Skip to content

Implementing Nonprofit ERM Strategies

Jan 8, 2025

Many not-for-profit organizations operate in an environment filled with both opportunities and challenges. In order to thrive, they must proactively manage risks that could potentially hinder their ability to achieve their mission. Enterprise Risk Management (ERM) provides a structured framework to identify, assess, and mitigate potential threats while leveraging opportunities to fulfill the organization's mission.

Identifying Risks

The first step in any ERM process is to identify potential risks. Nonprofits must think broadly and consider risks across various domains, including financial, operational, reputational, and strategic areas. Examples of common risks include:

  1. Financial Risks: Insufficient funding, fluctuating donor contributions, and mismanagement of resources.
  2. Operational Risks: Technology failures, cybersecurity threats, and disruptions to daily operations.
  3. Reputational Risks: Negative public perception or adverse media coverage.
  4. Strategic Risks: Failure to adapt to changing circumstances or misalignment with the organization’s mission.
  5. Emerging Risks: The COVID-19 pandemic revealed the critical need for organizations to prepare for global health crises. Nonprofits must incorporate risks like global outbreaks into their ERM plans. Strategies may include developing robust remote operations, diversifying funding sources, and establishing crisis communication protocols.

Assessing Risks

After identifying risks, nonprofits must evaluate and prioritize them based on two factors:

  1. Likelihood: How probable is it that the risk will occur?
  2. Impact: What are the consequences if the risk materializes?

This analysis enables organizations to allocate resources effectively and focus on the most critical risks.

Examples of Internal and External Risks

  • Internal Risk: A university-operated nonprofit restaurant generates unrelated business income (UBI) from food sales. If this income is not properly tracked and reported, it could jeopardize the organization's tax-exempt status.
  • External Risk: A nonprofit located in a flood zone faces high property damage risk. Without proper planning, operational interruptions during recovery could severely impact services.

Developing Risk Responses

Once risks are assessed, nonprofits must develop tailored responses. Key considerations include:

  • Avoidance: Can the risk be eliminated? For instance, a nonprofit might relocate operations to mitigate flood risks.
  • Sharing: Can the risk be transferred? Purchasing insurance, such as flood coverage, can offset potential losses.
  • Reduction: Can policies and procedures minimize the risk? Assigning staff to track and report sales for UBI can reduce compliance risks.
  • Acceptance: Is the risk minimal enough to take no action? For low-probability, low-impact risks, this may be the best approach.

Creating Controls to Mitigate Risk

Controls, such as policies and safeguards, help contain risks. For example, if an area experiences increased thefts, an ERM team might implement safety measures like buddy systems for staff or security escorts after hours. Such practical steps can reduce risks and provide peace of mind.

Partnering for Effective Risk Management

Effective risk management is an ongoing process that requires regular monitoring and adaptation. Nonprofits must consistently review their ERM strategies to address evolving circumstances, ensuring plans remain effective and relevant. This process allows organizations to identify gaps, refine controls, and stay prepared for emerging challenges. For additional guidance, the Nonprofit Risk Management Center offers tools and resources to help nonprofits address specific risk challenges.

When the time is right, CRI's not-for-profit professionals are here to guide your organization through every step of the ERM process. From assessing risks to implementing controls that deter fraud, we provide tailored support to meet your unique needs. Contact your CRI advisor to discuss your organization's specific needs and how we can help your nonprofit develop a comprehensive ERM strategy that safeguards your mission and strengthens your impact.

Relevant insights

Join Our Conversation

Subscribe to our e-communications to receive the latest accounting and advisory news and updates impacting you and your business.

By proceeding, you are agreeing to the terms and conditions in the Carr, Riggs and Ingram Privacy Policy.

This field is for validation purposes and should be left unchanged.