Risk management for public sector organizations and nonprofits is more extensive than previously thought. Often falling on board and council members, it requires a proactive approach – otherwise organizations face financial, reputational, or operational damage. When public trust and regulations are already a challenge, this makes risk management even more complex.
While it may not carry the immediate allure of strategy or innovation, understanding and addressing risks is fundamental to ensuring long-term success. For new or even experienced board members, learning risk management is a crucial function of board service.
After all, as Patrick Downes, a managing partner with corporate governance firm Governance Ireland notes, “Risk management might not sound like the most thrilling topic for many boards, but in truth, it’s one of the most important conversations we should be having. And, done right, it can be surprisingly powerful.”
We asked experts in both voluntary and elected board service to share what board members should know about risk management for public sector organisations and risk management for nonprofits. They outlined exactly how leaders should be prepared to act.
Risk Management is a Leadership Issue
Dr. Chad Bledsoe, President, Montgomery Community College:
“Ultimately the board has the responsibility of ensuring that the institution is meeting its mission. And that can’t be done without adequate oversight of financial resources, of the risk that we all take on, whenever we talk about providing services, equipment, training, employing teachers, all of that.”
Dr. Froswa’ Booker-Drew, President, Soulstice Consultancy:
“It’s more than just discussing great status reports and updates of what a board does; it is about making sure that the organization is not placing itself in a position of liability, that the organization is aware of all the risks that may exist and how they can put in protocols to ensure that the organization is able to continue its mission.”
Risk management is part of the fiduciary responsibility held by every board member – the legal and ethical duty to act in the best interest of the organization. A skilled approach to risk management for public sector organizations protects the financial, reputational and legal status of the mission-driven organization or municipality.
Practical Tips:
- The board and administrators should begin with a shared understanding of what risk management is and how the board should approach it.
- Keep information about your organization’s risk management efforts in an accessible, consistent location, like your board management solution.
Boards Must Remain Educated on Risk
Gwen Dombroski, Manager of Legislative Services/Clerk, County of Renfrew, Ontario:
“Legal and regulatory compliance is a critical component of risk management for public boards. Members must be well-versed in relevant laws, acts and regulations. This requires educating yourself on the board role and often relies on guidance from staff, other seasoned board members or legal experts. I feel the educational aspect is essential for informed decision-making and protecting both yourself and the board from legal repercussions and public scrutiny.”
Andrea Walsh, Senior Director, Mission Driven Organizations, Diligent:
“A lot of risk comes down to ensuring that the fiduciary responsibility is exercised effectively. But risk comes in lots of forms as well, and having the capacity to understand and ensure that the board is well informed on all of the activities involved in the strategic direction is critical.”
Practical Tips
- A board can approach risk management in the public sector effectively with the right training – both onboarding and in regular development throughout member service.
- Everboarding, which creates opportunities for learning throughout the board service lifecycle, is also an effective approach to keep members up to date on risk management and engaged with the topic.
Be Reasonable and Realistic
Maya Tussing, Partner and Co-Founder, Fairlight Advisors:
“One risk boards face is simply not having realistic budgets, where they’re not considering the financial impact of risks. Many nonprofits own real estate and don’t calculate the costs of owning that real estate. Or they are leasing their property and haven’t thought about what if their landlord is going to raise their rents and their options if that happens. Can they even move? Maybe their mission is focused on the community in that area, and, if zoning changes or rents rise, they can’t leave and go virtual or move to another community. These are risks that they have to embed into their budgets and to their risk management platforms or programs.”
Diarmaid Ó Corrbuí, CEO, Carmichael:
“Risk management can be a very tricky area to get right for their organizations. I have seen risk management systems that on paper look very sophisticated and comprehensive but are far too complicated and difficult to manage. As a result, they do not really help the board in their risk oversight responsibilities. I have also seen situations where boards do not systematically look at the risks their organizations face and agree how best to manage and mitigate those risks. The challenge is to develop a risk management system that is appropriate and manageable for your nonprofit.”
The leadership team’s shared understanding of risk is a core component in ensuring the organization’s risk management plan is comprehensive – but not overwhelming.
Practical Tips
- Boards must understand the real risks their entities face and put their efforts into plans that avoid or minimize those risks.
- The goal is to achieve the right-sized risk management plan for your entity.

Risk Management is Actually an Opportunity
Margaret Corbett, Deputy City Clerk, City of Niagara Falls, Ontario:
“We think about what we are at risk of doing and what is the potential harm if we are not acting in a responsible manner. So, as council and staff, we work together to make sure that we’re supporting each other appropriately, especially for the overall benefit of the citizenship.”
Gwen Dombroski, Manager of Legislative Services/Clerk, County of Renfrew, Ontario: “Handling public funds requires oversight and accountability. It is important to engage with audits and pay attention to financial reports to ensure fiscal responsibility. Due to the public nature of these roles, members are subject to public engagement and questions, especially with public funds, which can impact personal lives and professional reputations.
“Public-facing boards, particularly within the public sector, must maintain a high level of transparency to uphold public trust. It is crucial to become well-informed in your position and seize every opportunity for training to stay knowledgeable in your role. Many board positions are voluntary or offer a nominal stipend, requiring you to balance these responsibilities with your professional roles. This can potentially lead to conflicts of interest or added pressure from your primary occupation, alongside increased scrutiny.”
Risk management very much falls under the umbrella of public accountability and representing the organization well. For public boards, this means managing relationships with the electorate, but for private organizations, the board is still accountable to donors, volunteers, government oversight and more.
Practical Tips
- Developing a risk management plan, and sharing it where appropriate, can build relationships with the very stakeholders your board relies on for support.
- Keep your risks plan in your board management software so it can be easily found by board members and key stakeholders.
Regular Conversations Make Risk Management a Manageable Task
Patrick Downes, Managing Partner, Governance Ireland:
“For volunteer boards, many of whom are juggling roles, responsibilities, and real-world constraints, it’s easy to treat risk as something that sits in the finance or audit file or with the audit and risk committee. But actually, I think that risk should be part of everyday conversations – not a tick-box exercise once or twice a year.”
Diarmaid Ó Corrbuí, CEO, Carmichael:
“Developing a good and robust risk management system, using best practice templates relevant to your nonprofit is only the start of having an effective risk management system in place, it needs to be understood, owned and embedded into the governance systems. An effective risk management system is one where the board takes one of its key risks from its risk register at each meeting of the board and has a robust and informed assessment of the risk and its management. As in many key governance tasks, the quality and rigor of the assessment can be much improved by having a board sub-committee with specific responsibility for risk management and for preparing the analysis to assist the board in its assessment of the risk.”
Practical Tips
Risk management is not a one-and-done board topic. Build risk discussions into every board meeting. This is easy to do with software that streamlines your meeting agendas, along with an accessible document library that all board members can access.
Key Takeaways
Risk management is a core duty of both elected and volunteer boards. It can be tedious – or it can be an opportunity for education, transparency, and sound leadership. The oversight needed to craft a risk management plan and the tools to execute it are best found in a risk management software made for mission-driven organizations like government departments and NPOs.
With the board management solutions offered by Diligent and implemented by our team of experts, your organization can take a more effective, efficient and successful approach to avoiding and mitigating risk. Let us know when we can introduce you to one of our board management solutions.
FAQs on Risk Management for Mission-Driven Organizations
What makes risk management a board responsibility?
Risk management is part of the fiduciary responsibility held by every board member, the legal and ethical duty to act in the best interest of the organization. It protects the financial, reputational and legal status of mission-driven organizations or municipalities, and requires board oversight of resources and the risks that come with providing services, equipment, training, and employment.
How should boards educate themselves about risk management in the public sector?
Legal and regulatory compliance is a critical component of risk management for public boards. Members must be well-versed in relevant laws, acts and regulations, and education on the board role often relies on staff guidance, seasoned board members, or legal experts. Onboarding and ongoing development, including everboarding, are essential to keep members informed on all activities involved in strategic direction.
Why should boards have regular conversations about risk management?
Risk management should be part of everyday conversations and not just a tick-box exercise. The board should regularly review risks, ideally with a sub-committee responsible for risk management to prepare analysis and assist the board in assessment, and ensure that discussions occur at each meeting using robust, informed assessments.
What practical steps help implement effective risk management for mission-driven organizations?
Develop a shared understanding of risk management and keep the risk information in an accessible location, such as board management software. Provide ongoing training for onboarding and regular development, and aim for a right-sized risk management plan that fits the entity, avoiding overly complex systems that hinder oversight.
Why is risk management an opportunity, and how should boards maintain transparency and accountability?
Risk management is an opportunity to educate, build transparency, and demonstrate sound leadership. It involves engaging with audits, paying attention to financial reports, and maintaining public trust through high transparency. Public-facing boards should stay well-informed, pursue training opportunities, and balance responsibilities with other roles to avoid conflicts of interest and undue scrutiny.