The ERM Program
ISO provides principles, framework and a process for managing any form of risk in a systematic, transparent and credible manner. The ERM program is committed to:
- developing a more risk aware culture through training and education.
- advising and assisting risk owners in identifying and assessing their risks and controls.
- assisting University leadership and risk owners in the monitoring of risks and controls.
A printable version of the ERM Policy [pdf] is available.
In accordance with the ISO 31000 standard, the University maintains an ERM policy. The policy provides direction for ERM implementation, lends credibility to the program and demonstrates the University’s commitment to the ERM process.
A robust reporting structure provides a sound backbone for the ERM program through representation of key risk owners in the identification, evaluation and control of risks arising from University activities.
View the Responsibility Matrix [pdf]
The ERM Executive Oversight committee provides a top-down approach in identifying significant risks to the organization. The oversight committee reviews risk data submitted by the senior committees/individual risk areas and amends the risk data based on their experience and expertise. Members of the oversight committee include senior University leadership and representation from other University offices and programs.
The ERM senior committees and individual risk areas take a bottom-up approach in identifying strategic, operational, hazard, financial and reputational risks. Identified risks are reported to senior level committees which review, consolidate and select specific risks for more detailed reporting to the Executive Oversight committee.
This top-down and bottom-up approach promotes a collaborative, cohesive and robust ERM process. Increased collaboration improves the University’s risk management culture, provides a comprehensive view of risks, enhances the identification of risks and allows risk prioritization.
The University has established a documented process to determine which risks are most significant, identify controls and monitor risks. Get details about the ERM process pathway below.