The Strengthening and Tiered Evaluation Process (STEP) replaces simplistic “pass/fail” evaluations with a comprehensive, research-based approach that focuses on CSOs. With a tiered due diligence evaluation and organizational strengthening outcome, STEP benefits extend beyond a single grant or project.
We Evaluate CSOs Across Nine Streams
Streams represent areas of focus in determining risk assessment.
1. Governance
Is there a functioning and diverse board able to avoid conflicts of interest? Are there governance policies in place around conflict, board representation, and codes of ethics?
2. Financial Management
Are there documented practices in place around the management, tracking, and disposal or disbursement of funds, inventory, and other assets?
3. Legal Compliance
Is the organization compliant with local laws? Does it have worker protections in place? Does it have a clear management structure and a method of maintaining and accessing contracts?
4. Operational Planning and Continuity
Does the organization have working capital and a plan for sustainability? Does it have experience managing and reporting on grants? Does it measure impact and learn from mistakes?
5. Risk Management
What processes does the organization have in place to mitigate acts of corruption, money laundering, bribery, terrorism, conflict, and other unanticipated disaster?
6. Commitment to Community Engagement
Does the organization have processes in place to ensure that it serves constituents in a way that is transparent, participatory, inclusive, respectful, and nondiscriminatory?
7. Data Security and Privacy
Are there systems in place to protect the security of technology and data, as well as the privacy of individuals whose information is stored within the data?
8. Safeguarding
What processes and safeguards does the organization have in place to protect its constituents, particularly those from vulnerable populations?
9. Working with Implementing Partners
What processes are in place to evaluate, monitor, and strengthen partners down the “supply chain,” such as subcontractors and subgrantees?
We Assign CSOs to a Tier
For each stream, CSOs are assigned a tier designed to align with funders’ risk tolerance and show where CSOs can improve.
1
Basic
For many private funders, this tier may be sufficient, particularly for smaller grants or grants to organizations that the donor has confidently funded in the past.
For many private funders, this tier may be sufficient, particularly for smaller grants or grants to organizations that the donor has confidently funded in the past. At this tier, the organization possesses a fundamental awareness of the potential risks associated with the relevant stream. It has implemented basic processes to mitigate these risks. While these processes may not be extensively documents, they are know by senior management. Such organizations may also qualify for an equivalency determination, depending on their governing documents and funding structures.
2
Foundation Standard
This tier should satisfy the due diligence requirements of most private funders, including foundations, corporations, and individual donors.
This tier should satisfy the due diligence requirements of most private funders, including foundations, corporations, and individual donors. An organization meeting the Foundation Standard for a specific stream must have documented processes in place to address the associated risks. These processes are familiar to most staff members and consistently implemented. While a policy accompanies these processes, it may not be fully comprehensive or align with all international standards.
3
Agency Standard
The Agency Standard reflects many of the requirements of larger agency and institutional funders.
The Agency Standard reflects many of the requirements of larger agency and institutional funders. In this tier, the processes and policies of the stream are advanced, widely recognized and integrated into the organizational practice and culture. The risk management processes within this stream receive dedicated allocation of resources and/or personnel. The majority of the staff are familiar with the overarching concepts and these are incorporated into the organization's daily operations as appropriate. This tier meets the requirements of numerous government agency donors.
4
Plus
While an organization in this tier may still have areas for improvement, it is nonetheless meeting a higher standard of risk management and best practices.
While an organization in this tier may still have areas for improvement, it is nonetheless meeting a higher standard of risk management and best practices. This tier signifies that the organization upholds an exceptional standard in risk management for the specified stream. Processes and policies are meticulously documented, well-known and consistently implemented throughout the entire organization, reflecting sector best practice. Dedicated resources and staff are allocated to oversee these processes within the stream, and there are mechanisms in place to regular review and update. The organization is often regarded as a leader in this area of risk management and is frequently sought after to provide guidance and support to other similar-minded organizations.
