Institutional Enterprise Risk Management

Background

Institutional Enterprise Risk Management (ERM) is a structured, institution-wide approach to identifying, assessing, monitoring and responding to enterprise risks within the university’s risk tolerance, to provide reasonable assurance of success in fulfilling the university’s mission and strategic plan. ERM is integrated into the university’s existing governance, decision-making and planning and budgeting processes.

While traditional risk management focuses on institutional loss or damage and minimizing those risks with loss prevention and insurance measures, ERM focuses on risks at an enterprise level. ERM evaluates internal and external factors and influences that may cause uncertainty about whether an institution will achieve its objectives and seeks to minimize those “risks” with a coordinated management response. 

The ERM framework is a set of components that provides resources, terminology, structure and reporting for managing enterprise risks at the university. The framework aligns with International Organization for Standardization ISO 31000 Risk Management Principles and Guidelines. 

The Committee Will:

Manage Framework:

  • Maintain and monitor the performance of the ERM framework, recommend changes and updates to executive leadership, and then make approved revisions for its continued success.  
  • Provide tools for division leadership use to assist with implementing the ERM framework in their areas, including risk matrix, heat map and related forms.  
  • Review training programs for executive and division leadership and Risk Owners (and Co-Owners).  
  • Provide consultation and support to division leadership as those areas implement the ERM framework. However, the committee does not have substantive responsibility for managing enterprise risks within these areas.
  • Monitor and report on the institution’s ERM effort as a single source for executive leadership on an ongoing basis.  

Create and Maintain Institution Risk Profile:

  • Collect and organize division risk profiles for creation and maintenance of the institution risk profile.
  • Prioritize the institution risk profile based on division Very High and High rated risks while considering the university’s mission and strategic plan and deliver to executive leadership for further prioritization and oversight.
  • Reconcile division risk profiles with final institutional risk profile and return to respective division leadership, identifying those risks that will be monitored by the FARM Committee, executive leadership and/or division leadership.  

Create Annual ERM Report:

  • Develop the annual ERM Report on behalf of executive leadership for presentation to the FARM Committee, with interim updates at each regular meeting, or as requested.  

Committee Membership Includes:

Assistant Attorney General
Assistant Director, Academic Budgeting and Administration, Provost’s Office  
Associate Vice President for Academic Affairs, Provost’s Office 
Associate Vice President, for Finance & Business Services (Co-Chair)
University Compliance Manager
Director, Environmental Health and Safety  
Director, Office of Communications and Marketing  
Director, Office of Internal Audit – Ex Officio  
Director, Risk Management (Co-Chair)  
Faculty Member, University Planning and Resource Committee Representative  
Research Compliance Officer, Research and Sponsored Programs  
Rules (WAC) Coordinator, Risk, Ethics, Safety, & Resilience
Senior Director and COO, WWU Foundation  
Special Assistant to the Vice President for Enrollment and Student Services  
Director, University Policy & Public Records