Enterprise Risk Management (ERM) – UW’s Model

  • Assess risks in the context of strategic objectives and identify inter-relation of risk factors across the institution, not functionally.
  • Cover all types of risk: Compliance, Operational, Financial, Strategic, and Mega.
  • Foster a common awareness that allows individuals to focus attention on risks with strategic impacts.
  • Enhance and strengthen UW’s culture of compliance while protecting the decentralized, collaborative, entrepreneurial nature of our institution.

ERM Best Practices

  • Use UW-wide measures of likelihood and impact to rank risks, as diverse as Safety of Students (operational focus) to Post-Award Research Administration (compliance focus) in order to produce risk maps that are consistent across the institution.
  • Document current internal controls such as policies, training, and audits, and through risk assessment identify significant gaps (“residual risks”) for which mitigation measures or new controls need to be developed.
  • Follow up with risk owners on their mitigation work to continuously refresh the risk maps.
  • Provide senior leadership and the Board of Regents with updates on ERM.

UW’s ERM Program – Three Components

  1. President’s Advisory Committee on Enterprise Risk Management (PACERM) – Members of the executive leadership of the University who prioritize the risk areas for in-depth assessment, discuss key emerging risks, and report to the President annually on the institution’s risk map and recommended mitigations.
  2. Compliance-Operations-Financial Council – Brings together campus experts to identify compliance and risk issues, ensure good information is available to the University community, and recommend ways for interested parties to report problems.
  3. Formal Risk Assessments – Write risk statements, evaluate using standard measures of likelihood and impact, compare risks with current controls and if no controls were in place; prioritize residual risks and recommend possible mitigation measures.