Enterprise Risk Management
What is ERM?
And why does UC need it?
Enterprise Risk Management (ERM) is defined by the Committee of Sponsoring Organizations (COSO) as "a process, effected by an entity's board of directors, management and other personnel, applied in strategy-setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives." COSO (pdf) was adopted by the regents in 1996.
The COSO ERM framework provides a common lexicon of terminology, and provides clear direction and guidance for implementing enterprise risk management. The framework requires that organizations examine their complete portfolio of risks, consider how those individual risks interrelate, and that management develops an appropriate risk mitigation approach to address these risks in a manner that is consistent with their long term strategy and overall risk appetite.
Why is ERM relevant in the higher education environment?
Like organizations within the private sector, the UC system operates in an inherently risky environment. Risks include financial risk, operating risk, strategic risk, regulatory risk, environmental risk, reputational risk, political risk, and a whole host of other types of risk. Managing this portfolio of risks is especially important to help ensure the university can continue to serve the university's faculty, staff and students. By strategically managing risk, we can reduce the chance of loss, create greater financial stability, and protect our resources so we can continue our mission of supporting teaching, research and public service.