No one wants to be surprised by a risk that suddenly becomes real. The risk landscape is constantly changing for not-for-profit organizations, so we set out to learn more about hot topics in risk management to help guide your 2020 risk planning.
Our team gathered feedback about current risk management approaches and challenges for not-for-profit leaders. One group we polled at a higher education risk management conference last fall (full results of that poll are available here). We also asked for input with a survey we distributed electronically between November and December 2019 to our not-for-profit contacts.
Some of the issues noted in results are long-standing priorities, and of course, new risks are always emerging. Data breaches, health threats like coronavirus, and severe weather events, highlight the need for a fresh look at risk strategies and budget allocation.
Risk Management Gaps
Not-for-profit leaders are focused on ways to bridge skills and technology gaps, and strengthen monitoring and assessment tools. Respondents to our electronic survey identified several strategies they are using to monitor and evaluate risks, including assessments, dashboards reflecting key performance indicators, industry-recognized risk frameworks, and internal audits and governance.
Higher Education Insights
At the higher education risk management conference last fall, respondents shared some additional insight into their current risk management approach. One attendee said its organization cannot prevent risks; the organization is just simply managing them. Another noted its organization was trying to hire the right resources to assist with the risk management approach.
The top risks identified in our surveys included a mix of internal and external threats. Higher education conference respondents named data and cybersecurity as a top risk. Other significant risks for higher education conference respondents included: regulatory compliance, privacy, and construction costs. Risk management was also identified as a top risk for higher education leaders, highlighting concerns about coverage gaps. Respondents to our electronic survey similarly identified data and cybersecurity as the top risk followed by business continuity and disaster recovery.
Though not at the top of the threat list, respondents of our electronic survey listed skilled employees as a top risk. This isn’t unique to our survey population; according to the 2019 Nonprofit Leadership Impact Study, 54% of not-for-profits struggle with finding enough resources and 35% struggle with staff turnover.
Innovation, competition, market share, cash flow, and cost over-runs were also cited by our electronic survey respondents as top risks.
Risk Management Obstacles
Cost, personnel, and knowledge top the list of risk management obstacles for the organizations with which we communicated. This appears to be an industry-wide trend. Not-for-profit employee turnover averaged more than 12% last year, according to the 2019 Nonprofit Organizations Salary & Benefits Report.
Opportunities for Risk Management Improvement
Technology continues to be a source of both opportunity and risk for not-for-profit organizations. When higher education leaders were asked about opportunities to improve their risk management, nearly half said information technology and security improvements were high priority, followed by internal audit and compliance.
The top potential improvements identified on the electronic survey were education, strategic internal audit objectives, and benchmarking and risk management consulting.
Areas of Interest
Higher education respondents’ top interest was data analytics, followed by cybersecurity laws, and industry trends.
For our electronic survey participants, cybersecurity was the top interest area, followed by data analytics, internal audit developments, AI and expanding technology, industry trends, and fraud.
Interestingly enough, no respondents in either survey chose weather as a top concern even though severe weather events are increasing in frequency.
Not-for-profits are always looking for ways to better integrate risk management and strategic planning. By linking these processes, threat and opportunity assessments can be prioritized together, and resources allocated based on overall impact to the organizational goals.
As your organization continues risk management planning for 2020, we hope this feedback from peer organizations is helpful. Whether you are considering new staff to address risk management gaps, implementing technology to improve assessment and monitoring, or considering consulting services to address priority concerns, we’re here to help. Contact us for more information.
Published on February 27, 2020