Governing an entity mandates management accurately conceptualize information criticality and communication paths. Reflective of the Australian/New Zealand Standard on Risk Management (AS/NZS ISO 31000:2009), risk management is an iterative process consisting of steps, which when taken in sequence, enable continual improvement in decision-making. It is also the logical and systematic method of identifying, analyzing, evaluating, treating, monitoring and conveying risks associated with any system, process, activity, or task in a way that will enable an entity to minimize losses and maximize opportunities. Consequently, management of risk represents the means by which an entity elects to administrate cataloged possibilities. As alternative responses, risks may be addressed by reducing, avoiding, transferring, or accepting potential threats. Specific to not-for-profit entities, these risks typically encompass: objective achievement, organizational credibility, equitable provision of services, and appropriate behavior of officials.