ERM at TAMU
Events such as management changes and reorganizations, demands for increased accountability by funding sources, new legislation resulting from corporate scandals, and adverse events occurring on or around campus have heightened the awareness of the various risks facing the University community. Since risk management has always been an important area of strong management interest and involvement, the University Risk and Compliance Office (URC) was formed by the President in April 2004. The new office incorporated and coordinated various responsibilities including enterprise risk management (ERM).
The strategy to implement the University-wide Risk Management Program began with various discussions and presentations on the concepts of ERM to the TAMU community. This involved communication of a common risk language and creating an understanding of risks and the risk assessment process.
In the fall of 2004, a University-wide Risk Management Discussion Group was formed. The group, consisting of senior management that represented a broad span of University activities and operations, and could provide a University-wide perspective, performed a University-wide risk assessment. The group was reassembled in Fall 2006 to update and expand the following:
- The major risks facing the University;
- The mitigating activities for those risks; and
- The accountable/responsible person for the mitigating activities.
Another stage of implementation involved meeting with individual units around campus to perform risk assessments. The individual unit assessments have been divided into tiers. The first tier was defined as high level University units including those that directly report to the University President.
Tier 1 risk assessments include areas such as:
- Student Affairs
- Athletic Compliance
- Governmental Affairs
Tier 2 areas (units and departments)
are those that report directly to Tier 1 areas.
Risk assessments for these areas are based on need and performed as requested.
The long-term risk assessment plan includes providing the experience and tools for the University community to perform their own self-assessments and updates. The tools (instructions, examples, Excel spreadsheets, etc.) are available for all tiers including tiers including Tier 3 such as individual departments, centers, and institutes. The long-term and continuous plan also includes assessing and updating Tier 1 risk assessments on a periodic basis (every two years).
After risk assessments are complete, URC personnel are able to perform a walkthrough review and report on the effectiveness of the monitoring and executive communication process focusing on the high (red) risks.
Last Updated on August 2009