Even though risk management is in the spotlight among for-profit organizations, effective risk oversight is needed for not-for-profit organizations, too. A whitepaper published by the AICPA highlights the relevance of risk oversight and importance of developing an enterprise view of risks in not-for-profit organizations. Not-for-profits should focus on external, emerging risks in addition to those internal to the organization. The whitepaper suggests starting with a simple top-down conversation with key stakeholders about risks likely to threaten the organization’s objectives. The identified top risk exposures should then be linked to strategic initiatives in order to determine the significant enterprise level risks to manage. Overtime, the process can grow into a more vigorous analysis that can be used across various levels of leadership.