The site uses cookies to provide you with a better experience. By using this site you agree to our Privacy policy.

Navigating COVID-19 - Governance & Risk Advisory for NFP's

Navigating COVID-19 - Governance & Risk Advisory for NFP's

Kylie Maher

Effective governance and risk management is critical for NFPs to help navigate the Coronavirus (COVID-19) pandemic crisis.

Your community, organisation , partners and donors are now facing a significant number of critical risks and recognise we are in a crisis scenario. 

Risk management at this time is a proven and effective tool to guide NFPs in their planning, mitigation and response to the issues and challenges they will be facing now and in the next few months.  Given circumstances can change daily dynamic governance is needed to respond and mitigate these emerging risks and issues.

Agile responses are needed aligned to your risk appetite to best inform this crisis decision making.

Position your community to be safe, agile and ready.

Decisions need to be made by your leadership team now on immediate critical risks:
  • delay of projects
  • cash and cost management
  • securing and supporting donors and partnerships
  • suspension of business activities
  • and above all safety of your staff, customers and community
Maintaining compliance should not be compromised by any fast action and responses being taken that could make your NFP vulnerable. 

Safety, privacy, cyber and financial control frameworks must still be operational within this changing environment. Many changes may place your physical and cyber security at risk, be alert and keep your controls robust.  

Below we provide key focus risk areas and mitigations to action now:


  • Facilitate an agile response from your NFP Directors and setup so they are available and can provide immediate review and approval of key decisions that will be needed throughout the next few months.
  • Provide your Executive with regular risk status reporting to assure and leverage their experience on your response and mitigations to these critical risks.
  • Enact and meet daily with your critical incident team to oversee, monitor and guide your organisation.
  • Implement short term Policy documents for key business operations processes during lockdown including financial, access, human resources and safety policy.
  • Provide for business continuity with an emergency delegations of approval schedule (financial and non-financial) in place to maintain controls in the absence of key staff.
  • Review and enact all wellbeing and safety risk plans for all your staff, partners, community and suppliers that cover both prevention and response mitigation actions.
  • Identify and plan for mitigation of key person and key donor dependency risks to NFP continuity
  • Implement and communicate how your staff can access help and support at this time for their wellbeing, safety and financial security.
  • With so many  of your organisations being at the front line delivering to our community at this time make sure you support and protect – review on daily basis risk mitigations
  • Plan now for cash flow  and donor slowdown with risk mitigations for cash management, debt coverage and cost minimisation.
  • Access as priority all available grants and support, prioritise time and effort to this to secure your NFPs future
  • Understand and assess your funding risks and plan mitigations for business continuity.
  • Monitor your collections and  funding income ensure they can continue, implement daily forecasting and financial scenario modelling to keep your decision making well informed on financial sustainability.
  • Delay projects, spend and non-essential services now that will place undue stress on your staff, operations and finances.
  • Invest quickly in the tools, software and hardware for your staff to facilitate remote working.
  • Implement continuous monitoring of your cyber and technology security in this environment as they are critical to your operations and vulnerable.
  • Check your service providers can accommodate and support you as you place extra pressure on them in changing  and in some cases at the front line in service delivery Load test your systems and plan for phasing of access. Access controls need review and adjustment for remote working while not compromising your security.
  • Protect and don’t make yourself vulnerable by keeping your core controls operating effectively for financial delegations, bank reconciliations, segregation of duties, payroll review , donor privacy and approval as well as banking access.
  • Remind your staff on the importance of compliance and that immediate escalation of risks related to safety, cyber and privacy is required.
  • Start the plan for recovery too so you can get your staff, community  and operations back to normal operations quickly.
  • Develop and implement a stakeholder engagement plan that keeps your community, staff, donors and partners well informed and assured on your risk mitigation.
  • Provide a process for ease of escalation by your staff of emerging risks and issues for early warning signs, leveraging their knowledge of your business and providing an opportunity for agile risk management.


We can provide you with a readiness review to guide and assist you in your planning at this time.  We can check in to assure that you areready to respond to COVID-19.
This includes a high level review of your key risk areas to consider their design for readiness to respond to emerging risks while maintaining your compliance.

We would complete a high level review of your current state of readiness across the following key risk areas:
  • Governance
  • Safety
  • Survival & Sustainability
  • Operations
  • Engagement
We would consider your key risks, planned mitigations and controls frameworks.  We will provide you with an informed list for actions to immediately take to be ready.


We can provide a deep dive or continuous assurance on your controls frameworks that are going to need to be robust, well designed and not expose you to vulnerabilities. We can also provide you with delegation, policy and control tools to implement and address any control gaps.

We can assure you that you are not vulnerable and your controls are operating.
Control focus areas:

Governance and delegations: Provide or ensure that your governance, risk and delegations are ready to respond to emerging risks and issues.

Grant and financial management: Ensure you are doing all your can to survive financially accessing all grants available, assist with the applications, minimise your costs, prioritise collections and preventing revenue leakage.

Policy and procedures: Provide or ensure that you have implemented key policy documents to support your changed operational environment.

Control redesign: Provide for robust frameworks that are redesigned for your changed environment and strengthen your financial, payroll, compliance, privacy, fraud prevention and safety controls.

Access and cyber security: Ensure that you have not compromised any access or cyber controls in your changed operating environment.  Provide continuous monitoring of your cyber and technology risks.

Your operating environment is changing on an hourly basis.  Risk management is a tool to leverage to guide you at this time. We can use risk to guide your decision-making and agile response. We can assist you with the following key risk tools:
  • Risk management: We can facilitate with your Executive to redefine and identify your risk appetite, key COVID-19 crisis risks and required mitigations. We can do this quickly leveraging our experience to ensure you are monitoring the right risks that matter for your survival.
  • Risk reporting: You can outsource to us or we can assist to maintain, update and use your risk register to guide your risk identification, mitigation status and reporting to your Executive and Council to assure.  We can ensure your emerging and escalating risk reporting is in place and effective as you will need this over the coming months.
  • Business continuity plan: We can provide you with a BCP template, or review of your BCP plan and monitoring of this to identify gaps, implement effective continuity planning and respond leveraging our knowledge and experience.