Baker Tilly’s Insights Into Takeaways for Not-for-Profits: Foundational Concepts for Long-Term Success With ERM Governance
Authored by Georgina Harris
Baker Tilly recently hosted a webinar, Foundational concepts for long-term success with ERM governance, as part of a four-part enterprise risk management (ERM) webinar series. The third installment focused on advancing governance by integrating various frameworks to sustain effective risk management practices. Here are some key takeaways that not-for-profits should consider from this session:
The importance of enterprise risk management (ERM)
Governance provides the type of consistent oversight, accountability and checks and balances that can ensure not-for-profit organizations both reach their goals and remain sustainable for the long-term. In these organizations, this crucial role to ensure effective governance and risk management is most often filled by the board of directors.
Enterprise risk management is a systematic process designed to identify risks that could impact your organization and determine how to proactively manage and mitigate those risks effectively. It considers both the upside and downside risks associated with an organization's activities. Upside risks represent potential positive deviations from objectives, while downside risks are potential negative deviations. Effective ERM aims to both seize opportunities associated with upside risks and mitigate or avoid losses associated with downside risks.
To build an effective ERM governance structure, organizations should focus on advancing governance by considering how to advance and strengthen risk management practices. This involves managing disruptions, empowering decision-making and optimizing performance.
It is crucial to have a dedicated position, function, or department responsible for risk management activities. The individual should be well-versed at navigating the board, board committees, department heads and be actively involved with strategic conversations, so they can effectively support risk management decisions and strategies. Their role involves coordinating all aspects of risk management across the organization ensuring alignment with the organization’s culture and practices.
Enterprise risk management is crucial for not-for-profit organizations as it helps ensure their long-term sustainability and mission success. Unlike for-profit entities, not-for-profit organizations often operate with limited resources and face unique challenges such as fluctuating funding sources, resource limitations, regulatory changes and reputational risks. Implementing ERM allows not-for-profits to proactively identify and manage these risks, thereby safeguarding their assets, enhancing donor confidence and ensuring compliance with legal and ethical standards. By integrating ERM into their governance structure, organizations can better navigate uncertainties, make informed decisions and maintain the trust of their stakeholders, which is essential for their continued operation and impact.
Establishing a risk governance framework within your organization
Creating a risk governance framework involves a systematic approach to identifying, assessing, mitigating and monitoring risks across an organization. By following these eight steps, you can develop a comprehensive framework that effectively manages risks, enhances decision-making, and supports long-term resilience and success:
- Define objectives and scope
- Establish risk and appetite tolerance
- Conduct risk assessment
- Develop risk management policies
- Implement risk mitigation strategies
- Establish monitoring and reporting mechanisms
- Communicate and educate
- Evaluate and improve
Making ERM governance effective
Effective ERM governance provides a foundation for creating a risk-aware culture and ensuring that risk management activities are aligned with the organization’s goals, objectives and risk appetite. A risk aware culture:
- Encourages active participation in risk management
- Leads to more resilience and enhanced ability to manage uncertainties and opportunities
- Reduces unforeseen incidents, improves decision-making processes and enables informed risk-based decisions
- Ensures that risk factors align with long-term objectives and helps to identify challenges and opportunities for strategic adjustments/goals
- Emphasizes the importance of enduring resilience and aligning with the goal of promoting sustainable business operations
- Contributes to long-term financial stability, mitigating risks that could impact organizational viability and success
Roles and responsibilities
These common roles within not-for-profit organizations can be defined in respect to ERM as follows:
Board of directors
- Oversight of ERM framework and policies. This includes monitoring the actions of the executive leadership to ensure their actions align with the overall strategic goals.
- Setting risk appetite and tolerance
Audit committee
- Ensuring integrity of financial reporting and controls
- Reviewing risk management procedures
Executive leadership (Executive director, CEO, CFO, COO)
- Championing ERM initiatives
- Integrating risk management into strategic planning
- Providing independent assurance to risk management effectiveness
ERM leaders
- Leading the ERM program
- Coordinating risk management activities across the organization
For not-for-profit organizations, establishing a risk-aware culture and having strong leadership in ERM initiatives are crucial. Fostering a risk-aware culture means encouraging staff and volunteers to actively participate in risk management processes, which leads to greater resilience and the ability to seize opportunities while mitigating potential threats. Additionally, executive leadership must integrate risk management into strategic planning, ensuring that risk considerations are aligned with the organization's mission and goals. This alignment helps not-for-profits to not only survive but thrive in an ever-changing environment, ultimately contributing to their long-term success and stability.
The board should ensure a strong culture, set ethical standards, define values, monitor alignment, integrate risk management, ensure compliance, and foster continuous improvement to enhance organizational performance and resilience.
Are you ready to take the next step with your organization and elevate your governance framework with Enterprise Risk Management? Reach out to a Baker Tilly specialist today to discover how we can help you achieve your goals.
