By Eric Henkel
By nature, people like to compare things. Being able to see how things match up gives us a method of perceiving value and worth. For individuals, look no further than our use of social media. It fuels this type of comparison by showing us how many likes or followers someone has. For better or worse, we try to gain some personal insight by seeing how we compare to others we know.
Many people turn to charity watchdog groups for information with which to compare nonprofits; national organizations with chapters and field offices often establish standards to which their affiliates must adhere. Educational organizations establish aspirational accreditation standards; nonprofits seeking accreditation view the process as a way to signal stakeholders that they meet certain standards and compare favorably to peer organizations. But how do nonprofit leaders assess the value of their risk management programs? What about risk management benchmarking?
There’s a danger in putting too much emphasis on comparisons. In a Forbes opinion piece on leadership, Lisa Quast encourages individuals to stop comparing themselves to others. In support, the article raises two salient points that are relevant to organizations becoming too focused on comparisons as well.
- “Comparing yourself to others’ accomplishments is a losing battle.” It would be an easy task to find a nonprofit that has more resources to devote to risk management and then question your own organization’s ability to measure up. However, this approach to risk management benchmarking focuses on what you haven’t done (or aren’t able to do) as opposed to what you have achieved and how much potential you have.
- “You are special, and not an exact replica of anyone else.” Nonprofits differ in many ways–services provided, sources of revenue, and clientele served, are just a few. It can be challenging to find a match for your organization that serves as a means for comparison. It is also challenging to adopt others’ best practices in a blanket fashion that is easily adopted by your organization. At NRMC, the mantra ‘one size fits one’ is repeated often to clients seeking a solution for risk management benchmarking.
When it comes to risk management, we regularly encounter nonprofit leaders who want to know how their organization stacks up against others. They may be looking for a silver bullet solution to a risk management issue that they have encountered. Or they may be asking to assuage a concern that they are lagging behind their peers. Whatever the reason, they are following that natural urge to compare. However, one of the main challenges from a risk management perspective is that there aren’t industry-wide standards that can be universally applied in the nonprofit sector. Although organizations like COSO or the Enterprise Risk Management Initiative address broad scale risk management topics, they typically focus primarily on the for-profit sector. If nonprofits are included, it is typically as a subset of information rather than the sole focus of risk management benchmarking surveys or industry standards.
So what can you do to move your risk management efforts forward? Here are a few suggestions for effective risk management benchmarking:
- Know Thyself – The most important thing to do is to focus internally on your efforts to improve risk management practices and the effects that risk management has on your operation. First, identify performance goals related to risk management. Next, establish the relevant metrics for performance and ensure that they are communicated to and agreed upon by key stakeholders. Then you can collect data to establish performance levels and internal benchmarks. This will allow you to identify historic trends in your organization, benchmark progress and see success. Additionally, this allows you to identify successful practices in individual functions and to share those as best practices within the organization.
- Look for resources – There are many resources available to help with the internal benchmarking process. For example, NRMC provides My Risk Management Plan as a way to help your team work together to create a comprehensive, custom risk management plan. This resource helps to identify your risk management efforts and to identify ways to improve your risk management capacity. In addition, the surveys and reports produced by organizations focused on risk management can help inform your internal focus, even if they aren’t outlining standards for the nonprofit sector. For example, the AICPA and the Enterprise Risk Management Initiative recently released the latest version of The State of Risk Oversight. Even though the study does focus broadly on for-profits and nonprofits, it gives some insight into particular topics and elements that you should consider in building your risk management capacity and establishing performance benchmarks. Finally, encourage the people responsible for different functions in your organization to seek out resources specific to their area. One example is the latest M+R Benchmarks Study, focused on digital marketing, advocacy and development for nonprofits.
- Help increase the resource pool – In addition to being a consumer of information, look for ways to help produce it as well, particularly where the focus is on nonprofits. One way is to use the NRMC’s Risk Benchmarking web application to expand the knowledge base about what nonprofits are doing with respect to risk management topics. By taking the surveys on the topics provided, you not only get to see the results immediately (after being updated in real time with your input) but you also help create a resource that is focused on nonprofits. In addition, suggest a topic that you have been wondering about and we can incorporate it into future surveys!
- Attend the Risk Summit – One of the best ways to share and acquire knowledge is to network with your peers. NRMC’s annual conference, the Risk Summit, is an excellent opportunity to meet with other risk management champions and share some ideas about best practices.
Eric Henkel is a former project manager at the Nonprofit Risk Management Center.