On May 22, 2025, members of the California Housing Finance Agency (CalHFA) Audit and Risk Management Committee heard a presentation on a proposed Enterprise Risk Management (ERM) Framework designed to identify, assess, manage and monitor risks across the agency.

Kelly Madsen, CalHFA’s Director of Enterprise Risk Management and Special Initiatives, told the committee the framework follows COSO principles and centers on five components: governance and culture; strategy and objective setting; performance (risk assessment); review and revision; and information, communication and reporting. "Simply put, an Enterprise Risk Management Framework is a structured approach to identifying, assessing, managing, and monitoring risks that could impact an organization's ability to meet its objectives," Madsen said.

The ERM team intends the framework to provide structured reporting and analysis to improve decisionmaking and align risk management with CalHFA’s strategic planning. The work is timed to support the State Leadership Accountability Act (SLAA) report, which the agency must submit at the end of the calendar year. Madsen outlined a timeline that began with a January review of the current framework and best practices, with milestones that include forming an internal agency risk committee and beginning risk culture training in June; conducting an enterprise-level risk assessment in August with cabinet and business-area subject-matter experts; and presenting a formal update, including the SLAA report and top risks, to the committee in November. She said strategy and objective-setting work will begin next January to inform CalHFA’s next three-year strategic plan.

Committee members asked how the ERM function will intersect with transactional oversight. Fred White, a member of the Audit and Risk Management Committee, asked whether ERM staff would work at the transaction level "before a deal comes to the larger board." Madsen and Rebecca Franklin, CalHFA Chief Deputy Director, explained that transactional credit and loan assessments remain the domain of the credit officer and risk manager and the senior loan committee, while Madsen’s ERM team will provide an aggregated, enterprise-level rollup of trends and significant events that could affect the agency’s ability to operate. Franklin said those transactional controls feed the ERM team’s higher-level analysis and that Madsen sits on the senior loan committee to coordinate that work.

Chair Delilah Sotelo asked for clearer organizational visuals showing who serves on "cabinet" (division directors) and how cabinet differs from senior management. Madsen agreed to provide a visualization of the agency touch points and reporting lines at a future committee meeting. Chair Sotelo also confirmed with Madsen that the ERM review will include both internal and external risks, including federal budget risks.

No public comments were offered on the ERM item. Committee members encouraged continued engagement and oversight as the ERM team operationalizes the framework.

The committee did not take any formal vote related to adopting the framework; the presentation was received for discussion and the ERM team will return with additional materials, including an organizational chart and a November update tied to the SLAA report.