Nonprofits need to conduct ‘reputational risk assessment’
Nonprofit organizations depend on the public's trust. One of their most important assets is their good names and reputations, without which they may lose funding, donors, clients, employees and directors.
With that in mind, a nonprofit should assess its reputational risk as part of its enterprise-wide risk assessment.
Reputational risk assessment is a comprehensive review of what an organization is doing to protect and enhance its reputation, and what it may be doing that may damage its reputation.
Reputational risk can be measured by how a newspaper or a watchdog agency may interpret and publicize certain practices.
Reputational risk must be assessed on several levels including, but not limited to, the following:
» Governance: Effective governance requires that appropriate bylaws and board policies be put in place, including conflict-of-interest statements. Board members need to ensure that conflicts do not arise in fact or in appearance. They must always act in the best interests of the organization and avoid "self-benefit."
» Executive compensation: All compensation and benefits, including those provided to directors or officers, should be disclosed on Form 990 and, if taxable, reported on Form 1099 or Form W-2, as appropriate. Failure to comply with the IRS' Intermediate Sanctions Regulations and improper reporting of executive compensation can carry heavy public-relations costs.
» Employee practices: Employee practices that result in a hostile work environment or cause poor employee morale can affect a nonprofit's reputation. Implementing a whistle-blower policy can help reduce the risks in this area.
» Compliance with donor restrictions: Compliance with donor restrictions is imperative to protect the reputation of the organization and safeguard compliance with federal and state laws. To ensure compliance, donor funds should be tracked and spent in accordance with the donor's intent.
» Effective internal controls and procedures: These are essential for proper stewardship of assets and adequate financial reporting. Key controls to closely monitor include sufficient segregation of duties, appropriate fraud prevention and detection controls, and adequate backup and training of personnel. Internal controls and procedures should also be well documented.
» Regulatory and tax compliance: Regulatory and tax compliance is extremely important to ensure adequate funding and avoid significant reputational damage. The IRS Form 990 is easily available on Web sites such as www.guide-star.org and is the most public document for most organizations.
Board and executives should consider outsourcing the preparation of Form 990 to an external accounting firm if the nonprofit's personnel are not familiar with preparation of the return. In addition, audit and finance committees should carefully review Form 990's in advance of the form being filed.
As Warren Buffet once said, "It takes 20 years to build a reputation and five minutes to ruin it."
In a small community like Hawaii, it may be hard to repair an organization's reputation once it is damaged. It is important that a nonprofit perform a reputational risk assessment to ensure that its reputation is in good standing.
Vivian Lai is an assurance manager in the Honolulu office of Grant Thornton LLP. She can be reached at firstname.lastname@example.org