Reading Time: 2 min 30 sec
Have you ever considered enterprise risk management (ERM) with your nonprofit organization? While most people associate ERM with for-profit organizations, this systematic approach to reducing risk can be just as effective for nonprofit organizations. Regardless of your resources, organizations can use an ERM process to lessen the risk to their organization.
Are you weighing your risks effectively?
Enterprise risk management is an extensive program that considers an organization’s complete portfolio of risks. An effective ERM program will consider every threat and create a strategic plan that makes effective use of resources based on the possible impact on the business and the likelihood of occurrence.
Enterprise risk management also takes into account the reality that each business has different tolerances for different types of risks. For example, financial risks may be extremely stressful, while the risk to reputation does not pose as large of a threat. An established ERM program allows your organization the flexibility of quickly responding to some threats while containing other risks that may have a profound impact on your business.
Are you using ERM effectively?
Experienced financial advisors and risk-management experts can assist your organization as you set up an ERM program. First, it is necessary to establish a risk management governance board that delineates roles and responsibilities to each member. Nonprofit executives and their governing board should work on clarifying risk tolerance as well as clarifying and solidifying their commitment to the ERM policies.
Next steps for your organization should include the following:
Assemble a cross-departmental committee
Different departments within your organization will provide different perspectives on specific challenges and risks. For example, inaccurate reporting of program information will play out differently for various departments. A finance manager might categorize inaccurate reporting as minor because it will minimally affect revenues and expenses. The PR department may view it entirely differently and worry that such inaccuracies may affect donors and other supporters of your nonprofit organization.
- Conduct a risk assessment. This first assessment by the committee is critical. Information should be gathered through interviews with staff, management, and even clients. Then, the committee will be ready to rank risks. Which risks have the highest probability of occurring? Which could be the most dangerous to the organization? Which threats are most likely to prevent you from accomplishing your mission? Answering these questions will allow the committee to assess how risks should be prioritized accurately.
- Create and implement a plan. Once risks are identified and prioritized, the committee can devise a plan to deal with each risk appropriately. The committee should look at each risk and decide whether to accept, reduce, or avoid the threat. The committee should also determine how to implement controls, processes, and procedures accordingly, including appropriate allocation of resources. Additionally, the committee is charged with rolling out the plan and communicating policies, procedures and goals to the entire organization.
- Review and revise. ERM is an ongoing process and requires the committee to continuously monitor risk vs. performance and adjusts the plan accordingly. It is also vital to continually update the initial risk assessment to reflect organizational and financial changes, as well as changes in the legal and regulatory environment.
Once the ERM plan is established, you should be able to manage the program with internal staff and board input. This in-house method tends to be a relatively cost-effective method of containing risk impact to your organization.
JLK Rosenberger can help your nonprofit establish an ERM program. For additional information, please call us at 972-331-5917 or click here to contact us. We look forward to speaking with you soon.