This paper offers a biblical, strategic, and practical Enterprise Risk Management (ERM) Framework for churches and ministries that has four parts: Research, Risk Stewardship, Responsibility, and Reporting. This ERM Framework, when coupled with a BPM (Board Policies Manual), empowers church and ministry workers to steward the mission and risk with policy development and protocol establishment with standards. In this way, boards and administrators foster a culture of integrity before God and man and help churches and ministries flourish.

We start by looking at board governance and policy development from a biblical perspective. This step surfaces fundamental differences between governance and risk management in the corporate world as compared to church and ministry settings. Boards of churches and ministries that make obedience to God the key filter for decision-making and risk management go to Scriptures like Proverbs 27:23–27 and Matthew 24:45–51 rather than secular sources for guidance on the stewardship of mission and risk.

From there, we determine that boards of churches and ministries do well to approach the stewardship of mission and risk with two steps: (1) Research and (2) Risk Stewardship. The research step surfaces and includes examples of three kinds of risks: preventable, strategic, and external risks. From there, risk stewardship means sorting the risks and entrusting them with the committees on the board to tap the expertise of overseers and set policy for the staff. This sets the stage for part two and the two remaining steps of the ERM Framework.

We move to the administrative level and consider protocol establishment through (3) Responsibility and (4) Reporting. Church and ministry staff must take responsibility and report strategic activity related to risks. It highlights the faithful role of the staff related to preventable, strategic, and external risks. Again, this step reveals that the language and approach to risk management in the corporate world—describing people as “owners” of risk who are “on the hook to cause a result”—differs from the church and ministry sector and may contribute to instances of fudging numbers, misrepresenting outcomes, and even mission drift.

We conclude by stating that the ERM Framework will not work without a good board. Rather than assume a church or ministry has such a board, we suggest the ECFA best practice of adopting a Board Policies Manual (BPM). A BPM states in one document the role and responsibilities of the board and the CEO. This written document holds the board and CEO accountable to faithful service, which includes implementing an ERM Framework. With the BPM, the church and ministry can steward the mission and risk for sustainability with integrity.