Third Annual Not-for-Profit Governance Survey Reveals Declining Confidence in Governance Policies

While cybersecurity and other risks are becoming more of a concern for not-for-profits, the executives from not-for-profit organizations are showing less confidence in their governance practices. In our Third Annual Not-for-Profit Governance Survey, Promoting Confidence: Assessing the Processes and Priorities, survey participants reported that their confidence level in their organization’s governance practices was 59% (“very confident”), down from the 76% confidence level first reported in 2014.

This third installment of the CohnReznick Not-for-Profit Governance Survey analyzed responses from leaders and board members at 616 organizations across the country between March and May of 2016. Forty questions were asked in the survey, covering a wide variety of topics that include governance practices and policies, board structures, and the presence of audit and other committees. We are pleased to report that the number of survey respondents has essentially tripled since we published our first survey in 2014. This response rate confirms the importance of strong corporate governance among not-for-profit leaders.

Key Findings

The 2016 survey also found that about one-third (35%) of not-for-profit boards have conducted a self-assessment this year, down by almost 10% from 2015.  Nearly half of the organizations surveyed have not completed a cyber-risk assessment in the past year and, overall, risk assessments continue to be a low priority with 40% of those surveyed reporting they have never conducted one.

Other key findings in the survey include:

• Roughly one-third (29%) of the organizations surveyed have conducted a cybersecurity vulnerability assessment to assess their technology exposure. In addition, 31% have a cybersecurity breach response plan.
• While 1 in 10 organizations reported some level of fraud taking place over the past year, one-third of audit committees are not monitoring whistleblower complaints.
• Two-thirds (66%) have no plan to increase their spending on data security despite their concerns.
• Forty-three percent of the organizations surveyed do not have a plan in place to deal with a reputational crisis.  Another 18% are “unsure” If they have such a plan in place.

“In light of recent increases in charitable giving, it’s troubling to find that so many boards of larger not-for-profit organizations lack confidence in their governance practices, which could prove problematic as they grow,” says Kelly A. Frank, CPA, CGMA, Partner and Leader of CohnReznick’s Not-for-Profit and Education Industry Practice. “We wanted to find out if boards are prepared to meet the challenges ahead and which areas they might need to strengthen. Risk assessments, especially those for cybersecurity, seem to be a point of weakness”.

John Alfonso, CPA, CGMA, Partner, Not-for-Profit and Education Industry Practice, adds, “It’s important for not-for-profits to recognize that, with growth, risk increases and therefore the importance of governance is heightened. We know from experience that regular, thorough risk and vulnerability assessments are highly effective in strengthening internal controls and helping boards and management ward off problems that may harm a not-for-profit organization's reputation."