ERM Framework

The Enterprise Risk Management (ERM) Framework implemented by the University of Minnesota system is based on the widely employed Committee of Sponsoring Organizations of the Treadway Commission (COSO) ERM Framework. The COSO ERM framework has been adapted in order to incorporate the unique environment at the University of Minnesota as it defines essential components, suggests common language, and provides clear direction and guidance for risk management. The adoption of the COSO ERM Framework aligns with and compliments the institution’s adoption of the COSO Integrated Framework of Internal Controls as established by the Board of Regent’s Policy: Internal Controls.  

ERM Process

All the activities presented here may be performed sequentially or simultaneously, as the need arises, and are augmented by a strong culture that promotes the efficacy of these actions.

ERM process diagram showing mission and strategic objectives, risk and opportunity identification, risk evaluation and measurement, risk response and action, and monitoring and communication

ERM Stakeholder Roles

Everyone in the University system has a role in ERM. Leveraging leadership experience provides an effective means to engage the right people across the University.


Risk Stakeholder


Board of Regents

Set tone for risk culture and inform and prioritize ERM activities

Executive Oversight Compliance Committee

Approve and endorse risk strategy, ensure risks are effectively managed

ERM Working Group

Subject matter experts convened to address specific enterprise risks

Enterprise Risk Management

Facilitate ERM process and drive work plans

Internal Audit

Evaluate effectiveness of controls

University Compliance

Facilitate compliance with laws and regulations

University Units / Departments

Take and Manage Risks

The Executive Oversight Compliance Committee

The Executive Oversight Compliance Committee (EOCC) oversees the University’s Compliance and Enterprise Risk Management programs. The EOCC approves the risk strategy and confirms that key enterprise risks are effectively managed and mitigated. The EOCC increased the focus on risk at the executive levels resulting in more discussion of risk at all levels. The EOCC provides a balanced view of risk and emphasizes collaboration across the University system to achieve a collective impact. EOCC membership includes: 

  • Associate Vice President Health, Safety, & Risk Management
  • Chief Auditor
  • Chief Compliance Officer
  • Chief Information Officer
  • Executive Vice President & Provost
  • General Counsel
  • President's Chief of Staff
  • Senior Vice President Finance & Operations
  • Senior Vice President for Health Sciences
  • System Chancellors
  • Vice President for Equity & Diversity
  • Vice President for Human Resources
  • Vice President for Research
  • Vice President for University Services

Why Have Executive Level Risk Discussions?

Create a Risk Aware Culture

Produce an Action Agenda

Achieve Collective Impact

Obtain a Reduction in Risk