A Model for Not-for-Profit Enterprise Risk Management: ERM at the Federal Reserve Bank of Richmond

Article excerpt

In 2003 the Federal Reserve System began its effort to implement Enterprise Risk Management (ERM). While the Federal Reserve System established a common risk language to facilitate the exchange of information among reserve banks, each individual reserve bank implemented ERM in a way that best fit that bank. The Federal Reserve Bank of Richmond's implementation followed a strategic orientation with a focus on risks to corporate goals and objectives.

The Federal Reserve Bank of Richmond (FRBR) chose to implement a process that built a corporate profile from the functional area profiles (business units or departments). This contrasted with other approaches where the risk profile of an institution was determined only by upper management. Examples of the upper management approach include United Grain Growers Ltd. and the Canada Post Corporation. The FRBR approach captured risk within each functional area and then assessed those risk events in terms of both functional and the corporate objectives. FRBR believed that evaluating risks in terms of the organization's objectives was the key to successful ERM implementation in notfor-profit and governmental organizations.1

Measures of Success: Why not a private sector model?

In private sector organizations, risks are evaluated in terms of threat to value (net worth, revenue, etc.). As a result, sophisticated cost accounting and profit tracking systems are in place to monitor value aspects of the firm.

Public sector firms also operate in terms of objectives. However, they usually operate in terms of nonfinancial objectives. (see Figure 2.) As a result, financial measurement tools used by public sector firms2 are generally less sophisticated than those used by for-profit enterprises. While public sector entities are motivated to contain costs, it is generally not the measure of ultimate success or failure for the organization. Therefore, a public sector ERM approach should not be identical to a for-profit risk approach because the motivations and measures of success are different. So, the private-sector model is generally not directly applicable for the public sector.

These motivational differences, such as those listed in Figure 1, do not preclude the universal adoption of the COSO (Committee of Sponsoring Organizations of the Treadway Commission4) ERM framework in both types of organizations. In fact, both the public and private sector can, and should, apply the COSO ERM framework. The difference, however, is one of implementation, and is centered on the measurement of risk, which arises from the different motivations and behaviors. Risk measurement in not-for-profit organizations is therefore based more on judgment and less on objective (financial) measurement. Accordingly, the FRBR focused on qualitative rather than financial metrics in its measurement structure. FRBR believes that the successful implementation of a strategic-minded enterprise risk management discipline in any organization should include three characteristics. First, there must be a clear and concise identification of the entity's overall mission, goals and objectives. second, risk must be assessed in terms of the impact on achieving the organization's objectives.5 Finally, each risk to the organization's objectives must be ranked according to the threat it poses.

An Approach Assessment Process

Facilitation: The FRBR employs a facilitated assessment model.6 In this process, a minimum of two risk analysts meet with leadership of an area to be assessed. One analyst is tasked with guiding the discussion and the other is responsible for recording the information in the data collection template.7 The risk analysts are part of a corporate planning function that has responsibility for strategic and financial planning support, as well as ERM.

Three very important benefits are achieved using the facilitated approach. First, since ERM completes the template, functional area staff is able to focus on the discussion rather than the format of the template. …