“What event might occur that could take out our church?” Drop that question at the next staff meeting and you’ll feel the tone of the room take a nose-dive. No one likes to talk about the bad things that could happen within or to our churches. Unfortunately, this is an important issue that we must seriously consider. We’ve all heard of the church or ministry damaged by scandal, fraud, natural disaster or other difficult event. A trusted bookkeeper is caught after months of siphoning funds into his account, a former member files a lawsuit, or someone is hurt while at a church function. These situations really do happen, yet we tend to think that as a church we’re immune from these issues. That’s simply not the case. We have a responsibility to consider the risk events that could harm our organizations and take appropriate actions to prevent these problems.
A risk is simply the chance that something could go wrong. The fallout from that event could be minuscule or catastrophic, depending on the situation. Fortunately, there are steps we can take to prevent a risk from occurring and minimizing the impact if it does occur. The process of identifying, assessing and mitigating risk is commonly referred to as a risk management program. I’ve managed that function for a large company and on individual projects. The following is an overview of what the process entails and how to get started.
A risk management program includes these processes:
- Identify the potential risks.
- Assess the likelihood and potential impact of each risk.
- Determine what processes are already in-place to prevent these risks.
- Identify gaps and take action to further mitigate risks as needed.
- Communicate the risks and mitigating actions as appropriate.
- Review and update this list of risks on a consistent basis.
Identify the potential risks.
This step involves gathering your senior leadership team and asking that uncomfortable question, “What event(s) might occur that could take out our church?” Explain that the reason for this discussion is to ensure you’re doing everything needed to prevent these risks. Here are a few additional questions to use that can get the conversation going:
- What incidents have occurred at other churches that damaged their reputation, cost them financially, or severely hurt their ministry?
- What events or actions could occur that would cause physical or emotional harm to our staff, volunteers or congregation?
- What could occur that may lead to legal action against our church or church leadership?
- What might cause physical damage to our facilities?
Your list of potential risks may include the following:
- Financial – fraudulent activity or lack of financial resources to maintain church operations
- Abuse – child abuse, sexual harassment
- Natural disasters – tornado, hurricane, fire, flood, earthquake
- Moral failure of senior leadership
- Health and Safety – security threats, unsafe practices or environments
- Technology – loss of vital data or financial information, network crash, inefficient systems
- Legal or compliance issues – whether intentional, due to negligence or ignorance
- Human Resources – low morale, insufficient staffing to handle the workload, personnel issues, lack of succession planning
Assess the likelihood and potential impact of each risk.
As you discuss each risk, talk through the scenario and what might happen. Assess each risk for how likely it is to occur and what the impact would be to your church if it did happen. For the risk of natural disasters: Are you in an area prone to tornados? If so, then the likelihood may be rather high. If a tornado damages your building, that could lead to physical injuries if anyone is present at the time. If the building is severely damaged, you may not be able to hold services until you find a temporary location or until the building is repaired costing you in connection with your congregation and in offerings. While you can’t reduce the likelihood of a tornado, you can take steps to reduce the impact. Examples include purchasing insurance, proper building construction, developing and communicating safety procedures, and scouting temporary facilities before they’re needed.
Determine what processes are already in-place to prevent each risk.
Do you have policies and processes in-use to prevent the risk? For example: Do you require that at least two people count and sign-off on the offering total for each service? Is each volunteer working with children required to pass a criminal background check and attend training prior to serving? Do you have insurance coverage on your facilities and the contents? Are these policies documented and communicated to staff on a regular basis? You may want to seek out legal counsel regarding certain risks to confirm that you’re in compliance with applicable laws and regulations. These are all steps that can reduce the likelihood and/or impact of various risks.
Identify gaps and take action to further mitigate risks as needed.
If you determine that the mitigations in-place aren’t sufficiently reducing a particular risk, then you need to develop a plan to close that gap. This may include getting additional insurance coverage, implementing background checks, or developing a security threat response plan. The key to this step is to document the actions required and assign a single leader responsible for ensuring that the tasks are completed by a certain date. This leader should report back to you on a weekly basis until all tasks are complete.
Communicate the risks and mitigating actions as appropriate.
Just having your senior leadership team aware of the risks isn’t sufficient. You need to discuss these risks with staff and volunteers who are directly responsible for carrying out the risk mitigation actions or who may be impacted by a risk event (such as an emergency evacuation).
Summarize each risk into a sentence or two and review the list with your staff. Get their input on the list and ask if they have any ideas for how to prevent these risks. Discuss any existing policies or procedures that prevent each risk such as background checks or safety rules. Make sure they understand that those policies are in-place for a purpose and what the consequences to the church could be if one is violated and the risk occurs.
Communicate applicable risks while training volunteers and discuss which policy or procedure is designed to prevent those risks. When people understand why they’re required to follow a certain procedure, they’re much more likely to comply and even offer suggestions for improvement.
Review and update this list of risks on a consistent basis.
This process cannot be a one-time effort. The external and internal environment changes constantly and we have to adapt our risk list and risk prevention measures accordingly. Review each risk at least once each year and review the most important policies with staff and volunteers on a monthly basis. You may think that they’ve “got it” after one training session—please don’t make that assumption. Reiterate the key processes and policies used to mitigate risks on a regular basis. About the time that you’re sick of saying the same thing, your team is just starting to understand … so keep communicating.
Now, all of this sounds like a lot of work and I’m sure that your to-do list is already a mile long. That combination doesn’t bode well for your ability to get started on this process. However, a risk management program is a lot like preventative medicine. We eat healthy foods and exercise to take care of our bodies and prevent illness or we have to take a myriad of medications later in life to deal with the health issues that may have been preventable. It’s the same issue with risk management. We can either invest the time and energy now to prevent and mitigate risks or we can deal with the consequences later.
Also, please realize that discussing risk doesn’t mean we’re lacking faith or doubting God’s provision. Our faith has to be in God first—trusting Him for protection, wisdom and direction. Next, we combine our faith with action by identifying, assessing and mitigating risks. We have a responsibility as leaders to take all reasonable efforts to protect our congregations, staff, volunteers, and community. Take the time to go through this process with your team. It won’t be the most fun staff meeting, but it may have the biggest pay-off.