Building a new not-for-profit organization: How to approach risk management

About this article

Text Size: A A

This is the fourth in a series of articles focusing on key steps in building a solid not-for-profit organization. As referenced in the first three articles, we have relied on the excellent information offered in the Government of Canada’s Primer for Directors of not-for-profit corporations (Rights, Duties and Practices) for the content of these articles. Chapter Six deals with risk protection.

This article focuses on risk management practices for new not-for-profit organizations.

What risks can new not-for-profit organizations face?

There are many definitions of risk: a risk is a predictable event that could lead to the possibility of incurring loss or misfortune. Risks all organizations can predict include:

  1. Risk of fire, flooding
  2. Risk of being robbed, employee theft
  3. Risk of making a mistake, missing a deadline, divulging private information.

What can you do to manage risk for your new organization?

There are hundreds of risks that your new organization can anticipate. Suggestions are available on this website on how to develop a risk management plan and risk management for not-for-profit organizations. A first step in developing a risk management strategy and plan is to identify and list every possible risk your organization might face.

With this list, you could then write steps your organization can take to prevent each risk on your list. When you have done that, add yet another column to list steps you could/should take to mitigate the impact of each risk. By writing it down, you and your board can know in advance how to protect you organization from each risk. A key risk management tool that is common to all businesses is insurance; in the not-for-profit organization an important insurance tool is Directors and Officers Liability Insurance.

In each article in this series, we refer to the Government of Canada’s online publication entitled Primer for Directors of not-for-profit corporations (Rights, Duties and Practices). Chapter three on liability of directors is a must-read; click here to access it. It sets out potential risk situations involving directors, such as if:

  • Directors enter a contract without authority.
  • Directors are negligent in carrying out their duties and obligations (e.g. permit an unsafe circumstance to exist; accept remuneration for their services).
  • Directors do not fulfil their statutory duties. They allow activities that are in contravention of your bylaws. If you are running a charitable organization, you will find this section of particular value.

Example: Under the Income Tax Act (Canada), directors of not-for-profit corporations have a duty to provide various governmental filings and to remit source deductions of income tax to the Canada Customs and Revenue Agency. To avoid liability, directors must be able to show that they took positive action to see that the corporation complied with the requirements of the Act. If directors can show that they exercised the degree of care, diligence and skill that a reasonably prudent person would have in the same circumstances, they will not be personally liable for the corporation's failure to comply with the Act.

The chapter also provides excellent questions for you to ask yourself, and a comprehensive liability checklist (reprinted below).

Sample questions for prospective or current directors to ask the organization:

  1. When I am unable to attend a board meeting, do I read the minutes of the meeting and voice any concerns I may have?
  2. Do I voice my opposition to matters that I disagree with and make sure that my objections are recorded in the minutes of the meeting?
  3. Have I read and understood the corporation's constitution or letters patent and bylaws?
  4. Do I understand all of the corporation's legal obligations?
  5. If I am a director of a charitable corporation, do I understand the special legal liabilities that both I and the corporation face?

Liability checklist

Subject To be conducted by How often Comments
1. Awareness of liability arising from acting beyond the corporation's authority Director, in consultation with board colleagues and/or executive director Annually Does the director know the scope of the corporation's mandate, as defined by its corporate documents, and that the corporation is required to restrict its activities to that mandate?
2. Awareness of contractual liability Director, in consultation with board colleagues and/or executive director Annually Do corporate documents provide for authority to sign contracts? Does the director know in what specific ways personal liability may arise?
3. Awareness of liability in tort Director, in consultation with board colleagues and/or executive director Annually Does the director know in what specific ways personal liability may arise for claims of injurious conduct? Does he or she know that negligent mismanagement can result in claims?
4. Awareness of liability arising from common law duties Director, in consultation with board colleagues and/or executive director Annually Does the director know that he or she is liable to the corporation for losses suffered as a result of failure to meet his or her "fiduciary duties"? Does the director understand the scope of these fiduciary duties?
5. Awareness of liability arising from statute Director, in consultation with board colleagues and/or executive director Annually Does the director know that, under certain statutes, personal liability of directors may arise?
6. Statutory liability relating to incorporating legislation (including filings), wages, taxes - income, goods and services, sales, source deductions, employment, environmental protection Director, in consultation with board colleagues and/or executive director Annually Does the director know and understand the requirements stemming from each of these issues, and the obligation on directors to ensure that these requirements are met?
7. Assessment of statutory liability arising from the specific mandate or activities of the corporation Full board Every two years, or more frequently if the regulatory environment is changing rapidly Has a review been prepared, either internally or though seeking external legal advice, identifying regulatory requirements that the corporation is required to meet?

(Source: Primer for Directors of not-for-profit corporations)

Remember what is at risk

It is important to understand the severity of how your new organization can be impacted. For example:

  • The damages resulting from abuse claims can render a corporation bankrupt, insolvent or so impoverished that, for all practical purposes, it ceases to be able to function; and,
  • where the abuse was partly attributable to corporation policy or occurred where there was direct involvement of directors, they could be personally liable.

Summary of risk management actions

It is important that your board recognize that they can be sued or otherwise held to account for a detrimental occurrence arising from their actions or inactions. Risk assessment is a key part of any director's job. Here is a summary of what should be done:

  1. Make a list of every risk imaginable that could impact your organization.
  2. Write what can be done to prevent each risk.
  3. Write what can be done to manage the impact to the organization once the risk has occurred.
  4. Develop a Crisis Management Plan where you write who will do what when you are faced with a crisis.

And, as with all plans and documents, regularly review them and make updates and changes to keep them current. Also, make them easily available to those involved with running your organization.

Paulette is President of Solution Studio Inc., a consulting practice that serves the not-for-profit association community. Paulette co-authored two manuscripts on risk management & not-for-profit organizations and regularly conducts risk management, strategic planning and board development workshops. She can be reached at 1-877-787-7714 or

Go To Top