ERM is a structured, institution-wide approach to identifying, assessing, monitoring and responding to risks. It is a collaborative process by which these risks can be talked about, evaluated, and acted upon as we move forward with our strategic plan and take advantage of potential opportunities.
ERM meets the needs of stakeholders who are accountable for ensuring that risks are effectively managed within the institution as a whole, or within a specific area, initiative or activity.
It is important to emphasize that the risks we are identifying in ERM are tied to the University’s mission and strategic plan, thus the reason they are called “enterprise risks.” They are not the traditional, operating risks that we manage on a daily basis, but potential obstacles, challenges and unforeseen events related to key areas having impact on the University’s ability to achieve its objectives, or do it effectively.
For example, other universities have identified enterprise risks around the areas of:
- Institutional space
- Information technology & security
- Facilities and physical plant condition
- Entrepreneurial initiatives
- Free speech and expression
- Tuition affordability
- Disaster or emergency response
Western’s ERM Framework
Western’s ERM Framework is based on the ISO 31000 ERM model (International Standardization Organization). ISO is an independent, non-governmental international organization with a membership of 161 countries. This model is encouraged by the State of Washington.
The framework defines essential elements, offers a common language, and provides clear direction and guidance for ERM. It includes the following sections:
- Terms, Concepts and Principles
- Roles, Responsibilities and Reporting
- The first section establishes “Tone from the top.” The University’s Board of Trustees, President, and Executive Leadership are committed to fostering an environment that will encourage risk-informed decision-making within the University’s culture and practices.
Terms, Concepts and Principles
- The second section establishes a common language regarding ERM in order to improve communication and understanding across the University. It includes definitions of key terms and concepts and principles that should be followed.
Roles, Responsibilities and Reporting
- The third section establishes in detail the roles and responsibilities for the various stakeholders in the ERM process.
- The fourth section describes the implementation of the ERM plan, integration of ERM into existing strategic planning and budgeting processes, application of ERM to emerging, strategic initiatives, and monitoring.
- Tools used for the implementation of ERM include:
- Western’s ERM Framework
- Risk Matrix and Heat Map – Organizational
- Risk Matrix and Heat Map – New Initiative
- Risk Management Plan
Contact Paul Mueller CPCU 360-650-3065 for assistance with ERM.