Skip to main content
ERM Fundamentals

Getting Started with ERM: A Guide for Nonprofits Templates

The ERM Initiative at NC State is pleased to offer this resource, Getting Started with Enterprise Risk Management: A Guide for Nonprofits.  The guide is loaded with rich, tactical insights from a number of risk management professionals in the nonprofit sector who share their experiences, challenges and lessons learned during their journey of implementing and enhancing their organization’s ERM efforts.  You can read more about the guide here.

The guide includes a comprehensive set of practical tools and templates that organizations can download and use to advance their risk governance practices to navigate today’s rapidly changing risk landscape. Links to the templates from the Appendices of the report are provided below.

Getting Started

ERM Process Planning Template (Appendix R)
Practitioners recommend taking a long-term approach to implementing ERM, starting with small steps and incrementally adding more. The pathway starts with clearly defining the objective for ERM, then proceeds to selecting the most important elements of the ERM process to emphasize, customizing those elements to the organization’s culture, and developing a long-term vision for ERM in the organization.

Starting with a Strategic Lens

Core Value Driver/Strategic Initiative Analysis Template (Appendix D)
The organization’s core value drivers and strategic initiatives provide the foundation for identifying the most critical current, emerging, and potential risks. To get started, there are two key questions that serve as the link from strategic objectives to related risks:  1) What must go right for a core value driver or new strategy to succeed? 2) What assumptions related to the core value driver or new strategy are being made by the organization?

Identifying Risks: Understanding Context

Analyzing contextual factors reveals emerging and potential disruptions to strategy implementation as well as potential opportunities to pursue. Frameworks and tools are helpful for structuring thinking about the factors that affect an organization’s ability to achieve its mission.

SWOT Analysis Template (Appendix E)
SWOT (Strengths, Weaknesses, Opportunities, Threats) Analysis helps organizations identify internal and external factors affecting risk. SWOT Analysis is particularly helpful for identifying potential positive outcomes in addition to negative risks.

PESTLE Analysis Template (Appendix F)
PESTLE (Political, Economic, Social, Technological, Legal, Environmental) Analysis structures brainstorming of external environment influences to categorize situations and trends affecting risk.

Risk Identification Using Risk Categories Template (Appendix G)
Many nonprofits prefer to organize brainstorming using their own taxonomy of factors to identify themes, concentrations of risks, and other commonalities. Common classifications include categories such as finance, operations, governance, and reputation.

Managing Risks

Bow-tie Analysis Template (Appendix K)
Bow-tie Analysis is a framework for identifying risk-reducing actions that an organization can take. It starts in the middle with the risk event, then evaluates the potential causes of the risk (left side of the bow-tie) and potential consequences (right side of the bow-tie).

Monitoring Risks

Bow-tie Analysis: Key Risk Indicator (KRI) Identification Template (Appendix L)
Bow-tie analysis also provides a structure for identifying key risk indicators. The analysis begins with thinking about the events that might happen immediately before a risk occurs and what the root causes of these events would be (left side of the bow-tie) then identifying signs that the root causes and preceding events are occurring, and the early responses that should be taken. The analysis continues on the other side of the risk event by considering the initial and secondary consequences of a risk event and related indicators.

Communicating Risks

Risk Profile Template (Appendix P)
Emerging Risk Summary Template (Appendix Q)
High-level risk summaries facilitate communicating risk information. Limiting summaries to one page encourages concise narrative and keeps discussion focused on essential information.

Download ALL Templates
Download Getting Started with Enterprise Risk Management: A Guide for Nonprofits

Original Article Source: “Getting Started with Enterprise Risk Management: A Guide for Nonprofits”, Amy Wares, NC State University ERM Initiative, July 2021