smithbucklin
smithbucklin
  • Home
  • Success Stories
  • Content By Topic
About Us | Contact Us | Search    
Advocacy
Board Management
Diversity, Equity, and Inclusion
Engagement
Events
Financial Management
Membership
Marketing
Non-Dues Revenue
Advocacy
Board Management
Diversity, Equity, and Inclusion
Engagement
Events
Financial Management
Membership
Marketing
Non-Dues Revenue
our perspectives

Questions Boards Should Ask About Risk Management

Questions Boards Should Ask About Risk Management

February 09, 2022

For an association, risk management is about making sure the organization is protected from occurrences that could prevent it from fulfilling its mission or cause financial hardship or loss in reputation. While it is staff’s job to determine exactly what those risks are, the board’s role is to make sure there are processes, protocols, policies, and internal controls in place to safeguard the assets of the association. After all, as fiduciaries for the association, the board is tasked with ensuring its long-term viability — and a key part of that is managing risk and anticipating the potential consequences of its decisions and actions. Nat Bartholomew, Principal in Charge, Associations and Membership Organizations, at CliftonLarsonAllen, says the board can help ensure the association is well-protected from risk by asking the right questions.

What are the risks?

To provide good oversight, boards need to know the types of risks the association is susceptible to. Risks generally fall into several different categories, explains Bartholomew. There are financial risks, which include risk to cash, investments, property, equipment, or other physical assets the association owns. The board, which oversees the association’s budget, has to make sure the organization is on sound financial footing. But it also must ensure that programs are all effectively serving members, and that the association’s mission and its biggest revenue generators, such as the annual meeting, are adequately protected.

There are also risks to the personal security of staff and volunteers, whether they are in the office, at a meeting, or traveling on behalf of the association. There are also risks to the association related to discrimination, harassment, ethics violations, conflicts of interest, or copyright or trademark violations, among others. Also, if staff morale is low, or membership numbers are dwindling, there are risks associated with staff, volunteer, and member retention.

In addition, there are risks from a natural disaster, emergency, or some other situation that threatens the day-to-day operation of the association or an off-site meeting or event. “If you’re in San Francisco and there's an earthquake; if you're in New Orleans and there's a flood; if you’re in Boston and there's a snowstorm — are you prepared?” said Bartholomew.

Further, there are risks to data, including membership information, intellectual property, and other important documents. At the same time, the association must follow data privacy regulations, such as GDPR, or they could be sued. “What would happen to your association’s good name if the credit card information for every member you had was compromised?” asked Bartholomew. That could lead to reputation risk — which might be negative media attention or a negative view of the association among members, partners, or the industry or community the association serves. That could certainly impact the future state of the organization.

These are just some of the most common types of risks, but certainly not all. For some associations, there could be the risk of new regulations that would hurt their constituency and create the need for costly lobbying or other advocacy. There could be the risk of being sued over something like an accreditation program if its standards are found to be negligent or faulty in some way. There are also risks in not complying with new state, federal, or local laws relating to the associations (e.g., tax reform, or the Affordable Care Act). There may also be risks to the association in not achieving its strategic objectives or keeping up with industry or demographic shifts. It’s imperative for boards to consult with management to make sure that all risks are identified.

Do we have the right protocols in place?

Once risks are identified, it’s necessary for boards to ensure that plans and processes are in place throughout the association to address them. For example, does the association have a business continuity plan in the event of an emergency? Are certain individuals trained in disaster preparedness? Does the association have a crisis management plan to protect attendees, staff, and vendors at meetings and other off-site functions? Does the association have a system or plan in place to protect data and handle cybersecurity? Is data adequately stored? Is it accessible to hackers and data breaches? What is the protocol if that information was lost or stolen?

Further, the board should examine if the association has a code of conduct or ethics policies in place for members, staff, and volunteers. Does the board have a conflict of interest policy? If the association faces media scrutiny, does the association have a communications or PR strategy? Are the association’s finances in good shape both now and into the future? Does the board regularly review the performance of the association’s programs to make sure they are meeting their strategic objectives? These are just some, but not all, of the areas that need to be reviewed.

Have we met our insurance needs?

Insurance is a big part of risk management. Most associations hold a variety of different policies, including general liability insurance, which protects the organization from slips and falls and other like scenarios. The organization should also have an automobile insurance policy for staff or volunteers when they use vehicles, even their own, for association business. Further, associations should consider both directors and officers insurance and professional liability insurance to cover volunteer leaders and staff, respectively, against lawsuits or workplace-related claims, like discrimination or sexual harassment. It’s also prudent to have a workers compensation insurance policy.

The board should also make sure the association has event cancellation insurance to protect large meetings in the event they need to be canceled due to storms, natural disasters, or other unforeseen forces. The board may even want to consider content liability insurance given that associations produce so much digital content. These are some of the more common types of insurance, and the board needs to determine if the association is adequately covered for the breadth of risks it faces.

Does the board have oversight processes in place?

The board should monitor and review the organization's risk management plans and processes regularly to make sure they are working effectively. Does the board have a process in place to provide that type of oversight? Is there a committee or task force assigned to oversee risk management and review processes? Is it something the board handles?

Also, the board should ask whether staff conducts periodic risk assessment or risk management analysis. “A risk management analysis will help the association identify where risks lie, prioritize them, and provide guidance on how to mitigate them,” explains Bartholomew. It may also reveal some risks that the association isn’t addressing. These assessments don’t have to be done every year, but they should be done regularly and reviewed by the board, Bartholomew adds. This, again, is the responsibility of management or the executive director, but it’s up to the board to make sure these oversight practices are in place.

The goal for any association should be to create a culture where risk management is routinely practiced by the board, staff, volunteers, members, and partners. That starts with effective board oversight and communicating the importance of risk management throughout the association. Ultimately, good risk management is essential for organizational growth. As billionaire investor Warren Buffett said, “Risk comes from not knowing what you’re doing.”

board finance revenue board members board of directors

Related articles

Six Attributes of Exceptional Board Members

Six Attributes of Exceptional Board Members

Want to make sure that your board members are best serving your association? Look for these six attributes found in exceptional board members.

READ MORE

Improving Board Accountability

Improving Board Accountability

Emphasizing accountability is key to improving board performance. Here are tips on how to bring board members into closer alignment to enhance performance.

READ MORE

Four Ways Board Members Can Avoid Burnout

Four Ways Board Members Can Avoid Burnout

Ensure the well-being and effectiveness of your organization's board of directors by implementing strategies that prevent burnout during busy and challenging times.

READ MORE

receive news and updates

Subscribe Now

CHICAGO 1.800.539.9740
330 N. Wabash Ave., Suite 2000
Chicago, IL 60611

WASHINGTON, D.C. 1.800.539.9740
2001 K Street, NW, 3rd Floor North
Washington, DC 20006
Visitor Entrance: Corner of L and 20th Street, NW

smithbucklin

CHICAGO 1.800.539.9740
330 N. Wabash Ave., Suite 2000
Chicago, IL 60611

WASHINGTON, D.C. 1.800.539.9740
2001 K Street, NW, 3rd Floor North
Washington, DC 20006
Corner of L and 20th Street, NW

Solutions | people | insights | careers
About Us | Contact Us | Media

© Smithbucklin
All Rights Reserved | Privacy Policy | Website Terms of Use

Login
Solutions
people
insights
careers
About Us
Contact Us
Media
Search