While corporations see risk assessments as a business imperative, nonprofits unfortunately don't always take the same approach, as Joshua Mintz points out in his article, "Risky Business: Why All Nonprofits Should Periodically Assess Their Risk," in Nonprofit Quarterly.
Mintz discusses why nonprofits should assess their risk, and offers some tips and best practices to help get that ball rolling.
He groups risks faced by nonprofits into several broad categories: Internal or external fraud; misuse of assets; inadequate monitoring or understanding of investments; incomplete, unreliable or improperly reported information; damage to reputation caused by a variety of potential factors; violation of legal requirements; and government investigations or audits.
He also offers a four-step process for a nonprofit risk assessment, which, not suprisingly, is similar to templates I've seen used for corporate risk assessments:
-Talk to other staff
-Rate the risk to assess likelihood and severity of impact
-Take steps to address or mitigate risk
Mintz's conclusion can be distilled to one sentence: "An ad hoc approach to risk assessment is almost always doomed to failure."
That's true no matter what kind of organization you work for.