Governance and risk management—two of the biggest concerns in the nonprofit sector right now, according to "Managing Risk in a Riskier World," a study of top nonprofit executives by accounting, tax and advisory firm CohnReznick. The 38-question survey was conducted over an eight-week period and focused primarily on governance and risk-management policies at nonprofit organizations.
Some notable findings from the survey:
- While 87 percent of organizations reported that they have certain key governance initiatives in place, only 30 percent of survey respondents said that their organization has conducted an enterprise-risk-management assessment.
- Eighty-four percent of respondents said they had a written whistleblower policy in place.
- Four and 7 percent, respectively, of the organizations said that they have a risk or IT committee set up to deal specifically with cybersecurity risks.
But one of the biggest takeaways is that cybersecurity is generally of little concern for the nonprofit organizations surveyed. A quarter of respondents considered cybersecurity to be among their organization’s top three risks. And about 60 percent of respondents stated that either their finance or executive committee is in charge of monitoring IT, rather than a dedicated risk-management team.
To deal with this issue, CohnReznick suggested dedicating a separate committee on the board of directors to overseeing risk management. In addition, the group advises nonprofits to consider conducting several critical assessments in conjunction with their overall governance practices. These could include assessments of the organization’s risk-management and cybersecurity policies and procedures, along with a self-assessment of the board at least every three years.
Download the full survey to learn more.