Governance
The Enterprise Risk Management (ERM) function receives oversight from the Board of Regents and the Executive Oversight Compliance Committee (EOCC). The ERM team works with management across the University system to identify, assess, and respond to risks. The ERM team is housed in Health, Safety, and Risk Management under the Senior Vice President for Finance and Operations.
Inform and endorse the University's risk profile and prioritize activities. Set the tone by promoting the value of creating a risk-aware community, lead discussions through the lens of risk management where appropriate and provide external expertise to analysis and discussion.
Inform and approve risk profile, set priorities, serve as institutional risk owners, empower teams to proactively manage risks.
Consult and inform on institutional risk profile, develop mitigation strategies and key performance indicators, serve as operational risk leads, implement risk mitigation strategies and work plans.
Board of Regents
The role of the Board of Regents in the ERM effort is crucial for ensuring the University’s ability to navigate uncertainties, capitalize on opportunities, and achieve its mission and objectives. The Audit & Compliance Committee of the Board of Regents informs and endorses the University’s ERM activities and initiatives. The ERM group presents an updated system-wide risk profile to the Board at least annually as well as risk trends and information covering key risks that have been assessed, mitigated, and monitored.
The Executive Oversight Compliance Committee
The Executive Oversight Compliance Committee (EOCC) oversees the University’s Compliance and Enterprise Risk Management programs. The EOCC approves the risk strategy and confirms that key enterprise risks are effectively managed and mitigated. The EOCC increased the focus on risk at the executive levels resulting in more discussion of risk at all levels. The EOCC provides a balanced view of risk and emphasizes collaboration across the University system to achieve a collective impact. EOCC membership includes:
- Associate Vice President Health, Safety, & Risk Management
- Chief Auditor
- Chief Compliance Officer
- Chief Information Officer
- Executive Vice President & Provost
- General Counsel
- President's Chief of Staff
- Senior Vice President Finance & Operations
- Senior Vice President for Health Sciences
- System Chancellors
- Vice President for Equity & Diversity
- Vice President for Human Resources
- Vice President for Research
- Vice President for University Services
What is Risk Culture?
Risk culture is the normal and typical behavior of individuals and groups within an organization that determines how they identify, understand, discuss, and act on the risks of the organization.
Every organization has a risk culture whether cognizant of it or not. Culture is the driving force behind the success of an organization’s enterprise risk management function. University of Minnesota leadership is committed maintaining to a proactive risk culture as expressed in the University’s strategic plan. The University has the goal to enhance risk management through innovative technology and processes.
Why is Risk Culture Important?
A strong risk culture provides:
- Increased level of risk awareness across the University system, including an awareness of the types of risks, drivers, controls, and mitigating factors.
- Better decision making when the impact of uncertainty is considered.
- Stronger ability to adapt to a changing environment.
- Positive perception of the value that sound risk information can contribute to University success.
When You Identify Risks
No matter what we do as leaders, faculty, or staff at the University, there is no guarantee of success. We should regularly consider these questions:
What is my goal?
Consider the short-term and long-term goals of your group and the University. It’s helpful to consider the University’s mission and MPact 2025 strategic plan and how those objectives cascade down to you and your group. How does your group contribute to the achievement of the system-wide goals?
What could keep me and my team from achieving our goals?
Falling short of a goal can result from many factors or events both internal and external to the University. These are your risks. Remember, risk represents uncertainty so risk can be negative or positive. A risk event may occur that provides an opportunity.
What are the possible outcomes?
Look for the worst-case, best-case, most-likely scenarios, and possibilities in-between.
How robust are the assumptions underlying my plans?
Assumptions should remain valid under changing circumstances.
Are there any unrecognized correlations among the risk drivers?
Consider relationships among risk drivers. Risk drivers are the causes or sources of risk such as market conditions, regulatory changes, or climate change.
Most importantly, "Is my response enough or should I plan an additional response?"
You can respond to the risks you’ve identified by reducing the likelihood or impact through controls, by transferring the risk though insurance, by accepting the risk if its minor, or by avoiding the activity giving risk to the risk all together. A proactive and risk-aware response will increase the likelihood you achieve your goal!
Calculate a Risk Score
A risk score is a useful measure of the risk your department and the risk University may be exposed to. Calculating a risk score is very helpful in prioritizing the many risks facing any particular group. Please see the Calculate Risk Score table under Resources & Tools.