Your nonprofit organization may have great plans, but if you do not have a realistic awareness of your risks, those plans are merely hopes and dreams. Because of this simple truth, the first step in nonprofit risk management should be a risk inventory: a thorough identification of potential risks, threats, and opportunities facing the organization. This post and the one following will explain how. 


[This post is the third in our Lean Risk Management series. To find the others, look here for why nonprofits need risk management and the basic vocabulary of nonprofit risk management.]


What and Why

A risk inventory is a guided brainstorming exercise to spot potential positive and negative issues within your nonprofit and potential external forces that could impact performance. The benefits of a risk inventory can be substantial:

  • Clarity. In any organization with more than a few team members, no single person knows everything about the business. Since the risk inventory gathers viewpoints of many participants, it may provide senior management with insight into nonprofit challenges and opportunities that they may never have seen. Team members within an organization may also gain greater awareness of what others are working on, the challenges others face, and choices faced by senior management.
  • Dialogue and Consensus. The risk inventory process fosters a greater appreciation for different functions within the nonprofit. Team members may find unexpected consensus: many of them may list the same issues within the same functions as the greatest risks. Furthermore, where team members disagree about risks, a risk inventory creates a context for important conversations.
  • Commitment. By showing the joint effort needed to perform risk management, the risk inventory process can increase team commitment to a successful nonprofit risk process.
  • Ownership. Each team member who participates in the inventory process comes away with an increased sense of ownership in the nonprofit as a whole. The process improves employee engagement and helps team members think like leaders.
  • Small Investment, Big Payoff. Your first risk inventory should not be exhaustive. It is the initial step toward making risk identification a regular part of your operations. Most risk inventories should take no more than 40 minutes to an hour of individual work for each participant individually, plus 90 minutes to debrief the team on results.

How to Perform a Risk Inventory

     Look for Positive and Negative Risks

Keep in mind that risk simply means uncertainty. Risks can be negative or positive, and risk assessment involves both. We call negative risks “threats,” and positive risks “opportunities.” During your risk inventory, you should identify both threats and opportunities.

     Identify Your Participants

In small organizations, you may want to include the whole leadership team. (One-person teams might include volunteers, board members, or other stakeholders, to provide additional perspectives, but we advise trying to keep the initial inventory to staff alone when possible.)

In larger organizations, smaller teams typically work better on the first inventory. In a typical nonprofit, we suggest participation by the following personnel:

  • CEO/Executive Director,
  • Other C-Suite staff; and
  • One or two more junior staff.

An organization benefits from having at least one junior team member involved, because they may identify issues that have escaped the attention of senior staff.

     Evaluate All Areas of the Organization

Ask participants to identify threats and opportunities across all functions in the organization, rather than focusing solely on their own areas of expertise. Those outside a function often see threats and opportunities that insiders do not. As described in more detail later, we advise organizations to look at the following:

  • Internal functions (operations, finance, talent management, and IT);
  • External functions (reputation management (PR and marketing), end-user sales, and development);
  • Overarching functions (risk management, compliance, governance, planning and visioning, and diversity, equity, and inclusion); and
  • External context (outside circumstances that could impact the nonprofit).

     Simplify the Process

Instead of having the team search for every single threat and opportunity in each function, make the process more manageable. Ask each team member to identify three threats and one opportunity in each of the functional areas identified above. Have them answer the following questions for each area:

  • What are the top three threats that face the nonprofit in this functional area?
  • What is the top opportunity for improvement — that is, what change or new initiative would make a material positive impact in the next four months?

In the same manner, have participants identify the top three external issues (positive or negative) potentially confronting the nonprofit.

Have each participant perform their initial work independent from other team members. This helps generate a variety of issues for discussion rather than creating premature consensus that might ignore or hide important results.

Risk Alternatives can help you perform a risk inventory. For more information, contact us using this form or email us at the email address on that page. 


The risk inventory is the critical first step in nonprofit risk management. In our next post, we will describe what to do with the results. In our next post, we will discuss what to do with the results.

Nonprofits Build Strength Together (BeST)

Risk Alternatives sponsors and curates an online group for nonprofit leaders who want to build resilient organizations.

To stay informed about this group, called Nonprofits Build Strength Together (BeST), click the button below.