Enterprise Risk Management
Introduction
The University of Regina is committed to ensuring risk management is a core capability and an integral part of all university activities.
The University’s enterprise risk management (ERM) process is designed to:
- identify potential events and trends (risks) that may significantly affect the University’s ability to achieve its strategic goals or maintain its operations, and
- assess those risks against the University’s level of risk tolerance to provide reasonable assurance that the University’s objectives will be achieved, and
- empower employees at all levels of the organization to identify, evaluate, and respond to risks within their scope of authority and responsibility.
The University’s objectives for enterprise risk management include:
- integrating risk management into the culture and strategic decision-making of the University,
- anticipating and responding to changing social, environmental and legislative conditions,
- managing risk according to best practice and demonstrating due diligence in decision making,
- regarding legal compliance as a minimum standard,
- balancing the cost of managing risk with the anticipated benefits, and
- raising awareness of the need for risk management.
Definitions
Policy
The University’s methodology for risk management is outlined in the Enterprise Risk Management (ERM) Framework. The ERM process is continuous and should be applied at both the University (enterprise) level and at an individual academic and administrative unit level.
The University’s principles for managing risk are:
- The Board of Governors and University Executive oversee risk management within the University.
- The Board of Governors and University Executive adopt an open and receptive approach to solving problems and managing risks.
- The University Executive supports, advises on, and implements policies approved by the Board of Governors.
- The University Executive makes conservative and prudent recognition and disclosure of the financial and non-financial implications of risks and opportunities.
- Academic and Administrative Leaders encourage good risk management practices within their units.
- Key risk indicators are identified and monitored on a regular basis.
Roles and Responsibilities
All employees of the University are responsible for the effective management of risk including the identification of potential risks. Management (both administrative and academic) is responsible for the development of risk management processes and the implementation of risk mitigation measures. Risk management processes will be integrated into existing planning processes and management activities.
Coordinator, Enterprise Risk Management
The Coordinator, Enterprise Risk Management:
- oversees and maintains the ERM Framework,
- annually facilitates and coordinates the process of identifying, reviewing, and ranking risks,
- supports the development of a risk register for the University
- monitors risks in the University’s risk register,
- facilitates action in those areas where improvements are required, and
- reports the status of risks to the University’s Executive and the Board’s Audit and Risk Management Committee.
Academic and Administrative Leaders
Academic and Administrative Leaders are accountable for implementation of this policy within their respective areas of responsibility. They:
- incorporate risk management into their departmental/unit planning processes and management activities,
- actively participate in the risk assessment and risk management process, and
- report on the status of risks as part of the annual planning or review cycle.
University Executive
Members of the University’s Executive are accountable for strategic risk management in the areas under their control, including the delegation of the risk management process to deans, associate deans, associate vice-presidents, directors, associate directors, managers and department heads.
Collectively, the University Executive is responsible for:
- formal identification of strategic risks that have an impact on the University’s goals,
- determination of priorities and risk rankings,
- development of strategic risk management plans, and
- monitoring progress in managing risk.
Audit and Risk Management Committee
The Audit and Risk Management Committee is accountable for ERM as defined in its terms of reference.
Consequences for Noncompliance
Failure to comply with this policy may prevent the University and/or academic and administrative unit from achieving its strategic and operational objectives.
Processes
Refer to the University’s Enterprise Risk Management Framework (748 KB) .