Just as new challenges have caused nonprofit managers to utilize innovative approaches, the concept of enterprise risk management (ERM) requires a new kind of thinking for minimizing or handling risk.
During the recent Nonprofit Executive Summit in Santa Fe, N.M., Diana Del Bel Belluz of Risk Wise Inc., stressed the importance of effective ERM, moving to manage risk ahead of time, rather than just responding to situations. She said that ERM has a four-phase implementing and learning cycle, and it truly is a cycle that returns to the place from which it starts.
The four phases are:
- Phase 1: Define ERM context and criteria. Establish strategic context. Explicitly articulate risk criteria. Recruit a team to assist on the ERM journey of Organizational Development and Change.
- Phase 2: Assess risk and implications for performance. Use complementary approaches for risk identification. Calibrate the organization’s risk “yardstick.”
- Phase 3: Integrate ERM into business practices. Establish monitoring/reporting that drives alignment with strategy and risk criteria. Incorporate ERM priorities into strategic planning, business planning and business process design (i.e., avoid one-off or “bolt-on” approaches).
- Phase 4: Close the “Learning Loop.” Establish ERM as an ongoing discipline. Learn from experience, particularly mistakes and surprises. Periodically assess ERM capabilities and performance (i.e., gauge the organization’s progress on the ERM journey).