Supplemental Information Print this PDF

Name: Enterprise Risk Management Policy
Responsible Office: Business Office & General Counsel

Applies to: (examples; Faculty,Staff, Students, etc)

Faculty , Staff

Policy Overview:

Issued: 12-01-2016
Next Review Date: 12-01-2018
Frequency of Reviews: Every 2 years

This policy establishes a framework to identify, communicate, and prioritize risks across the entire organization based on standard criteria and a uniform rating system.

This policy applies to all members of the President’s Staff and employees delegated responsibility under this policy.


Annual Enterprise Risk Management Plan:  A comprehensive report that identifies and prioritizes significant compliance, financial, health and safety, operational, reputational, and strategic risks and discusses the corresponding risk management plans.

Enterprise Risk Management:  A continuous, proactive and systematic process to understand, manage, and communicate risk from an organization-wide perspective.  It is about making strategic decisions that contribute to the achievement of the College’s overall mission and objectives.

Enterprise Risk Management Committee:  A committee consisting of the Vice President and Chief Financial Officer, the Assistant Vice President of College Services & Chief Compliance Officer, and the General Counsel that is responsible for implementation of the College’s Enterprise Risk Management Policy and program.

Risk:  The effect of uncertainty on objectives expressed as the likelihood and impact of an event with the potential to affect the achievement of the College’s objectives.

Risk Process Owners:  Subject matter experts who are assigned primary operational responsibility for management of specific risks.  Risk Process Owners report to members of the President’s Staff who have been assigned executive level responsibility for designated risks in order to ensure accountability.

Risk Tolerance:  The amount of risk, on a broad level, that the College is willing to accept in pursuit of its mission and strategic objectives.


The College will conduct an annual assessment to identify, understand and effectively manage key risks, consistent with the College’s Risk Tolerance, to support the responsible assumption of risk in pursuit of the College’s mission and strategic objectives.  An Annual Risk Management Plan will be developed by the Enterprise Risk Management Committee to manage Risks including operational and communication protocols in the event of an adverse occurrence.  Accountability for managing Risks will be achieved by assigning Risks to President’s Staff Members and Risk Process Owners, and through reporting to the President and Board of Trustees.


Risk Assessment

Each year the Enterprise Risk Management Committee (ERMC) will coordinate the identification and evaluation of Risks with the President’s Staff.  The President’s Staff will use the Enterprise Risk Management Assessment Guide (Appendix A) and engage key personnel inside and outside of their areas of responsibility to conduct an environmental scan and identify potential events that may adversely affect the objectives of the College.  Risks will be identified and listed for each of the following areas:  compliance, financial, health and safety, operational, reputational, and strategic.

Rating and Prioritization of Risks

The President’s staff will be asked to evaluate the “Likelihood” and “Impact” of each risk using the criteria listed in the Enterprise Risk Management Guide.  For each risk identified, the ERMC will seek information from the President’s Staff to establish the current and desired level of risk management activities such as, for example, implementation of policies, metrics and reporting, auditing, and other internal controls.  The ERMC will identify key Risks that require the responsible President’s Staff member to develop a Risk Management Plan that includes a detailed operational and communication response protocol in the event of an adverse event.  In order to assist the responsible President’s Staff member, the ERMC will appoint a Risk Process Owner to assume operational responsibility for developing and implementing the Risk Management Plan(s).  A template of the Risk Management Plan is attached as Appendix B.  

Monitoring and Reporting

The ERMC will prepare a comprehensive Annual Enterprise Risk Management Plan for the President’s approval that includes a summary of the Risks and Risk Management Plans for each President Staff member’s area.  This report will be updated annually or whenever a significant, new Risk is identified.  The ERMC will monitor Risks by obtaining an annual status update from the President’s Staff prior to the commencement of the annual budget cycle.  The ERMC, the President, and the President’s Staff will develop an ERM scorecard to monitor the risks identified in the Annual Enterprise Risk Management Plan.  The President will take appropriate steps to inform the Board of Trustees regarding the Annual Enterprise Risk Management Plan and the College’s enterprise risk management program.


ERMC:  The ERMC is responsible for overseeing the annual Risk assessment, the Annual Enterprise Risk Management Plan and related updates, and the ERM Scorecard.

General Counsel:  The General Counsel will provide legal advice, education, and training involving compliance with laws and regulations.

President’s Staff:  Each member of the President’s Staff is tasked with organizing their respective areas to effectively manage Risks.  They will work with the ERMC to develop the Annual Enterprise Risk Management Plan, to update the report as needed, and implement the Risk Management Plan in the event of an adverse event.   Additionally, each President’s Staff member and designated personnel will be charged with initiating required education and training along with the General Counsel with respect to particular risks identified for their areas of responsibility. 

President:  The President oversees the ERMC and has ultimate responsibility for prioritization of risks, assignment of resources, determining Risk Tolerance, and communicating information regarding the College’s Annual Enterprise Risk Management Plan and program to the Board of Trustees.

Risk Process Owners:  Individuals identified will be assigned critical Risk management responsibilities.

Vice President Finance/CFO:  The CFO serves as chair of the ERMC and is responsible for integrating ERM into the budget process.


Enterprise Risk Management Assessment Guide Instructions

Enterprise Risk Management Assessment Guide

Risk Management Plan Template

Enterprise Risk Management Flow Chart

Policy Contacts:


Contact Information

Heather Flabiano, Vice President Finance & CFO

Kenneth Fleischmann, JD, General Counsel