Office of Risk Management
The University of Wisconsin System endeavors to lead higher education by integrating the principles of Enterprise Risk Management (ERM) into the culture and strategic decision making of its academic, student affairs, and business functions. ERM will promote the success and enhance the accountability of the UW System by incorporating risk assessment into the System’s strategic objectives and budget development process.
Working Together to Proactively Manage Risks that could threaten our Mission.
The mission of the University of Wisconsin Enterprise Risk Management Pilot Project is to initiate a comprehensive program which will support the identification of UW’s mission-critical risks, assess how to manage those risks, and align resources with risk management responsibilities.
- What is ERM?
- UWSA ERM Goals and Objectives
- ERM Process
- Risk Identification
- Interview Questionnaire
- Risk Validation
- Assess Risks
- Risk Map
- Risk Control Effectiveness
- Risk Response
- Risk Ownership
- Achievements to date & Lessons Learned
- Other ERM Resources
- ERM Higher Whitepapers
- ERM at Institutions of Higher Education
- Blog Forums
As a state-wide university system, the University of Wisconsin System’s risk profile is complex and managing those risks is more important than ever. In the continuing effort to improve enterprise-wide controls and governance, we have begun the implementation of Enterprise Risk Management (ERM) within the University of Wisconsin System through a pilot initiative.
The origin of the UW System ERM initiative can be found in the need to align declining resources with mission-critical tasks, respond to the evolution of traditional risk management to a more cross-functional approach, and address increasing accountability and governance standards driven in part by the Sarbanes-Oxley Act. The UW System Administration Offices of Operations Review and Audit and Safety and Loss Prevention have taken the primary lead to date, but success of this initiative will be determined by the level of participation received from all levels of the UW System institutions and System Administration.
Enterprise Risk Management is a tool that will provide a common language and set of standards to identify, evaluate, prioritize, and manage ongoing risks that are inherent in our operations. Our goal is to develop an ERM structure that will expand the understanding of risk from traditional hazards, which can be transferred with insurance coverage, to include strategic, operational, and financial risks, while integrating risk ownership at all levels of the organization.
Enterprise Risk Management (ERM), to be sustainable, must be tailored to take into account the culture, structure, mission, and objectives of the organization and its stakeholders.
The ultimate success of the ERM Program is dependent upon the continued support, guidance, and input from participating institutions. As an overview, below is a summary of the ERM process:
Phase 1 – Program initiation and Pilot implementation – establishment of Core Working Group –
Kick off meetings - establish definitions, process, and discuss materiality – “Top Down”
- Launch interviews with senior leaders and questionnaires to campus administration.
- Compile interview and questionnaires.
- Develop Perceived Risk Map.
- Compile ERM Risks and conduct workshops and assess output of interviews and questionnaires to identify and discuss other risks.
- Conduct workshops – “Bottom-up” workshops to review and validate previously-identified risks, identify additional risks, determine which have the highest priority, decide which require active management, and assign responsibility for developing plans and budgets to mitigate those key threats.
- Compile results and provide feedback to Core Working Group and administration.
Phase 2 – Future roll-out and develop plans to move towards institution-specific steady states.
By the end of the initial pilot cycles, mitigation plans and budgets will be consolidated in an Annual Risk Report. Plans and budgets will be prioritized and available for confirmation by year end. The process will then move into an embedded, ongoing cycle supported by UW System Administration.
Enterprise Risk Management (ERM) is our comprehensive program to identify and manage - proactively and continuously - real and potential threats as well as opportunities that may affect our operation, both locally and globally.
Threats include not only dangers that could imperil our operations, but also the failure to take advantage of opportunities that could help us fulfill our mission. Both kinds of risks are important.
ERM augments current controls and capabilities to protect and increase stakeholder value and strengthen our work culture. The goal is to promote continuous, sustainable improvement across the System, creating value and competitive advantage.
ERM is a disciplined process that draws on a broad base of cross-functional skills and expertise. The University of Wisconsin System’s ERM program will be both strategic and operational:
Strategic in that the ERM program will provide a consistent method to evaluate risks and opportunities to make more efficient use of assets, while also meeting governance and accountability expectations.
Operational in that the ERM program will provide each area of our operations with a methodology to identify, understand, and manage risks and opportunities in a manner consistent with institution and UW System goals, objectives, and culture.
The result → Our ERM program will provide a fact-based, prioritized approach to risk management, allowing all of us to confront and examine our assumptions about risk and the steps we take to manage and mitigate risk.