Good Governance Is Sound Risk Management
By Jennifer Chandler Hauge
Governance has been top-of-mind at the Nonprofit Risk Management Center of late. In Washington, DC, we’ve watched the governing board of “our nation’s museum,” the Smithsonian, re-organize its board, hold the CEO more accountable, and re-think the museum’s business strategies. This instance is one in a long line of headline-grabbing missteps by nonprofit boards that have stirred Congress to action.
Recently, the IRS has proposed new questions for the revised IRS Form 990 that specifically focus on governance issues, such as size and independence of the board, whether the organization has adopted policies that comply with Sarbanes Oxley, and whether board members participate in review of annual financial reports. Earlier this year, the IRS issued a discussion draft Good Governance Practices for 501(c)(3) Organizations.
Re-thinking how nonprofits govern themselves is not just a phenomenon in the nation’s capitol. Across the country, state associations of nonprofits are encouraging their members to voluntarily adopt “best practice” principles. In many museums, community foundations, voluntary health organizations, land trusts and international humanitarian organizations best practice standards are being promoted, either through voluntary adoption, or formal accreditation procedures — complete with peer review and, in some cases, sanctions for failure to demonstrate compliance with the standards.
The majority of nonprofits do not participate in formal accreditation programs or in voluntary self-regulation standards, leaving the definition of good governance to the determination of individual boards of directors. Boards generally want to do the right thing, but there is a growing concern that nonprofit boards are not engaged enough, and may not have the tools they need to implement the good governance practices that should guide their organizations.
That is why at the Nonprofit Risk Management Center, the focus this year is on helping nonprofits define good governance and identify best practices that are sound risk management strategies for their organizations.
So what does the Nonprofit Risk Management Center look for when we conduct an assessment of an organization’s governance practices? Here is an outline.
How much information flows to the board?
Too much? Not enough? An informed board is an engaged board, and an engaged board is more likely to support the organization financially and share its expertise with the organization.
An informed board is better armed to ask questions that can protect an organization from being derailed. Too often boards are left in the dark when an organization is faltering financially, which is exactly when the board needs to kick into high gear.
Some of the most notorious criticism of nonprofits’ conduct recently has arisen from the exposure of financial deals that enriched either a board member or a staff member, generally without the knowledge or consent of the majority of the board. Keeping the board informed of financial transactions with insiders is a basic risk management step that can protect an organization time and again.
Is the board governing itself effectively?
Size can impact an organization’s effectiveness. When a board is too large, decision making is unwieldy so there is a tendency for decision making to be delegated to a smaller group, which often disenfranchises the other board members. When a board is too small, the board may not bring enough resources of time, talent and treasure to the organization.
Similarly there may be too many committees for effective governance. Board committees may be duplicating staff’s work — or — staff may be doing all the work and board committees not used effectively.
Board meetings may be too long or held at inconvenient times, resulting in low attendance at board meetings.
The organization may be facing a void in future board leadership with no focus on succession planning or attracting new board members.
Are appropriate financial controls in place?
Some of the biggest exposures in the nonprofit sector arise from a fraud that is practiced over a number of years by a trusted employee. Boards ask, “What went wrong? Were we asleep at the wheel?”
More often than not fraud results from a board’s trusting, but not insisting on, procedural checks and balances being in place. Nevertheless, good governance is more than protecting an organization’s assets by patrolling for fraud. Investment policies, spending policies, policies requiring the documentation of transactions with related parties, and a disciplined budget review process are all important financial management practices that are reviewed during an audit of governance practices.
Board oversight of financial management policies is essential to discharging the board’s legal duty of care. A board that pays little attention to the financial health of the nonprofit (or places all of its trust in the finance committee or the CFO) cannot fulfill its fiduciary duty.
Is the organization vulnerable to employment practices claims?
Hiring and evaluating the performance of the chief staff leader of the organization is one of the most critical governance obligations of the board. In turn, the CEO/executive director has the responsibility of managing the paid and volunteer staff members that are the engine of the nonprofit.
In a governance review, the personnel practices are examined to identify whether the organization is consistently practicing what its policies preach and whether or not the board is following procedures that provide for effective communication and evaluation of the CEO/executive director.
Since serious IRS penalties can result from excessive or undocumented compensation to certain insiders, we review procedures for approving compensation and benefits for staff, and approving contracts for independent contractors and vendors.
Are board and staff sensitive to conflicts of interest?
Conflicts can be avoided most easily when the organization has a stated conflict of interest policy and annually canvasses the members of the board of directors and key administrative personnel to document potential conflicts. Awareness of the policy, of the obligation to disclose a conflict, and of the procedures that should be followed to manage each conflict are all critical risk management steps.
While most policies focus on conflicts of interest in financial terms, any duality of interest, whether arising from a personal or professional relationship, including board members who serve on the boards of other nonprofits, can jeopardize a nonprofit’s position among stakeholders.
Many board members are not aware of conflicting transactions with related parties because they are not disclosed or reported to the IRS, as required. Good governance includes not only having a policy to address conflicts, but also defining the types of conflicts that board members are expected to disclose.
Is the mission being fulfilled?
Board oversight is key to mission fulfillment. Board review can be invaluable to the staff—helping them view things in a new light and take a different perspective on key indicators and environmental shifts that will impact the organization and its programs for years. Board oversight can only be effective if all the organization’s systems are running smoothly and strong governance practices are in place.
Policies that protect your organization
One of the most important governance policies, arguably THE most important, is a conflict of interest policy. Conflicts of interest and related-party transactions are similar; however, there are distinctions that need to be recognized. The sample policy (page 5) defines conflict of interest broadly and also defines and requires the disclosure, documentation and reporting of related party transactions.
Where to Go From Here?
Effective governance requires accountability built on written policies, established procedures, education and adherence. Organization culture, history, size, resources and the personalities of the people around the board table all come into play in determining the ideal ingredients for effective governance.
The Nonprofit Risk Management Center advises each nonprofit to start somewhere and do what it can, when it can, but keep on keeping on. Divide and conquer. Take baby steps. Delegate. But bite off no more than what you can swallow. No matter which approach works for your board, start where the need is greatest to establish, shore up or polish your nonprofit board’s good governance. And call on us. We can be of assistance.