University Policy

.

Enterprise Risk Management

Approval Date: 2016-12-01

Effective Date: 2016-12-01

Review Date: 2020-12-01

Authority:

Vice-President (Administration, Finance and Advancement) through the Chief Risk Officer

Purpose

− To formalize the university’s risk management program
− To provide direction to the members of the University community on a coordinated approach to identify, assess, evaluate, and manage risks
− To support decision making processes from a risk management perspective

Scope

Activities undertaken by Members of the University Community which include but are not limited to teaching and learning, research, scholarship, creative activity, service, public engagement, and administration.

Definitions

Enterprise Risk Management — A university-wide, systematic, comprehensive and co-ordinated process of identifying, measuring, managing and disclosing key risks to the University's mission and related goals and objectives.

Key Risk Indicator(s) — Metrics used by organizations to provide an early signal of increasing risk exposures.

Members of the University Community — Any person who teaches, conducts research, studies or works at or under the auspices of the University and includes, without limitation, all employees, all students; and any other person(s) while they are acting on behalf of or at the request of the University.

OCRO — Office of the Chief Risk Officer.

Risk — The effect of uncertainty on objectives, resulting in positive and/or negative impact on the University's mission.

Risk Appetite — The amount and type of risk that the university is willing to take in order to meet its strategic objectives.

Risk Control — The action that avoids, transfer or mitigates various risks.

Risk Owner — The employee(s) designated to manage a particular risk. This is a functional description, not a position title. Normally it is the Unit Head(s).

Risk Register — Documented list of risks and associated risk ratings, key risk indicators, controls (either planned or in place) and the status of these risks.

Risk Tolerance — The acceptable variation relative to the performance of the achievement of objectives.

Unit — Academic or administrative unit as defined in the University Calendar.

Unit Head — Deans, Department Heads, Division Heads, Heads of Schools, Directors, Executive Directors, University Librarian, University Registrar and other senior administrators at a comparable level; Associate Vice-Presidents and Vice-Presidents, as applicable.

University — Memorial University of Newfoundland.

University-related Activity — Any activity that is directly related to or arises out of the operations of the University at any location.

Policy

The University recognizes that it inherently assumes a variety of Risks by its undertaking of teaching and learning, research, scholarship, creative activity, service, public engagement, and administration. In doing so, the University’s goal is to ensure that existing and emerging risks are identified and managed in a balanced manner. The University recognizes that it is critical to establish and maintain an approach to Enterprise Risk Management, that supports the achievement of its strategic priorities and objectives and is a fundamental part of all University activities.

Risk Management is a shared responsibility at all levels of the University. 

The Board of Regents is responsible for overseeing the management of Risk and for establishing the Risk Tolerance and the risk ranking methodology, both of which are periodically reviewed and may be revised. 

The President and Vice-Chancellor, through President’s Executive Council (PEC), is responsible for the University’s overall Enterprise Risk Management approach, policies, processes, systems, controls and reporting; and for providing direction on a risk management culture.

The President’s Executive Council, through its Enterprise Risk Management Committee (ERM Committee), oversees the Enterprise Risk Management program. The ERM Committee monitors Risk Registers and makes recommendations to PEC on risks that may affect the achievement of the University’s goals or are otherwise outside the established Risk Tolerance. 

The Office of the Chief Risk Officer (OCRO) is responsible for coordinating risk management activities and procedures across the campuses. It provides support to Units in identifying, assessing, and managing risks. It shares best practices and expertise acquired from risk management activities across the University for the benefit of the entire University. It prepares, submits and presents regular reports, through PEC and the President, to the Audit and Risk Committee of the Board of Regents on risk management. 

The University Auditor is responsible for evaluating the effectiveness of risk management processes of the University, including providing support in risk identification. The University Auditor uses the current Risk Register as a tool in internal audit planning.

Related Documents

Enterprise Risk Management Framework

Procedures:

For inquiries related to this policy:

Office of the Chief Risk Officer: 709-864-6216

Sponsor:

Vice-President (Administration, Finance and Advancement)

Category:

Operations

Previous Versions:

No previous versions

Policy Amendment History

There are past amendments for this policy:

Action: REPLACED
Date: 2019-05-27 11:21:07
This policy was replaced with a new version. Comment provided: Connected definitions using definitions from the glossary.
Action: REPLACED
Date: 2019-07-30 15:15:22
This policy was replaced with a new version. Comment provided: Added the Enterprise Risk Management Framework to the Related Documents section.
Action: REPLACED
Date: 2022-08-30 10:30:49
This policy was replaced with a new version. Comment provided: 8/30/22 updated broken links
Action: REPLACED
Date: 2024-02-19 09:50:15
This policy was replaced with a new version. Comment provided: Updated broken weblinks
Action: REPLACED
Date: 2024-08-21 16:04:23
This policy was replaced with a new version. Comment provided: Updated broken links
Action: REPLACED
Date: 2024-09-11 14:15:22
This policy was replaced with a new version. Comment provided: Updated to reflect Vice-President titles as approved by the Board of Regents December 7, 2023
Action: REPLACED
Date: 2024-10-04 11:12:10
This policy was replaced with a new version. Comment provided: Updated to reflect Vice-President titles as approved by the Board of Regents December 7, 2023
Action: REPLACED
Date: 2024-10-07 13:48:48
This policy was replaced with a new version. Comment provided: Updated to reflect Vice-President Council titles as approved by the Board of Regents December 7, 2023