks related to strategy-setting? Risk End in Mind practice focused on risk issues at the Although the long-term benefit of an intersections of organizational life? It’s ERM project is often hard to envision your choice. A word of caution: don’t and even harder to calculate, it is adopt a definition that while authoritative possible to define how you will know and academic, has no real meaning in that your labor has made a difference. your nonprofit. Along with a definition For example: of ERM, choose a definition of risk that ■ works for your team. ■ When making decisions, leaders will consistently consider the Step 3. Be Ambitious, associated risks, thereby giving Opportunistic and Realistic context to the decision-making Don’t make the mistake of resolving to process eliminate downside risks, or make every ■■ Leaders will feel confident that key employee an enthusiastic risk champion. decisions are made with the best To ensure your efforts achieve buy-in, possible awareness and recognition focus on risk management capabilities that help one or more key leaders of risk resolve a pressing concern or difficult ■■ The board will feel confident in decision. Choose measurable but the thoughtful consideration of realistic goals for your ramped-up risk risks related to strategy in strategy function. Add to that a timetable that setting and tactical plans won’t make everyone on the team feel ■■ Upgrading your current risk like they are doing two jobs for a single management program to paycheck. one labeled ‘Enterprise Risk Step 4. Celebrate Your Expertise, Management’ is not simply about But Resolve to Learn using a new acronym to dress up The ERM projects that are most likely an old one. Embracing the idea of to succeed are those led by people enterprise risk management and who are voracious learners—leaders its associated concepts can be a who seek every opportunity to expand wonderful first step to a stronger their knowledge and broaden their function, realization of important perspective on the discipline of risk goals, and greater confidence management. about the risks you take to advance Step 5. Sidestep Groupthink with your mission. By recognizing a Diverse Team and avoiding the missteps and While the process takes longer when embracing the six steps above, you you bring together leaders with different will be in the best possible position world views and backgrounds, the to look back on your ERM upgrade ultimate result will be more meaningful as a worthwhile improvement. and durable. Select members of the ERM team or task force for their Melanie Herman is Executive Director differences, rather than similarities. at the Nonprofit Risk Management Center. She welcomes your feedback and Avoid the default approach to name questions about the topic of Enterprise Risk every senior staff member to the ERM Management at [email protected] Committee. or 703.777.3504. Risk Management Essentials • Fall 2014 ❙ 21 RISK MANAGEMENT

Specialty Human Services MARKETPLACE

Insuring those who improve our communities.

Specialized Insurance for Human and Social Service Organizations: Animal Shelters, Arts & Cultural, Day Care, Head Start & Specialty Human Services Private Schools, Family Services & Counseling, Grant Making, Health Clubs, Homeless Shelters & Housing, Religious, and www.SpecialtyHumanServices.com Youth Clubs to name a few. Home office: 800.722.3260

Great American Insurance Group Tower I 301 E Fourth Street I Cincinnati, OH 45202

Inclusion in the Marketplace does not constitute an endorsement by the Nonprofit Risk Management Center. To inquire about space availability, [email protected] 22 ❙ Risk Management Essentials • Fall 2014

Sports Leagues. One of over 100 specialty niches. Where sports teams turn when they can’t afford to lose. MARKETPLACE RISK MANAGEMENT MANAGEMENT RISK

At Philadelphia Insurance Companies, we specialize in servicing over 100 niche industries. Leading organizations in the world of sports, education, human services and many others turn to the experts at PHLY for our ability to write complex coverages at competitive rates. PHLY customers can feel secure knowing we have industry- leading customer service, are rated A++ by A.M. Best, and have a 97.5% claims satisfaction level. When you can’t afford any gaps in your coverage, you can’t afford to go with anyone but PHLY.

855.411.0796 | phly.com/sports

Download our free whitepaper 10 reasons why you neeD specialty insurance.

Philadelphia Insurance Companies is the marketing name for the property casualty insurance operations of Philadelphia Consolidated Holding Corp., a member of the Tokio Marine Group. All products are written by insurance company subsidiaries of Philadelphia Consolidated Holding Corp. Coverages are subject to actual policy language.

Inclusion inPHLY_RiskManagement_Sports.indd the Marketplace does not constitute 1 an endorsement by the Nonprofit Risk Management Center. To inquire about space availability, [email protected] 3/28/13 11:21 AM Risk Management Essentials • Fall 2014 ❙ 23

Products/Publications/eBooks Order Form Price No. Total PRODUCTS—ORDER ONLINE My Risk Management Policies at www.MyRiskManagementPolicies.org $179.00 My Risk Management Plan at www.MyRiskManagementPlan.org $139.00 BOOKS NEW! Ready…or Not: A Risk Management Guide for Nonprofit Executives—3rd Edition $25.00 NEW! Staff Screening Notebook $20.00 NEW! EXPOSED: A Legal Field Guide for Nonprofit Executives—3rd Edition $25.00 No Surprises: Harmonizing Risk and Reward in Volunteer Management—5th Edition $20.00 A Golden Opportunity: Managing the Risks of Service to Seniors $ 8.00 Coverage, Claims & Consequences: An Insurance Handbook for Nonprofits—2nd Edition $30.00 Managing Facility Risk: 10 Steps to Safety $15.00 More Than a Matter of Trust: Managing the Risks of Mentoring $15.00 The Season of Hope: A Risk Management Guide for Youth-Serving Nonprofits $20.00 Vital Signs: Anticipating, Preventing and Surviving a Crisis in a Nonprofit $10.00 eBOOKS Managing Special Event Risks: 10 Steps to Safety—2nd Edition (eBook only) $20.00 Management: A Guide for Nonprofit Executives (eBook only) $25.00 Pillars of Accountability: A Risk Management Guide for Nonprofit Boards—2nd Edition (eBook only) $12.00 Taking the High Road: A Guide to Effective & Legal Employment Practices for Nonprofits—2nd Edition (eBook only) $45.00 Playing to Win: A Risk Management Guide for Nonprofit Sports & Recreation Programs (eBook only) $20.00 SUBTOTAL Shipping & Handling Visit www.nonprofitrisk.org/store/catalog.asp for a complete description of all current titles, including tables of contents. All titles are available as eBooks—download our current titles and save shipping TOTAL and handling costs.

Customer Information

NAME TITLE

ORGANIZATION

ADDRESS

CITY STATE ZIP

TEL FAX

E-MAIL Method of Payment ❏ Check enclosed ❏ P.O. # ______Charge my: ❏ Visa ❏ MasterCard ❏ AmEx

CARD NO EXP. DATE VERIFICATION CODE (FOR MC/VISA 3 DIGIT ON THE BACK, AMEX 4 DIGIT ON THE FRONT)

SIGNATURE

Order online at www.nonprofitrisk.org Call (202) 785-3891 to inquire about quantity discounts.

Shipping & Handling Mail or fax this form with payment to: Please add $4.00 for each book ordered. Nonprofit For example, if you order two books the Risk Management 204 South King St, Leesburg, VA 20175 shipping & handling cost is $8.00. Center (202) 785-3891 or (703) 777-3504 • Fax: (703) 777-4213 Nonprofit Risk Management Center 204 South King Street Leesburg, VA 20175 Risk Management ESSENTIALS Tips, Knowledge and Tools T s for Nonprofit Organizationsanization for Non profit Org s

Please route to: Inside ■ Executive Director This Issue ■ Director of Volunteers We are the Champions, My Friends: Risk Champion Q&A...... 1 ■ Risk Manager The Nitty Gritty of a Risk Committee...... 7 ■ Legal Counsel Operational Risk Management: A Word from the Wise Guys...... 11 ■ Human Resources Enterprise Risk Management: The Final Frontier...... 17 ■ Finance/Administration The Risk Management Marketplace...... 21 Products/Publications from the Nonprofit Risk Management Center...... 23

Affiliate Members ■■ Alliance for Nonprofit Excellence ■■ GROW Associates, Inc ■■ Nonprofit Risk Services, Inc. ■■ Alliant Insurance Services, Inc. ■■ Gulf Coast Community Foundation ■■ Pennsylvania Association of Nonprofit ■■ ANCOR (American Network of ■■ Gulf Coast Social Services Organizations Community Options and Resources) ■■ Harleysville Insurance ■■ Pennsylvania School Boards Association ■■ Arkansas Nonprofit Alliance ■■ Hays Affinity ■■ PowderHorn Consulting ■■ Association for Energy ■■ Health Care For All ■■ Providence Academy Affordability, Inc. ■■ Helping Hand Center ■■ PSA Insurance & Financial Services ■■ Austin Community College Center ■■ Hillel: The Foundation for ■■ Purchase Day Camp for Community Based & Nonprofit Jewish Campus Life ■■ Speech and Language Organizations ■■ HMS School for Children with Development Center ■■ Baker, Romero & Associates Cerebral Palsy ■■ State Bank Financial ■■ Beyond Z ■■ Housing Authority Insurance ■■ Sunshine ■■ Bridge House Corporation Group, Inc. ■■ TD&T CPAs and Advisors, P.C. ■■ Cain Consulting Group Inc. ■■ Independent Living Services ■■ Texas Association of Nonprofit ■■ California Association of Nonprofits ■■ International Planned Parenthood Organizations ■■ CapSpecialty Federation - WHR ■■ The Association of Junior Leagues ■■ Career Opportunities Development, Inc. ■■ Ipso Facto Theatricals International, Inc. ■■ Catholic Charities Community Services ■■ J. Craig & Page T. Smith Scholarships ■■ The Flea Theater ■■ Catholic Charities of Los Angeles, Inc. Foundation, Inc. ■■ The Ford Family Foundation ■■ ■■ Cato & Cato LLP Kaiser Family Foundation ■■ The Miller Group ■■ ■■ Center for Nonprofit Stewardship Kentucky Nonprofit Network ■■ The Nature Conservancy ■■ ■■ Communities In Schools Land Trust Alliance ■■ The Salk Institute ■■ ■■ Community Action Partnership Lindsay Insurance Group, Inc. ■■ The Salvation Army, National ■■ Council Services Plus, Inc. ■■ Loudoun Human Services Network Corporation ■■ Edtec Central, LLC ■■ Maine Association of Nonprofits ■■ United Community Ministries ■■ Every Citizen Has Opportunities, Inc. ■■ Maryland Nonprofits ■■ United States Breastfeeding (ECHO) ■■ Michigan Nonprofit Association Committee, Inc. ■■ Florida Nonprofit Alliance ■■ N.C. Center for Nonprofits ■■ US Olympic Committee ■■ Frisco Family Services ■■ n4a ■■ YMCA of the USA ■■ Girl Scouts of Greater Atlanta, Inc. ■■ National MS Society ■■ YWCA USA