Purpose and Objectives

“There are risks and costs to a program of action. But they are far less than the long-range risks and costs of comfortable inaction.”

—President John F. Kennedy


The mission of UMB’s Enterprise Risk Management (ERM) program is to embed, sustain, and support a culture of responsible risk-taking and opportunity identification across the University.

UMB’s ERM objectives are:

  • Foster an enterprising spirit (consistent with UMB’s core values of Innovation and Discovery)
  • Gain the benefits of a systematic risk evaluation approach in a meaningful yet streamlined manner – i.e., better organizational performance
  • Protect UMB’s most vital assets and resources
  • Analyze what potential issues or scenarios pose the highest barriers to achieving UMB’s strategic goals, then work collaboratively to address them
  • Proactively identify emerging risks to prepare for future challenges and seize opportunities

The success of UMB’s ERM program will be measured in three primary ways: (1) risk vigilance and culture, (2) risk identification and action, and (3) risk calibration.

  1. Risk vigilance and culture: Embed a responsible risk-taking and opportunity-seeking approach in UMB’s culture at all levels.
  2. Risk identification and action: Implement systems to scan for emerging risks and opportunities, and alert and advise relevant stakeholders. ERM will ensure that schools and units take action on a regular schedule to monitor and address identified risks. That is, we want risk-related actions to be mapped onto existing governing structures, so that decision-making and risks are considered contemporaneously through typical processes that engage individuals throughout UMB. As examples, we expect that risk will be systematically incorporated into strategic, operational, and budget planning processes.
  3. Risk calibration: ERM will develop a mix of qualitative and quantitative measures to guide decision-makers as to the general risk tolerance of the organization, without dictating specific decisions.

The ERM program will address the two broad risk types found at UMB: institutional risks and functional risks. Institutional risks are those strategic and sector-level risks that could have a major influence on UMB’s mission or vision, one of its core functions or strategic themes, or high-value cross-functional processes. In contrast, functional risks affect ongoing management or administrative processes, which are often confined to one or a limited number of functions at the University. Differentiating between these two "risk altitudes" is important to streamlining the ERM process.