Compliance vs Risk Management: What’s the Difference and Why Should Boards Care?
Compliance and risk management activities are high on the list of responsibilities that not-for-profit board members accept as part of their board appointments. The definitions of compliance and risk management are distinctly different from one another. Not-for-profit boards have legal and ethical responsibilities to protect their not-for-profit’s assets. Also, boards have a responsibility to remain loyal to the not-for-profit’s mission in connection with compliance vs. risk management activities.
It’s common for not-for-profit boards to invest the organisation’s financial assets in stocks and bonds or other financial investments to advance the not-for-profit’s mission. There is always a degree of risk anytime an organisation invests funds, even when they invest funds conservatively. That’s a prime reason to take a proactive approach to risk management.
With the help of the right board management technology, compliance and risk management are easier for boards to tackle.
Related article: Setting Not-for-profit Board Expectations & Increasing Effectiveness
Defining Board Compliance
Comply, which is the root word of compliance, means to act in accordance with rules. The structure of not-for-profit governance Is to ensure that boards will lead their organisations responsibly and ethically. To follow through on this commitment, they must follow the mandates that regulatory bodies put in place.
Not-for-profit compliance laws were established to ensure that not-for-profit boards and leaders don’t abuse their powers. Also, compliance regulations are designed to protect the public interest. As tax-exempt organisations, governments and regulatory bodies hold not-for-profit boards to very high standards. Stakeholders of not-for-profit organisations depend on boards to ensure that not-for-profits will be sustainable.
Compliance bears a strong connection to risk management. Boards that fail to fulfill their compliance duties responsibly can cause many serious problems for their organisations such as fines, revocation of the not-for-profit’s tax-exempt status, or dissolution.
Related article: The Board’s Role in Developing a Strategy Plan for a Not-for-profit
Defining Risk Management
In simple terms, the definition of risk is the chance of loss. Risk management requires assessing risks and taking steps to manage them. Irrespective of the type of services not-for-profits provide to their communities, proper risk management ensures that not-for-profits will be sustainable for the long term.
There are six ways to manage risks:
- Avoidance
- Retention
- Sharing
- Transferring
- Preventing losses
- Reducing
It’s illegal and unethical for not-for-profit boards to fail in their compliance duties. Failing in the area of compliance isn’t a risk that’s worth taking. The only way to manage compliance risk is to have the right policies in place to ensure that the organisation is continually following all rules, laws, and regulations.
Related article: Building a Strong Not-for-profit Board-Executive Partnership
Understanding the Differences Between Compliance and Risk Management
There are distinct differences in how boards need to approach compliance and risk management.
For example, compliance activities require boards to take a proactive approach. They need to understand state and federal laws. Also, they need to understand the requirements for the auditing process and filling out the proper IRS forms.
Conversely, risk management requires boards to be predictive and strategic in their approach to their responsibilities. In addition to the risks associated with noncompliance, the board’s failure to address risk management regarding compliance can cause grave reputational damage. The process of risk management not only protects not-for-profits, but it also positions not-for-profits to be innovative as opportunities arise.
Related article: Best Practices for Not-for-profit Board Oversight
How Compliance and Risk Management Align with Each Other
Well-run not-for-profit organisations understand the importance of properly aligning compliance and risk management activities. This relationship helps protect not-for-profits from a variety of risks.
Risk management plans should include processes to ensure proper compliance, so noncompliance doesn’t become a risk. Compliance activities can’t create value of their own accord. However, when boards combine compliance activities with risk management activities, they get value-generating opportunities.
Why Should Your Board Care About Compliance vs. Risk Management?
Fiduciary duties are some of the most important duties that not-for-profit board members acquire as they accept their seats on the board. As part of their fiduciary duties, not-for-profit board members are obligated to act in the best interest of the organisation.
How are the two issues connected? Taking on too many risks or big risks can lead to problems with compliance. Compliance problems can lead to big and unnecessary risks. Problems in either area can threaten the livelihood of a not-for-profit organisation. In essence, compliance and risk management protect organisations and ensure that they’re being run ethically.
Boards that fail to responsibly approach compliance and risk management duties stand to incur liabilities individually and collectively.
How Technology Helps Boards Address Compliance and Risk Management
While not-for-profit boards meet on a regular basis, they have many issues to discuss and address when they do meet. Compliance and risk management policies go a long way toward helping boards meet their compliance and risk management duties. Often, that’s not enough. A board management system is an effective tool for helping boards to responsibly address compliance and risk management matters, as well as all their other duties.
A board management portal serves as a compliance management system because it gives them a central place to store compliance documents like regulations, policies, contracts, and legal documents securely in the cloud. BoardEffect’s board portal system automates many important board processes like putting together board handbooks, writing and approving board meeting minutes, getting signatures and approvals, and handling the board’s calendar.
Within the security of the portal, boards can communicate and collaborate securely during board meetings and committees. A board portal supports compliance and risk management activities because it provides a trail that supports and documents all the important decisions and actions the board makes.
Related article: Re-Evaluating Your Not-for-profit Budget for Board Technology
Final Thoughts on Compliance vs Risk Management
When it comes to compliance versus risk management, it’s importance to recognise that these terms are interrelated. One is not more important than the other. Each comes with distinct activities and responsibilities for not-for-profit board members. It’s essential for board members to approach these and all their other duties in the right way. Not-for-profit boards that fail to fulfill their compliance and risk management duties subject themselves and their organisations to huge risks that the organisation may not be able to overcome. Those that fulfill their responsibilities ethically and dutifully reap the rewards that come with aligning compliance and risk management.
Related whitepaper: The Board Portal Buyer’s Guide