Five Key Tips for Your Not-For-Profit Organization’s ERM Process
As more and more not-for-profit organizations are appreciating the importance and value of an enterprise risk management (ERM) process, many are asking how to best implement one.
An ERM process allows those charged with governance, management, staff, and other stakeholders to have a consistent and prioritized perspective on the portfolio of risks across an organization. With this baseline information, these stakeholders can make informed, risk-based decisions in the pursuit of achieving the organization’s objectives.
The Committee of Sponsoring Organizations of the Treadway Commission (COSO), the key authority providing thought leadership on ERM and internal controls, developed the following ERM process framework:

Source: COSO 2017 publication: Enterprise Risk Management – Integrating with Strategy and Performance
While there are many contributing factors to a successful ERM process, the following are five key steps to implementing and/or improving your organization’s process, each correlating to one of the COSO framework components:
As is emphasized in the 2017 COSO ERM Framework, risk-driven performance management, not just risk monitoring, is what will enhance value. Organizations can drive value by incorporating the risks assessed and prioritized and key performance indicators into operational and strategic decision-making. Example decisions where incorporating ERM can be valuable are: investing in new technology, hiring new management, investing in capital projects, expanding beneficiaries and customers, adding revenue streams, accepting or giving certain grants, and implementing new marketing strategies.
Specific organizations and industries are at varying levels of ERM implementation and sophistication; ERM is not a one-size-fits-all process. Organizations can start to approach ERM by understanding and analyzing their current risk management practices, getting the board and senior management involved, and then developing their near- and long-term ERM goals. Using our industry knowledge and risk management experience, CohnReznick Advisory can also assist organizations with developing their ERM process, assessing and prioritizing risks, and ultimately achieving their ERM goals.