Enterprise Risk Management (ERM) – UW’s Model
- Assess risks in the context of strategic objectives and identify inter-relation of risk factors across the institution, not functionally.
- Cover all types of risk: Compliance, Operational, Financial, Strategic, and Mega.
- Foster a common awareness that allows individuals to focus attention on risks with strategic impacts.
- Enhance and strengthen UW’s culture of compliance while protecting the decentralized, collaborative, entrepreneurial nature of our institution.
ERM Best Practices
- Use UW-wide measures of likelihood and impact to rank risks, as diverse as Safety of Students (operational focus) to Post-Award Research Administration (compliance focus) in order to produce risk maps that are consistent across the institution.
- Document current internal controls such as policies, training, and audits, and through risk assessment identify significant gaps (“residual risks”) for which mitigation measures or new controls need to be developed.
- Follow up with risk owners on their mitigation work to continuously refresh the risk maps.
- Provide senior leadership and the Board of Regents with updates on ERM.
UW’s ERM Program – Three Components
- President’s Advisory Committee on Enterprise Risk Management (PACERM) – Members of the executive leadership of the University who prioritize the risk areas for in-depth assessment, discuss key emerging risks, and report to the President annually on the institution’s risk map and recommended mitigations.
- Compliance-Operations-Financial Council – Brings together campus experts to identify compliance and risk issues, ensure good information is available to the University community, and recommend ways for interested parties to report problems.
- Formal Risk Assessments – Write risk statements, evaluate using standard measures of likelihood and impact, compare risks with current controls and if no controls were in place; prioritize residual risks and recommend possible mitigation measures.