To protect the organization, itself, and its members, the board must start by following the legal obligations common to all boards: duty of care, duty of loyalty, and duty of obedience.
Duty of care demands a board member acts as any prudent individual would act under similar circumstances. In the board setting that means a board member relies on due diligence before making decisions. It does not mean he is expected to make perfect decisions all the time but he must make educated decisions. This is achieved by coming to meetings, reading background materials provided, asking questions when something is not clear, and always weighing the risks and benefits for the organization on all decisions.
Duty of loyalty refers to faithfulness to the organization. A board member must act without personal agendas and always put the benefit of the organization above his own interests. Personal interests may include interests derived by family members or associated business relations. Failing to acknowledge conflicts of interests is a common example of a breach of duty of loyalty. The board must adopt appropriate policies to manage conflicting situations. Annual disclosure of personal affiliations and interests and recusal from discussing a case and voting when a conflict arises are the primary good practice measures for every board member.
Duty of obedience requires a board member to accept and follow the mission of the organization. Any acts that contradict the mandate or the purpose of the nonprofit are not permitted. Duty of obedience also expects board members to follow the laws that govern nonprofit tax-exempt organizations as well as any legal documents — articles of incorporation, bylaws, policies, resolutions — the organization and the board have adopted and instituted.
The following references discuss further the legal obligations of nonprofit boards. http://www.boardsource.org/Knowledge.asp?ID=3.364