Enterprise Risk Management

Category: Governance
Number: GOV-080-005
Audience: All University employees
Revised: July 13, 2017
Owner(s): Executive Director (University Governance)
Approved by: Board of Governors
Contact: Executive Director, University Governance 306-585-5545

Introduction

The University of Regina is committed to establishing an institution that ensures risk management is a core capability and an integral part of all university activities.

The University’s enterprise risk management (ERM) process is designed to:

  • identify potential events and trends (risks) that may significantly affect the University’s ability to achieve its strategic goals or maintain its operations, and
  • assess those risks against the University’s level of risk tolerance to provide reasonable assurance that the University’s objectives will be achieved.

The University’s objectives for enterprise risk management include:

  • integrating risk management into the culture and strategic decision-making of the University,
  • anticipating and responding to changing social, environmental and legislative conditions,
  • managing risk according to best practice and demonstrating due diligence in decision making,
  • regarding legal compliance as a minimum standard,
  • balancing the cost of managing risk with the anticipated benefits, and
  • raising awareness of the need for risk management.

Definitions

Policy

The University’s methodology for risk management is outlined in the Enterprise Risk Management (ERM) Framework.  The ERM process is continuous and should be applied at both the University (enterprise) level and at an individual academic and administrative unit level.

The University’s principles for managing risk are:

  • The Board of Governors and University Executive oversee risk management within the University.
  • The Board of Governors and University Executive adopt an open and receptive approach to solving risk problems.
  • The University Executive supports, advises on, and implements policies approved by the Board of Governors.
  • The University Executive makes conservative and prudent recognition and disclosure of the financial and non-financial implications of risks and opportunities.
  • Deans, associate vice-presidents, directors, and department heads encourage good risk management practices within their units.
  • Key risk indicators are identified and monitored on a regular basis.


Roles and Responsibilities


All staff members of the University are responsible for the effective management of risk including the identification of potential risks. Management (both administrative and academic) is responsible for the development of risk management processes and the implementation of risk reduction strategies. Risk management processes will be integrated into existing departmental planning processes and management activities.


Coordinator, Enterprise Risk Management

The Coordinator, Enterprise Risk Management:

  • oversees and maintains the ERM Framework,
  • annually facilitates and coordinates the process of identifying, reviewing, and ranking risks,
  • supports the development of a risk register for the University
  • assigns, tracks, and monitors risks in the University’s risk register,
  • facilitates action in those areas where improvements are required, and
  • reports the status of risks to the University’s Executive and the Board’s Audit and Risk Management Committee.


Deans, Associate Vice-Presidents, Directors, and Department Heads

Deans, associate vice-presidents, directors, and department heads are accountable for implementation of this policy within their respective areas of responsibility. They:

  • incorporate risk management into their departmental/unit planning processes and management activities,
  • actively participate in the risk assessment process, and
  • report on the status of items in the risk register as part of the annual planning or review cycle.


University Executive Team

Members of the University’s Executive Team are accountable for strategic risk management in the areas under their control, including the delegation of the risk management process to deans, associate vice-presidents, directors, and department heads.

Collectively, the university executive team is responsible for:

  • formal identification of strategic risks that have an impact on the University’s goals,
  • determination of priorities and risk rankings,
  • development of strategic risk management plans, and
  • monitoring progress in managing risk.


Audit and Risk Management Committee

The Audit and Risk Management Committee is accountable for ERM as defined in its terms of reference (60 KB) pdf.

Consequences for Noncompliance

Failure to comply with this policy may prevent the University and/or academic and administrative unit from achieving its strategic and operational objectives.

Processes

Refer to the University’s Enterprise Risk Management Framework (634 KB) pdf.

Related Information