Enterprise Risk Management Program
Enterprise Risk Management (ERM) promotes a risk aware culture at the University of Alberta (university) where everyone considers risks in their daily activities and decision making in order to achieve their objectives and ultimately support the university’s mission.
The ERM Program, refreshed in December 2023, is composed of two pieces, the ERM policy and the ERM framework. With Shape: A Strategic Plan of Impact (2023-2033) as the underlying foundation of the program, the framework and policy create and protect the university’s value by managing uncertainties that could influence achieving the university mission, vision, strategic and operational objectives.
Ultimately, ERM aims to support you in managing risk appropriately and proactively so we can all lead with purpose.
What is ERM?
ERM is a series of coordinated activities to direct and control the university with regard to risk. It provides a consistent and systematic approach for the Board of Governors, senior executives, leadership, academic faculty members, staff and all representatives acting on behalf of the university to manage risks and maximize opportunities related to the achievement of our strategic and operational objectives.
Why is ERM important?
ERM plays many essential roles vital to the success of the university, including:
- Cultivating a risk aware culture that proactively manages risks to minimize surprises and maximize opportunities.
- Adaptability and fostering collaboration to identify and manage risks across all areas and levels of the university.
- Providing an opportunity for all members of the university community to contribute to the university’s success.
- Enhancing decision making and supporting the achievement of the university’s mission, vision and objectives.
- Encouraging innovation and assisting in improving the university’s performance and achieving transformational impact.
The Enterprise Risk Management Program
The Policy
Approved by the Board of Governors, and the overarching piece in the ERM Program, the policy’s purpose is to formally articulate the approach to ERM and provide an overview of the related roles and responsibilities. The policy emphasizes that integrating the management of risk at all levels of the organization is imperative. As such, all members of the university community manage risk, whether apparent or not, and work collaboratively to ensure an effective program is in place and practiced.
The Framework
Managing Risk at the U of A: Leading with purpose to make a lasting, positive impact, enables the university to assume risk in a managed way to support the achievement of the university’s mission, vision, strategic and operational objectives. While the policy is to formally identify the ERM approach, the framework is more applicable and tactical in that it outlines how ERM can actually be carried out. It indicates the processes, roles and responsibilities that everyone has to play, and provides the tools to implement ERM into your day-to-day work.
Why does it matter to me?
The ERM Program applies to all members of the university community and all activities conducted by or on behalf of the university. The university community actively performs and incorporates risk management into their everyday decision making, whether it’s obvious or not. Sometimes, risk management is simplistic and performed instantaneously; however, in an environment of significant change and increasing competition, risks can become more complex.
The program identifies how to proactively manage risk, as risk management also involves taking advantage of opportunities as they come. Managing a risk can be as simple as wearing appropriate personal protective equipment in a laboratory and using a secure internet connection, or as complex as maintaining and repairing the university's building infrastructure to support the institution's evolving needs.
How much risk are we willing to take on?
Since risks are part of our everyday work, they’re inherent and unavoidable. As such, the university has a threshold and approach for assessing risks. Known as ‘risk appetite,’ it outlines the amount of risk the university is willing to accept in the pursuit of its objectives. Risk appetite varies according to the decision or activity being undertaken and requires that benefits and risks are fully understood before moving forward.
We know that in the next ten years, the university hopes to see transformational impact, as identified in Shape, the university’s strategic plan. Achieving these goals and creating meaningful change cannot be done if we don't choose to take on some level of risk. That being said, it needs to be approached in a responsibly managed way that relies on risk management to conduct proactive reviews and put appropriate and conducive mitigation strategies in place.
As such, the following Institutional Risk Appetite Statement was identified in alignment with Shape:
“Over the next ten years, the university is striving for deeper and more transformational impact and promotes doing things fundamentally different. It is understood that there is an element of risk in any decision or activity and all members of the university community are encouraged to responsibly manage risk by leading with purpose and making a lasting, positive impact that assists the university in achieving its mission, vision and objectives.”
We all have a role to play.
For more information
If you’re interested in learning more or would like guidance on how you can leverage the ERM Program in your activities, which includes creating or updating policies and procedures, contact Nokuthula Sithole, Executive Director, IA&ERM or Shannon Boodhoo, Lead, Enterprise Risk Management and Financial Audit.