Building on the success of the widely-read article, Why Associations Are Implementing Enterprise Risk Management, published by ASAE, we are excited to announce the release of the Enterprise Risk Management (ERM) Handbook for Association Board Members. This comprehensive guide is designed to be an essential resource for board members, providing the tools and insights needed to effectively oversee association risk management via ERM best practices. Below is a summary of key takeaways from the handbook.

Risk Management Defined

Traditional risk management focuses on identifying and mitigating specific risks within individual departments or projects. It tends to be more reactive, dealing with risks as they arise, and often operates in silos without considering the broader organizational impact.

Enterprise risk management, on the other hand, is a holistic approach that considers risks across the entire organization. For associations, ERM integrates risk management into the overall strategic planning process, proactively identifying and addressing risks that could affect the organization’s objectives. It emphasizes a top-down, coordinated effort to manage risks in a way that aligns with the association’s mission and long-term goals.

ERM is increasingly being adopted to address these needs, offering a comprehensive approach that integrates all potential risks into a unified framework before they escalate. Implementing a customized ERM playbook, tailored to the association’s needs, helps ensure the effective management of risks, a common language, a risk ranking and reporting structure and supports the association’s strategic goals.

Does your board need to embrace ERM? Consider the following questions:

• How frequently are the top risks presented to the board? Annually, or on a different schedule?
• What methodology is used to identify and evaluate these top risks?
• Are discussions about top risks properly documented in the board minutes?
• Is risk oversight delegated to a specific board committee? If so, which committee, and is this delegation clearly outlined in the committee’s charter or bylaws?
• How would the board define what is considered to be a “significant risk”?

The Role of the Board in Risk Oversight

Risk oversight is the responsibility of an association’s board of directors. The board is responsible for approving the risk governance framework, defining risk appetite, monitoring, and aligning risk management with the association’s strategic plan. Associations may establish board-level risk committees or structures, such as a dedicated risk committee or an audit committee with risk oversight responsibilities. Associations may need to review and update their committee charter and or bylaws to confirm if the board has formally delegated this authority.

Board-Level Reporting and Engagement

Board members need timely and relevant information on the organization’s top risks, which can be delivered through regular risk reporting, executive summaries, and ad hoc reports. Visual dashboards and standardized templates help present risk-related information concisely, focusing on the critical risks driving strategy.These practices ensure that the board remains well-informed about the association’s risk landscape and can make informed decisions to oversee risk management effectively. Continuous risk identification and assessment should be conducted regularly, maintaining a risk register.

As part of their duties, association boards should actively engage in risk oversight, providing leadership and setting the tone for risk management within the organization. Further, the board should ensure the association integrates risk management into strategic planning and decision-making. Regularly reviewing and updating the ERM playbook, and conducting independent audits for improvement, ensures the ERM process remains effective. Together these activities foster a risk-aware culture and contribute to greater alignment between risk and strategy.

Resources for Your ERM journey

Keep in mind that ERM is more of an art than a science—a journey that demands commitment, teamwork, and ongoing refinement. By actively participating in risk management and sharing insights with other associations, board members can help ensure the success and sustainability of their organizations in an ever-evolving environment.

To further enhance your knowledge and implementation of ERM practices, explore the following additional resources:

Enterprise Risk Management (ERM) Handbook for Association Board Members

• Website: https://www.grfcpa.com/wp-content/uploads/2024/08/Association-Board-Member-Handbook-on-ERM.pdf
• This is an ERM handbook for association board members

Why Associations Are Implementing Enterprise Risk Management ASAE

• Website: https://www.asaecenter.org/resources/articles/an_plus/2019/october/why-associations-are-implementing-enterprise-risk-management
• Brief article discussing the benefits of ERM for associations

Getting Started With Enterprise Risk Management: A Guide for Nonprofits

• Website: https://www.grfcpa.com/wp-content/uploads/2021/07/Getting_Started_with_ERM_-_A_Guide_for_Nonprofits-1.pdf
• Detailed guidebook, including templates and resources, by GRF CPAs & Advisors & NC State University’s Enterprise Risk Management Initiative

NC State University’s Enterprise Risk Management Initiative

• Website: https://erm.ncsu.edu/
• Leading-edge insights and education in ERM

COSO (Committee of Sponsoring Organizations of the Treadway Commission)

• Website: https://www.coso.org/Pages/erm-integratedframework.aspx
• COSO provides a comprehensive framework for enterprise risk management that is widely recognized and used globally

ISO (International Organization for Standardization)

• Website: https://www.iso.org/iso-31000-risk-management.html
• ISO 31000 is the international standard for risk management, providing principles and guidelines for effective risk management

RIMS, the risk management society®

• Website: https://www.rims.org/resources/risk-knowledge
• RIMS offers various resources, tools, and guides on enterprise risk management, including the RIMS Risk Maturity Model (RMM)

These resources should provide a strong foundation for understanding and implementing effective ERM practices. By leveraging these additional resources and utilizing the sample templates and ERM framework examples provided in the appendix of the handbook, you can further strengthen your association’s risk management practices and enhance its overall resilience.