Six ways not-for-profits can get value from risk management


Just based on intuition, yes I would assume that many, perhaps most nonprofits are not involved or sufficiently involved in risk management.  The article states that nonprofits should follow a framework:

“Follow a risk management framework. The 2004 ERM Framework created by the Committee of Sponsoring Organizations of the Treadway Commission (COSO, which includes the AICPA), is one such framework. The International Organization for Standardization’s ISO 31000 is another.”

But considering the length and complexity of the COSO and ISO 31000 materials, many nonprofits might want to consider following a more direct framework such as my 1-page outline which you will find in the About section of my blog at

The most important thing is to get started – start small or reasonable identifying and addressing the most pressing risks and build up from there.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s