Scott Konrad is a senior vice president and North American Non-Profit Practice Leader with global insurance brokerage HUB International.
Taking ownership of an association’s risk profile and proactively managing potentially crippling threats to the entity is sound governance. Identifying exposures and mitigating those risks is part of the enterprise risk management process. Here’s how to get started.
Associations cope with myriad risks every day. From operational exposures like slips, trips, and falls, to employment practices transgressions and data breaches, there’s a lot to consider and mitigate.
While most hazard and occupational risks are insurable, some have no obvious coverage. This includes strategic exposures, such as succession planning, reputational damage, or revocation of tax-exempt status, as well as financial risks like investment and credit risk and macroeconomic shifts tied to geopolitical conditions.
Inviting perspectives from staff with different functional areas of expertise can also help identify risks that may have been overlooked.Adopting an enterprise risk management (ERM) strategy can not only help associations holistically evaluate their risk landscapes from end to end, but it can also identify and triage key threats and develop practical remedial strategies to eliminate or reduce such exposures.
Association boards and leadership teams must actively support and participate in an ERM initiative for it to be successful. Constituent engagement from across an organization’s key business functions is also vital. Consider these four tips before diving into ERM:
Don’t overcomplicate. Many ERM novices fall into the trap of developing exhaustive risk registers that catalog innumerable threats, only to find themselves paralyzed by the daunting prospect of quantifying and remediating each risk. While there’s no harm in brainstorming the various contingencies that could affect the enterprise, focus on the top five or six greatest threats—the ones that could spell the death knell for the organization because of their likelihood or severity. An ERM team should invest its energy in developing avoidance and reduction strategies for these key exposures.
Consensus is crucial. Finance, IT, human resources, programs, operations, development, and others must work together to reach a cross-disciplinary consensus on an organization’s key risks before prioritizing them through an ERM initiative. Inviting perspectives from staff with different functional areas of expertise can also help identify risks that may have been overlooked.
ERM requires regular reviews. Risk is as dynamic as an organization and its operating environment, which means ERM is never a one-and-done proposition. An organization’s ERM profile and strategies must be periodically reviewed and adjusted for current and future circumstances. The more often a nonprofit revisits and refreshes its ERM framework, the easier it becomes—and the greater the likelihood that ERM will embed within the fabric of the organization’s culture.
Consider external guidance. Outside experts can help facilitate team discussions and probe issues within an organization that may not have been previously considered. Choose an external ERM consultant with broad operational experience and a pragmatic approach to problem-solving that’s tailored to the organization’s specific needs. In addition, consider whether the organization really needs exhaustive analytics, modeling, and heat mapping—all of which come at a cost—or whether the association can achieve the same impact through a leaner analysis that drives it more quickly toward the finish line.Take the path toward prudent governance with an ERM approach. Associations that adopt an ERM strategy can build resiliency, while addressing potential threats and creating practical strategies to reduce or eliminate all exposures in the process.