Whether you are just beginning a program or seeking to enhance your risk management activities, GRF can help. Here are some curated resources created by our advisory team.
As we look at 2023 and beyond, what are leading risk watchers expecting? The Risk and Advisory Services team at GRF combed through leading political, economic, and business experts’ predictions to identify common themes and assess the implications for nonprofits and associations.
The appendices also include detailed summaries and links to the research reports referenced, including insights from The Enterprise Risk Management (ERM) Initiative at NC State University’s Poole College of Management, the World Economic Forum, the European Confederation of Institutes, The Economist Intelligence Unit, and more.
This guide provides practical suggestions for nonprofit organizations, whether they are exploring ERM, in the early stages of implementation, or looking to strengthen current processes in place.
It incorporates insights and valuable experiences from nonprofit organizations of many types and sizes about their implementation of enterprise-wide risk management practices.
The templates in the report’s appendix provide valuable guidance for any organization thinking about risk management.
Getting Started with Enterprise Risk Management: A Guide for Nonprofits includes a set of practical tools and templates that organizations can download and use to advance their risk governance practices. Links to the templates from the appendices of the report are provided below.
Practitioners recommend taking a long-term approach to implementing ERM, starting with small steps and incrementally adding more.
The pathway starts with clearly defining the objective for ERM, then proceeds to selecting the most important elements of the ERM process to emphasize, customizing those elements to the organization’s culture, and developing a long-term vision for ERM in the organization.
The organization’s core value drivers and strategic initiatives provide the foundation for identifying the most critical current, emerging, and potential risks. To get started, there are two key questions that serve as the link from strategic objectives to related risks:
Analyzing contextual factors reveals emerging and potential disruptions to strategy implementation as well as potential opportunities to pursue. Frameworks and tools are helpful for structuring thinking about the factors that affect an organization’s ability to achieve its mission.
SWOT Analysis Template (Appendix E)
SWOT (Strengths, Weaknesses, Opportunities, Threats) Analysis helps organizations identify internal and external factors affecting risk. SWOT Analysis is particularly helpful for identifying potential positive outcomes in addition to negative risks.
PESTLE Analysis Template (Appendix F)
PESTLE (Political, Economic, Social, Technological, Legal, Environmental) Analysis structures brainstorming of external environment influences to categorize situations and trends affecting risk.
Risk Identification Using Risk Categories Template (Appendix G)
Many nonprofits prefer to organize brainstorming using their own taxonomy of factors to identify themes, concentrations of risks, and other commonalities. Common classifications include categories such as finance, operations, governance, and reputation.
Bow-tie Analysis is a framework for identifying risk-reducing actions that an organization can take. It starts in the middle with the risk event, then evaluates the potential causes of the risk (left side of the bow-tie) and potential consequences (right side of the bow-tie).
Bow-tie analysis also provides a structure for identifying key risk indicators. The analysis begins with thinking about the events that might happen immediately before a risk occurs and what the root causes of these events would be (left side of the bow-tie) then identifying signs that the root causes and preceding events are occurring, and the early responses that should be taken. The analysis continues on the other side of the risk event by considering the initial and secondary consequences of a risk event and related indicators.
High-level risk summaries facilitate communicating risk information. Limiting summaries to one page encourages concise narrative and keeps discussion focused on essential information.
An increasing number of organizations have embraced Enterprise Risk Management (ERM) ― a structured and continuous process designed to provide an organization’s board and senior leaders with a strategic perspective of risks so they can be managed proactively.
This report examines how nonprofit organizations and associations are utilizing ERM best practices to increase efficiency, plan for the future, and achieve strategic objectives.
Enterprise risk management is becoming more common in the not-for-profit sector, but recent research finds that risk management practices are not keeping pace with the increased complexity of risks for nonprofits.
Both the COVID-19 pandemic and the preceding great recession presented serious challenges for organizations eager to develop an annual budget and stick to it. In fact, many businesses and nonprofits alike found themselves with reduced revenue, additional expenses, and worst yet, no contingency plan. Without a crystal ball, the best any organization can do is…
With COVID-19 threatening to remain a significant operational challenge for nonprofit organizations through 2021, it is tempting to put other initiatives on the back burner. It may seem counterintuitive, but now is the ideal time to revisit your Board of Directors (Board) and determine if the organization is not only compliant, but also operating optimally….
By Jay Mui, PMP, MBA | Supervisor, Risk & Advisory Services Well if you are being literal, 17th century Croatian mercenaries would use a scarf to hold together the openings at the neck of their shirts. King Louis XIII, a great employer of these mercenaries, so enjoyed and promoted this look that it soon became…
By Melissa Musser, CPA, CITP, CISA | Principal, Risk & Advisory Services For years, associations have taken a siloed approach to risk management, focusing on areas like cybersecurity. More are now widening their nets, using ERM to ensure unexpected dangers don’t derail their association. When it comes to risk management, some may think of areas…
By Melissa Musser, CPA, CITP, CISA | Risk & Advisory Services Principal Corporations and organizations have long understood the value of systematic planning for worst-case scenarios to avoid unwelcome surprises, known as enterprise risk management (ERM). ERM is a proactive, multidimensional process of identifying, assessing, cataloguing, and preparing for potential negative organizational outcomes in order…
Enterprise Risk Management (ERM) is more important than ever – is your organization onboard? Nationally-recognized nonprofit risk experts present the many lessons learned by nonprofits and associations during the COVID-19 pandemic. Learn how ERM helped organizations navigate and survive during the unprecedented crisis.
It’s time to talk to your board about addressing risk to your organization’s strategy. Effective risk mitigation measures are no longer luxuries or only available to large enterprises.
Tackling these critical issues together in a smart, coordinated way allows your organization to mitigate risk and plan for the future while also maximizing your resources and budget. To do this, leaders should first understand the current risk landscape and learn what to expect in 2019 and beyond.