Any new initiative involves costs and commitments. Risk management is no different. At what point, then, is it advisable for a nonprofit to implement a risk management process? This post answers that question.

Stages of Nonprofit Growth

A nonprofit’s growth can be roughly divided into five stages:

Idea – Someone, or a small group, decides something should be done about an issue. They test whether there is a viable way to attract donors and provide end-user services.

Startup – The founder or founders incorporate, seek tax exemption, and provide regular services, honing those services into standard offerings.

Growth – The nonprofit takes hold in a community, and demand for services exceeds the organization’s current capacity.

Maturity – The nonprofit achieves stability beyond the founding team or individual.

Regeneration – Having faced one or more challenges, the nonprofit commits to a new path.

In the “Idea” and “Startup” Phases, Focus on Proof of Concept

Risk management processes are not cost-effective at the idea and startup stages of nonprofit development. During those stages, the founders must focus on viability. Early nonprofits tend to be trying out many different ways of providing service to their target populations. They may be seeking to identify those target populations in the first place. They will be seeking early-stage donors, board members, and volunteers. They will have fits and starts.

During these early stages, “risk management” should likely begin and end with insurance. As explained in later posts, insurance can shift some of the effects of downside risks to a third party, in exchange for insurance premiums. While not a complete substitute for more holistic risk management, insurance can provide a safety net for many potential exposures, like personal injury or theft. In the early stages of nonprofit growth, that may suffice. Thus, for an early-stage nonprofit, your best friend for risk management is a reputable insurance broker, who can discuss necessary coverages and provide you with a safety net.

There is one proviso to this advice, however. Even if a nonprofit doesn’t need to implement an entire risk management process at the startup stage, it may benefit from performing a risk inventory, which identifies threats and opportunities throughout the organization. This step can be done on your own or with facilitation, for low cost. A well-executed risk inventory can provide a context for crucial conversations about how the organization sets the stage for future growth.


Transition from “Startup” to Early “Growth” Stage – Ripe Time for Developing a Risk Management Process

Toward the end of the startup phase , nonprofits reach distinct milestones. They begin submitting to regular independent audits. They may engage in strategic planning. They face the challenges of developing a strong board of directors, including expanding the board’s skill set and reinforcing governance structure. They also begin formalizing job responsibilities and adopting regular policies and procedures throughout the organization. At this juncture, which marks a transition from startup to the growth phase,* a risk management process becomes essential for three reasons:

1. Process must supplement personal connection within the organization. As the organization becomes more established and more complex, it becomes harder for senior personnel and board members to determine the most important issues facing the organization. Leadership becomes distanced from daily interaction with service recipients. Senior staff cannot oversee every interaction by every employee. As a result, leadership loses its direct line of sight in determining the nonprofit’s most important threats and opportunities. In these circumstances, it becomes necessary to impose a process on the organization to identify and deal with risks as a matter of routine.

2. Growth demands stability and accountability. During the transition from startup to growth, the nonprofit must signal to its community that it intends to become an established and reliable part of the community infrastructure. The nonprofit needs donors to trust that it is exercising effective stewardship over funding resources. It must attract, retain, and develop qualified personnel. Risk management is a critical component of building and maintaining trust. Thus, a nonprofit entering a growth phase needs to ensure that it has meaningful operational controls in place, including risk management.

3. A more holistic vision is necessary as the organization charts a way forward. Rather than focusing only on financial viability and the current end users of its offerings, a nonprofit entering the growth stage needs to address a broader variety of potential stakeholders:

  • Are we protecting future service recipients by developing resilience and sustainability?
  • Are we exploring the needs and desires of our future funders, so that we can better meet their interests in advancing social causes?
  • Are we protecting the reputations of our board members, who volunteer their time and good names?
  • Have we created a safe and constructive work environment for our current and future employees, so that they are energized to provide services to our clientele?
  • Do we adequately train, supervise, and energize our volunteers?
  • Are we prepared to meet the emerging needs of our community by engaging with other organizations serving similar interests and participating in discussions about broader community priorities?

An effective risk management process directs the organization to think holistically about its multiple functions and these multiple stakeholders.


Mid-“Growth,” “Maturity,” and “Regeneration” – Better Late Than Never

Because risk management is an emerging best practice in nonprofits, many readers of this series will work with organizations that do not have risk management programs but are already well within the “growth” phase or have reached “maturity.” For these organizations, the prescription is clear: don’t panic, but you are overdue to begin risk management. Follow this series to learn how to implement risk management in a cost-effective, phased approach that allows you to test the process each step of the way.

Other readers of this series will be affiliated with organizations facing the need for “regeneration” and don’t have risk management processes in place. Organizations often do not think about risk management until they have faced a near-death experience: an embezzlement, harassment allegations, a painful employee lawsuit, some significant harm involving a service recipient, a board meltdown because of internal disagreements, crippling competition from some other provider of core services, or some other public humiliation that fundamentally undermined the organization’s reputation. Risk management in such cases becomes a critical aspect of recovery and renewal.

* * *

In short, risk management is critical to nonprofit success, but timing is everything. As the nonprofit transitions from startup to growth, it should seriously consider setting aside resources to develop an agile and effective risk management process. If it hasn’t done so and recognizes that now, it should take meaningful, measured steps to begin adopting that process according to a reasonable timetable. (We will address that in our next post.)


* Determining whether a nonprofit is transitioning from start up growth is not always clear. Furthermore, an organization may at times be at slightly different stages respect to different functions within the nonprofit. One tool we recommend is the “nonprofit life stage assessment” in Judith Sharken Simon’s The Five Life Stages of Nonprofit Organizations, which provides an 8-page questionnaire to assess a nonprofit across governance, staff leadership, financing, administrative systems, staffing, products and services, and marketing. (Simon 2001.)