Peter Frerichs


Welcome! My name is Peter Frerichs, and I am a contract writer and consultant. I work across a range of industries, and I'm primarily centered on articles/blogs, B2C and B2B marketing collateral, proposals for non-profits, interviews, market research, and some occasional humor that I would be thrilled to do more of :) 

I hold a Master's degree in Public Administration/Public Policy from the University of Southern California and have overseas living and working experience in Latin America.

Rates are determined per project, and I always provide an initial skeleton/draft and even some sample writing for first-time clients (free of charge, of course).

I regularly blog at Drive/Run/Dishes Ruminations and be sure to check out Featured Work!

Subscribe
← Back to portfolio
Published on

Risk Management for Nonprofits

Risk Management for Nonprofits

The Revenue Act of 1917 allowed individuals to deduct charitable contributions for the first time in the country's history. Since that point the US nonprofit sector has grown at a steady clip. The notion of community service, supporting social endeavors, and essentially filling in where the private and public sectors have trouble traversing are US-centric values. This is a big reason why the US leads the world in charitable giving and is also the home to over one million nonprofits receiving and putting into action donor gifts annually.

In 2019, US charities registered $449.64 billion from American individuals, corporations, foundations, and bequests. Total giving was up 4.2% from 2018, and giving by corporations increased the most - 13.4%. According to the Independent Sector’s “Health of the U.S. Nonprofit Sector” report, there were 1,729,101 registered nonprofits in 2019, and the nonprofit economic contribution to US GDP was $1.2 trillion. These are inspiring numbers, and numbers that are on the rise, the tremendous hiccup of 2020 notwithstanding. Yet, as many of those employed by nonprofits can attest to, the inner workings of many nonprofits are not always the healthiest. In fact, for an uncomfortable percentage, they can be quite precarious.

The same Independent Sector report found four years ago a staggering 69% of nonprofits had just three months of cash to cover operating and programming expenses. Only half reached an operating surplus at the end of the fiscal year, and the other half either broke even or reported operating deficits. Again, to those on the inside, these aren’t novel findings. Nonprofits spend much of their time fundraising, some more so than what they spend in terms of money and human capital on programming. And while the situation from a budgetary perspective has always been a bit unsteady for many nonprofits, the pandemic and its disastrous effects have industry leaders, donors, and community partners in truly uncharted waters.

Peeling back the Onion

As reported in BBB Wise Giving Alliance’s “Special Report: COVID-19 and the Charitable Sector,” 80% of their surveyed nonprofits expect revenues to be lower than previously expected in 2020. Some estimates suggest up to 7% of nonprofits will be forced to close due to the pandemic, and while 7% might not sound like a lot, that’s 121,037 nonprofits. The average nonprofit employs approximately 6 to 10 individuals, so anywhere from 726,222 to 1,210,370 face potential unemployment. This isn’t to mention the millions of people who are direct recipients of these agencies and will undoubtedly suffer as a result of their closures.

Pre-pandemic, back in 2015, the Federation Employment Guidance Services (FEGS), a large New York-based nonprofit federation, closed its doors for good. With a $250 million budget, FEGS was a massive player in the city, serving roughly 120,000 individuals annually and employing nearly 2,000 people. The FEGS bankruptcy hit the sector like a ton of bricks. If a behemoth like FEGS could fail, no nonprofit was safe.

Post-bankruptcy the FEGS case was studied extensively. There were many underlying reasons for their failure, but perhaps the most relevant was their neglect in identifying risks (internally and externally) that the institution faced, and worse yet, a corresponding plan to mitigate them. On the structural side, nonprofits face a series of risks that have only been exacerbated with the pandemic. Many nonprofits receive the bulk of their funding via restricted grants or government funding. The arrival of both, but the latter in particular, is subject to unpredictable delays. This demands nonprofits have enough cash on hand to execute and deliver what the grant or funding is earmarked to cover prior to the money arriving in most circumstances.

A majority of nonprofits also provide labor-intensive, face-to-face services. Like the education sector, the costs of providing these services increase faster than inflation. Moreover, these services do not become more productive with the adoption of new technology. As such, it is difficult to trim costs at the margin by reducing the workforce. While machine learning and artificial intelligence can of course add (and do) tremendous value to the sector, they will not have the same cost-saving effect as in the banking, insurance, manufacturing, or health care arenas.

On the recruitment side, employing individuals with a passion to serve (as opposed to chasing a paycheck) has always been a challenge for nonprofits. There is a sizeable pool of talented people willing to earn less in exchange for being part of a philanthropic organization, but retaining them is difficult as is providing career development. And ultimately, most nonprofits operate in environments that are highly dynamic. Political priorities, the pervading fashionable causes of the moment, and a host of other ever-changing factors can make it difficult for some nonprofits to remain relevant.

Putting Risks to Paper

It should be clear at this point that running a nonprofit, no matter the size, without a risk management plan, is a recipe for impending disaster. Aside from the structural issues, at a more granular level, all nonprofits face risks to their corporate structure, governing documents, policies and policy manuals, tax-exempt status (and corresponding compliance), financial condition, insurance coverage, personnel (Human Resources), public relations, physical safety, and leadership succession, among others. It is common to key in on any of these areas and nitpick as to the difference between a risk and something completely uncertain or unexpected. Risks are identifiable, while uncertainties are issues that pop up unexpectedly. However, uncertainties can turn into risks, and the point of a risk management plan is to have a system in place that can control and provide a roadmap on how to address the things you can control as an institution.

For many nonprofit leaders and trustees, this isn’t ground-breaking news. They know risks exist, but because they are engaged in noble efforts, the need to run their business as if it was that - a private business - seems unnecessary. Nothing, however, could be farther from the truth. Risk management plans are integral for all three sectors, and their absence could lead to a FEGS turnout, something nobody desires.

So the million/billion/trillion dollar first question for any nonprofit is - when to start? A car begins depreciating the second you drive it off the lot. Any business, nonprofits included, begins taking on risks the second they are operational. Following this logic, a risk management plan should be one of the first things trustees or founders focus on, right? Well, not so fast. When nonprofits find themselves in a nascent phase, for example, the focus is on viability. The project needs to get off the ground, attract funding, and deliver results if it’s going to be viable. If trustees and founders are diverting too much of their attention to risk mitigation and management plans, the all-too-important ideation and creativity that need to take place for the nonprofit to get off the ground will be compromised.

Now, this isn’t to say there should be no talk of risk management to begin. In fact, an insurance policy will cover most of what could go wrong and is an appropriate first step prior to a full-fledged plan. Yet, once a nonprofit reaches the end of that start-up phase, several things will occur. First, retaining and continuing to attract high-quality donors will be a priority, and this will require regular audits. Second, the Board will move (not all do, but they should) from being a working Board to a strategic/governance Board, and policies and procedures will be formalized.

It is at this point that a risk management plan is vital for five, fundamental reasons. First, a nonprofit, or any company for that matter, can only understand their priorities if they also understand the risks they face as an organization. Second, planning (short and long-term) is a priority, primarily led by the organization’s strategic plan. A good strategic plan is not complete without the all-incumbent SWOT analysis (Strengths, Weaknesses, Opportunities, and Threats). Identifying those risks that coincide with weaknesses and threats is integral and will complement the risk management plan.

Third, donors who begin to become year-on-year supporters will be more and more interested in the effective performance of the nonprofit. No donor is pleased upon discovering that their gift went to an organization that closed shop because it couldn’t manage itself and mitigate risks. A risk management plan helps nonprofits understand the challenges that could negatively affect the solvency of the institution. Fourth, the goal of all organizations is to be sustainable over time. In the early years, nonprofits are focused squarely on the services they provide to their current users or clients. However, during this growth phase, how said resources will be available for future clients becomes part of the overall planning process, and a risk management plan helps to put this into context.

And finally, we return to insurance. As the insurance policy was initially implemented to cover unexpected issues, insurance simply shifts the impact of risks to a third party. It does not, nor cannot, provide early warnings or response mechanisms for those threats that emerge along the way. The only document that can do this is a risk management plan.

The Plan

Developing a plan begins with understanding the current context of the organization. The Board and staff will need to bring together the operational and strategic plans, coupled with the mission and value statements and the “Case for Support” (should this be defined) to assess what the organization stands for and what it ultimately seeks to accomplish. This conversation will help to frame the shared priorities of the nonprofit’s principal stakeholders.

Most nonprofits are made up of three functional areas: internal, external, and overarching. The internal area is typically comprised of Operations, IT, and Finances among others. External could be Sales, Development, and Marketing, while overarching is Governance and Compliance. A functional risk management plan first requires a risk inventory. This is where the nonprofit surveys the threats and opportunities across these three functional areas. A well-crafted risk inventory involves a range of folks. Best practice suggests a senior staff member, one or more employees at an entry or middle-management level, a Board member, and even a relevant stakeholder (a donor or member of a partner agency). The inclusion of the entry or middle-level employee helps the senior staff member and the Board member avoid tunnel vision or groupthink, and the donor and/or outside partner tend to provide insight that an insider might not consider.

After the risks have been identified, it is then time to rank and own them. Not all risks are the same. Some are understandably much more important than others, which is why a simple ranking process (1 to 4) is imperative. In line with the ranking, however, is assigning “ownership” to each risk. Without an owner, a risk remains a threat without a pre-defined response. Most owners are departments and not individual people. However, if the nonprofit is small, and the Marketing department is one person handling marketing and communications duties, then any risk aligned with that department will invariably be the responsibility of that person. If this is the case, assigning a Board member to monitor those risks associated with Marketing, in this instance, is recommended. A resulting “risk register” will house the identified risks, their level of importance, and their owners. This register then becomes a regular agenda item in staff meetings moving forward.

Lastly, it is imperative to communicate to all involved in this process that while the creation of a risk management plan can occur quickly, widespread adoption and institutional acceptance will take time. Timelines and goals need to be set along with milestones to measure progress. While the risks and their respective owners will be addressed weekly, training staff and the Board on how to think about mitigating risks moving forward is where the real work lies.

The Role of Funders

In the early 2000s, the William and Flora Hewlett Foundation began holding their annual “Worst Grant Contest.” At the time, then-President Paul Brest sought to be more open surrounding failure and wanted to create spaces to generate discussion around the foundation’s mistakes. Nobody was ever fired, as it is common knowledge in large foundations like Hewlett that poor-performing grantees will invariably occur. However, what was noticeable for Brest was when the worst grant was named and subsequently discussed, much of the discussion centered on all of the things the grantee did wrong - financial difficulties, leadership challenges, etc. Over time, Hewlett and other large grant-making institutions began to openly wonder whether all the blame was mistakenly one-sided. Perhaps there is a greater role funders can play when it comes to granting money, and in 2021, funders are perhaps the most involved in the nonprofits they support than ever before.

The “Worst Grant Contest” was later named the “Worst Strategy Contest” as Hewlett concluded that poor funding strategies (on both the nonprofit and the funder’s side) was more aligned with the truth. Today, many large Requests for Proposals (RFPs) incorporate risk management in the application process. Potential funders are asking nonprofits to address a number of risks that they as a foundation face in the event money is awarded and a relationship formed. The first risk is financial - losing money. Funders grant money to achieve impact. The pervading question that must always be answered is, “how much money is a foundation willing to risk to achieve impact?” This question is being examined with an increasingly critical eye in 2021.

The second is the reputational risk to the foundation. As history has shown us, granting money to a nonprofit can come back to bite the funder if said nonprofit either does not deliver on its proposal or engages in activities that disparage the funder’s reputation. Every funder has a different appetite for reputational risk, but like financial risk, that appetite is becoming more restricted as time passes.

Foundations have not only incorporated risk management into RFPs, mandating that applicants address these two critical risks, but they are also playing an active role in helping applicants budget for contingency funding. Whereas in the past, a contingency budget line item was an arbitrary percentage to cover “miscellaneous costs,” foundations now spend countless hours examining grantee finances to determine just how large a contingency fund will be needed for a project. Long gone are the days of grantors covering over-budget expenses. Funders are trying to mitigate risks with a more shared, strategic approach to grant-making as opposed to the antiquated paternalistic model.

Moving Forward

While phrases like “black-swan” events have been thrown around to describe our latest pandemic, any major disruption in the US (and world) economy will invariably put nonprofits in difficult positions. Every nonprofit needs funds to survive and fundraising is the first item to take a hit when the economy suffers. But a sound risk management plan will take into account disruptive events and naturally put the tools and procedures in place to address them before a shock should occur. Running a nonprofit is noble work, but just because its goal isn’t to make a profit doesn’t mean it isn’t subject to the same market and social conditions as everyone else.

Subscribe to get sent a digest of new articles by Peter Frerichs

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

One-click unsubscribe anytime, your email will not be used for anything else.