Risks to NPOs are defined as threats to the organization’s ability to accomplish its mission or stop the NPO’s ability to pursue opportunities. Management and the Board of Directors need to always be vigilant of these risks and proactively deal with the organization’s ability to recognize and respond effectively to the following 8 risks.
1. Compliance Risk
Compliance risk is the risk of fines or other regulatory penalties for offences such as the failure to remit payroll taxes or violation of privacy laws. It might include management of restrictions of funds from donations or other funding agencies.
2. External risk
External risk is the risk of becoming irrelevant or losing the support of the public and funders, failure to respond to changing economic demographics or other trends.
3. Financial risk
Financial risk is the risk of fraud or financial failure or making decisions based on inaccurate or inadequate information.
4. Governance risk
Governance risk occurs when there is ineffective oversight of management, poor management decision making or a weak board of directors.
5. Information Technology risk
IT Risk is when the technology chosen is not able to provide a dependable service or accurate and secure information.
6. Operational/program risk
Operational/program risk results from poor service delivery, reoccurring day to day crisis, staffing issues, program failure where the outcome is detrimental to the organization.
7. Reputational risk
Reputational risk is the risk of losing status in the community, a reduction in the organization’s ability to raise funds, and a lowered appeal to prospective volunteers.
8. Strategic Risks
Strategic risk is the risk of continuation or development of inappropriate programs and initiatives and failure to keep the organization strong and relevant.
Organizations must stay on top of risks to understand when action must be taken. Don’t wait until you, for example, cannot meet payroll obligations! Have a process in place to identify where the risks are and what the appropriate response and action plan should be.

Identify risks that impact the organization and plot them on the graph by assessing the likelihood of occurrence compared to the severity the impact of the risk. Manage risk based on where they are in the quadrant, especially if in the top right. It is important to monitor risk potential on a regular basis to see if they have moved on the chart.