Running a not-for-profit (NFP) has never been simple. But the pressures facing boards right now are stacking up in ways that are hard to ignore.
Each year, the Australian Institute of Company Directors releases its Not-for-Profit Governance and Performance Study, one of the most thorough snapshots of how the sector is tracking. The 2025-26 edition makes for important reading. Regulatory requirements are tightening, funding is harder to stretch, workforce challenges are deepening, and community expectations are rising. For boards, the stakes are higher than they've been in a long time.
Here's what the findings show, and what they mean for your organisation.
The governance bar keeps rising
Directors are spending more time on governance than they were a few years ago, and that's not expected to ease. Regulators are more active. Public scrutiny has increased. And the tension between board-level oversight and day-to-day operations is something many boards are actively wrestling with. There’s less room to get it wrong.
That doesn't mean boards need to get more involved in operations. It means your governance and risk frameworks need to give directors genuine, timely visibility without pulling them into the detail. Clear reporting lines, well-defined roles and strong executive accountability aren’t nice-to-haves anymore.
Board capability and succession
Many organisations still lean heavily on long-serving directors, and finding candidates with the right mix of skills is getting harder. The expectations placed on today's directors have expanded. Boards are now expected to bring capability across risk management, financial oversight, regulatory compliance, care quality, safeguarding, and cyber and digital risk.
If your boards’ skills matrix hasn't been revisited recently, it's worth putting on the agenda sooner rather than later. Succession planning works best when it's treated as an ongoing priority, not something that gets urgent attention the moment a director announces they're stepping down.
Financial resilience for NFPs is stretched
Most not-for-profits are still operating on thin margins. Many are drawing on reserves to fund operations, and that pattern is particularly common among community and faith-based organisations.
The pressure points aren’t surprising: heavy reliance on government funding, rising wages and operating costs, and limited capacity to build reserves. What boards need is a clear, honest view of funding concentration risk, liquidity buffers and the organisation's ability to absorb a financial shock. Financial fragility and governance risk tend to show up at the same time.
Regulatory change is reshaping board accountability
The regulatory picture has shifted considerably across aged care, disability services, childcare and safeguarding. The new Aged Care Act, evolving NDIS requirements and the roll-out of Child Safe Standards are all raising the bar for boards, not just for management.
In care and support services in particular, the shift has been fundamental. Boards are now expected to actively oversee care quality, safety and client outcomes. Relying on assurance from management alone isn't enough. Many organisations have responded by setting up dedicated Care Governance Committees. If your organisation delivers care or support services, the board should have clear oversight of incidents, complaints, quality trends and safeguarding outcomes, alongside the financials.
Staying across regulatory change in real time matters too. Internal systems should be tested against current obligations, not the way things were done several years ago.
Workforce risk goes beyond filling vacancies
Workforce shortages are real and well known across the sector, but the governance risk runs deeper than recruitment. Gaps in supervision, capability and culture can directly affect service quality, safeguarding and employment practices exposure. And boards are seeing more workforce-related complaints and disputes as a result.
Workforce risk deserves a place alongside financial and compliance risk on your boards’ agenda. It's worth asking honestly whether staffing pressures are creating service delivery or safeguarding gaps, and whether those gaps are actually visible at board level.
Cyber security can't stay on the backburner
Cyber threats are on the rise; 18% of not-for-profit organisations reported being the target of a cyber incident in the past year. At the same time, many are adopting AI and digital tools without mature governance frameworks in place. For organisations handling sensitive personal, health or financial data, the exposure is real and growing.
Cyber security, data governance and business continuity need to be treated as strategic risks, not IT issues. Business continuity plans need to include cyber incidents as a standard scenario, not a theoretical one. If your plan hasn't been tested recently, that's the place to start.
Climate risk is becoming a board conversation
More than half of directors believe boards should be doing more on climate governance. Yet most organisations haven't embedded climate risk into formal frameworks.
For organisations running aged care homes, schools, community centres or places of worship, extreme weather events and asset resilience aren’t abstract concerns. They’re direct governance considerations. Climate risk should factor into property decisions, business continuity planning and risk frameworks, particularly where vulnerable communities depend on uninterrupted access to services.
Is your governance framework keeping up?
The common thread across all of these findings is that governance frameworks need to reflect the environment your organisation is actually operating in today, not the one that existed several years ago.
At BlueRock, we work with not-for-profit boards and leadership teams to strengthen governance structures, build risk management capability and make sure organisations are ready for what's ahead.
If your governance framework needs a refresh, get in touch with our not-for-profit consultants via the form below.
