Enterprise Risk Management – Is It for Every Organization?

Risk is inherent in everyday business activities, decisions and actions. As business leaders, it’s critical to monitor risks against established strategies. This is usually performed through an enterprise risk management (ERM ) program.

ERM is often associated with public companies where risks are closely monitored to minimize loss while pursuing increased shareholder value. This is a common misconception. What if an organization doesn’t have shareholders? Is an ERM program applicable to other types of organizations, such as not-for-profits? The answer is yes.

Implementing an ERM program can benefit all business types, and an ERM model can be tailored to any entity, including a charitable organization, governmental agency, higher education institution or member association. It’s true these types of organizations don’t have shareholders or focus on increasing shareholder value. Instead, they have stakeholders. A public entity is focused on increasing revenue, resulting in more value to its shareholders. A charitable organization, on the other hand, concentrates on increasing cash inflows, which translates into more services for its primary stakeholders.

How does an organization start an ERM program? All entities operate under a strategic plan, mission statement and list of key objectives—the starting points for an ERM model. Once essential organizational and stakeholder objectives have been defined, ERM planning can begin. The process includes several phases:  identifying key metrics, modeling, establishing ownership and creating a risk taxonomy and related tolerances.

It’s important to understand that ERM is an ongoing process. To be effective, it needs to become part of the overall culture. It’s dynamic and should be responsive to internal and external changes in risks. In the end, it’s an investment that can have tangible and intangible returns. If ERM is implemented correctly, an organization can proactively meet objectives, increase donor confidence and accomplish more with less.

Please contact us if you have questions about your organization’s ERM program.


Print Friendly, PDF & Email
The following two tabs change content below.

Christie Clements

Christie has more than 13 years of risk management experience, including eight years as an internal audit director at a Fortune 50 company. She led the integrated audit team in a dispersed and complex environment and has extensive operational, information technology (IT) and internal control experience employing a data mining and analytics methodology.

Leave a Reply

Your email address will not be published. Required fields are marked *