From a Workshop facilitated by Spindell Consulting at Federation of Protestant Welfare Agencies (5/11/17)
By Stephanie Spindell
Two reports published in 2016 after the demise of FEGS in 2015 established a kick off point for organizations to improve upon financial health and risk management. These reports expressed concerns that because many nonprofits are financially unstable, there is little cushion for absorbing emerging risks. Spindell Consulting designed a workshop- Financial Risk Assessment, presented on May 11, 2017 at the Federation of Protestant Welfare Agencies, to introduce participants to practical methods and tools for evaluating and managing organizational financial health and financial risks.
The SeaChange Oliver Wyman report, Risk Management for Nonprofits-March 2016 (http://seachangecap.org/wp-content/uploads/2016/03/SeaChange-Oliver-Wyman-Risk-Report.pdf), present a number of approaches to build organizational financial health and resilience. The report reveals that, “More than 10% of the nonprofits are technically insolvent (i.e., their liabilities exceed their assets), including 18% in health and human services.” The Human Services Council Report- New York Nonprofits in the Aftermath of FEGS: A Call to Action-February 2016, (http://www.humanservicescouncil.org/Commission_on_Nonprofit_Closures.php), indicates that human services organizations “financial woes are worsening—27% of respondents to Nonprofit Finance Fund survey reported operating deficits of 5% to 25% for fiscal year 2014.”
In broad terms, risks are threats or possibilities that an action or event will adversely (or beneficially) affect an organization’s ability to achieve its objectives. Risk management is a discipline for managing risks. How and what a nonprofit organization chooses to assess and manage boils down to management’s goals, priorities, appetite for risk, organizational resources as well as the culture around risk.
A traditional and commonly known financial approach to assessing and managing organizational financial health and risks is to focus strictly on financial controls, policies and procedures. This type of assessment generally includes evaluation of accounting procedures and internal cash controls including:
- Separations of duties and authority levels
- Conflicts of interest, whistleblower policy
- Internal financial planning & reporting
- Payables/expenses and receivables/revenues procedures
- Investment/asset management, reserve policies and procedures
Enterprise Risk Management
The SeaChange Oliver Wyman report, Risk Management for Nonprofits, suggests a different approach to risk management, known as enterprise risk management. Enterprise risk management (ERM) is a structured, “robust and systematic”, consistent, and continuous risk management process applied across an entire organization that allows companies to better understand and address material risks. The SeaChange report maintains that for-profit ERM and interviews with nonprofits leaders reveal “a set of best practices for nonprofit risk management” which are used by several leading nonprofits. The PowerPoint from Spindell Consulting’s Financial Risk Assessment workshop included many of these best practices: scenario or contingency planning, environmental scan (evaluation of external risks), financial governance, establishing financial targets and key performance/risk metrics, and peer assessment.
Assessing enterprise risk is best accomplished by performing an organizational assessment including a SWOT analysis (strengths, weaknesses, opportunities and threats). This assessment examines the entire organization including operations, governance, funding, stakeholders and partners and financials. Key business model (how your organization makes and spends its money) questions are:
- What is your nonprofit’s unique mission and value?
- Who are you serving, how, and why?
- What are your key services and how are they provided?
- How does your organization generate favorable operating results and build assets?
- What is the organizational culture around threats and opportunities?
- What human and financial resources do you utilize and how effectively are they used
- What is the impact —what are the financial and program outcomes?
- Who are your key partners and relationships?
Answering these questions provides a starting point for change such as reconsidering the basic business model, strengthening functional processes, human resources or infrastructure, mitigating threats and increasing impact and effectiveness. The organizational assessment and SWOT often elicits important strategic, business or financial decisions and plans. It can also be helpful in preparing your nonprofit for making a stronger case to potential funders/donors, investors, partners, stakeholders, etc. as being “safe investments”.
An organizational assessment generally includes an “environmental scan”. The purpose of an environmental scan is to identify impacts from the external environment. Whether positive or negative, external threats can be related to demographics, peer competition, political, economic, or environmental factors. Further analysis of current or potential partners offers opportunities for an organization to not only examine negative impacts but also to evaluate opportunities to build external relationships through joint initiatives such as joint programming, shared services, or a merger. Through joint initiatives, nonprofits can often increase impact, expand programs and services or increase efficiencies by streamlining operations. As an example, an organization may be expanding its services beyond adult support services by developing a new children’s program but they lack the relationships within this demographic. Whereas, another nearby organization has a strong brand in providing childrens’ services but needs a larger space, which the other organization has.
Financial Health & Risk Assessment
An organizational assessment is most effective if it includes a deep dive financial health & risk assessment. This sort of assessment examines several financial components for elements of risk:
1) Composition and adequacy of revenues and expenses
2) Budgeting assumptions, process and monitoring of
3) Profit/loss track record and planning for operating success
4) Balance sheet and liquidity strength, planning and monitoring
5) Financial governance
A tool for examining these financial components can be found in one of the workshop handouts, “Common Categories for Assessment of Financial Health & Risk”.
Suppose you are evaluating the financial strengths and risks (weaknesses) in your revenue profile (e.g. revenue streams and composition.) Sample financial assessment questions an organization might ask are:
- How do we bring in revenue—what’s the composition?
- How predictable, diversified and consistent is it?
- Are most funds coming from one large donor?
- Is there an adequate mix of restricted and unrestricted revenue?
- What is the mix of earned income, foundation, individual, government, etc.?
Consider what revenue is “at risk” or less reliable. For example, restricted money (designated for an endowment, capital improvement or for a particular program) must be used for a specific purpose and therefore limits your financial flexibility in times of uncertainty.
In assessing budget risks, when it comes to revenue, questions to ask include:
1) Do we take past funding activity and relative certainty into account in budgeting for revenue?
2) Do we track committed, pending and “to be raised” funds?
3) Have we defined what constitutes “relative certainty” in regard to funds that will be raised–is certainty based on the number of phone calls, the overall relationship, email correspondence, etc.?
Risk comes into play when revenue estimates are based on optimism. Furthermore, without accurate reporting and tracking of the status of funds and alignment with program and other expenses, organizations can find themselves scrambling to cut program costs or in emergency fundraising mode. (Further sample assessment questions can be found in the workshop’s activities, Sample Financial Health and Risk Assessment Questions.
Risk Management Example 1
If revenue risk is a priority for your organization after evaluating where the risks lie, if there are other financial (or non-financial) risks that your organization considers a priority, the next step is to rank all the risks in consideration based on the probability that the threat will emerge and the impact (how severe—usually a dollar amount) to the organization’s bottom line. The next step is to come up with a response: accept/retain, mitigate, avoid, or transfer the risk. Once a decision is made, the risk impact should be monitored. For example, you may choose mitigation by diversifying the mix of revenue either by pursuing unrelated business income, joint ventures or additional funding relationships and monitor revenue composition. Or you may accept certain revenue uncertainties but monitor a particular metric like revenue variance from budget and determine a specific trigger to take action. Other revenue risk metrics could be monitoring concentrations in particular funders or donors. (Additional metrics for monitoring revenue risk are tracking status of pledges as mentioned under budget risks).
Scenario (or contingency) Planning embodies the discipline of risk management. An organizational budget is approved based on the possibility that revenue will not come in as anticipated. Part of this plan is to determine ahead of time where and how much costs will be adjusted if revenues are lower than expected, as expected, or higher than expected. Assessing expense flexibility is essential in contingency or scenario planning. The easiest costs to adjust are variable or flexible costs (materials, supplies, travel, part timers, professional fees) as these costs change when revenue changes. However, as a good portion of expenses for most nonprofits are related to salaries, scenario plans have to also consider “cutting heads” or downsizing programs if revenue targets are not met. Fixed costs generally don’t change even if a nonprofit’s revenue increases or decreases. These costs (including full time salaries, occupancy, utilities, equipment, borrowing costs, depreciation) are easy to estimate for the budget however not easy to reduce.
The main risks in estimating expenses for the budget is ensuring that full costs are captured and the budget is transparent in that expenses are represented by program and functionally. If the full costs of running a program (direct, fundraising and management and general) are not incorporated in the budget, then a nonprofit runs the risk of program deficits or faces tough decisions to curtail program services or other costs or quickly raise funds. It is important to be up front with funders about what it truly costs to run your programs. (See “If We Want Our Funding to Change the World”, https://www.youtube.com/watch?v=z_w3v6TxJZQ).
Balance Sheet & Liquidity Risks
A balance sheet is a snapshot of your nonprofit’s overall financial health and capitalization. An organization’s capitalization is comprised of the composition and amount of assets, liabilities and net assets. The difference between what others owe you or what you own (assets) and what you owe others (liabilities) are net assets. The most important connection between operating results (Statement of Activities or Profit/Loss) and the balance sheet (Statement of Financial Position) is that an operating surplus increases net assets whereas a deficit, decreases it. Since the balance sheet is a cumulative account of an organization from the time it began (unlike the Statement of Activities which is periodic), ongoing operating deficits can significantly impair an organization’s financial health if left unaddressed. Organizations who do not consider and plan for how changes in operating results affect the balance and net assets, are exposed to risk.
Debt (borrowed money) in and of itself is not necessarily a risk to organizational financial health but borrowing funds without a concrete and realistic plan to repay, is a risky venture. Organizations need to consider their current financial health and cash flow projections to determine if taking on debt is prudent. Generally speaking the higher the ratio of debt to total unrestricted net assets, the more balance sheet risk.
Cash reserves are generally built by managing to a budget surplus (bringing in more revenue than expense). This in turn, builds net assets. If an organization continually manages to a breakeven budget (revenues equal expenses), there will be no financial cushion to respond to unexpected threats or opportunities when they emerge.
Reserves allow organizations to smoothly respond to unexpected revenue shortfalls or unexpected expenses and allow the luxury of not being “forced” into immediate cost cutting mode. Reserves also help cover day to day fluctuations in cash flow (i.e. differences in timing between cash expected to be received and cash needed to pay out). Finally, reserves are savings to pursue organizational or program change/innovation.
A formal definition of cash reserves is: Liquid Unrestricted Net Assets minus (Net Fixed Assets- Mortgages). Most banks ask for reserves to cover 3 months of operating expenses however organizational reserves vary depending on the stability and predictability of revenue, expense flexibility, ability to raise additional cash and general risk tolerance. Liquid assets are cash and short-term investments (less than 1 year maturity) and receivables that are NOT designated for a specific purpose by a funder or donor.
Risks can be found in the assets in which you invest/own and how those assets are managed (are they liquid? are they high quality? are they diversified amongst asset classes?) For example, receivables represent revenues booked but not yet received. Receivables eventually turn to cash but if this process is delayed, i.e., if the grant or other payment that is owed to the organization is delayed, this can be problematic from a liquidity perspective, particularly as your organization needs cash to honor its obligations.
Non-investment grade invested assets, real estate, stock and derivatives can cause more fluctuations in income than investment grade fixed income assets such as bonds and short term investments, hence these expose an organization to income and liquidity risk.
Risk Management Example 2
Suppose an organization establishes liquidity risk as a priority as there have been several cash “crunches”. Liquidity risk occurs when an organization does not have enough cash on hand to honor certain short-term obligations when they are due. To initially evaluate that type of risk, an organization may track: how often and what amount of payroll or payments to vendors have been delayed, how much emergency fundraising has been necessary or how old receivables are.
If the organization chooses mitigation as its “risk response”, several short-term strategies can be employed such as: Speed up the terms on receivables, increase revenue generating programs reduce or delay expenses, draw on a line of credit and more frequently monitor cash flow projections. Examples of longer-term mitigation strategies are: build cash reserves or establish a line of credit. Elements of risk can be captured and monitored in organizational risk metrics, for example: receivables past due 30 days, payables delayed divided by total payables or liquid unrestricted net assets divided by total net assets.
Regularly monitored cash flow projections have the added benefit of helping you determine whether operating deficits are due to timing differences or due to inadequate cash overall (i.e. a true deficit). Operating budgets and forecasts that are prepared on an accrual (GAAP) basis of accounting (which does not depict the timing of when cash is actually received or paid out) are therefore not helpful in managing liquidity risk.
Profit/Loss: Operating Performance
Program or department profitability are an important part of assessing operating performance risk. Valuable questions to answer are:
- Are we devoting an adequate amount of resources to programs/functions that are furthering our mission?
- Are core programs draining operating results or contributing to growth?
- Are we running a deficit and in which program or function and why?
The last question cannot be answered without transparent financial reports that include identification of expenses and revenue by program or department type. Hence ineffective accounting/financial systems in and of themselves are a financial risk. Having the ability to assess whether you are devoting resources to a sinking or floating ship is essential to preserving financial health.
If your core programs are a drain on your financial health it may be a good time to evaluate your mission and priorities. Have you explored how much in additional program operating deficits you can withstand financially? Can you find new or alternative sources of unrestricted revenue? Perhaps a joint initiative such as sharing administrative functions can help to streamline operations. These are not easy questions to address however as your resources are generally limited it is all the more important for you to carefully manage operating performance risk.
Financial Governance Risk
Board members have a fiduciary duty to safeguard an organization’s assets. Fiscal oversight is at risk when board members do not
1) Ensure accurate and transparent financial reports are received on a timely basis
2) Review financial reports including sign off on Form 990
3) Actively monitor organizational outcomes and goals and take action if necessary
4) Discuss and follow up on findings from the audit report
5) Ensure that a fiscal policies and procedures manual is in place
6) Abide by conflict of interest, whistleblower and fraud policies
7) Define and discuss risk tolerance and strategies for managing risk
8) Establish financial and strategic goals
The best way to address financial governance risk is to periodically provide basic training in nonprofit financial basics and financial management responsibilities to leadership and board members. This could be accomplished through formal onboarding sessions or informal training sessions during quarterly board meetings.
Dashboards & Metrics
Dashboards and metrics reveal the unique financial and non-financial factors which are representative of a nonprofit’s operating success and risks. They allow decision makers including staff and board members to monitor goals or signals of deterioration so that they can take action when necessary. In order to establish metrics, it is necessary to know what drives success and vice versa–what dampens or threatens success (i.e. what are your risks). Different functional areas of your organization will have different targets or metrics for success and risk. Some examples of metrics were provided in the preceding balance sheet, liquidity and revenue risk sections. Some other examples are:
- Program managers may monitor enrollment levels
- Development managers may monitor delayed or to be raised funds
- Finance managers may monitor delays in filing of the 990 or generating internal financials reports
A dashboard need not include all functional goals within an organization, only the ones that need extra attention. Less is more.
In summary, while addressing weak internal financial controls and processes is clearly an important step in managing financial health and risk, given the financial deficits which many nonprofits are facing, it has become crucial, particularly for human services organizations, to broaden this approach to include assessment and management of an organization’s overall financial health and resilience. Assessment of overall financial health and resilience includes an organizational assessment and SWOT analysis as well as a deeper look at an organization’s financial profile, which includes five key financial health components to consider when managing your risks. With these tools, your nonprofit can begin to determine and incorporate the changes necessary to enhance financial sustainability and mitigate risks