Enterprise Risk Management Program

Frequently Asked Questions

What is a risk?

Risk is the effect of uncertainty on the university’s objectives, which can be strategic or operational. An effect is a deviation from the expected that can be positive (commonly referred to as an opportunity), negative, or both.

How does the ERM Program integrate with Shape, the university’s strategic plan?

The ERM Program assists the university to identify risks that could impact the achievement of Shape and develop strategies to mitigate those risks within the university’s risk appetite.

Does the ERM Program apply to operational activities or activities being performed by third parties?

Yes, the ERM Program is applicable to all activities conducted by or on behalf of the university (e.g., contractors, consultants, outsourced service providers, etc.). This includes operational activities.

Who is responsible for identifying, assessing and managing risks at the university?

All members of the university community are responsible for identifying, assessing and managing risks within their respective areas of expertise and authority.

The ERM department has the administrative responsibility to facilitate, coordinate and support the ERM Program and university community. The ERM department also performs internal audit services and as such does not perform management activities to ensure independence and objectivity.

Does the ERM Program replace the university's existing management activities?

No, the ERM Program does not replace the university's existing management activities; rather, it enhances and integrates them to systematically identify, assess and manage risks across the university.

How is the ERM department different from the Risk Management & Insurance department?

The ERM department has the administrative responsibility to facilitate, coordinate and support the university-wide ERM Program. Whereas, the Risk Management and Insurance department oversees the university’s insurance policies and assists the university community with insurance and risk related issues in alignment with the university-wide ERM program.

When should I contact the ERM department?

The ERM department supports the university community in effectively managing risks. Examples of when to contact the ERM department include:

When there are new or changes to the top institutional risks.
When an operational risk is complex, integrated and/or cannot be mitigated within the university’s risk appetite.
To discuss ways in which the ERM Program can be integrated into policies, procedures, processes and internal controls.
To obtain training and education on the ERM Program.

Portfolio

Strategic Plans & Initiatives

Reports

About

Frequently Asked Questions