Amid mounting concerns over cybersecurity, social media scrutiny and reputational risk, it is crucial that not-for-profit organizations (“NFP’s”) have good governance practices documented and in place.
Good governance consists of a framework of rules and practices to ensure accountability, transparency, and ethical conduct. Governance and risk management policies and procedures can help trustees and directors fulfill their duties and can also provide a roadmap for averting or handling crises. Further, strong oversight by those charged with governance is crucial to maintaining the public’s trust. This article will touch on some of the key governance policies and procedures that an organization should have in place.
Social Media Policy
This policy should provide guidelines on the acceptable uses of social media for board members, management, staff and volunteers. Such uses typically include raising awareness of the NFP’s programs through inspiring stories, marketing community events, connecting and building relationships, and fundraising outreach. The policy should specifically govern the publishing of content and commentary on social media by those representing the NFP. That being said, it is important to define who can represent the NFP and how they should identify themselves in any social media communication. Including a system of prior authorization for such communications is also advisable, to ensure that all communications support the mission, adhere to the NFP’s branding, follow confidentiality policies, and are not objectionable, inflammatory, or plagiarized. Finally, since social media gaffs and blunders unfortunately still happen, an NFP should have a plan in place for dealing with such missteps.
Information Security Policy
Developing the multiple components of this policy usually involves engaging an IT security professional who can tailor a policy that takes into account the size, complexity, risk profile and objectives of the NFP. Besides basic guidelines on telephone usage and other business usages such as fax machines, delivery and mail services, the policy should address electronic communications and the sensitive nature of confidential information, which will require procedures to ensure additional data security. Policies covering access privileges to networks, backup and restoration procedures, and website maintenance and backup should also be implemented. While well thought out and articulated policies can help avert a crisis, a good information security policy should also include strategies for dealing with a crisis, such as a cybersecurity breach response plan and a disaster recovery plan.
Gift Acceptance Policy
A well designed gift acceptance policy should include policies governing the solicitation of gifts, the acceptance of specific types of gifts and the recognition of donors. Unrestricted gifts of cash below a certain amount might be accepted without a review, while others would be subject to a governing body review prior to acceptance. Such gifts might include those over a certain amount, requiring that the donor be vetted with regard to any reputational or policy issues. Gifts of tangible personal property, marketable securities, and closely-held securities may require additional scrutiny based on the NFP’s acceptance criteria and policy concerning holding or immediately selling such gifts. Policies with regard to handling gifts of life insurance should also be considered, since they might include a requirement to continue to pay premiums, allow for a conversion of the policy to paid up insurance, allow for the surrender of the policy for current cash value, or include any number of contingent provisions. Charitable Remainder Trusts, Charitable Lead Trusts, Charitable Gift Annuities, real estate and certain contingent gifts, pledge agreements, or gift transactions with a potential conflict of interest might also require a review by legal counsel. These are but a few of the many types of gifts NFPs receive. Other issues that need to be covered in any gift acceptance policy include when and how gifts are valued, recorded and acknowledged, and when gifts require agreements with the donor specifying the terms of any restrictions.
Conflict of Interest Policy
This particular policy, important in helping governing bodies, management and employees identify situations where a conflict may exist, should not be taken lightly. Conflicts of interest involving an organization’s leaders can have a significant impact on an NFP’s reputation with the general public. This policy should make it clear what kinds of outside interests and activities, gifts, gratuities, and entertainment might represent a conflict of interest. In addition to an annual disclosure policy of known conflicts, there should be a procedure for disclosing and documenting possible conflicts as they arise. An effective policy would also include responses to identified conflicts, such as abstaining from votes, recusal from board discussions and exercising care not to divulge confidential information acquired in connection with the conflict.
It is important that an employee or volunteer be able to report a violation of policy or law, or a questionable practice or action without fear of retaliation. That’s where a good whistle-blower policy, one that encourages the reporting of concerns to a designated authority, comes into play. Reporting responsibilities should be defined as part of the policy, including the presumption that one is acting in good faith and has reasonable grounds for believing the situation warrants reporting. A procedure for handling reported violations, and a statement pertaining to confidentiality, to the extent possible as part of an adequate investigation, should also be developed.
These are just a few of the many governance policies to consider. Keep in mind, however, that it’s not enough to merely have good governance practices in place. Boards must be adequately trained in these practices and must continually monitor and assess their effectiveness if they are to remain relevant.
If your governing body needs assistance developing these and other governance and risk management policies and procedures, please contact a member of our Not-For-Profit Services Group or our Governance, Risk, and Compliance Group.