Two of the most frequent questions we get from entrepreneurs upon creating their new organizations are “What policies do I need?” and “What template should I use for them?”
At GDI, we incubate transformational development ventures to build and scale the next generation of social impact solutions. From climate to agriculture, health to economic inclusion, GDI builds across sectors to drive game-changing impact at scale. In the initial phases of the incubation process, entrepreneurs may request support from GDI to establish foundational infrastructure and ensure legal compliance and alignment with best practices and part of this support may include policy development for new organizations.
Typically, organizational policy development occurs shortly after the initiative has been incorporated as an independent legal entity. Unfortunately, while there are several policy templates available on the Internet, they are often of limited utility without considering how they should be customized to meet the needs of the particular organization adopting them. The question of which policies are needed and what their specific content should be tends to require a nuanced approach. While there is no easy checklist for policies that might be necessary for each individual organization, we can provide a framework to evaluate which ones might be suitable and what level of detail is appropriate for their organization. The following provides new nonprofit organizations registered in the United States with an approach to determine which policies they will need and the appropriate level of detail, based on (in order of importance) legal requirements, donors, and their own organizational risk tolerance.
First and foremost, the initiative should consult with legal counsel to determine whether federal or state laws require their organization to have specific policies and, if so, the minimum required components. In most cases, these will be identified during the organizational registration phase, with policies such as conflict of interest, whistleblower, or document retention tailored to the specific federal or state-level requirements, depending on where the organization is registered and/or doing business. Your organization may decide to customize specific processes to help staff comply with the policies, but this is one area where entrepreneurs are well served to invest in legal counsel to ensure they meet minimum state and/or federal laws governing the types of policies necessary and the specific provisions required.
After ensuring your organizational policies meet minimum legal standards, the entrepreneur should next consider the extent to which their policies need to align with their donors’ requirements. For instance, an organization that receives (or intends to receive) funding from the U.S. government might align their procurement policy with U.S. government thresholds on competition for agreements, or they might use U.S. government per diem rates in their travel policy. On the other hand, organizations that receive their funding from private foundations or philanthropists may adopt policies that are less stringent while still meeting their organizational needs. For example, whereas the conditions required to issue a subcontract without competing it are significantly higher for U.S. government-funded organizations, they may be more relaxed for organizations that receive funding only from private foundations.
Organizational Activities and Risk Tolerance
The final, and perhaps the most nuanced, areas for consideration when developing policies are “what kind of activities does your organization perform” and “what is the overall risk tolerance of your governance or leadership bodies”. To the first point, organizations might ask themselves any of the following questions:
- Will you have employees?
- Do you interact with individuals who may be considered part of a “vulnerable population” group?
- Do you conduct research that requires study of or participation of humans or animals?
- Do you send money or contract with entities outside of the U.S.?
- Do you collect or store personally identifying information (name, address, date of birth, government-issued identification number, etc.)?
- Do you issue grants to individuals or organizations?
- Do you have staff that expect to travel?
- Do your activities involve business-sensitive information that you need to protect (e.g. revenue-generating intellectual property or trade secrets)?
The answers to these and other similar questions will help determine the types of policies an organization should consider adopting to ensure consistency and appropriate and ethical behavior from the staff. For instance, if you do not intend to issue grants as part of your work, you are unlikely to need to prioritize a subaward/grant management policy. On the other hand, if your staff will work directly with indigenous groups in conservation efforts, you might seriously consider adopting a robust safeguarding policy to ensure that your representatives are acting within international norms and best practices to protect vulnerable populations. Once you have determined which policies are needed, you may find a number of templates through a quick Google search or through professional organizations, such as Humentum. You should review these templates carefully and customize them based on the aforementioned considerations (i.e. legal and donor requirements) and based on your risk tolerance, as outlined below.
Finally, entrepreneurs should consider organizational risk tolerance (and the potential administrative burden associated with that level of risk tolerance) to determine if and how specific policies should be developed. Typically, this involves assessing the overall risk to the organization (in terms of the probability and impact of a problem occurring) and the extent to which you would like to minimize the risk. If your organization is particularly risk-averse in an area, you might build your policies in a way that drastically reduces or minimizes the risk. However, organizations and entrepreneurs should be mindful that efforts to minimize (or eliminate) risk often come with significant administrative burdens. To illustrate this, let’s take the example of a procurement policy as it relates to setting competition thresholds for contracts.
Dollar thresholds in a procurement policy establish specific competition requirements depending upon the amount of the proposed contract. In addition to ensuring that contractor costs are allowable to your donors, these thresholds and their corresponding competition requirements reduce the risk of potential conflicts of interest and help to ensure that organizational resources are used in a responsible manner (i.e. that the organization is receiving the best value for money on the purchase). If your donors do not have their own requirements or competition thresholds, organizations may use the following considerations to determine their requirements based on their own risk tolerance or administrative capacity:
- What is your organizational budget? Organizations with smaller budgets may decide to set their competition thresholds lower to ensure that all purchases receive multiple quotes and are scrutinized carefully to identify the best value for money.
- What is the average amount of your purchases? If your organization routinely purchases lower-dollar-value items or services, you may determine that the risk of waste or fraud is relatively minor and set your lowest threshold accordingly.
- How common are your purchases? Organizations that regularly purchase products that are widely available may not feel the need to solicit multiple quotes each time. For instance, if your organization routinely purchases laptops, the administrative effort it takes to search out multiple quotes may not result in significant cost-savings. Conversely, if you are looking for an expert advisor with niche expertise, you may not be aware of the market rate for such experts and therefore it would be wise to gather multiple quotes to ensure you are receiving the best price.
- How robust is your conflict of interest policy and how familiar are your staff with the policy? If you are particularly worried that your staff may engage contractors with whom they have a conflict of interest, you may set your competition thresholds lower to guarantee multiple quotes. Relatedly, you may require a procurement committee of several members at lower-dollar thresholds to prevent a single staff member from misdirecting contracts.
- In what geographies do you normally operate? If you routinely purchase goods and services in areas with higher costs, it may be worthwhile to increase your procurement thresholds to reduce the administrative burden of soliciting multiple quotes. On the other hand, if your purchases are in areas with lower costs, it might be worthwhile to adjust your procurement thresholds down to ensure that you receive enough quotes representative of the market.
- What is your administrative capacity and how does that relate to your risk tolerance? Smaller organizations may decide that the administrative burden of soliciting and reviewing multiple quotes outweighs the risk of fraud or waste. In these cases, the organization may establish higher procurement thresholds or less stringent requirements at lower price levels to maximize efficiency.
This represents just one example where a policy and its implementation may vary widely depending on both the types of activities involved and the organization’s risk tolerance. An organization’s policies are a reflection of its values and priorities and, as such, should be developed in that context.
As you can see, the answers to “What policies does my organization need” and “What template should I use” are not straightforward, nor are they the same for every organization. The policy needs of your organization will vary tremendously based on where it is registered, the types of donors that support it, and the kinds of programs offered; and while templates can be useful in offering an overall framework and starting point, they require significant customization based both on the aforementioned considerations and the organization’s overall approach to risk management.
While selecting and developing organizational policies is inherently unique to each organization, the above framework may help you in determining what works best for your particular circumstances. Entrepreneurs and organizations should keep in mind that policies are developed at a moment in time and they may (and should) evolve as the organization evolves. They should be reviewed on a regular basis and entrepreneurs should not be afraid to change them if they are not serving the organization’s needs. With the exception of the legal requirements, policies are amended just as easily as they are created so you should not let the perfect be the enemy of the good.