Page 287 - Washington Nonprofit Handbook 2018 Edition
P. 287
A. Practical considerations when assessing risk
• Does management keep the Board up to date on significant changes
in programs, financials and staffing? A well-informed board is key to
quality board decisions. Accessing the information flow between
management and staff is a key factor in accessing risk.
• Does the Board give adequate time and attention to financial
oversight? Financial oversight is the cornerstone of avoiding fraud.
The Board must have quality information and sufficient time to
exercise its financial oversight responsibilities. Risk assessments
should consider if there is adequate time at board meetings to discuss
the financials, and whether there is a finance committee with oversight
responsibilities and expertise.
• If there is a Finance Committee, what are their responsibilities, and do
they have adequate information, time and expertise to carry out their
responsibilities?
• Does the organization use a risk assessment worksheet along with the
Finance/Audit Committee? A risk assessment worksheet could include:
y Identify risks relevant to the control objective and ask “what
could go wrong?”
y Identify controls and other actions that eliminate or mitigate
each risk;
y Use judgment that incorporates what is in the best interests of
the organization to assess whether risk is too much, too little, or
just right;
y Revisit and revise at least annually.
3. Information and Communication: Management should use
relevant and quality information from both internal and external sources to
support the functioning of other components of internal control.
Communication is the continual, iterative process of providing, sharing, and
obtaining necessary information.
WASHINGTON NONPROFIT HANDBOOK -276- 2018
