Section 11: Risk Management and Insurance

Every organization has a responsibility to analyze and respond to any known risks. This is a key board role as they fulfil their duty of care to the organization. The first step is to identify areas of risk. Here is a sample work sheet to get you started.

Once you identify risks you will need to decide what to do to reduce or mitigate the risk to your organization. Some of the mitigation measures may include written policies to guide you as you navigate risk. Other measures might include training staff, yourself included, on how to respond in situations that contain risk.


The majority of your CIL budget is spent on staff. This is where you invest the most money, year after year. Here are some questions to ask regarding risks related to staff:

  • Are your employees serving “at will”? (This varies state to state.) What are your policies addressing this?
  • Can a CIL be sued for discrimination because of disability or any other protected class? (The answer is yes!) What are your policies and procedures for addressing these areas?
  • Are you following your policies and procedures consistently? No exceptions?
  • Do staff enter into individuals’ homes alone or know how to address situations they may feel are unsafe?
  • Do staff know how to report work-related injuries?
  • Do your policies address harassment in the workplace? What constitutes harassment? What will happen if someone is found to be harassing another? What should your training include?

Next, identify things you can do to reduce the risks. For example, regarding work-related injuries, some insurance companies recommend immediate drug testing after an accident to determine if the person was under the influence. This is a mitigating measure, or a measure that reduces your risk. What policies, procedures, and training do you have in place for staff and managers related to the risks you’ve identified? Are there new things you need to put in place to reduce risks?

Don’t forget the important final piece – what do you plan to put into place to monitor that your risk management plan is adhered to going forward?

Preventing Waste and Fraud

From time to time you hear about theft within nonprofit organizations. Usually, the organization did not have sufficient internal controls to prevent or catch the situation, and sometimes the thief gets by with it for years. Here are eight practices that will discourage theft, or will catch the thief in the act.

  1. Check references and/or require bonding for personnel who have responsibility for the funds of your organization. You don’t want to hire someone with a history of theft.
  2. Require actual receipts be attached to any credit card bill. The bill itself doesn’t include enough detail for you to assure that all the costs were legitimate.
  3. Take inventory of purchases, so when someone runs to the grocery store or office store, they bring the items in and someone else checks them against the receipt so that no one is siphoning off items for their personal use. When a package of items is received at the office, two people check off the items and store them for later use.
  4. Reconcile the bank statements by actually viewing the checks or images of the checks and comparing them to the check register in the accounting software. Someone other than the accountant should do this—preferably the executive director or the chair of the finance committee, depending on the size of your organization. This prevents changing the payee, shows gaps in the numbering of checks so you can find the missing ones, and reveals any checks that have been signed fraudulently.
  5. Assure that the person who prepares the checks is not allowed to sign the checks, and no payee should be able to sign their own check.
  6. The person who prepares the checks should put the entire packet together for the signer to review, including all costs covered by the check, the detailed receipt(s) and the allocation of the costs to the proper grant or cost objective. Include an envelope for mailing the check. Then the check should be mailed by someone other than the person who prepared them. Again, this assures that the payee isn’t changed.
  7. Purchase Directors and Officers insurance and listen to what the insurer has to say about good practices.
  8. Conduct an audit—a single audit if your Center spent $750,000 or more in federal funds in the year, and a financial statement audit otherwise.

Take a look at your policies and practices. The board members and management staff are stewards of public funds, and you need to preserve the public trust as well as your organization’s future. Make sure you are doing what you can to prevent the misuse of your assets and preserve your organization.


Insurance coverage is an important piece of the risk management process.

  • Do you have liability insurance? What is covered? What are your limits and deductibles?
  • Are those who handle funds bonded?
  • Do you have Directors and Officers Insurance to address board oversight?

Educate yourself on the options and make sure your risk management addresses the foreseeable issues.

Resources for a Deeper Dive