IN THIS ISSUE
According to Mike
I was interested in attending this session — for charitable organizations and non-government agencies (NGOs) — because of my involvement in risk-assessment and risk-management processes. I wanted to see if NFP organizations have the same governance-related risks and issues as for-profit companies. As expected, I found that many of the same risks faced in a for-profit business — regulatory standards, governance oversight, and competitive advantage — are evident in NFP organizations as well.
So, allow me to compare and contrast. The reality faced by for-profit organizations is that government, investors, and the general public expect the business to develop, promote, and most importantly, use sound business practices of governance, internal control, and risk management. Interestingly, the same for-profit stakeholders are turning their attention to the not-for-profit world. Many are saying that just because a NFP organization has a zero-target net income, they are supported through individual and business donations and receive tax advantages, and therefore, should have the same governance, control, and risk-management responsibilities in their business endeavours as required of for-profit companies.
In the for-profit world, sound governance and risk management programs are well under way in many corporations, thanks to recent regulatory initiatives. These same businesses are reporting to their customers and investors that their improved governance practices help ensure compliance with laws and policies and provide quality, timely goods and services to customers, resulting in sound financial profits.
In contrast, nothing could be worse for a not-for-profit organization than an internal scandal or high-risk incident, such as breaking the law, exposing people to harm, or misrepresenting how funding is used. A prime example is the scandal at the former Canadian Red Cross Blood Services Division in the mid-1990s. Because of the organization's ineffective risk-assessment and risk-mitigation processes, many public individuals became infected with HIV and hepatitis, resulting in legal awards totalling hundreds of millions of dollars. Added to this was a severely tarnished reputation for a noble organization that is slow to be reclaimed.
During the workshop I attended, the participants brainstormed generic risks that face NFPs and NGOs. After matching similar risks, a list of approximately 30 relevant topics was produced, eventually ranked as to the top five:
When working to secure appropriate funding, NFP organizations face similar risks and challenges as for-profit companies face when marketing and selling their services and products. Spending significant time researching available sources of funding, nurturing long-term relationships, and making sure its programs are unique and are needed, above all others, NFP organization's aren't really much different from the for-profit world.
Regardless of whether an organization is required to comply with governance legislation or not, many internal auditors would agree that risk assessment and risk management is becoming a leading best practice in both private and public corporations around the world. It is important that all sectors — for-profit, not-for-profit, and government and nongovernment agencies — realize the full potential and benefits of risk assessment and risk management processes so investors and stakeholders can concentrate on the potential of their investment, rather than risk-related disasters experienced in organizations such as Nortel and the Canadian Red Cross.
Michael Pidzamecky, CMA, CFE, is a senior consultant, internal audit and security, at Desjardins Financial Security in Toronto, Canada. He also has a private consulting practice. Pidzamecky has developed several self-assessment approaches. He has presented sessions for IIA courses and conferences and has written questions for the CCSA exam.
The Institute of Internal Auditors - 247 Maitland Avenue • Altamonte Springs, Florida 32701-4201 U.S.A.
+1-407-937-1100 • Fax +1-407-937-1101 • www.theiia.org
All contents of this Web site, except where expressly stated, are the copyrighted property of The Institute of Internal Auditors Inc.