Enterprise Risk Management

The goal of the Enterprise Risk Management (ERM) program is to identify and address risks through a coordinated, organization-wide approach rather than in isolated units. By viewing risk from a university-wide perspective, employees gain a clearer understanding of how their actions contribute not only to their immediate responsibilities but also to the institution’s broader mission and goals. The program provides a structured, institution-wide approach to identifying, assessing, and proactively managing risk through informed decision-making. The office conducts regular compliance audits and risk assessments to identify potential areas of non-compliance. This proactive approach helps mitigate risks associated with legal and regulatory violations.

UNDERSTANDING RISK

Risk is any issue that could impact an organization’s ability to achieve its objectives. It generally falls into five key categories:

Strategic Risk

Strategic risk affects an organization’s ability to achieve its long-term goals. For example, a tuition-dependent college expanding into new markets must evaluate whether it fully understands its competitive landscape and can effectively manage financial aid to support growth.

Financial Risk

Financial risk involves potential loss of assets or income. A university that expands into foreign investments or private equity, or adopts new hedging strategies, must carefully monitor market and credit risks to protect its investments.

Operational Risk

Operational risk relates to failures or inefficiencies in day-to-day processes. For instance, when a university implements new administrative systems, it must ensure its staff are properly trained and that transactions are processed and monitored effectively in the new environment.

Compliance Risk

Compliance risk arises from failure to adhere to laws, regulations, or internal policies. Academic Medical Centers and research institutions, in particular, must stay current with evolving regulations and ensure that faculty, investigators, and staff consistently follow them.

Reputational Risk

Reputational risk affects how the organization is perceived by external stakeholders. It often results from shortcomings in managing other types of risk and can impact the organization’s brand, credibility, and trust.