The Masterpiece

By Melanie Lockwood Herman

After work tonight, I’m headed to my second oil painting class. You’ve probably seen the Mona Lisa by Leonardo da Vinci, The Starry Night by Vincent van Gogh, or  Water Lilies by Claude Monet. I expected to create a more humble masterpiece during my first class, but I learned that it generally isn’t possible to complete an oil painting in one sitting. The paint is to be applied in layers, and it’s important to allow time for the first layer to dry before applying the second layer. So tonight I’ll return to my landscape-in-progress and try to add a few trees to the foreground.

While reviewing a client’s draft policy on background checks this morning, it occurred to me that like an oil painting, a comprehensive risk management policy also has layers. In this case, the policy begins with a statement about the organization’s intent and continues with references to best practices in youth protection. The policy then outlines automatic disqualifiers for eligibility and continues with a description of the review process for background reports that fall outside the parameters for automatic disqualification.

A one-dimensional screening policy relying solely on a background check is ill-advised. And a generic, one-size-fits-all policy is unlikely to have the texture and brushstrokes your mission deserves. Like so many policies adopted to increase safety in a nonprofit, the tone, requirements and expectations must be custom-fit to suit the organization and the specific role or position.

Here are some things to consider when developing the layers of your screening or background check policy:

  • Does the policy disqualify applicants whose backgrounds make them unsuited for service roles in the nonprofit while also permitting discretionary review?
  • Does the policy link the required intensity of screening to the risks represented by specific positions?
  • Does the policy incorporate multiple screening tools which can be layered based on the nature of the position?
  • Is the process legally compliant? (Ex: does our practice of searching social media sites for information on candidates reveal personal information that can’t be used in making hiring decisions?)
  • Have we taken steps to ensure that the policy is understood by all personnel involved in screening applicants?
  • Do we encourage staff and applicants to step forward with questions or concerns about the policy?
  • Does the policy adequately protect an applicant’s privacy and other legal rights?

Unlike my first oil painting, which at some point I will have to deem “finished,” any risk management policy in your nonprofit should be subject to periodic scrutiny. Is it helping advance your mission or getting in the way? Is it easy to understand or likely to confuse? Is the policy having the intended effect… such as creating a path for the efficient, legal and consistent handling of the results of criminal history background checks? If it’s not working, it’s time to put that policy back up on the easel and start sketching.

Melanie Lockwood Herman is Executive Director of the Nonprofit Risk Management Center. She welcomes your ideas about any risk management topic, suggestions for best-in-class risk management, and questions about the Center’s resources at or 703.777.3504. The Center provides risk management tools and resources at and offers consulting assistance to organizations unwilling to leave their missions to chance.