In March 2008, Solutions invited General Conference vice president Lowell Cooper to share his insights on the role of risk management in church governance. In this issue of Solutions Classic, we are reprinting his article as a reminder of seven key areas of effective risk management leadership. Following the article, Elder Cooper shares his thoughts on whether these principles have changed since this article first appeared in Solutions seven years ago.
March 2008—Board members often think that risk management is a responsibility of management. Further, the way to do risk management is to buy insurance to cover loss. However, risk management strategy belongs on the boardroom agenda. It is one of the basic governance obligations. Yet it rarely gets the attention it deserves.
Implementation of a risk management policy and program will fall on the shoulders of officers and directors. But the establishment of the culture of risk management, along with its policies and programs, really needs to begin with the board. Here are some dimensions of risk management for boards and executive committees to consider.
Board composition and education
The most important decisions made in Seventh-day Adventist organizations are made by groups, not by individuals. One of the operating principles in our culture and structure is group decision-making. Hence, there is the need for boards and executive committees. However, relatively little attention is given to the way that boards and executive committees are structured. One of the most important safeguards in an organization is to have a fully engaged board whose members represent a wide range of expertise and knowledge.
Disaster preparedness: Boards should spend the time to consider what kindSuch an arrangement does not happen automatically. Generally, more attention is given to achieving appropriate representation than to enlisting the range of expertise and knowledge needed. Boards would do well to take the time to create a membership grid that embrace both the aspect of constituency representation and that of competencies needed on the board. Appropriate language should be adopted in governance documents (bylaws and policies) to provide for an intentional balance of representation and skill on the board.
of events could have catastrophic impact on the normal
operations of the entity.
Persons who are invited/elected to board membership should also be able to spend the time that board membership requires. Giving proper attention to the work of a board can easily consume over 150 hours of time per year. Board members deserve a careful orientation to their responsibilities followed by ongoing education regarding their responsibilities and the broad range of issues that impact the organizations they lead.
Leadership selection, evaluation, and accountability
Boards appoint leaders. In most cases there is a clearly defined process for making leadership selections. Relatively few boards have a clearly defined process for the periodic evaluation of leadership.The discussion climate in board meetings is often one of quiet consent to the leader's proposals. Both leaders and board members can become much more effective in a system that requires accountability. (Extensive literature and training opportunities are available for boards to set up leadership and board process evaluations and education.)
Disaster preparedness
Boards should spend the time to consider what kinds of events could have catastrophic impact on the normal operations of the entity. These events might be from nature (storms or earthquakes), from sys tem failures (extended loss of electricity, food, or water supplies), or by human cause (fires, accidents, terrorism). Most disasters are unpredictable and therefore responses will vary depending on the sitJn. However, there are some general plans that can apply to most situations.
These should include safety of personnel, security of property and information, and the identification of persons responsible for immediate crisis management. It is a good practice to specify a succession of persons responsible for crisis management in the event that the key leadership personnel in an organization are unable to function at the moment of the disaster. Disaster preparedness plans should be communicated and, if possible, rehearsed by the entire staff of the organization.
Personnel policies
Employer-employee relationships are governed not only by the organization's policies and wishes but are subject to various employment laws. The underlying notion of service to God as an employee of a church organization is no basis for unfair and unethical treatment of employees. The laws of the land may provide for preferential hiring practices (i.e. that Seventh-day Adventist members can be preferred or required in certain employment positions). However, employment-related laws concerning wrongful termination, harassment, discrimination, remuneration, and promotions may apply to the Seventh-day Adventist workplace.A board should obtain expert counsel periodically to ensure that its employment policies and practices are in compliance with laws. This will not necessarily prevent litigation, but it should make the organization less liable to an adverse outcome in litigation.
Internal control systems
Internal controls refer to the ability of an organization to monitor the reliability and integrity of financial and operating information. Most board members think of internal controls as rules and procedures that apply to the handling of cash and financial accounting. While it is true that specific internal controls apply in the business office, there are other internal controls that should apply to the whole organization. These organization-wide internal controls include:- Executive committee members and officers set an example of integrity and ethical behavior.
- There is a system to manage conflicts of interest.
- The organization has reasonable objectives and goals-there is no undue pressure for short-term results.
- The organization has a code of conduct and the code is known by employees.
- Employees or vendors have a safe way to report improper conduct.
- The organization follows through with discipline for unacceptable conduct.
- A comprehensive budget is approved annually by the board.
- The board receives regular and timely financial statements including comparison of actual to budget and comparison of actual to previous year.
- There is a regular financial audit and policy compliance report to the board.
Internal controls are designed to protect assets for their intended use and to ensure that there is transparency in operations and relationships. While it is important to protect against theft, fraud, misappropriation, and terrorism, it is even more important to nurture a culture of ethical behavior and good interpersonal relationships. Internal con trols should be viewed and implemented as positive measures to preserve a healthy workplace environment enabling employees to be fully engaged in the mission of the organization.
Insurance coverage
Risk management is most often viewed as having adequate insurance to cover material and financial losses. Indeed, this is an important aspect. Board members should know the types of risk to which their organization is exposed and the insurance instruments that are available. Insurance documents can be very complex. Boards will benefit from having insurance professionals provide board education on this aspect of risk management.In the interest of transparency, the author is one of the directors for Adventist Risk Management (ARM). Seventh day Adventist Church organizations may arrange their insurance coverage through this service agency established for denominational purposes. ARM not only provides or arranges insurance for its clients but also develops and implements risk management education programs for the Seventh-day Adventist Church on a global basis.
Most board members will be some what familiar with property and casualty insurance. It is equally important these days that leaders have liability protection for directors and officers. Another insurance coverage that can be easily over looked deals with coverage for volunteers.
Denominational organizations are increasingly involved in collaborative projects with volunteers. While these can be a source of enormous blessing to all involved, they can also become a source of huge problems. Board members should ensure that the organization's activities with volunteers are defined and documented and that appropriate insurance coverage is secured either by the volunteers or by the organization engaging with volunteers.
Intellectual property
Furniture and buildings that are destroyed can be replaced. Intellectual property can not unless there is a system for backup storage. Individuals and organizations have learned, sometimes with much pain, the importance of preserving electronic information. Organizations should also consider the value, if not the need, of having electronic storage in more than one location.Another aspect of risk management that is often overlooked relates to the performance of key roles in the organization. There should be some type of resource backup for those roles. For example, at least one other person in the organization should have a general understanding of another person's role in case that person is suddenly unable to perform the role. Having up-to-date job descriptions and responsibility/activity summaries is helpful. But it is better to augment these by having another staff member knowledge able and competent to take over a key role on short notice.
Very often succession planning in the event of emergencies addresses only the officer roles in the organization. Boards that are thoughtful about risk management issues will have a succession plan for other key roles that may not be filled by an officer.
In conclusion:
Risk management is an important responsibility of boards. The operation of churches, conferences, and institutions involves risk. It is inescapable. Careful planning and analysis of the issues outlined above will enable an organization to function effectively in a risk-laden environment.Seventh-day Adventist Church organizations are engaged in a mission to advance the kingdom of God. It is right and proper that board members both acknowledge and seek God's blessing in the operations of the entity concerned. But the expectation of God's guidance in the affairs of an organization is not justification for anything less than diligent and careful governance.
Comments From Elder Cooper Today
June 2015—I cannot think of anything in this article that has gone out of date, nor is there much that I would add in terms of the board’s responsibility for risk management. One area of board oversight that has intensified relates to the protection of intellectual property.”
It is much easier for work to be accomplished outside the workplace because of the transportability of information and the prevalence of smart devices (phones, tablets, etc.). At the same time, this heightens the risk of inadvertent dissemination of copyrighted material or sensitive workplace information.
An employee working on a device away from the office might not use the same rigorous security measures used in the workplace (passwords, cyber security software, etc.). In the same way, a successful hacking of an employee’s personal computer/phone might result in the exposure of company information on a private computer/phone used for work purposes.
In short, good governance requires systematic vigilance in all areas of risk management.
This year, ARM celebrates 20 years of the weekly e-newsletter, Solutions, with the series Solutions Classic. Once a month we will publish a throwback piece from the Solutions archives and share the difference between risk management then and risk management now.
