Good Governance Is Sound Risk Management

By Jennifer Chandler Hauge

"Governance has been top-of-mind at the Nonprofit Risk Management Center of late. In Washington, DC, we’ve watched the governing board of “our nation’s museum,” the Smithsonian, re-organize its board, hold the CEO more accountable, and re-think the museum’s business strategies. This instance is one in a long line of headline-grabbing missteps by nonprofit boards that have stirred Congress to action.

Recently, the IRS has proposed new questions for the revised IRS Form 990 that specifically focus on governance issues, such as size and independence of the board, whether the organization has adopted policies that comply with Sarbanes Oxley, and whether board members participate in review of annual financial reports. Earlier this year, the IRS issued a discussion draft Good Governance Practices for 501(c)(3) Organizations.

Urban Institute Study Reveals Good Governance Not So Good

Results from a new national study on nonprofit governance provide a wake-up call. They reveal that significant numbers of nonprofit boards are simply not demonstrating good governance practices. The study of over 5,000 nonprofits tells us that:

  • Only 52 percent reported that their boards were “very actively engaged” in setting organizational policy or financial oversight;
  • Only slightly more, 54 percent, reported that their boards were actively engaged in reviewing the CEO/executive director’s performance;
  • Only 50 percent of the respondents reported having a written conflict of interest policy — the figure drops to 30 percent for organizations with less than $100,000 in annual revenues.
  • A large 75 percent do not require board members to disclose their own financial interests in entities doing business with the nonprofit, which could mean that those organizations are unaware of existing conflicts of interest.
  • Only 50 percent of the responding organizations reported having a written policy to protect whistleblowers.

Source: The Urban Institute, Nonprofit Governance in the United States: Findings on Performance and Accountability from the First National Representative Study (Ostrower, 2007)

Re-thinking how nonprofits govern themselves is not just a phenomenon in the nation’s capitol. Across the country, state associations of nonprofits are encouraging their members to voluntarily adopt “best practice” principles. In many museums, community foundations, voluntary health organizations, land trusts and international humanitarian organizations best practice standards are being promoted, either through voluntary adoption, or formal accreditation procedures — complete with peer review and, in some cases, sanctions for failure to demonstrate compliance with the standards.

The majority of nonprofits do not participate in formal accreditation programs or in voluntary self-regulation standards, leaving the definition of good governance to the determination of individual boards of directors. Boards generally want to do the right thing, but there is a growing concern that nonprofit boards are not engaged enough, and may not have the tools they need to implement the good governance practices that should guide their organizations.

That is why at the Nonprofit Risk Management Center, the focus this year is on helping nonprofits define good governance and identify best practices that are sound risk management strategies for their organizations.

Governance Assessment

So what does the Nonprofit Risk Management Center look for when we conduct an assessment of an organization’s governance practices? Here is an outline.

How much information flows to the board?

Too much? Not enough? An informed board is an engaged board, and an engaged board is more likely to support the organization financially and share its expertise with the organization.

An informed board is better armed to ask questions that can protect an organization from being derailed. Too often boards are left in the dark when an organization is faltering financially, which is exactly when the board needs to kick into high gear.

Some of the most notorious criticism of nonprofits’ conduct recently has arisen from the exposure of financial deals that enriched either a board member or a staff member, generally without the knowledge or consent of the majority of the board. Keeping the board informed of financial transactions with insiders is a basic risk management step that can protect an organization time and again.

Conflicts of Interest and Related-Party Transactions

Sample Policy

The potential for a conflict of interest arises in situations in which a person is responsible for promoting one interest at the same time he or she is involved in a competing interest, whether financial or otherwise. If this person exercises the competing interest over the fiduciary interest, he or she has engaged in a conflict of interest transaction. Conflicts of interest should always be avoided, but if they exist, they should be disclosed to the board of directors as follows:

I. Conflicts of Interest

  • All trustees, officers, agents, and employees of this organization shall disclose all real or apparent conflict of interest that they discover or that have been brought to their attention in connection with this organization’s activities. “Disclosure” means disclosing at a board meeting or in writing to the Chair of the Board or President the facts composing the real or apparent conflict of interest.
  • An annual disclosure statement shall be circulated to trustees, officers, and certain employees and outside vendors to assist them in identifying and disclosing conflicts of interest, but if a conflict develops, it should be disclosed at that time.
  • The written disclosure statements will be filed with the Chief Executive Officer or such other person designated by the Chief Executive Officer to receive such notifications.
  • As needed, disclosures of real or apparent conflicts of interest shall be identified for the board at a board meeting and noted in the minutes.

An individual trustee, officer, agent, or employee who believes that he or she or an immediate member of his or her immediate family might have a real or apparent conflict of interest, in addition to filing a notice of disclosure, must abstain from:

  • participating in discussions or deliberations with respect to the subject of the conflict (other than to present factual information or to answer questions),
  • using his or her personal influence to affect deliberations,
  • making motions,
  • voting,
  • executing agreements, or
  • taking similar actions on behalf of the organizations where the conflict of interest might pertain by law, agreement, or otherwise.

At the discretion of the board or a committee thereof, a person with a real or apparent conflict of interest may be excused from all or any portion of discussion or deliberations with respect to the subject of the conflict.

A member of the board or a committee thereof, who, having disclosed a conflict of interest, nevertheless shall be counted in determining the existence of a quorum at any meeting in which the subject of the conflict is discussed. The minutes of the meeting shall reflect the individual’s disclosure, the vote thereon, and the individual’s abstention from participation and voting.

The Chief Executive Officer shall ensure that all trustees, officers, agents, employees, and independent contractors of the organization are made aware of the organization’s policy with respect to conflicts of interest.

II. Related Party Transactions

Related-party transactions occur between two or more parties with interlinking relationships. As with conflicts of interest, these transactions should be disclosed to the governing board and evaluated to ensure the transaction is based on a sound economic basis that is in the best interest of the organization. The organization should pursue any related-party transactions that are clearly advantageous to the organization, but should avoid those that present conflicts of interest.

The organization shall undertake transactions with related parties only in the following situations:

  • The audited financial statements of the organization fully disclose material related-party transactions.
  • Related parties are excluded from the discussion and approval of related-party transactions.
  • There are competitive bids or comparable valuations.
  • The organization’s board approves the transaction as one that is in the best interest of the organization.

Example 1: An organization purchases insurance coverage through a firm owned by a board member. This would constitute a conflict of interest unless the cost of the insurance is disclosed, the purchase is subject to proper approvals, the price is below the competition’s, and the purchase is in the best interests of the organization. The board member in question should not be present at the meeting when the decision is made. If the purchase passes these tests, it does not constitute a conflict of interest but qualifies as a related-party transaction.

Example 2: The CEO and several employees are members of the board. When the resolution on salary and fringe-benefit adjustments comes to the board, should those affected by the resolution discuss and vote on the matter? No. The CEO and employees not only should avoid discussing and voting on such matters, they also should absent themselves from the meeting to avoid even the appearance of a conflict of interest.

Source: Adapted from policies developed by the Evangelical Council of Financial Accountability.

Is the board governing itself effectively?

Size can impact an organization’s effectiveness. When a board is too large, decision making is unwieldy so there is a tendency for decision making to be delegated to a smaller group, which often disenfranchises the other board members. When a board is too small, the board may not bring enough resources of time, talent and treasure to the organization.

Similarly there may be too many committees for effective governance. Board committees may be duplicating staff’s work — or — staff may be doing all the work and board committees not used effectively.

Board meetings may be too long or held at inconvenient times, resulting in low attendance at board meetings.

The organization may be facing a void in future board leadership with no focus on succession planning or attracting new board members.

Are appropriate financial controls in place?

Some of the biggest exposures in the nonprofit sector arise from a fraud that is practiced over a number of years by a trusted employee. Boards ask, “What went wrong? Were we asleep at the wheel?”

"More often than not fraud results from a board’s trusting, but not insisting on, procedural checks and balances being in place. Nevertheless, good governance is more than protecting an organization’s assets by patrolling for fraud. Investment policies, spending policies, policies requiring the documentation of transactions with related parties, and a disciplined budget review process are all important financial management practices that are reviewed during an audit of governance practices.

Board oversight of financial management policies is essential to discharging the board’s legal duty of care. A board that pays little attention to the financial health of the nonprofit (or places all of its trust in the finance committee or the CFO) cannot fulfill its fiduciary duty.

Is the organization vulnerable to employment practices claims?

Hiring and evaluating the performance of the chief staff leader of the organization is one of the most critical governance obligations of the board. In turn, the CEO/executive director has the responsibility of managing the paid and volunteer staff members that are the engine of the nonprofit.

In a governance review, the personnel practices are examined to identify whether the organization is consistently practicing what its policies preach and whether or not the board is following procedures that provide for effective communication and evaluation of the CEO/executive director.

Since serious IRS penalties can result from excessive or undocumented compensation to certain insiders, we review procedures for approving compensation and benefits for staff, and approving contracts for independent contractors and vendors.

Are board and staff sensitive to conflicts of interest?

Conflicts can be avoided most easily when the organization has a stated conflict of interest policy and annually canvasses the members of the board of directors and key administrative personnel to document potential conflicts. Awareness of the policy, of the obligation to disclose a conflict, and of the procedures that should be followed to manage each conflict are all critical risk management steps.

While most policies focus on conflicts of interest in financial terms, any duality of interest, whether arising from a personal or professional relationship, including board members who serve on the boards of other nonprofits, can jeopardize a nonprofit’s position among stakeholders.

Many board members are not aware of conflicting transactions with related parties because they are not disclosed or reported to the IRS, as required. Good governance includes not only having a policy to address conflicts, but also defining the types of conflicts that board members are expected to disclose.

Is the mission being fulfilled?

Board oversight is key to mission fulfillment. Board review can be invaluable to the staff—helping them view things in a new light and take a different perspective on key indicators and environmental shifts that will impact the organization and its programs for years. Board oversight can only be effective if all the organization’s systems are running smoothly and strong governance practices are in place.

Policies that protect your organization

One of the most important governance policies, arguably THE most important, is a conflict of interest policy. Conflicts of interest and related-party transactions are similar; however, there are distinctions that need to be recognized. The sample policy (page 5) defines conflict of interest broadly and also defines and requires the disclosure, documentation and reporting of related party transactions.

Where to Go From Here?

Effective governance requires accountability built on written policies, established procedures, education and adherence. Organization culture, history, size, resources and the personalities of the people around the board table all come into play in determining the ideal ingredients for effective governance.

The Nonprofit Risk Management Center advises each nonprofit to start somewhere and do what it can, when it can, but keep on keeping on. Divide and conquer. Take baby steps. Delegate. But bite off no more than what you can swallow. No matter which approach works for your board, start where the need is greatest to establish, shore up or polish your nonprofit board’s good governance.