RA vertical color logo

In our prior post, we noted that nonprofits need risk management processes. But what does that mean? Many organizations aren’t sure.

This post provides the answer.

What does “nonprofit risk management” mean?

In contemporary risk management, “risk” is not a bad thing. Risk merely means uncertainty. Risk is an acknowledgment that we don’t know for sure what will happen next. Every nonprofit faces potential risk.

Risks can be positive or negative. Negative risks are called threats. A threat is an uncertainty, the outcome of which would be harmful. Positive risks are called opportunities. Opportunities are uncertainties (potential new initiatives, new ways of doing things), the outcome of which may be beneficial.

A risk management process, then, is a way of dealing with threats and opportunities as a regular part of your operations. Specifically, a risk management process is a defined commitment to regularly identify risks, prioritize them, respond to them, and assess and improve your performance over time.

What are the basic tools of nonprofit risk management?

Risk management may seem complex. It’s not – at least as not as we train people using a proprietary approach we call Lean Risk Management™. The essence of Lean Risk Management™ is simplicity, incrementalism, and scalability. By applying a number of simple practices, you can develop a robust risk management process that empowers and gives voice to your team. You can build an approach that is authentic to your nonprofit’s mission and values. And you can build a risk management approach that scales with you, so that you can spread the benefits of a risk-aware culture more fully up and down throughout your organization over time, reaping the substantial benefits of resilience, sustainability, clarity, and peace of mind.

In other words, risk management doesn’t have to be an “add-on” or burden on your nonprofit resources. With Lean Risk Management™, it is instead a driver of engagement and productive cultural change.

An effective Lean Risk Management™ process uses three basic tools:

  1. Risk Inventory
  2. Risk Register
  3. Risk Cycle
Functional areas of a nonprofit

Risk Inventory

  • Guided identification of threats and opportunities in every function of your organization
  • Drives awareness

Risk Register

  • Prioritized “punch list” of your highest value risks
  • Identifies threat or opportunity, priority, owner (responsible party), next step, and due date
  • Dynamic – changes as your nonprofit addresses risks, adds more risks, takes items off the register
  • Drives focus
Example of a Risk Register
risk cycle

Risk Cycle

  • Regular process of identifying, prioritizing, and responding to risks, assessing, and improving, and doing it over again
  • Drives improvement


With the risk inventory, you look for threats and opportunities throughout your organization. Using a risk register, you prioritize those risks and assign specific people in your organization to lead your responses. And by creating a risk cycle, you develop a routine of doing this over and over again.

If you do that, your nonprofit has a dramatically better chance of thriving — no matter what the future holds.


Risk Alternatives sponsors and curates an online group for nonprofit leaders who want to build resilient organizations. To stay informed about this group, called Nonprofits Build Strength Together (BeST), visit www.riskalts.com/nonprofits-best/.