The board of a charitable organization is responsible for understanding the major risks to which
the organization is exposed, reviewing those risks on a periodic basis, and ensuring that systems have been established to manage them. The level of risk to which the organization is exposed and the extent of the review and risk management process will vary considerably based on the size, programmatic focus, geographic location, and complexity of the organization’s operations. 

Risk management generally includes a review of potential risks to the organization’s significant
assets, such as its property, its good will, and its key programs and activities, and decisions about the most appropriate ways to protect those assets from loss. All organizations should consider carefully all of the principles in this report—for effective governance, strong financial oversight, and responsible fundraising practices—as they develop appropriate policies and procedures to protect their assets.

• The board is the steward of the organizational assets.
• Adequate risk management is essential for every organization. 
• Risk can be assumed, eliminated, protected, or delegated. 
• Liability protection needs to cover the organization, the board, and those associated with the organization.

• The full board is responsible for overseeing the organization’s activities.
• Individual board members have fiduciary duties to the organization and can be personally liable for breaches of those duties. 
• Federal and state volunteer immunity laws provide broad liability protection for volunteers (including uncompensated board members) acting within the scope of their responsibilities but cannot prevent lawsuits. 
• Boards can protect their members via an indemnification clause (if allowed by the state laws) as long as the assets are sufficient to cover the expenses. 
• Directors’ and Officers’ insurance can provide coverage for liability expenses as well as defense costs.
  

The federal Volunteer Protection Act and most state volunteer liability laws do not protect board members, regardless of whether they are compensated, and other volunteers from liability for “willful or criminal misconduct, gross negligence, reckless misconduct, or a conscious, flagrant indifference to the rights or safety of the individual harmed by the volunteer action.”¹ The federal Act and most state laws do not prevent individuals from filing lawsuits against board members and other volunteers, nor do they provide the charitable organizations immunity from legal actions, although some states place a dollar limit on the organization’s liability.

The governing documents of a charitable organization may include “indemnification provisions” that allow the organization to pay the costs of defending or paying settlements or judgments board members might incur for actions related to their board service. Federal or state laws prohibit the organization from indemnifying a board member who acted in bad faith and for other specific types of offenses.

^1.The Volunteer Protection Act of 1997, Pub L. 105-119

1. How well do we understand and fulfill our responsibility to Understand risks our organization faces? Periodically review risks? Establish systems to manage risks?
2. Do board recruitment and orientation materials adequately describe areas where board members have potential personal liability? 
3. All organizations face risks, but the level of risk is based on the nature and complexity of the organization.                                                                                                                 -  Is the amount of time we spend to assess and manage risks well matched to the complexity of the organization?
   -  Does the nature of our organization create a heightened need for policies and procedures to protect employees, clients, or consumers of our services?
4. Has the board reviewed whether the current system of checks and balances is adequate to protect the organization against fraud or embezzlement?