Logistics Brief



NonProfit Trends – Why ERM is Critical to Your Mission

November 7, 2013

Recent financial scandals, organizational blunders, concerns over executive compensation and instances of fraud have increasingly landed not-for-profit organizations in the headlines. These stories have caused damage not only to the reputations of specific not-for-profits, but to the sector overall and led to increased scrutiny from both the public at large and regulatory authorities.

Although NFPs are already highly transparent, new regulations are pushing for even greater information disclosure. For-profit companies have already adopted ERM processes in the face of regulatory changes. While not-for-profits are not subject to these same regulations, it is increasingly evident that the sector can equally stand to benefit from establishing an effective ERM process as organizations work towards achieving their mission in a transparent environment.

ERM is meant to continuously identify any potential events, internally and externally, that could materially affect an organization, manage risk and to provide reasonable assurance regarding the achievement of the not-for-profit’s mission.

Not-for-profit organizations are faced with a number of risks:

  • Competition
  • Diminishing Volunteers
  • Economic Risks
  • Environmental Risks
  • Fraud
  • IT Risks
  • Reduced Funding Streams
  • Regulatory Pressures
  • Reputational Risk
  • Public Scrutiny

An effective ERM process is one in which the Board and senior management are proactively involved, risk is managed and assessed across the entire organization in order to provide a holistic view, a common language and approach is employed, along with real-time analysis of the risk portfolio. Having an ERM process in place allows an organization to be nimble and proactive in its response to situations, rather than reacting to problems and situations as they arise.

ERM is not simply buying insurance, hedging or performing internal audit activities, although each of these is a component of the total ERM equation. It is a top down, forward looking method by which strategies are aligned with an organization’s risk appetite. It focuses directly on achievement of organizational objectives. The ERM process enables management and the board to identify and mitigate significant risks throughout the enterprise in organized systematic fashion.

Key governance and internal control processes that should be implemented in establishing comprehensive ERM includes establishing a risk committee, a conflict of interest policy and a reporting hotline, as well as a number of functions that also assist in mitigating fraud.

The following are key components of ERM:

Develop Risk Management Governance Structure and Processes

  • Clarify risk management roles and responsibilities
  • Create a risk policy statement
  • Define risk appetite
  • Develop a universal risk language
  • Develop processes to “keep the ERM process alive”

Identify Risk and Risk Event Universe

  • Execute risk surveys and management interviews
  • Perform brainstorming sessions
  • Compare potential risks to risk tickler list of similar type organizations

Create Risk Profile

  • Define risk tolerance
  • Quantify and prioritize risk events
  • Identify current controls

Establish Risk Responses

  • Accept, share, reduce or avoid risks
  • Implement controls and procedures

Develop Monitoring and Reporting Processes

  • Create Key Risk Indicators (KRIs), Key Performance Indicators (KPI) and related reports
  • Employ Internal Audit as a monitoring and Board reporting component

Related Posts

WEBCAST | Real Estate | Hospitality June 20, 2017 | 2:30 PM EDT This webcast will identify and discuss emerging
In the current not-for-profit environment, with revenues tight, expenses increasing, and more “competition” from other
Fraud can be one of the most devastating discoveries within an organization. Reports of fraud