Nonprofits Need Their Foundational Risk Management Elements – the FRaMEs

From training nonprofits around the nation, we know that most nonprofits don’t yet have formal risk management programs. We also know, however, that most nonprofits use at least some forms of risk management every day. In training, we refer to these elements as foundational risk management elements (FRaMEs). If you are like most nonprofits, you probably use some of these FRaMEs, but you may be interested in whether you have them all and whether you are getting full value out of each tool. To help, we plan to dedicate a series of articles to break these elements down to help you improve your operations and resiliency.

As background, we have shared substantial information about making the risk management process an embedded part of your nonprofit’s culture. Performing a risk inventory, creating a risk register, and developing a risk cycle help ensure long term health for your organization. But we have to begin with the FRaMEs.

So what are these FRaMEs? They include the following:

Official Documents and Policies:
  • Articles of Incorporation
  • Bylaws
  • Ethics policy signed by all employees
  • Whistleblower policy
  • Conflict of interest policy
  • Sexual harassment prevention policy
Core Procedural Documents:
  • Employee handbook
  • Written job descriptions and segregation of job duties
  • Policy and procedure manuals
Core Planning Documents:
  • Strategic planning process
  • Advocacy plan
  • Annual operating plan
Core Metrics:
  • Key performance indicators
  • Key risk indicators
“Smooth Sailing” Documents:
  • Executive succession/transition plan
  • Crisis communication plan
  • Business continuity plan
Feedback Mechanisms and Records:
  • Customer feedback mechanisms
  • Employee feedback mechanisms
  • Complaint log
  • Incident log
IT Safeguards:
  • Periodic IT check-up
  • Data security backup and recovery plan; and finally,

As indicated by the groupings above, some of these elements can be associated with one another. For that reason, we’ll discuss them in those groups over upcoming posts.

If you don’t recognize many of the listed tools, don’t worry. Your organization may refer to them by a different name or may use a similar tool that aims to address the same issue. If you see elements you don’t have, you can target those for internal adoption.

In our next post, we’ll discuss the first six items on the list, as they are foundational, official documents that set healthy parameters for healthy organizations.

Curious and don’t want to wait for the next article to be posted? Drop us a line at info@riskalts.com or use the form on our CONNECT page and we will reach out.


Because we care about nonprofit risks, we provide blog posts like this one to help nonprofits thrive.