Home

Risk Management in Volunteer and Service Programs

Locking your car overnight on a city street is risk management. You acknowledge there is a potential risk and you take some measure to reduce that risk. A thief can still break a window, so you put your property in the trunk. This may be safer, but it is still not risk free. Even taking all property out of the car does not eliminate the potential damage to the car itself. Every day we accept risks in our lives. So too with service and volunteer programs. The goal of risk management is to "manage" potential risks.

Risk management is the thoughtful process of acknowledging and controlling risks to protect and conserve resources. Risk management looks at vulnerabilities within the program that can lead to an active threat, and takes appropriate steps to control the risk. Risk Management is the process of developing good day-to-day operating policies, procedures and training.

   Prodded by the threat of legal liability and increasing recognition that good intentions can produce horrendous    results, nonprofits are increasingly embracing risk management principles to improve the quality of their    services and prevent negative outcomes that can range from petty annoyances to full-blown tragedies. (Herman,    1994, p. 485)

   The goal of risk management is to improve performance by acknowledging and controlling risks. . . it is not    just about buying insurance. It is not just about avoiding lawsuits. It is about protecting and conserving your    organization's resources and providing goods and services sensibly. Risk management frees your organization    to pursue its mission.(Tremper & Kostin, 1993, p. 1)

The first step in the risk management process is to acknowledge that risks are real. Managers who say, "Our computer system can't crash," or "Our members would never do something like that," are living in a state of denial. People can fall and hurt themselves. Or they can fall and hurt a client. They can damage property.

Accidents are the basis for the largest number of lawsuits. Most accidents result from some form of negligence. For example a volunteer driver fails to stop for a red light and is involved in an accident that causes injury to the passenger (client). A child may be injured because the worker was not qualified or well trained. People involved in auto accidents or personal injury cases often file lawsuits. These suits or torts are generally based on negligence, or a failure to exercise a proper degree of care.

Sometimes suits are filed because organizations fail to establish policies such as screening and background checks for volunteers who are working with children. If a child is abused, the courts may judge that the organization was negligent for not developing appropriate policies to protect the child.

Employment practices are often grounds for lawsuits. Employees sue for discrimination, wrongful dismissal, harassment and other employment related actions. These same practices may also apply for members and volunteers.

We live in very litigious times and organizations must take steps to protect not only their clients but also their physical, financial and human resources. Prior to 1940 there was a doctrine of charitable immunity that protected many nonprofits from liability. Now only Arkansas has such a law and it's legality is being questioned. Many states have enacted various types of laws that place limits on the liability of nonprofit organizations. Some states have placed financial caps on the organizational liability or limits certain types of claims. Legal advisors warn that while these statutes sound good they often provide very limited protection.

Every state has legislation dealing with the legal liability of at least some types of volunteers. In 1997, Congress passed the Volunteer Protection Act (Public Law 105-19) to provide certain protection to volunteers, nonprofit organizations, and governmental entities in lawsuits based on the activities of volunteers. While this law provides a degree of protection to volunteers "acting within the scope of the volunteer's responsibilities in the nonprofit organization or governmental entity at the time of the act or omission," it does not preempt any applicable state laws regarding civil action, does not protect against harm caused by "willful or criminal misconduct, gross negligence, reckless misconduct, or a conscious flagrant indifference to the right or safety of the individual harmed by the volunteer," and does not protect against harm done by the volunteer operating a motor vehicle, vessel , aircraft or to the vehicle for which the state requires a license or insurance." Organizations and volunteers should not be led to believe they have blanket protection or immunity through the Volunteer Protection Act. Organizations that engage volunteers should read the law fully to understand its limitations and restrictions.

"In addition to various exclusions there are gaps that result from ambiguity in much of the legislation. Some of these laws are confusingly worded, exceptionally complicated, designed for profit-making corporations, or otherwise problematical. Even the very best laws require careful analysis to determine which volunteers they cover and what exceptions they contain." (Herman, 1994, p. 489)

There are a variety of risk management myths.

  • What I don't know can't hurt me. Ignorance is not an excuse under the law. Organizations should know the risks and work to prevent harm.
  • State/national laws protect us. As already stated, while legislation may reduce the risk of personal liability claims against volunteers no law completely immunizes volunteers. They also do not protect the organization against claims for harm caused by a volunteer.
  • We do good work or we don't have deep pockets, so nobody will sue us." Suits may be less frequent in the nonprofit or charitable world, but there is never a guarantee that someone will not sue you.
  • Our insurance protects us and takes care of everything. Insurance cannot protect you from the bad publicity that can accompany a lawsuit, and bad publicity leads to loss of faith and loss of support by the public. Insurance is an important part of a risk management plan, but it does not cover the loss of time and personal anguish spent defending yourself/organization.
  • We can't be held liable for everything a volunteer does. It may be true that you are not responsible for all the actions of a volunteer, but you can be judged for clearly defining responsibility, appropriate screening, adequate training, ongoing supervision and for creating and exercising the proper controls to protect your clients and the organization.
  • The best way to control risks is to remove volunteers from the program. True, most accidents are the result of human error. But most nonprofits cannot, and do not, wish to eliminate their volunteer programs. Such programs are a vital part of program delivery and play an important role in accomplishing the organizational mission.

The best way to avoid being sued is to avoid causing harm. The risk management process provides a systematic method of responding to the dangers of an organization's operations. The process is designed to protect the community served, and paid staff, volunteers and financial resources. A risk assessment or risk audit can be as simple as taking a piece of paper and writing down all the risks that come to mind. A more formal assessment may involve consulting with other members of the organization to learn about risks they perceive; walking around the facility looking for hazards or potential hazards; reviewing job descriptions for paid staff and volunteers to consider risks they may encounter while doing their work; or there are checklists available from insurers and risk management companies.

Risk Management begins with a four-step process: (1.) looking for risks (What could go wrong?), (2.) assessing the risks (How bad could it be?), (3.) deciding how to control the risks (What will be do?), and (4.) implementing the strategy (How will we do it?).

There are four strategies for risk management:

(1.) acceptance - accept the risk and prepare for consequences;
(2.) avoidance - not offering the service because the risks are too high;
(3.) reduction - change the activity and/or develop procedures that decrease the opportunities for harm and decrease the impact of the potential damage; and
(4.) transfer - shift the activity or financial liability risks to a third party (insurance).

Organizations sometimes use waivers or "liability shields" to reduce liability.
Effective liability shields are hard to create and often require assistance from legal counsel. Most waivers fail    because they do not adequately describe the risks of the activity and the consequences of signing. Everyone    signing the waiver must be clearly informed about the dangers so they can intelligently decide whether to    accept them; like exposure to tuberculosis, poisonous snakes along a hiking trail, or placement in a violent    crime area. . . Minors cannot validly sign waivers. . . Some states simply do not permit parents to forfeit their    children's rights, and no court will readily enforce a waiver against an injured child. . .Waivers can serve two    valuable functions. They encourage all parties in the activity to recognize the risks and take appropriate    precautions. They also create a psychological deterrent to a lawsuit.
A person who has signed a waiver may be less likely to sue. (Tremper & Kostin, 1994)

Effective risk management begins when organizations develop and follow good management practices.

  • Develop written position descriptions for employees and volunteers
  • Implement a structured procedure for screening and selecting employees and volunteers
  • Develop orientation procedures and materials to clarify expectations and establish standards of behavior
  • Provide training for the job and include ongoing training opportunities to stay on top of new techniques, trends, equipment, procedures and job changes.
  • Ensure ongoing, consistent supervision that monitors performance and maintains an open and timely line of communication
  • Evaluate performance honestly and create plans for improving weak or inappropriate performance, and for rewarding positive behavior. Document strengths and weaknesses, successes and problems. Implement action (termination) when warranted.

Take a few minutes and practice the risk management process with the following scenario:

A popular restaurant has a patio "happy hour" on Friday nights in the summer. Your organization is providing volunteers this week in return for a donation and a portion of the proceeds from the sale of beer. Volunteers sell tickets and ID bracelets (to verify age), pour beer and do light clean up. During the evening an undercover policewoman cites one of the volunteers pouring beer for serving alcohol to a minor. The volunteer becomes extremely upset as he has two previous alcohol related offenses.

Potential risks:

  1. Fine and charges against the volunteer
  2. Financial costs to the organization to pay the fine and/or defend the volunteer
  3. Reputation of the organization
  4. Potential lawsuit by the volunteer for placing him in this situation and/or refusing to assist him with legal counsel of paying the fine.
  5. Loss of future volunteers and money

Evaluation of each risk according to frequency and severity

  1. Frequency is low, severity moderate
  2. Frequency is low, severity moderate
  3. Frequency is low, severity high
  4. Frequency is low, severity high
  5. Frequency is low, severity high

Risk management strategies:

  1. Organizations frequently enter into collaborative events, such as fund raising activities, special events, service projects and use of facilities. Host liability when serving alcohol should be clearly identified and communicated to all parties. There should be a clear understanding of what are the risks and whose risks are they. Each side should clearly identify areas of legal vulnerability so that proper measures can be taken to safeguard each organization.
  2. Volunteers may need to sign a waiver to indicate they understand their level of vulnerability. One partner may have volunteers sign a "hold harmless" agreement. A memorandum of understanding should be signed by both members of the collaborative to define responsibilities of each party. Special event insurance may be purchased to cover some types of risks.
  3. Each volunteer should be trained in the work they are being asked to do and all volunteers should understand their relationship to other volunteer jobs at the event and any legal requirements. Event procedures should be clearly defined and monitored.
  4. The organization should have a clear policy about organizational support for volunteers while doing work for the organization.
  5. The organization should have task requirements and screening measures in place, and may reasonably elect to not select volunteers with criminal records for alcohol-related offenses to serve beer.

An attorney and volunteer managers offered the following comments as part of an online discussion of this case.

Do not blame the volunteer. "While the individual who served the alcohol should bear some responsibility for his actions - e.g. knowing he should card people - the group should bear the ultimate responsibility for not providing adequate guidelines for its volunteers." (The volunteer was specifically trained to serve alcohol to people with the ID bracelets. Others were responsible for checking the ID.)

Do not dismiss the issue because it involves alcohol. As an example it provides a very interesting risk management discussion.

This volunteer was relying on another person's work -- if the customer had the bracelet, it was reasonable for the volunteer to believe that the person issuing the bracelet performed the ID check. "Carding" customers wasn't his job; it was his job to check for bracelets. The fact that the law held him liable as server meant that he should have known he had an additional duty that made the bracelet system unreliable. In most communities the person that serves the alcohol is liable if they serve a minor. The organization failed in that it used an ID verification system that did not conform to the legal requirements of the locality where the event took place.

The volunteer may have a cause of action against the nonprofit for placing him in a position where inadequate training and poor procedures put him in danger of breaking the law while these same poor procedures gave him an inappropriate sense of assurance that the organization's procedures were explicitly conforming to the law.

The organization bears the responsibility for improper event policies and organization, improper training, and perhaps for not selecting volunteers appropriately.

The setup of the event did not conform to the liability responsibilities of the local laws -- the legal responsibility resided with the server, but the organization instituted procedures that purported to assign that responsibility to others and then trained the servers to rely on the efforts of those others.

The organization should pay the man's legal fees, in addition to the fine, as a cost of hosting the event. No nonprofit should expect a volunteer to accept a legal penalty without counsel for doing work represented as conforming to law and reasonably interpreted as conforming to law.

The nonprofit organization, and specifically the Volunteer Program Manager or Event Manager, should have "adopted" this man's case from the moment he was cited. As a matter of public relations as well as a matter of equity, they should not allow communication with him to cease until they are assured that the issue had been resolved completely.

Paying the volunteer's legal fees might have kept him as a volunteer, friend, and potential donor to the charity (and others, for that matter). Also, it might help keep the story out of the paper. Publication of this story in a local newspaper may cost the charity more than the cost of the fees.

Minimizing the injury to the volunteer and attempting to reassure him of the validity of volunteering would be a duty of care for the organization and manager in question. Heading off a newspaper article, or working with the reporter in crafting it, would have also been a duty of care to the organization itself

Special Note: This example is based on a real situation that did appear in a local newspaper. It cast the organization in a very negative light, as they hesitated taking any action to support the volunteer. The volunteer was quoted as saying this was his first experience at volunteering and he had done it to support an organization he really liked. But, after his experience this was the last time he would ever volunteer. The headline of the article: I'll never volunteer again!

Organizations have a responsibility to protect people, assets and reputation.

References:
Graff, L. (1999). Beyond police checks: the definitive volunteer and employee screening book. Dundas, Ontario, CA.: Graff and Associates.
Herman, R. & Associates (1994). The Jossey-Bass handbook of nonprofit leadership and management. San Francisco: Jossey-Bass Publishers.
Nonprofit Risk Management Center. (1994). Volunteers and the law. Washington, D.C.: Author.
Patterson, J., Tremper, C. & Rypkema, P. (1994). Staff screening tool kit: keeping the bad apples out of your organization. Washington D.C.: Nonprofit Risk Management Center
Safrit, R, Merrill, M., McNeeley, N. (1995). A high stakes affair: managing risks in volunteer programs. Columbus, Ohio: Satellite broadcast: The Ohio State University Extension and Volunteer Ohio.
Seidman, A & Patterson, J.(1996) Kidding Around? Be Serious! A Commitment to Safe Service Opportunities for Young People. Washington D. C.:Nonprofit Risk Management Center.
Tremper, C. & Kostin, G. (1993). No Surprise: controlling risks in volunteer programs. Washington D.C.: Nonprofit Risk Management Center