Enterprise Risk Management

What is Enterprise Risk Management?

Enterprise Risk Management (ERM) is a framework for managing risks within an organization. The ERM approach is similar to traditional risk management but ERM incorporates all risks institution-wide. Risks identified in each department (referred to as the risk owner) are captured in a risk register and then managed and monitored by the risk owner, with support from Risk Management. High frequency, high severity risks are reported to the Executive and the Board of Governors to ensure that they are consistent with the risks the institution is willing to take.

ERM frameworkincludes:

identifying risks relevant to the organization's objectives (risks and opportunities),
assessing those objectives in terms of frequency and severity against defined risk tolerance statements,
determining a response strategy, and
monitoring progress.

ERM Process

How does Mount Royal University use ERM?

MRU's Risk Management uses the ISO 31000 standard as a guide to develop and implement ERM processes. These processes enable the University to identify, assess, evaluate, and treat institutional risks and opportunities, which then can be used as a basis for decision making and accountability.

What risks are considered?

Academic Risk: "the uncertainty of something happening that will have an impact on the achievement of academic objectives"
Financial Risk: managing financial risk exposures
Reputational Risk: the image of Mount Royal University in the community
Operational Risk: the risk of loss resulting from inadequate or failed internal processes, people and systems, or from external events
Hazard Risk: injury, illness, death or property damage.
Strategic Risk: uncertainties and untapped opportunities based on strategic planning and execution.

What is Enterprise Risk Management?

How does Mount Royal University use ERM?

What risks are considered?

How do I ensure that my department's risks are being captured?