Your nonprofit may have great plans, but if you do not have a realistic awareness of your risks, those plans are merely hopes and dreams. Because of this simple truth, the first step in nonprofit risk management should be a risk inventory:  a thorough identification of threats and opportunities facing the organization. This post and the one following will explain how.

The What and Why

In brief, a risk inventory is a guided brainstorming exercise to spot potential positive and negative issues within your nonprofit and potential external forces that could impact performance. The benefits of a risk inventory can be substantial:

  • Clarity. In any organization with more than a few team members, no single person knows everything about the business. Since the risk inventory gathers viewpoints of many participants, it may provide senior management with insight into challenges and opportunities that they may never have seen. Team members within an organization may also gain greater awareness of what others are working on, the challenges others face, and choices faced by senior management.
  • Dialogue and Consensus. The risk inventory process fosters a greater appreciation for different functions within the nonprofit. Team members may find unexpected consensus: many of them may list the same issues within the same functions as the greatest risks. Furthermore, where team members disagree about risks, a risk inventory creates a context for important conversations.
  • Commitment. By showing the joint effort needed to perform risk management, the risk inventory process can increase team commitment to a successful nonprofit risk management process.
  • Ownership. Each team member who participates in the inventory process comes away with an increased sense of ownership in the nonprofit as a whole. The process improves employee engagement and helps team members think like leaders.
  • Small Investment, Big Payoff. Your first risk inventory should not be exhaustive. It is the initial step toward making risk identification a regular part of your operations. Most risk inventories should take no more than 40 minutes to an hour of individual work for each participant individually, plus 90 minutes to debrief the team on results.

How to Perform a Risk Inventory


Look for Positive and Negative Risks

Keep in mind that risk simply means uncertainty. Risks can be negative or positive, and risk management involves both. We call negative risks “threats,” and positive risks “opportunities.” During your risk inventory, you should identify both threats and opportunities.


Identify Your Participants

In small organizations, you may want to include the whole leadership team. In larger organizations, smaller teams typically work better. In a typical nonprofit, we suggest participation by the following personnel:


  • CEO/Executive Director,
  • Other C-Suite staff; and
  • One or two more junior staff.

An organization benefits from having at least one junior team member involved, because they may identify issues that have escaped the attention of senior staff.


Evaluate All Areas of the Organization

Ask participants to identify threats and opportunities across all functions in the organization, rather than focusing solely on their own areas of expertise. Outsiders often see threats and opportunities that insiders do not. As described in more detail later, we advise organizations to look at the following:


  • Internal functions (operations, finance, talent management, and IT);
  • External functions (reputation management (PR and marketing), end-user sales, and development);
  • Overarching functions (risk management, compliance, governance, and planning and visioning); and
  • External context (outside circumstances that could impact the nonprofit).


Simplify the Process

Instead of having the team search for every single threat and opportunity in each function, make the process more manageable. Ask each team member to identify three threats and one opportunity in each of the functional areas identified above. Have them answer the following questions for each area:


  1. What are the top three threats that face the nonprofit in this functional area?
  2. What is the top opportunity for improvement — that is, what change or new initiative would make a material positive impact in the next four months?

In the same manner, have participants identify the top three external issues (positive or negative) potentially confronting the nonprofit.

Have each participant perform their initial work independent from other team members. This helps generate a variety of issues for discussion rather than creating premature consensus that might ignore or hide important results.



The risk inventory is the critical first step in nonprofit risk management. In our next post, we will describe what to do with the results. In our next post, we will discuss what to do with the results.