Policy and Procedure Statement



Similar documents
Confident in our Future, Risk Management Policy Statement and Strategy

ENTERPRISE RISK MANAGEMENT FRAMEWORK

SAI GLOBAL LIMITED Risk Management Policy

APPENDIX 50. Enterprise risk management - Risk management overview

ENTERPRISE RISK MANAGEMENT POLICY

Successfully identifying, assessing and managing risks for stakeholders

Council Meeting Agenda 27/07/15

CPS SECURITY & INFORMATION RISK MANAGEMENT POLICY CPS SECURITY & INFORMATION RISK MANAGEMENT POLICY

University of New England Compliance Management Framework and Procedures

Guidance Note: Corporate Governance - Board of Directors. March Ce document est aussi disponible en français.

Compliance Management Framework. Managing Compliance at the University

Avondale College Limited Enterprise Risk Management Framework

How To Manage Risk At Atb Financial

In accordance with risk management best practices, below describes the standard process for enterprise risk management (ERM), including:

Shepway District Council Risk Management Policy

RISK MANAGEMENT FRAMEWORK. 2 RESPONSIBLE PERSON: Sarah Price, Chief Officer

The Lowitja Institute Risk Management Plan

the Defence Leadership framework

APPLICATION OF THE KING III REPORT ON CORPORATE GOVERNANCE PRINCIPLES

APPLICATION OF KING III CORPORATE GOVERNANCE PRINCIPLES 2014

3 August 2012 Policy updated to reflect name changes and alignment with current Aurora Energy Group Policy standards.

MARCH Strategic Risk Policy Update March 2012 v1.10.doc

IFAD Policy on Enterprise Risk Management

Bridgend County Borough Council. Corporate Risk Management Policy

Information Governance Strategy and Policy. OFFICIAL Ownership: Information Governance Group Date Issued: 15/01/2015 Version: 2.

MISSION VALUES. The guide has been printed by:

Risk Management. National Occupational Standards February 2014

Prudential Practice Guide

ENTERPRISE RISK MANAGEMENT FRAMEWORK

GUIDELINES ON CORPORATE GOVERNANCE FOR LABUAN BANKS

Enterprise risk management: A pragmatic, four-phase implementation plan

COMPLIANCE CHARTER 1

Queensland Government Human Services Quality Framework. Quality Pathway Kit for Service Providers

Eclipx Group Limited Risk Management Policy

IIA POSITION PAPER: THE ROLE OF INTERNAL AUDITING IN ENTERPRISE-WIDE RISK MANAGEMENT

STANDARDS OF SOUND BUSINESS AND FINANCIAL PRACTICES. ENTERPRISE RISK MANAGEMENT Framework

NATIONAL BANK OF ETHIOPIA MICROFINANCE INSTITUIONS SUPERVISION DIRECTORATE. RISK MANAGEMENT GUIDLEIES for MICROFINANCE INSTITITTIONS (FINAL)

RISK MANAGEMENT GUIDANCE FOR GOVERNMENT DEPARTMENTS AND OFFICES

Governance Guideline SEPTEMBER 2013 BC CREDIT UNIONS.

Practice Guide COORDINATING RISK MANAGEMENT AND ASSURANCE

RISK MANAGEMENT FRAMEWORK

POLICY. Number: Title: Enterprise Risk Management. Authorization

Risk Management Policy and Framework

Risk Management Policy Adopted by:

POL ENTERPRISE RISK MANAGEMENT SC51. Executive Services Department BUSINESS UNIT: Executive Support Services SERVICE UNIT:

Canada Media Fund/Fonds des médias du Canada

Risk Management Policy

Standards for the Professional Practice of Internal Auditing

RISK MANAGEMENT AND COMPLIANCE

WFP ENTERPRISE RISK MANAGEMENT POLICY

Financial Management Framework >> Overview Diagram

Insurance Guidance Note No. 14 System of Governance - Insurance Transition to Governance Requirements established under the Solvency II Directive

Policy (Board Approved)

Compliance Policy AGL Energy Limited

PUBLIC ACCOUNTANTS COUNCIL HANDBOOK

Introduction to Enterprise Risk Management at UVM DRAFT

Risk Management Strategy and Policy. The policy provides the framework for the management and control of risk within the GOC

Risk Management Basics - ISO Standard. Louis Kunimatsu, CRISC IT Security & Strategy, Ford Motor Company

Job Description Asset Planning Engineer Senior

Job No. (Office Use) Directorate Corporate Services Department Programme Management Office Reports to (Job Title) If No state reason

Corporate Governance Guidelines

NOTICE 158 OF 2014 FINANCIAL SERVICES BOARD REGISTRAR OF LONG-TERM INSURANCE AND SHORT-TERM INSURANCE

Managing Risk at Bank of America Corporation. Overview

Aegon Global Compliance

Department of Veterans Affairs VA Directive VA Enterprise Risk Management (ERM)

HEALTH SAFETY & ENVIRONMENT MANAGEMENT SYSTEM

INSURANCE ACT 2008 CORPORATE GOVERNANCE CODE OF PRACTICE FOR REGULATED INSURANCE ENTITIES

FMCF certification checklist (incorporating the detailed procedures) certification period. Updated May 2015

Certified Human Resources Professional Competency Framework

IRM CERTIFICATE AND DIPLOMA OUTLINE SYLLABUS

Sound Practices for the Management of Operational Risk

Attribute 1: COMMUNICATION

Risk Management Plan

1.20 Appendix A Generic Risk Management Process and Tasks

Five steps to Enterprise Risk Management

Procurement of Goods, Services and Works Policy

Risk Management Framework

KING III CORPORATE GOVERNANCE COMPLIANCE REGISTER

International Diploma in Risk Management Syllabus

Export Development Canada

The University of Adelaide RISK MANAGEMENT HANDBOOK

Principles for An. Effective Risk Appetite Framework

What Every Director. How to get the most from your internal audit. Endorsed by

Health, Safety and Environment Management System

McKINSEY & COMPANY NONPROFIT BOARD SELF ASSESSMENT TOOL OVERVIEW

The New International Standard on the Practice of Risk Management A Comparison of ISO 31000:2009 and the COSO ERM Framework

June 2010 HEALTH, SAFETY, AND ENVIRONMENT MANAGEMENT SYSTEM (HSEMS)

Risk Management Framework

Integrated Risk Management:

Senate. SEN15-P17 11 March Paper Title: Enhancing Information Governance at Loughborough University

Victorian Government Risk Management Framework. March 2015

IMMUNOGEN, INC. CORPORATE GOVERNANCE GUIDELINES OF THE BOARD OF DIRECTORS

Private Certification to Inform Regulatory Risk-Based Oversight: Discussion Document

Birmingham CrossCity Clinical Commissioning Group. Business Continuity Management Policy

Sector Development Ageing, Disability and Home Care Department of Family and Community Services (02)

Transcription:

Policy and Procedure Statement SUBJECT: Enterprise Risk CATEGORY: General Administration NO. 502-G PREAMBLE Risk exists in all activities and cannot be avoided, nor can it always be eliminated. However, the risks taken and accepted on behalf of the Saskatchewan Institute of Applied Science and Technology (SIAST) must be tolerable; therefore, the effective management of risk at all levels of the organization is imperative. The aim is not to eliminate risk, but to manage the risks involved with all SIAST activities, whether strategic or operational in nature, in order to maximize opportunities and minimize the severity of consequences associated with risk events. The SIAST board of directors recognizes that the proper management of risk is an essential capability that must be developed and practiced at all levels throughout SIAST. Consequently, SIAST is committed to building increased awareness and a shared responsibility for risk management with all employees, at all levels throughout the organization, and across all functions and processes, both academic and administrative. This policy is intended to assist in decision-making processes in order to minimize potential losses, improve the management of existing uncertainty, and maximize the approach to new opportunities. This will ensure that SIAST optimizes its available resources in the pursuit of its strategic goals and ongoing operations. Therefore, the guiding vision for this policy is that SIAST s risks fall within acceptable tolerances through the application of a robust enterprise risk management (ERM) program. POLICY 1. It is understood that some level of risk is not only expected in normal everyday activities but can be beneficial when considering opportunities that SIAST may wish to pursue. However, under no circumstances will the acceptance of risk include: a) wilful exposure of students, employees, or others to unsafe environments or activities; b) intentional violation of federal, provincial, or local legislation, bylaws and regulations; c) wilful violation of regulations prescribed by accreditation and/or professional licensing bodies; d) wilful violation of internal policies; e) wilful violation of contractual obligations; or 1 of 5

f) unethical behaviour. 2. SIAST s ERM program will adhere to the following principles: a) Risk management is an integral part of management, not a separate function for specialists. It forms part of strategic and operational planning, academic and operational processes, and applied research project approval procedures. b) Risk management will support and facilitate the achievement of SIAST s strategic, operational and financial objectives by identifying, analyzing, evaluating, treating and monitoring risks on an ongoing basis. c) The ERM program will foster a culture of spreading best practices and expertise acquired from risk management activities across the organization for the collective benefit of the entire organization. Risk management will serve as a valuable integrated and ongoing process to promote a culture of risk management across all areas of SIAST s operations. d) Risk management will seek to prevent or mitigate the impact of losses occasioned by risks, encourage the informed and controlled undertaking of opportunities, while at the same time having regard to SIAST s strategic objectives and operational commitments. e) The formal statement of SIAST s risk tolerance will be reviewed annually. Activities that fall outside these parameters will not be undertaken unless specifically approved by the president and CEO and/or their designate. f) Risk management will include the development and maintenance of a formal registry of key risks, indicators and other data derived from ongoing ERM activities. 3. The success of SIAST is dependent upon achieving its strategic goals. Therefore, the effective management of risk within approved tolerance levels is essential. SIAST accepts that an element of risk exists in almost every activity it undertakes. The critical question in establishing SIAST s risk tolerance is, To what extent is SIAST willing to tolerate risk related to each strategic theme? Risk tolerance is most appropriately considered in terms of a threshold risk score that SIAST and its stakeholders are willing to bear for SIAST s strategic themes and areas of operation any risk that is beyond this tolerance will require further treatment if SIAST is to accept the risk. It is the responsibility of the SIAST board of directors to review and approve these risk tolerances on an annual basis. 4. Ineffective management of risk leads to consequences that SIAST may find to be unacceptable. The categories of consequences that are of strategic concern to SIAST include: a) Academic programs and operations affect ability to carry out the delivery of academic programs or maintain the organization as a going concern. b) Financial and legal affect the financial position of SIAST, compliance with laws and regulations, litigation, conflicts of interest, unethical behaviour, etc. c) Reputational affect reputation, public perception, political issues, etc. d) Health and safety affect student and employee safety, including both physical safety and overall well-being. 2 of 5

e) Competitive position affect SIAST s position within the post-secondary education marketplace. DEFINITIONS The following definitions are used throughout this policy and have been adapted from the ISO Guide 73:2009: 1. Risk the effect of uncertainty on the achievement of objectives 2. Risk management the coordinated policies, procedures and activities to direct and control SIAST with regard to risk 3. Risk owner a person or entity with the accountability and authority to manage a risk 4. Risk registry a record of information about identified risks 5. Risk score identifies the magnitude of a risk and is expressed in terms of the product of likelihood and consequences 6. Risk tolerance readiness to bear a risk, either in its current state with existing controls, or after risk treatment in order to achieve objectives 7. Control a measure that is currently used to modify a risk 8. Treatment process to modify risk if its current controls are ineffective 9. Stakeholder a person or organization that can affect, be affected by, or perceive themselves to be affected by a decision or activity 10. Event an occurrence of, or change in a particular set of circumstances 11. Likelihood the chance of something happening 12. Consequence an outcome of an event that affects the ability to achieve objectives 13. Severity the measure of how acutely the consequences of an event will be experienced PROCEDURES Roles and Responsibilities (both administrative and academic) is responsible to ensure that the elements of risk management are integrated into existing planning, budgeting and operational processes. Specific accountabilities are as follows: 1. SIAST The SIAST board of directors is responsible for: a) approving risk tolerance levels; b) overseeing ERM program of the institution; c) understanding the nature and magnitude of significant risks to which SIAST is exposed; d) reviewing reports on the assessment of risk levels compared to established risk tolerance levels; and 3 of 5

e) annually reviewing risk tolerance levels and strategies to ensure that risk exposures remain appropriate and prudent. 2. Audit Committee The SIAST board of directors audit committee is responsible for: a) reviewing management s identification of the significant risks of the institution in accordance with the ERM policy; b) ensuring there are enterprise risk management processes in place to identify, assess, evaluate, treat and monitor risk exposures; c) ensuring that management has developed and implemented appropriate risk management policies and procedures; d) overseeing the application of ERM practices and the ongoing identification of emerging risks; and, e) reporting and recommending to the board of directors on enterprise risk management as prescribed by the committee s terms of reference. 3. Senior Council Senior management council (SMC) is accountable for strategic and operational risk management within areas under its control, including the delegation of the risk management process to relevant senior managers and supervisory personnel. Collectively, SMC is responsible for: a) the formal identification of strategic and operational risks that impact SIAST s strategic goals; b) determination of risk management priorities; c) development of strategic risk management plans; d) monitoring progress in managing risk; and, e) reviewing the progress of the strategic risk management plan. 4. ERM Steering Committee The ERM steering committee membership consists of senior representatives from both academic and administrative services. The steering committee is responsible for: a) providing input, feedback and guidance on the various components of SIAST s ERM framework; b) reviewing and recommending for approval these same components; c) endorsing and visibly supporting the implementation of the ERM framework throughout SIAST; and, d) ensuring that colleagues actively support ERM within their portfolios. 4 of 5

5. Senior Managers and Supervisory Personnel Senior managers and supervisory personnel are accountable for: a) implementation of this policy within their respective areas of responsibility; b) ownership of risks that fall within their respective areas of responsibility; c) incorporating risk management into their planning processes and management activities; d) actively participating in risk management processes; and, e) reporting on the status of items in the risk register as required when it impacts their respective responsibilities as part of either the annual planning or review cycle. 6. The director, enterprise risk management, is accountable for: a) facilitating the identification, assessment, evaluation and treatment of significant strategic and operational risks; b) facilitating action in those areas where improvements are required; c) developing a risk registry for SIAST that includes relevant and pertinent information about each risk that has been identified and analyzed; d) providing advice on and recommending (as appropriate) risk tolerance levels, best practices, ERM frameworks, policies and other such components relevant to enterprise risk management; and, e) reporting on ERM processes and findings, including the level and direction of risk exposures and extent of risk management activities. The director, enterprise risk management does not hold responsibility for the individual risks on risk registries other than those for which ownership has specifically been assigned. 7. Employees of SIAST All employees of SIAST are responsible for the effective management of risk. This includes the identification, assessment, evaluation and treatment of risks within their realm of responsibilities. RELEVANT POLICIES Relevant policies include, but are not limited to, the following: 1. Policy 504-G Policy Development and Administration 2. Policy 1211 Student Conduct 3. Policy 703 Code of Conduct 5 of 5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information