Walking a Tightrope? ERM Can Help
March 9, 2022

If risk wasn’t a nagging concern for nonprofits before the pandemic, it certainly is now. Health risks to staffers, volunteers and clients, and financial threats, including declining donations and increased incidence of fraud, now likely keep many executive directors up at night. But enterprise risk management (ERM) can help nonprofit organizations find firmer ground. Here’s how.

Portfolio Purview

ERM is a comprehensive program that considers an organization’s entire portfolio of risks. Rather than attacking every risk equally, ERM compares risks and strategically deploys resources depending on their likelihood and potential impact.

For example, you may be mildly cautious about reputational risks and very averse to financial risks. With ERM, you can contain those risks with the greatest potential impact and respond nimbly to others.

It Takes Teams

Experienced financial advisors and risk-management consultants can help you set up an ERM program. Generally, you’ll want to start by establishing a risk management governance structure with assigned roles and responsibilities. Your nonprofit’s executives and board should define your organization’s risk tolerance and make clear its commitment to the program.

Next, your organization should assemble a cross-departmental committee to develop the program. Different departments may have different perspectives on certain risks. For example, a finance manager might think inaccurate reporting of program information is less consequential because it’s unlikely to affect revenues or expenses. Your public relations manager may disagree, arguing that such errors could affect how donors and other supporters view your nonprofit.

Assessing and Planning

Your cross-departmental committee’s first task is to identify risks. It should conduct interviews with management and staff and, possibly, clients. Then, the committee will be ready to rank risks based on your organization’s tolerance and their potential impact. Which are most likely to occur? Which could cause the most harm? The bottom line: Which threats are most likely to prevent you from accomplishing your mission?

Once risks are identified and prioritized, the committee can devise a plan to mitigate them appropriately. For each risk, it should determine whether to accept, reduce or avoid it. And it should implement controls, processes and procedures accordingly. The committee is then charged with rolling out the plan. This should include communicating it throughout the organization.

Continual monitoring

The ERM process isn’t over, even after your roll-out. You’ll need to continually monitor key risks and performance indicators and make appropriate adjustments.

© 2022

You might also like

Even a Lower-Cost Benefits Menu Can Help Attract Talent

Even a Lower-Cost Benefits Menu Can Help Attract Talent

Some job candidates assume that nonprofit organizations offer lower compensation than for-profit companies do. If your nonprofit has open positions, this can be a difficult hurdle to overcome — particularly if you don’t have the budget to compete with for-profit...

read more
Thinking Ahead to Your Next Form 990

Thinking Ahead to Your Next Form 990

The deadline for most nonprofits to file Form 990 with the IRS (May 15, 2024) has come and gone. Assuming your organization operates on a calendar-year tax basis and filed its Form 990 on time, you probably don’t want to think about tax reporting again until next...

read more
Why Private Foundations Need to Avoid Self-Dealing

Why Private Foundations Need to Avoid Self-Dealing

If you’re a leader of a private foundation, you’re probably aware of the prohibition against self-dealing transactions between foundations and “disqualified persons.” But what constitutes self-dealing? And who exactly counts as disqualified in this context? It’s...

read more