Enterprise Risk Management
ERMIS: Background and overview
Over the past decade, organizations have been making significant investments in the areas of business intelligence: data warehousing, performance management, enhanced reporting, and analytical solutions. While many enterprises and educational institutions have realized clear value from these initiatives, even more continue to seek to identify new opportunities to seize the greater value from these investments and leverage the information going forward.
The operational needs of the various UC campuses are different, and so are their needs for defining and classifying data. Business units and divisions across the UC have a need to identify available risk and controls information, acquire it, conduct data analysis, and interpret the results.
The University recognized a need to enable the UC's faculty, staff, and students to identify and manage risks associated with their activities, consistent with the UC's mission of teaching, research, and public service. By strategically managing risk, UC can reduce the chances of loss, create greater financial stability, and protect UC resources.
As a result, the University embarked on the creation of a data warehouse which will serve as the data repository for risk and controls related information. With this vision, and sponsorship from the Office of the President, the Enterprise Risk Management Information System (ERMIS) was implemented.
The ERMIS objectives include the following:
- Better quantitative analysis capabilities
- Improved analytical and reporting capabilities
- Support for leading risk governance and compliance processes
- System-wide visibility, with local flexibility
- Scalability without additional burden on UC staff
These capabilities help to lower the overall cost of risk (often times associated with day to day operations) across the institution.
ERMIS solution overview
The ERMIS is based on a Cognos web-based Business Intelligence solution, which has been customized by the University to help quantify and track pre-defined key performance indicators (KPIs). Deployed in February 2009, the application has been configured to integrate claims data (losses), corporate data (exposures) and other information sources in an effort to create a centralized data management environment.
The Safety Index, Medical Center Dashboard, and Human Capital Index are just the first of many indexes. The UC Irvine Dashboard is the first campus-specific dashboard, and other dashboards are being developed on an ongoing basis. As long as a subject area has data which can be referenced, additional dashboard indexes can be created utilizing this technology.
In addition to referencing selected information from established data warehouses, web-based survey tools are components of the solution, which can be utilized to facilitate data collection and analysis. Component enhancements coming in the near future will include application features to support Governance Risk and Controls (GRC) and the Statement on Auditing Standards (SAS) Number 112/115.
It is the University's desire to provide a dashboard and reporting tool that will enable users to leverage information in order to make decisions and plans, and demonstrate responsiveness to requests in a timely manner. ERMIS can be customized, thus accommodating users, rather than forcing the users to conform to the tool. Such customization entails knowing your users: what information they need, how they like to receive it, and how much they want to interact with it.
UC user requirements will change based on what role the users are playing at a particular time. In one role, a user may require large amounts information and open access to explore data. Perhaps in another role, the user may simply need to review summary data on a weekly or monthly basis. Fundamentally, ERMIS is designed to meet these and other needs by providing a single, integrated universe of identified risk-related information that cuts across common organizational units, functions, and business processes to enable coordinated and cost-effective risk responses.