Fillable Printable Basic Risk Management Plan
Fillable Printable Basic Risk Management Plan
Basic Risk Management Plan
Nonprofit Risk Management Plan
This SAMPLE Risk Management Plan was drafted based on recommendations shared in a board
retreat for a real nonprofit. The plan was drafted with the help of a software tool called: “My Risk
Management Plan” that is available from the Nonprofit Risk Management Center.
Risk Management Plan for NONPROFIT
Risk Management Philosophy
NONPROFIT aspires to operate in a way that protects the health, safety and security of clients, staff
members and volunteers while lifting up the organization's mission and safeguarding assets needed
for mission-critical programs and activities.
Risk Management Goals
The safety of personnel receiving or engaged in delivering services sponsored by NONPROFIT shall at
all times be regarded as a top priority and this emphasis shall be communicated throughout the
organization in order to ensure its understanding.
General Safety Principles
The safety of personnel receiving or engaged in delivering services sponsored by NONPROFIT shall at
all times be regarded as a top priority and this emphasis shall be communicated throughout the
organization in order to ensure its understanding.
organization in the identification of risks and creation of practical strategies in order to make certain
that the organization's approach to risk management considers diverse perspectives and that staff
understand their responsibility to protect the confidentiality of our clients, the safety and security of
our facilities, the integrity our reputation, the preservation and future growth of assets as well as the
fulfillment of our mission.
Responsibility for Risk Management
Board of Directors
• Sets risk management goals, adopts annual operating objectives and budget with risk
management included.
• Adopts annual capital budget with risk management in mind.
• Reviews operational reports to determine compliance and future priorities.
• Ensures compliance with policies and standards imposed by national organization or accrediting
organization.
• Adopts and establishes policies and standards.
• Reviews the organization's insurance program periodically.
• Reviews the organization's risk management plan annually.
NONPROFIT seeks to involve appropriate personnel, whether board or staff, at all levels of the
2
Executive Director or CEO
• Assigns staff to design and carry out safety and risk management activities.
• Assigns staff to perform annual review of the safety and risk management activities.
• Executes contracts for the organization.
• Keeps the board apprised of emerging threats and opportunities facing the organization.
[Need to identify additional staff positions that will have responsibility and accountability for various
risk management goals.]
Risk Management Committee
• Champions organization-wide effort to protect the vital assets of NONPROFIT and engage key
stakeholders in risk management activities.
• Convenes periodically to review the agency's priority risks and corresponding risk management
strategies.
• Oversees the development, implementation and monitoring of loss prevention programs.
• Oversees the purchase of insurance for the organization.
• Evaluates the insurance program.
Governance Structure
Articles of Incorporation
NONPROFIT was incorporated in the State/Commonwealth of [state] on [month, day, year]. The
articles of incorporation were last reviewed by legal counsel in [month, year] to ensure compliance
with state laws. We have maintained our corporate status by filing with the state as required by law.
The date of our last filing was [month, day, year]. Board representatives reviewed the articles for
compliance with the current mission and purpose of the organization in [month, year]. The Board and
legal counsel will review the articles of incorporation every [number] years to maintain its currency
and legality.
The original articles of incorporation are stored [storage location name, address] An authenticated
copy of the articles are stored [storage location name, address].
Bylaws
The bylaws were originally filed and approved by the State of [state] on [month, day, year]. Board
representatives reviewed the bylaws to determine the need for any revisions and if necessary
followed the proper amendment process in [month, year]. All amendments were filed with the state
and the last filing was made on [month day, year]. The bylaws were reviewed by legal counsel in
[month year] to ensure compliance with federal, state and local laws. The Board will review the
bylaws annually and propose amendments as needed. Every member of the board receives a current
copy of the bylaws when they join the board and whenever the bylaws are amended.
The original bylaws as approved by the state and any amendments are stored [storage location
name, address]. An authenticated copy of the bylaws and amendments are stored [storage location
name, address].
Indemnification
Legal counsel reviewed the indemnification provision for compliance with state law on [month day,
year]. The indemnification provision is funded by a Directors' & Officers' liability insurance policy
underwritten by [insurance company] under [policy number] with a term of [policy dates]. The policy
limit of liability is [limit] with a deductible of [amount of deductible or retention].
3
Conflict of Interest Policy
The conflict of interest policy was adopted by the board on [month day, year]. Every year each board
member completes and signs a disclosure statement declaring any known conflicts and agreeing to
comply with the policy. These annual statements are gathered in [month] of each year.
Board Operations
[Insert here a description of the current status of a board orientation manual or the aspirational goal
that NONPROFIT will develop such a manual. Example: "NONPROFIT has adopted a Board Manual
containing the key policies and expectations of the board. The Manual is reviewed [every two years]
by [the Executive Committee of the board] and updates are made on an as-needed basis.
Board Orientation
To ensure that the members of the Board of NONPROFIT are properly trained and prepared for their
service, the organization conducts a board orientation training for all board members on an annual
basis. The experienced board members will share their insights and coach the new members in
fulfilling their board duties.
Board Development
The board of NONPROFIT is dedicated to improving the skill and knowledge of its members by
continually educating the members on the legal, financial, and operational aspects of governing a
nonprofit organization. The board will allocate time during the year to increase its governance
knowledge.
Board Assessment
To become a more effective board, the board members of NONPROFIT will conduct a board self-
assessment at least once every three years. The board will use the self-assessment as a tool to
improve its performance and energize the organization to achieve its mission.
Board Recruitment and Nomination
NONPROFIT strives to have a diverse and qualified board with people who bring the skills, qualities,
and expertise needed to lead and govern the organization in accomplishing its mission.
Board Minutes
Include here a description of how NONPROFIT maintains important corporate records of board and
committee action. Example: " NONPROFIT recognizes the importance of recording accurate and
contemporaneous minutes of board meetings and minutes of committees that are authorized to act
on the board's behalf, and each board member is aware of his/her responsibility for ensuring the
accuracy of the minutes."
"The minutes are maintained [in a safe location] in a separate binder to preserve their integrity."
or
"The minutes are stored with other corporate documents in a safe location to protect them from
harm or loss."
[Reference to a document retention plan and its mandate to maintain documents such as the
articles of incorporation, IRS Determination letter and board meeting minutes into perpetuity would
be appropriate here.]
Risk Financing Strategy
4
Add appropriate language here that describes the philosophy and accountability for the insurance
program at NONPROFIT:
Example: "To safeguard the assets and resources of NONPROFIT, the organization will purchase
insurance for those insurable risks of major importance to mission-critical operations and the
financial health of the organization. It is the executive director's responsibility to oversee the
organization's insurance program and provide an annual insurance report to the board."
Human Resources
Written Employment Policies
NONPROFIT believes that written employment policies are an essential risk management tool. The
organization has compiled its key employment policies in a document titled [name of employee
handbook or manual].
Communications Regarding Employment Policies
Describe the manner in which employees at NONPROFIT are informed about personnel policies:
Examples:
"All new policies are communicated in writing to staff through the use of memos and other
appropriate policy documents. In addition, new policies are incorporated in the policy manual when
that manual is updated periodically."
or
"Each time a new employment policy is adopted the employee handbook is re-issued and distributed
to staff. Staff members are required to sign an acknowledgement that is maintained in their
personnel file, indicating that they received and agree to adhere to the new policy(ies)."
or
"New policies are communicated verbally and in writing to employees. Staff are also required to
confirm their understanding of and willingness to abide by any new policies."
Insert here NONPROFIT 's policy concerning the review and updating of your key employment
policies.
For example, " NONPROFIT reviews and updates its Employee Handbook every two years in order to
ensure that policies remain suitable for the organization and in compliance with state and federal
employment laws. The organization obtains assistance from an employment attorney in this effort."
Describe the use of job descriptions by NONPROFIT:
Example: " NONPROFIT has developed job descriptions for all paid [and volunteer] positions in the
organization. These documents are finalized before the recruitment process begins and used during
interviews with prospective candidates to inquire whether the candidate is able to perform all the
duties listed. The positions' essential functions are listed. Each position description for paid staff
also includes the classification of the position as either "exempt" or "non-exempt."
or
"NONPROFIT uses job descriptions for both paid and volunteer positions in the organization. These
documents are developed by supervisory personnel, reviewed by outside legal counsel, and updated
on an as needed basis."
Employee Orientation
Describe here the process used by NONPROFIT to orient new staff/volunteers. Example:
5
"The Director of Human Resources at NONPROFIT is responsible for conducting a [two-hour]
orientation session for all new employees [and volunteers] on the first day of employment. During
this session key provisions of the Employee Handbook are discussed, the employee is asked to
provide any additional information necessary for benefits enrollment, and the employee is
encouraged to ask questions about any aspect of employment policy or operations. Employees are
also introduced to other staff and provided with an overview of equipment and systems they will be
required to use.
or
"Each supervisor at NONPROFIT is responsible for designing and conducting an appropriate
orientation session for their new hires. The orientation must take place within the first week of
employment. A typical orientation includes review of key policies, introduction to software programs
and hardware programs that will be used by the employee, introduction to other staff and key
volunteers, and a review of the supervisor's expectations and reporting requirements."
Staff Supervision
NONPROFIT views effective staff supervision as an essential component of risk management.
Supervisory staff are expected to communicate their expectations of direct reports clearly and
consistently and hold employees accountable with regard to key tasks and responsibility and
compliance with the organization's employment policies. All employees are encouraged to raise
concerns or questions about work priorities and assignments with their direct supervisor.
Performance Appraisal Process
Describe your existing strategy or policy concerning Performance Appraisals. Don't forget to include
the process for board review of the compensation and performance of the CEO. For example:
NONPROFIT requires annual reviews for all employees. Supervisors are responsible for scheduling
review meetings and completing the Performance Review form. A goal-setting exercise is part of this
process.
Programs and Services
Counseling and Support Services
To do: With staff who are responsible for this area, note the specific primary risks and risk
management strategies NONPROFIT has/will adopt to address the identified risks arising from the
Counseling and Support Services function.
Emergency Services
To do: With staff who are responsible for this area, note the specific primary risks and risk
management strategies NONPROFIT e has/will adopt to address the identified risks arising from the
Emergency Services activities of the organization.
Hotline.
To do: With staff who are responsible for this area, note the specific primary risks and risk
management strategies NONPROFIT has/will adopt to address the identified risks arising from
Hotline.
Housing Services
To do: With staff who are responsible for this area, note the specific primary risks and risk
management strategies NONPROFIT has/will adopt to address the identified risks arising from the
Housing program(s).
6
Education and Training
To do: With staff who are responsible for this area, note the specific primary risks and risk
management strategies NONPROFIT has/will adopt to address the identified risks arising from the
Education and Training programs of NONPROFIT.
Client Safety
INSERT HERE client safety policies and procedures, and identify who is accountable to ensure they
are followed.
If there are policies or practices that NONPROFIT plans to implement in the future, or aspirationally
wants to incorporate in the future, identify those and also who will be responsible for their
development/implementation and the timeframe for doing so.
Staff Code of Conduct Insert here an existing Code of Conduct for Staff/Volunteers, if you have one,
or develop one for this portion of the Risk Management Plan:
Example:
- I understand that my active participation in [Name of Organization]'s program is important to the
success of my involvement and the organization's efforts. Therefore I agree to abide by the following
rules for my participation.
- I understand that my consistent participation is important and I will honor my time and service
commitment.
- I will respect the rights, dignity and worth of all people involved within the program. I will be a
positive role model for the clients with which I have contact.
- I understand that the relationship between the clients and me is important and I will not include
other people in our activities, including members of the client's or my family.
- I understand that my role as a volunteer (or employee) is a matter of trust and will not pursue any
activities with the client(s) outside the confines of the organization's program.
- I understand that I may learn personal information about others that I will keep confidential.
- I will not engage in activities that pose a serious risk of injury to myself and others, including but not
limited to, use of alcohol or drugs (illegal or that impair my ability to perform my duties), or smoking
in the presence of clients.
- I will refrain from any form of personal abuse towards others, including verbal, physical and
emotional abuse.
- I will not engage in any inappropriate contact or relationship with a client or other participant of the
organization's programs.
- I will be alert to any form of abuse from other sources directed toward clients.
- I will not arrange nor participate in any overnight activities (or other prohibited activities) without
express permission from the organization.
- I will inform the client's family of any activity plans and obtain their approval as needed.
- I will not buy gifts nor give money to any client. Whenever in doubt of the appropriateness of a
modest gift I will check with the organization.
- I will maintain regular contact with my supervisor by responding promptly to any calls, letters, or
other means of communication. I also understand that the organization may request a meeting to
discuss my participation and I will respond promptly.
- I understand that if a problem arises between the client and/or the client's family or caregiver, I will
contact the organization immediately.
- I understand the importance of ending my involvement with the organization properly therefore - I
will participate in the organization's exit or termination procedures.
- I agree to follow all established rules and guidelines of the organization
- I have read and agree to abide by the [Name of organization]'s Code of Conduct. I understand that if
7
I violate this Code of Conduct I will subject to a range of consequences, up to and including being
prohibited from participating in any activities or programs of the organization.
Client Code of Conduct
Review the following sample Client Code of Conduct. If your nonprofit does not have a similar policy
in place, consider editing this policy to suit your needs.
- I understand as a participant in the [Organization Name]'s program that I am responsible for my
behavior.
- I will act in ways that bring respect to me, my family and friends and other participants within the
program.
- I will not use bad language, swear, insult or fight with other people. I will refrain from any form of
personal abuse towards others, including verbal, physical and emotional abuse.
- I will not engage in any inappropriate contact or relationship with any other participant in the
organization's programs.
- I will participate actively in the program.
- I will try new activities and learn new skills to the best of my ability.
- I will not ask to include my friends, brothers, sisters, or other family members in program activities
unless they are so invited.
- I will inform my family or caregivers of my program activities. I will not keep secrets about my
relationship or activities within the program.
- I will be on time and dressed appropriately for all program activities.
- I will let the organization know if my plans change and I am unable to keep an appointment or
participate in an activity.
- I will not expect the staff to buy me gifts, give me money or take me on expensive outings.
- I will ask any staff or other participants if I may call him or her at home. If he/she agrees, I will be
reasonable and responsible about the time of day and how often I call.
- I will keep contact with the organization' staff by responding to phone calls, letters and other means
of communicating promptly.
If a problem develops, I will immediately talk to my family or caregiver and/or a representative from
the organization about it.
If a problem develops within my family or other circumstances occur that affects my participation in
the program, I will contact the organization.
- I agree to follow all established rules and guidelines of the organization
- I have read and agree to abide by the [Name of organization]'s Code of Conduct. I understand that if
I violate this Code of Conduct I will subject to a range of consequences, up to and including being
prohibited from participating in any activities or programs of the organization.
Signature _______________________________Date ____
Interpersonal Relationships
Insert applicable policies about appropriate boundaries here:
Example:
Name of Organization] serves people vulnerable to additional abuse, mistreatment and exploitation.
To protect all, we limit contact between our clients and staff (employees and volunteers) to approved
activities. Staff should not meet with a client outside the parameters of our organization. Specific
limitations are detailed below:
Staff is prohibited from "baby-sitting" for our clients, the clients' families or other participants within
the program.
Staff cannot meet with a client and/or the client's family other than during scheduled program
8
activities.
Staff cannot include anyone other than an authorized employee or volunteer in any program
activities involving our clients. Clients cannot include members of their families or friends in any
program activities unless specifically permitted.
No overnight visits or activities are permitted without the approval of the organization.
No gifts of a value greater than [insert dollar amount] should be exchanged between staff and
clients.
No money should be given to a client and expenditures for program activities should be limited to
[dollar amount].
Position Descriptions
NONPROFIT has developed job descriptions for all positions in the organization.
Applications
NONPROFIT uses an application form for paid and volunteer positions.
Insert here applicable policies on interviewing, hiring, reference checking and selecting the most
appropriate staff members (and volunteers) for open positions.
Criminal History Background Checks
Insert here applicable policies on background check.
Examples:
" NONPROFIT conducts criminal history background checks on all applicants for positions that will
have close contact with vulnerable clients."
or
"It is the policy of our organization to conduct criminal history background checks on all applicants
for paid and volunteer positions. The results of these checks are reviewed against the organization's
eligibility criteria to determine whether any applicants must be excluded due to the results of the
background check."
Emergency Procedures
Insert here a statement about applicable Emergency Procedures such as:
"To ensure the safety of our clients, and staff, NONPROFIT has established an emergency action
plan. The emergency action plan is a way for the agency to prepare and plan for various
emergencies. All personnel are responsible for knowing and following the plan. Each facility must
schedule and hold emergency drills to test the plan and ensure its readiness in the event of an
emergency."
Insert here applicable policies about facility security -- include playground security if applicable, and
policies relating to confidentiality of facility locations. This would also be the place to describe
aspirational future policies/action steps to enhance security policies, such as changes to building
access controls.
Insert here any applicable policies about how clients/service recipients are expected to conduct
themselves, and the consequences (termination of services?) for a client's failure to follow
policy/guidelines for their conduct.
Training and Supervision
9
Insert here a description of any applicable policy with regard to providing training and supervision of
staff in order to protect the safety of the clients served by NONPROFIT.
Financial Management
Financial Responsibilities and Objectives
It is the responsibility of the Board of Directors to formulate financial policies and review the
operations and activities of NONPROFIT on a periodic basis. The Board delegates this oversight
responsibility to the Finance Committee, of which the Treasurer is the Chair. The CEO of the
organization acts as the primary fiscal agent, with responsibility for implementing all financial
management policies and procedures on a day to day basis. The CEO may delegate to qualified
professional staff responsibility for managing various aspects of financial management.
The financial management objectives of NONPROFIT are to:
• preserve and protect financial assets needed for mission critical activities;
• exercise appropriate care in the handling of incoming funds and disbursement of outgoing
funds;
• strive for transparency and accountability in fiscal operations.
Budgeting Process
The CEO, CFO and Treasurer (Finance Committee Chair) shall be responsible for developing and
presenting to the Finance Committee a proposed budget for the upcoming fiscal year no less than
60 days prior to the beginning of the new fiscal year. The Finance Committee shall review and
approve the budget and present it to the board no less than 30 days prior to the beginning of the
new fiscal year. The budget shall contain detailed projections for revenues and expenditures as well
as cash flows.
Financial Statements
Insert here language about the periodic review of financial statements such as: The financial
committee of the board will review financial statements on a monthly basis and the full board will
review the financial statements quarterly. The financial statements will show e a comparison of
budget to actual revenue and expenses and also a list of grants or funding that is anticipated but not
yet received.
Internal Controls Insert here a description of the internal control policies for NONPROFIT. Example:
[Name of Organization] has adopted a number of internal control measures as part of an overall
effort to safeguard financial assets. These controls include:
A policy requiring that all incoming checks are immediately stamped with a restrictive endorsement
indicating "for deposit only"
A detailed log of all incoming checks and cash is maintained and reconciled with deposit slips and
monthly bank statements
All cash and checks are deposited the same business day if possible, and no later than the next
business day
In addition, and to the extent possible given its size and circumstances, the organization strives to to
segregate the following duties so that a single staff member isn't required to perform two or more of
the following incompatible functions:
Authorizing the purchase of goods and services;
Preparing a purchase order to purchase goods;
Receiving goods or validating the performance of services;
10
Approving the payment of accounts payable for goods and services received;
Recording the liability for accounts payable;
Preparing and signing checks to pay the respective accounts payable;
Forwarding payments to the payee.
Audit
It is the policy of NONPROFIT to engage the services of a reputable, independent CPA firm to conduct
an annual audit of the organization's financial statements. The audit is required to be completed
within six months of the end of each fiscal year. The audit firm is selected by and reports to the
organization's Audit Committee. A representative of the audit firm is requested to make an annual
presentation to the Board of Directors as part of the report by the Audit Committee.
Investment Policy
Insert here any applicable investment policy language
Add any additional Financial Management Policies
Facility Risks
Facility Needs
NONPROFIT seeks to utilize its resources and assets fully in achieving its mission. The prudent use of
facilities and resources is required to protect the safety and well-being of all personnel—including
staff, volunteers and service recipients—while safeguarding the organization's financial assets.
Facility Design
NONPROFIT is committed to providing a safe environment for its clients and staff through the
appropriate use of its premises whether owned, leased or borrowed. The organization strives to
construct or modify each property to most efficiently and effectively provide services to our clients
while meeting all required codes and regulations.
Inspections Insert here as appropriate:
(i) To maintain the quality of its facilities, NONPROFIT has adopted an inspections schedule and will
respond quickly to any deficiencies identified during the inspections.
or
(ii) To ensure the safety of our operations, NONPROFIT inspects its facilities on a regular basis to
ensure compliance with regulations, accreditation standards, and our own principles.
Preventive Maintenance
Insert here as appropriate:
(i) To protect its property, personnel and clients from harm, NONPROFIT will take steps to ensure that
the organization complies with manufacturer's recommended guidelines for maintenance and repair
of equipment and premises, building codes and safety regulations of all jurisdictions applicable to
our facility; and maintains a log of service, repair and replacement.
or
(ii) In order to avert accidents, injuries and property damage and be in position to establish that the
organization has fulfilled its duty of care, NONPROFIT will maintain a maintenance schedule,
checklists, service logs and repair follow-up sheets for each piece of equipment and for key areas on
our premises (e.g., stairways, roofs and floors).
Use the space provided to identify the person or position responsible for monitoring compliance with
your preventive maintenance policy and updating the policy as needed. We suggest you word your
11
statement as follows:
"The Chief Financial Officer of [Organization Name] is responsible for monitoring compliance with the
preventive maintenance policy and overseeing its review and updating on a regular basis."
Facility Rental/Lease Policy
NONPROFIT does not rent/lease its facilities to outside groups.
Policy Concerning Invitees
As a facility owner, NONPROFIT is committed to providing outside users of its premises with a safe
environment. This commitment includes, but is not limited to meeting building code requirements,
making timely repairs, and providing and maintaining appropriate security.
Insert here a statement that addresses NONPROFIT 's use of facilities OWNED by others -- whether
for its own programs, or for special events. Two separate statements may be appropriate. Some
examples follow:
Using Others' Facilities Policy
[Organization Name] will lease space to provide its services at the best market rate available in the
neighborhood near to where our service recipients live and near to public transportation. When
drafting or signing a lease agreement, we will consider:
Maintenance and upkeep—who is responsible for general upkeep: trash pickup, repairing broken
steps, and clearing snow or ice
Mutual indemnification—a contract clause that assures that each party only assumes legal
responsibility for those areas or activities under its control
Instructions on the use of property and facilities—detailed directions on how special features operate
(e.g. alarm system, fire escape, window air conditioner) and what to do if problems occur
Limits on accessible areas—if the organization is only using a part of the premises, or if certain areas
are off limits (e.g. roof, basement, parking lot/garage, outbuildings)
Potential hazards—specific warnings about dangerous or hazardous conditions on the premises
Delegation or supervision—when the landlord/owner chooses to provide staff to assist with
supervision (e.g. lifeguards at a swimming pool)
Alcohol consumption—when alcohol is consumed as part of an event (fund-raiser, holiday party), the
organization will determine if it is necessary to obtain a temporary liquor license and whether its
current insurance is sufficient to cover the event
The organization will spell out its requirements and negotiate the most favorable agreement
possible. The organization will seek legal review prior to entering into a lease, whether the
arrangement is for a long-term or short-term occupancy.
Using Others' Facilities Policy
[Organization Name] will only use others' facilities for special events, or in an emergency up to and
until its facilities are inhabitable once again. The organization will be certain to:
have a written agreement signed by representatives of all parties that spells out the organization's
requirements, expectations and responsibilities with regard to the space; this may be a mutual aid
agreement in the event of an emergency situation.
fulfill its obligations as spelled out in the agreement and leave the site as tidy as it was found.
supervise its employees, volunteers and service recipients when they use the facility.
refrain from serving alcoholic beverages in facilities being used in the name of the organization.
obtain and review appropriate insurance coverage to cover injury, illness and property damage.