Now more than ever before, church leaders must recognize the importance of risk management as an inherent part of organizational oversight and leadership. But what does proper risk management look like, and whose responsibility is it? Many boards assume that the pastor and staff have the “bases covered” and board involvement is often limited to reacting to flare-ups. Such an approach to risk management is problematic and dangerous for multiple reasons.
Church leaders are typically consumed with day-to-day operating activities and decisions— the “tyranny of the urgent.” As a result, they frequently do not have, or take, the time to step back and proactively assess organizational risks and address them proactively. If that is the case, and the board is operating under the assumption that staff “has it covered,” the church may be a ticking time-bomb for obvious reasons.
Board and staff: a collaborative approach
A key area of responsibility for the board is to ensure that the church maintains an adequate approach to risk management in carrying out its programs. While the actual conduct of risk management activities is the responsibility of staff under the authority of the pastor, the board should evaluate the church’s risk management strategy since the board has ultimate responsibility for oversight.
An effective risk management plan is a holistic one—one that addresses risk in all aspects of the church’s activities. The risk management plan should also be proactive rather than reactive, identifying risks before they become liabilities and taking appropriate steps to mitigate them.
In order to effectively carry out its responsibilities, the board may wish to establish a standing “risk management committee” to oversee the church’s risk management strategy and to provide reports and recommendations to the full board.
The board or risk management committee should work with the pastor and staff to ensure that:
- Risks are identified and assessed as to their likelihood of occurrence and severity;
- Risks are prioritized;
- Staff has determined the extent to which identified risks have been mitigated; and
- Appropriate steps are taken to reduce identified risks to acceptable levels.
Reducing risk by implementing preventive measures is, of course, different from insuring against such risks.
In addition to overseeing the adequacy of risk mitigation, the board should ensure that the church maintains adequate insurance coverage with respect to applicable risk areas.
Areas of risk to consider
In addressing the church’s overall risks, some key risk areas that warrant attention include, but are not limited to:
- Corporate structure (e.g., whether the church’s activities and assets should all be in one legal entity or perhaps separated to insulate from excessive liability);
- Governing documents (e.g., whether the articles of incorporation and bylaws contain all appropriate provisions and whether the church’s actual governance practices conform to the governing documents);
- Policies and policy manuals (should be addressed for the same reasons that apply to the governing documents);
- Tax-exempt status and compliance;
- Financial condition and financial controls;
- Adequacy of insurance coverage;
- Human resources (personnel);
- Child molestation;
- Key operational areas;
- Public relations;
- Physical safety; and
- Leadership succession.
Child molestation risk
For churches, child molestation risk warrants special attention due to the severity of the damages that can occur. In recent years, an increasing number of high-liability claims have been made against nonprofit organizations that serve children due to actual or alleged child molestation. Claims of that type can be devastating not only to the victims but also to an organization and its leadership, both reputationally and financially. Multiple Catholic dioceses in the United States have filed for bankruptcy protection in connection with child molestation claims and many other types of organizations have experienced major claims. Church boards should carefully evaluate the nature of the risks as well as prevention strategies and insurance coverage maintained by the church. A variety of very good published resources are available on this topic.
Board members are not expected to be experts in the various risk areas listed above. Rather, the board should ensure that all relevant risk areas are adequately addressed by staff under the leadership of the pastor. The organization may engage experts in various disciplines (legal counsel, tax advisors, insurance agents, physical safety experts, and so on) to assist in addressing each area as needed.
One significant aspect of risk management includes ensuring that the organization has adequate insurance coverage for its significant risks. The evaluation of insurance coverage should include consultation with both legal counsel and highly experienced insurance agents. Specific coverage types to evaluate should include, but not be limited to:
- Property and casualty (for fire, theft, flood, vandalism, and so on);
- Employee theft;
- General liability;
- Sexual misconduct (including child molestation);
- Director and officer liability;
- Employment practices (for claims of discrimination, wrongful termination, sexual harassment, and other such matters related to employment practices);
- Fiduciary liability (for claims by employees related to the administration of employee benefit plans, particularly retirement plans); and
- “Key man” life or disability (for financial remuneration to the church in the event of the death or disability of a key leader. This is useful for situations in which the church could be adversely affected financially in the event of such an occurrence).