CREFT Findings - CRE


As recent nonprofit closures and collapses illustrate, failure by executives and boards to identify, assess, manage and mitigate risk undermines the sustainability of the organizations they lead and poses a serious threat to the millions of people who count on them. Although all organizations operate in an environment inherently characterized by risk, nonprofits in particular have limited exposure to the practice of systematically assessing and addressing their vulnerabilities to risk. This is why Community Resource Exchange has created a holistic risk assessment tool, the CRE Fitness Test. After a year-plus of testing the CRE Fitness Test (CREFT), CRE has discerned initial findings that help to speak to the current state of nonprofit risk. The nonprofits that have taken CREFT to date are diverse in budget, staff size, and issue area although all have missions that fall within the larger social justice and poverty reduction space.


Overall risk picture

On average, nonprofits are performing well on necessary organizational practices related to compliance with legal and regulatory requirements and basic terms of their funder grants and government contracts. Groups are less consistent at implementing practices and procedures that seem more optional.  Examples of the latter category include the use of organizational monitoring tools like key performance indicators (KPIs), succession planning, and, as one might have guessed, risk management planning.

This means that organizations are attending to core aspects of organizational functioning, yet some critical vulnerabilities emerge. Some of the highlights in the data may speak to deeper challenges for these organizations and their leaders down the road, e.g., an under-reliance on the various strands of planning as well as longer-term financial forecasting, particularly given potential funding cuts driven by the federal budget. 


Areas of lower risk

Overall, nonprofit groups generally have lower risk in the areas of:

  • Compliance — groups adhere to government financial reporting requirements and key legislation, manage their grants and contracts effectively, and monitor legislative trends and activity.
  • Finance — organizations appear to be generally on top of key financial management practices, from budgeting to financial reporting to financial policies and procedures, though inadequate cash reserves plague many groups that have taken CREFT.
  • Leadership, Governance and Strategy — CREFT results suggest organizations are consistently providing their boards with solid financial reports that they can use to inform their decision making, however, executive-level succession planning emerges as an area of greater vulnerability.   


Areas of higher risk

The initial CREFT results show that, on average, nonprofit organizations generally have higher risk vulnerabilities in the areas of Programs and Services, Personnel and Administration, and risks related to the External Environment.

Within these categories nonprofit groups that have taken CREFT generally have greater vulnerability in the areas of:

  • Personnel and Administration — succession planning at all levels, emergency staffing planning, and the monitoring of staff turnover trends emerging as areas of concern.
  • Programs and  Services — while organizations are good at addressing significant risks such as investigating client-related incidents, the results show consistently lower ratings in program evaluation and planning.
  • External Environment — while some organizations are especially vulnerable to an interruption of services due an extreme event (weather or otherwise), nearly all organizations are ill equipped to communicate externally about an organizational crisis and/or proactively handle negative media attention from social media as well as more traditional media channels.

Our findings so far speak to the challenges of managing risk in always dynamic and often under-resourced environments. The results suggest that despite these environmental factors nonprofits are addressing significant areas of vulnerability while, at the same time, leaving themselves exposed in others.  The good news is there are many steps nonprofits can take to start working on this.


Five things nonprofits can do today to start engaging with risk:

  1. Start the conversation with your board and staff. Where do they think your organization is at risk? What suggestions do they have?
  2. Similarly, look at your workplace culture. Do you have a culture that supports people who speak up if they spot a vulnerability to risk? If not, what can you change to make this the norm?
  3. Look at your budget and begin to identify any areas of reliance which can lead to risk vulnerability. For example, if a government contract is cut, a major donor no longer contributes, or a large client goes elsewhere, would this lead to an outsize effect on your ability to deliver programs and/or maintain core administrative functions?
  4. Understand that risk isn’t always negative. As part of holistically engaging with risk, organizations need to be able to take risks that represent great opportunities to expand or serve their communities more deeply. It is important to be able to identify and proactively engage with these “upside” risks when they emerge.
  5. Take CREFT! The first step to engaging with risk is knowing where you are vulnerable. CREFT allows organizations to look at risk from a holistic point of view, taking multiple variables into account.


All content is copyright CRE 2017. Please cite Community Resource Exchange Risk Management Practice when using these findings.


En Español »