Enterprise Risk Management

Enterprise risk management (ERM) is defined by COSO, the Committee of Sponsoring Organizations, a leading industry cooperative and a strong proponent of ERM, as “a process, effected by an entity’s board of directors, management, and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risks to be within its risk appetite, to provide reasonable assurance regarding the achievement of its objectives.” 

ERM in higher education has been recognized as an important process to manage risks and opportunities across the institution in an effective manner to meet mission objectives.

ERM will promote an ongoing, integrated risk-aware culture across our organization so that we act with full knowledge of the implications of our decisions and actions, and we include a balanced risk-reward analysis in evaluating potential opportunities available to us, in pursuing the mission and goals of our institution.

ERM does not replace or subordinate our current programs and activities to manage potential risks and opportunities in our everyday actions. Each of us remains responsible to identify and control threats and analyze opportunities within our areas of responsibility and to report concerns to our supervisors. Instead, ERM is intended to permit a proactive, comprehensive framework for entitywide identification and management of potential risks and opportunities.