Enterprise Risk Management Resources

Access ERM best practices.

ERM Whitepapers

Whether you are just beginning a program or seeking to enhance your risk management activities, GRF can help. Here are some curated resources created by our advisory team.

This guide provides practical suggestions for nonprofit organizations, whether they are exploring ERM, in the early stages of implementation, or looking to strengthen current processes in place.

It incorporates insights and valuable experiences from nonprofit organizations of many types and sizes about their implementation of enterprise-wide risk management practices.

The templates in the report’s appendix provide valuable guidance for any organization thinking about risk management.

Download the PDF >


Getting Started with Enterprise Risk Management: A Guide for Nonprofits includes a set of practical tools and templates that organizations can download and use to advance their risk governance practices. Links to the templates from the appendices of the report are provided below.


ERM Process Planning Template (Appendix R)

Practitioners recommend taking a long-term approach to implementing ERM, starting with small steps and incrementally adding more.

The pathway starts with clearly defining the objective for ERM, then proceeds to selecting the most important elements of the ERM process to emphasize, customizing those elements to the organization’s culture, and developing a long-term vision for ERM in the organization.

Download the Word doc >


Starting with a Strategic Lens
Core Value Driver/Strategic Initiative Analysis Template (Appendix D)

The organization’s core value drivers and strategic initiatives provide the foundation for identifying the most critical current, emerging, and potential risks. To get started, there are two key questions that serve as the link from strategic objectives to related risks:

  1. What must go right for a core value driver or new strategy to succeed?
  2. What assumptions related to the core value driver or new strategy are being made by the organization?

Download the Word doc >


Identifying Risks: Understanding Context

Analyzing contextual factors reveals emerging and potential disruptions to strategy implementation as well as potential opportunities to pursue. Frameworks and tools are helpful for structuring thinking about the factors that affect an organization’s ability to achieve its mission.

SWOT Analysis Template (Appendix E)

SWOT (Strengths, Weaknesses, Opportunities, Threats) Analysis helps organizations identify internal and external factors affecting risk. SWOT Analysis is particularly helpful for identifying potential positive outcomes in addition to negative risks.

Download the Word doc >

PESTLE Analysis Template (Appendix F)

PESTLE (Political, Economic, Social, Technological, Legal, Environmental) Analysis structures brainstorming of external environment influences to categorize situations and trends affecting risk.

Download the Word doc >

Risk Identification Using Risk Categories Template (Appendix G)

Many nonprofits prefer to organize brainstorming using their own taxonomy of factors to identify themes, concentrations of risks, and other commonalities. Common classifications include categories such as finance, operations, governance, and reputation.

Download the Word doc >


Managing Risks
Bow-tie Analysis Template (Appendix K)

Bow-tie Analysis is a framework for identifying risk-reducing actions that an organization can take. It starts in the middle with the risk event, then evaluates the potential causes of the risk (left side of the bow-tie) and potential consequences (right side of the bow-tie).

Download the Word doc >


Monitoring Risks
Bow-tie Analysis: Key Risk Indicator (KRI) Identification Template (Appendix L)

Bow-tie analysis also provides a structure for identifying key risk indicators. The analysis begins with thinking about the events that might happen immediately before a risk occurs and what the root causes of these events would be (left side of the bow-tie) then identifying signs that the root causes and preceding events are occurring, and the early responses that should be taken. The analysis continues on the other side of the risk event by considering the initial and secondary consequences of a risk event and related indicators.

Download the Word doc >


Communicating Risks
Risk Profile Template (Appendix P)

Download the Word doc >


Emerging Risk Summary Template (Appendix Q)

High-level risk summaries facilitate communicating risk information. Limiting summaries to one page encourages concise narrative and keeps discussion focused on essential information.

Download the Word doc >


Download All Templates

Download the Word doc >


An increasing number of organizations have embraced Enterprise Risk Management (ERM) ― a structured and continuous process designed to provide an organization’s board and senior leaders with a strategic perspective of risks so they can be managed proactively.

This report examines how nonprofit organizations and associations are utilizing ERM best practices to increase efficiency, plan for the future, and achieve strategic objectives.

Download the PDF >


View GRF Enterprise Risk Management Publications

Read More

Sample Blog Posts


Enterprise Risk Management Supports Budgeting in Uncertain Times

Both the COVID-19 pandemic and the preceding great recession presented serious challenges for organizations eager to develop an annual budget and stick to it. In fact, many businesses and nonprofits alike found themselves with reduced revenue, additional expenses, and worst yet, no contingency plan. Without a crystal ball, the best any organization can do is…

Read More >


Board Assessments Help Nonprofits Thrive During Challenging Times

With COVID-19 threatening to remain a significant operational challenge for nonprofit organizations through 2021, it is tempting to put other initiatives on the back burner. It may seem counterintuitive, but now is the ideal time to revisit your Board of Directors (Board) and determine if the organization is not only compliant, but also operating optimally….

Read More >


The Bow Tie Method Addresses Risk Holistically

By Jay Mui, PMP, MBA | Supervisor, Risk & Advisory Services Well if you are being literal, 17th century Croatian mercenaries would use a scarf to hold together the openings at the neck of their shirts. King Louis XIII, a great employer of these mercenaries, so enjoyed and promoted this look that it soon became…

Read More >


Why Associations Are Implementing Enterprise Risk Management (ERM)

By Melissa Musser, CPA, CITP, CISA | Principal, Risk & Advisory Services For years, associations have taken a siloed approach to risk management, focusing on areas like cybersecurity. More are now widening their nets, using ERM to ensure unexpected dangers don’t derail their association. When it comes to risk management, some may think of areas…

Read More >


Be Prepared: Why Enterprise Risk Management is Essential for Nonprofits

By Melissa Musser, CPA, CITP, CISA | Risk & Advisory Services Principal Corporations and organizations have long understood the value of systematic planning for worst-case scenarios to avoid unwelcome surprises, known as enterprise risk management (ERM). ERM is a proactive, multidimensional process of identifying, assessing, cataloguing, and preparing for potential negative organizational outcomes in order…

Read More >

Read More Enterprise Risk Management Blogs

Explore Blogs

Webinar Recordings


Keep Calm and Assess Your Risk with Enterprise Risk Management (ERM)

Enterprise Risk Management (ERM) is more important than ever – is your organization onboard? Nationally-recognized nonprofit risk experts present the many lessons learned by nonprofits and associations during the COVID-19 pandemic. Learn how ERM helped organizations navigate and survive during the unprecedented crisis.

Learn More >


Enterprise Risk Management (ERM) for Nonprofits & Associations: Where Strategy Meets Risk

It’s time to talk to your board about addressing risk to your organization’s strategy. Effective risk mitigation measures are no longer luxuries or only available to large enterprises.

Tackling these critical issues together in a smart, coordinated way allows your organization to mitigate risk and plan for the future while also maximizing your resources and budget. To do this, leaders should first understand the current risk landscape and learn what to expect in 2019 and beyond.

Learn More >

View All GRF Webinar Recordings

View Recordings

Explore ERM Events

Explore ERM Events

Enterprise Risk Management Services

Go to Services Page

Talk to a GRF Expert

Contact Us