ENTERPRISE RISK MANAGEMENT ENTERPRISE RISK MANAGEMENT POLICY



Similar documents
CASSOWARY COAST REGIONAL COUNCIL POLICY ENTERPRISE RISK MANAGEMENT

Risk Management Policy AGL Energy Limited

Internal Audit Charter and operating standards

Change Management Process

Audit Committee Charter. St Andrew s Insurance (Australia) Pty Ltd St Andrew s Life Insurance Pty Ltd St Andrew s Australia Services Pty Ltd

Chapter 7 Business Continuity and Risk Management

Gravesham Borough Council

Sources of Federal Government and Employee Information

Professional Leaders/Specialists

CDC UNIFIED PROCESS PRACTICES GUIDE

How To Write An Ehsms Training, Awareness And Competency Procedure

GUIDELINE INFORMATION MANAGEMENT (IM) PROGRAM PLAN

IT CHANGE MANAGEMENT POLICY

A Guide to Risk Management

POLICY 1390 Information Technology Continuity of Business Planning Issued: June 4, 2009 Revised: June 12, 2014

Maintain a balanced budget primarily the General & Park Funds

CDE Data Governance Program - CDE-Specific and SLDS (P20+) Programs

Major capital investment in councils. Good practice checklist for project managers

Information Technology Services. University of Maine System. Version December 20, 2012

Chief Finance and Operations Officer IfM Education and Consultancy Services (IfM ECS)

THE CITY UNIVERSITY OF NEW YORK IDENTITY THEFT PREVENTION PROGRAM

Delaware Performance Appraisal System

Army DCIPS Employee Self-Report of Accomplishments Overview Revised July 2012

AUDIT AND RISK COMMITTEE TERMS OF REFERENCE

Enterprise Risk Management Framework

CMS Eligibility Requirements Checklist for MSSP ACO Participation

Succession Planning & Leadership Development: Your Utility s Bridge to the Future

Training - Quality Manual

E-Business Strategies For a Cmpany s Bard

17 Construction environmental management plan (CEMP)

Business Continuity Management Policy

EJttilb Health. The University of Texas Medical Branch Audit Services. Audit Report. Epic In-Basket Management Audit. Engagement Number

Applying Governance to Data Center Migration Projects

Human Resources Policy pol-020

Appendix H. Annual Risk Assessment and Audit Plan 2013/14

Audit Committee Charter

Equal Pay Audit 2014 Summary

OE PROJECT MANAGEMENT GLOSSARY

UNIVERSITY OF CALIFORNIA MERCED PERFORMANCE MANAGEMENT GUIDELINES

Corporate Standards for data quality and the collation of data for external presentation

Succession management in the Queensland Public Service

Job Profile Data & Reporting Analyst (Grant Fund)

High Level Meeting on National Drought Policy (HMNDP) CICG, Geneva March 2013

KERRY ROGERS, DIRECTOR OF CORPORATE SERVICES/COMPANY SECRETARY

Change Management Process For [Project Name]

The Allstate Foundation Domestic Violence Program 2015 Moving Ahead Financial Empowerment Grant

Request for Resume (RFR) CATS II Master Contract. All Master Contract Provisions Apply

MANITOBA SECURITIES COMMISSION STRATEGIC PLAN

SERVICE DESK TEAM LEADER

CHARTER OF THE COMPENSATION COMMITTEE OF THE BOARD OF DIRECTORS OF UPLAND SOFTWARE, INC.

VACANCY. SENIOR MANAGER: SPECIAL PROJECTS AND STAKEHOLDER MANAGEMENT x1 3 YEAR CONTRACT (WITH A POSSIBILITY OF BEING EXTENDED TO 5 YEARS) JOB LEVEL: 5

ITIL V3 Planning, Protection and Optimization (PPO) Certification Program - 5 Days

SECTION J QUALITY ASSURANCE AND IMPROVEMENT PROGRAM

Research Report. Abstract: The Emerging Intersection Between Big Data and Security Analytics. November 2012

IT CONTROL ENVIRONMENT ASSESSMENT AND RECOMMENDATIONS REPORT

INFRASTRUCTURE TECHNICAL LEAD

The Whole of Government Approach: Models and Tools for EGOV Strategy & Alignment

ITIL Release Control & Validation (RCV) Certification Program - 5 Days

Systems Support - Extended

CHANGE MANAGEMENT STANDARD

ONGOING FEEDBACK AND PERFORMANCE MANAGEMENT. A. Principles and Benefits of Ongoing Feedback

BLUE RIDGE COMMUNITY AND TECHNICAL COLLEGE BOARD OF GOVERNORS

Fraud Prevention Techniques for Higher Education

Purpose Statement. Objectives

COPIES-F.Y.I., INC. Policies and Procedures Data Security Policy

Doctoral Framework Guidelines

Revised October 27, 2011 Page 1 of 6

MSB FINANCIAL CORP. MILLINGTON BANK AUDIT COMMITTEE CHARTER

TO: Chief Executive Officers of all National Banks, Department and Division Heads, and all Examining Personnel

CDC UNIFIED PROCESS PRACTICES GUIDE

Communal Property Institution Capacity Assessment Tool

Process Improvement Center of Excellence Service Proposal Recommendation. Operational Oversight Committee Report Submission

Business Plan

Office of the Superintendent of Financial Institutions. Internal Audit Report. Human Resources Performance Management.

ITIL Service Offerings & Agreement (SOA) Certification Program - 5 Days

Identifying and Using Leadership Competencies to Grow Leaders in Higher Education

Privacy Breach and Complaint Protocol

POSITION DESCRIPTION. Classification Higher Education Worker, Level 7. Responsible to. I.T Manager. The Position

Transcription:

ENTERPRISE RISK MANAGEMENT POLICY Plicy N. 10014 Review Date Octber 1, 2014 Effective Date March 1, 2014 Crss- Respnsibility Vice President, Reference Administratin Apprver Executive Cuncil 1. 1. Plicy Statement 1.1. GPRC is a risk aware institutin fcused n prperly managing its risks while pursuing pprtunities t enhance the value f the Cllege. All GPRC emplyees are respnsible fr managing risk as part f their daily respnsibilities and the Cllege has implemented a frmal prgram t guide the identificatin, assessment, treatment, mnitring and reprting f risks acrss the Cllege. 2. Backgrund 2.1. Enterprise Risk Management ( ERM ) is a prcess, prmted by the Bard f Gvernrs, management and ther persnnel and applied in strategy setting and business planning acrss the Cllege. This Plicy is a statement f cmmitment by the Cllege t ensure the intrductin, adptin and implementatin f an effective risk management prgram. 2.2. ERM activities frm an integral part f the Cllege s bjective setting prcess. It supprts and imprves the decisin-making, planning and priritizatin prcesses t ensure apprpriate actin is undertaken t cntinually address risks. ERM is an nging, practive and dynamic prcess t identify, assess, manage and cmmunicate risks that may impact bjectives t meet the verall strategic gals f the rganizatin. 2.3. ERM will assist the Cllege in attaining its gals while aviding pitfalls and surprises alng the way. It invlves emplyees at every level f the institutin and requires the develpment f a risk prfile acrss the entire rganizatin. ERM enhances GPRC s ability t achieve its missin and visin and imprves the allcatin f resurces acrss the Cllege. This Plicy sets ut the structure f hw ERM is t be carried ut and is intended t perate in cnjunctin with all ther plicies and strategies f the Cllege. While GPRC s fcus is t ensure ERM is frmally established at the strategic, enterprise-wide level; the cncepts cntained within this Plicy and the Guidelines in Appendix A may be applied at any stage in the life f a plicy, prcess, prject, r activity; in initial planning; and in the evaluatin f ptins. It can als be applied at all levels / business units f GPRC. 3. Plicy Objective 3.1. The bjectives f this plicy are t: Build increased awareness and establish institutinal respnsibility fr risk management acrss all levels and departments f the Cllege Establish prtcls fr the identificatin, assessment, management, reprting and gvernance f risks Supprt the prcess f reprting n all risks t key decisin makers within the Cllege 1

4. Scpe Supprt the culture f risk management thrughut the Cllege. 4.1. This plicy applies t all emplyees acrss all departments and activities f the Cllege, including academic, research, administratin and supprt activities. Its applicatin als applies t the Bard f Gvernrs. 5. Definitins 5.1. Cnsequence is the utcme f an event affecting gals. Cnsequence is usually expressed qualitatively r quantitatively as being a lss, injury, disadvantage r gain. There may be a range f pssible utcmes assciated with an event. 5.2. Cntrl is a measure that is mdifying risk. Cntrls include any prcess, plicy, device, practice, r actins which mdify risk. 5.3. Enterprise Risk Management see definitin fr Risk Management 5.4. Gvernance means prcesses by which a business / perating unit is directed, cntrlled and held t accunt. It encmpasses authrity, accuntability, stewardship, leadership, directin and cntrl exercised in the Cllege. 5.5. Inherent Risk is the risk prir t apply a risk treatment. 5.6. Likelihd is the chance f smething happening. Likelihd is usually expressed in terms f prbability r frequency. 5.7. Residual Risk is the risk remaining after risk treatment. 5.8. Risk is the effect f uncertainty n gals. An effect is a deviatin frm the expected, either psitive r negative. 5.9. Risk Analysis is the prcess t cmprehend the nature f risk and t determine the level f risk. Risk analysis prvides the basis fr risk evaluatin and decisins abut risk treatment. 5.10. Risk Appetite is the amunt and type f risk that an rganizatin is willing t pursue r retain. 5.11. Risk Assessment is the verall prcess f risk identificatin, risk analysis and risk evaluatin. 5.12. Risk Evaluatin is the prcess f cmparing the results f risk analysis with risk criteria t determine whether the risk and/r its magnitude are acceptable r tlerable. Risk evaluatin assists in the decisin abut risk treatment. 5.13. Risk Identificatin is the prcess f finding, recgnizing and describing risks. Risk identificatin invlves the identificatin f risk surces, events, their causes and their ptential cnsequences. 5.14. Risk Management is the crdinated activities t direct and cntrl an rganizatin with regard t risk. 5.15. Risk Management Framewrk is a set f cmpnents that prvide the fundatins and rganizatinal arrangements fr designing, implementing, mnitring, reviewing, and cntinually imprving risk management thrughut the Cllege. 5.16. Risk Mitigatin Strategy is a cntrl, plicy, prcedure, technlgy initiative and / r adjustment made t enhance the human resurce cmplement f the GPRC team (e.g. rle changes, training, hiring, successin planning, etc.) in rder t enhance the management f a particular risk. 5.17. Risk Tlerance is the Cllege s r stakehlder s readiness t bear the risk after risk treatment in rder t achieve its gals. 2

5.18. Risk Treatment Strategy is the prcess t mdify risk. This invlves the selectin and implementatin f apprpriate ptins fr dealing with risk, which may include: Aviding the risk Taking/increasing risk in rder t pursue an pprtunity Remving the risk surce Changing the likelihd Changing the cnsequence Sharing the risk with anther party r parties Retaining the risk by infrmed decisin. 6. Guiding Principles Risk Appetite 6.1. The Cllege s risk appetite shuld be established and cnfirmed annually by the President. 7. Guiding Principles ERM Prcesses 7.1. The Cllege s shuld undertake cmprehensive quarterly risk reviews, as part f the prcess t address risks assciated with strategic plans, preparing peratinal plans and budgets, making general decisins, and as a part f ther management systems. These risk reviews will refresh the reprting t management and the Bard and ensure a cmmn understanding f existing and emerging risks exist, alng with the implementatin f apprpriate risk treatment and management strategies. 7.2. ERM prcesses refer t the activities that include: Risk Identificatin - the bjective f risk identificatin is t develp a cnsistent and sustainable apprach t identify risks that culd impact the Cllege s ability t achieve its strategic bjectives. Accrdingly, the Cllege will cmplete a cmprehensive risk identificatin exercise annually in cnjunctin with its strategic planning prcess t identify key risks that may impede it frm achieving each f its strategic bjectives. Using these risks, the Cllege will then cntinue thrugh the fllwing steps f risk assessment, risk mitigatin and cntrl, as well as mnitring and reprting f the risks. Risk Analysis and Evaluatin the risk analysis and evaluatin prcess prvides a standard and cnsistent apprach t understanding the likelihd and cnsequence f ptential risks t the Cllege. During this prcess, risks with an adverse ptential impact t the Cllege s strategic and peratinal plans shuld be examined acrss the institutin as a whle and shuld be assessed frm tw perspectives likelihd f ccurrence and the cnsequence shuld the risk ccur. In additin, the risks shuld als be evaluated in the absence f cntrls (i.e. inherent risk) and in cnsideratin f the cntrls that are in place (i.e. residual risk). Bradly defined, a cntrl is a measure that mdifies risk. Cntrls include any prcess, plicy, device, practice, r actins which mdify risk. Evaluating bth the inherent and residual risks will serve either t demnstrate the imprtance f existing cntrls and will justify their cntinuatin, r t identify thse cntrls which are n lnger necessary r cst-effective. This als identifies the significance f risks shuld the cntrls fail. Upn the cmpletin f the risk analysis and evaluatin, the Cllege will have a priritized set f risks based n the residual risk evaluatin. Risk Treatment - Having evaluated the residual risk level f each risk, GPRC will develp frmal risk treatments fr any risks exceeding the risk appetite f the Cllege (i.e. range r 3

red risks; risks with a final rating f 8 r greater). Risk treatments may include ne r mre f the fllwing ptins: Aviding the risk Taking/increasing risk in rder t pursue an pprtunity Remving the risk surce Changing the likelihd Changing the cnsequence Sharing the risk with anther party r parties Retaining the risk by infrmed decisin. Fr risks that have a risk rating f extreme r high (i.e. range r red risks; risks with a final rating f 8 r greater) and fr which the risk treatment strategy is ne f: avid the risk, take / increase the risk, remve the risk surce, change the likelihd / cnsequence, r share the risk, a risk mitigatin plan shuld be develped. Risk mitigatin invlves identifying the range f ptins fr respnding t risk, assessing thse ptins, preparing risk mitigatin plans and implementing them. A risk mitigatin plan is cmprised f ne r mre risk mitigatin strategies t reduce the residual risk t an acceptable level f risk within GPRC s risk appetite. As part f determining the risk treatment and risk mitigatin plan, respnsibility fr the management f each f the risks (regardless f its residual risk rating) will als be assigned t departmental r functinal units f the Cllege. These departmental r functinal units wn the risks and it is their respnsibility t manage them, as well as identify and escalate new / emerging risks. Risk Mnitring and Review - mnitring and review is a prcess that assesses the effectiveness f GPRC s ERM Prgram ver a perid f time. The prcess fr mnitring GPRC s ERM Prgram will include: Regular Risk Reprting: Reprts n emerging / new and existing risks, as well as the respective risk treatments and risk mitigatin plans are prvided t the Risk Management Advisry Cmmittee n a quarterly basis. In additin, the Executive Team and the Bard receive summary risk reprts n a semi-annual and quarterly basis, respectively. Risk Escalatin Prcess: During the curse f day-t-day business, new risks may be identified which culd negatively impact the achievement f GPRC s gals. As GPRC emplyees identify new risks, they shuld be brught t the attentin f their immediate supervisr r the VP, Dean, Directr r Department Head f the respective business / perating unit f GPRC. The supervisr, VP, Dean, Directr r Department Head shuld assess the inherent risk, review existing cntrl and calculate residual risk all f which shuld be dcumented in the detailed risk plans and risk register fr GPRC. Cmmunicatin and Training - in additin t risk reprting, varius mechanisms, such as awareness campaigns r training / educatin sessins, shuld be develped t ensure that cmmunicatin is effective and reaches every emplyee thrughut GPRC. All persnnel shuld receive a clear message frm the President and Executive Team that risk management respnsibilities must be taken seriusly and are an bligatin f all emplyees within the Cllege. 4

In additin, sufficient time and resurces shuld be allcated t ensure that emplyees are prperly infrmed and trained. Emplyees shuld be educated n varius cmpnents f the ERM Prgram, depending n their risk management respnsibilities. 8. Guiding Principles Risk Universe 8.1. The enterprise risks that will be cvered under this Plicy (cllectively referred t as the risk universe ) include: Strategic and Gvernance Relatinships, Reputatin and Culture Academic Prgram (includes Students) Asset Management Peple Operatins Financial Management and Reprting (includes Business Envirnment) Technlgy and Infrmatin Systems Regulatry Cmpliance and Standards Health, Safety and Security Envirnmental Prperty and Buildings Prject Management, Suppliers and Cntractrs 8.2. This ERM Plicy serves as an umbrella Plicy fr individual risk management plicies that exist fr each f the abve areas. In additin, Appendix D f the Guidelines cntained as an Appendix t this Plicy prvides an illustratin f the Cllege s risk universe. 9. Rles and Respnsibilities The respnsibility fr ERM lies with all levels f Cllege. Rles and respnsibilities fr each level f the Cllege must be clearly articulated t ensure successful undertaking f risk management practices. A sund risk management rganizatin and assciated practices will supprt Cllege staff in mre readily accepting the culture f risk management as part f their daily activity. 5

9.1. An ERM rganizatinal structure is shwn belw. Specific rles and respnsibilities f each grup fllws. Bard f Gvernrs President and CEO ERM versight Executive Team Risk Management Advisry Cmmittee Fairview Campus Principal VP Academics and Research VP External Relatins and Cmmunity Relatins VP Administratin Respnsible fr ERM implementatin and management f risks Department X Department X Department X Office f Enterprise Risk Management Drives ERM implementatin 9.2. The rles and respnsibilities f thse individuals / business units identified abve are as fllws. In additin, the table belw als utlines the respective respnsibilities f the VP Administratin, Dean, Directrs and Department Heads respnsible fr implementing ERM. STAKEHOLDER Bard f Gvernrs President & CEO RESPONSIBILITIES The Bard f Gvernrs supprts Enterprise Risk Management ( ERM ) by: Prviding risk management philsphy directin Being aware f and cncurring with the Cllege s risk appetite Understanding the Cllege s mst significant risks and whether the President & CEO is respnding apprpriately. The President and CEO is respnsible fr ensuring a rbust envirnment which facilitates sund and prudent risk taking and risk managing activities and: Establishes effective ERM in the rganizatin Understands the Cllege s mst significant risks and ensure these risks are being mnitred and mitigated as necessary 6

STAKEHOLDER Executive Team Vice President Administratin RESPONSIBILITIES Prvides risk reprting t the Bard f Gvernrs related t the Cllege s mst significant risks Ensures risks are fully cnsidered in the develpment f lng-term strategies and plans fr the Cllege. The President and the Executive Team are respnsible fr the effective management f risk fr the Cllege as a whle. The Executive Team: Prvides leadership and guidance fr the Cllege with respect t the ERM Prgram Sets the Cllege s risk appetite and risk tlerance limits Apprves guidelines and plicies fr the identificatin, assessment, management and mnitring risks Mnitrs status, effectiveness and cmpleteness f risk identificatin and risk mitigatin activities Mnitrs effectiveness f the Cllege ERM Prgram and Guidelines Reviews the Cllege s prtfli view f risk and cnsiders it against the Cllege s risk appetite Advcates and ensures the integratin f risk management int strategy and gal setting, nging measurement prcesses, and key decisin-making Develps and prvides a strng envirnment t facilitate sund and prudent risk taking and risk managing activities Reviews and apprves risk infrmatin prir t reprting t the Bard f Gvernrs Prmtes high ethical and integrity standards and establishes a culture within the Cllege that emphasizes t all levels f persnnel the imprtance f risk management Ensures that apprpriate risk treatment and respnse strategies are selected in view f Cllege s risk appetite and risk tlerance limits. The Vice President Administratin has verall wnership f the ERM Prgram and is respnsible fr develping, crdinating and facilitating implementatin f the ERM Prgram and Guidelines, which includes: Establishing ERM plicies, including defining rles and respnsibilities and participating in setting gals fr implementatin Establishing a cmmn risk management language that includes cmmn measures arund likelihd and impact, and cmmn risk categries Establishing prcesses, prcedures and tls fr the identificatin, assessment, measurement, management and mnitring f business risks 7

STAKEHOLDER Risk Management Advisry Cmmittee Deans, Directrs and Department Heads RESPONSIBILITIES Framing authrity and accuntability fr ERM in Departments Prmting an ERM cmpetence thrughut the Cllege including facilitating develpment f technical ERM expertise Overseeing develpment f Departmental/Functinal Unit risk tlerance limits Assisting Deans, Directrs and Department Heads in aligning risk respnses with the Cllege s risk tlerance limits and develping apprpriate cntrls Facilitating develpment f reprting prtcls and mnitring the reprting prcess Prviding infrmatin t the President & CEO t reprt t the Bard f Gvernrs n prgress and exceptins and recmmending actins as needed Reviewing and implementing actins t address ERM Prgram deficiencies and enhancements. This Cmmittee validates the risk register prvided thrugh the Office f Enterprise Risk Management and reviews risks and pprtunities fr cnsideratin by the Executive Team, including: Overseeing risk by apprving prcesses, prcedures and tls fr the identificatin, assessment, measurement, management and mnitring f Cllege-wide risks Acting as subject matter experts, participating in educatin, training, cmmunicatin, and awareness building f ERM at GPRC Assist in addressing functinal, cultural, and departmental barriers t managing risks Facilitating the develpment f prcesses t supprt reprting prtcls and escalatin f risks Establishing ERM plicies including defining rles / respnsibilities and setting gals fr implementatin fr apprval by the Executive Team Reprting quarterly t Executive Team n the Cllege s risk prfile Meeting quarterly t validate risk treatments / risk mitigatin strategies n existing and newly identified risks Making recmmendatins t the Executive Team regarding which risks r pprtunities significantly impact the Cllege s strategic gals t warrant develpment f enterprise-level risk treatments / mitigatin strategies t manage thse risks r pprtunities. Deans, Directrs and Department Heads retain authrity and respnsibility fr day-t-day management and reprting f risks within their area f respnsibility, including: 8

STAKEHOLDER Office f Enterprise Risk Management RESPONSIBILITIES Ensuring executin f risk management guidelines fr the respective Department/Schl. Identifying and assessing risks that affect their area f respnsibility Overseeing develpment f Department/Schl bjectives and tlerance limits fr Department risks Supprt the develpment and implementatin f detailed risk tlerance limits Mnitring activities against apprved risk targets and tlerance limits, reprting instances where risks exceed tlerance limits and recmmending crrective actin where apprpriate Reprting status f Department / Schl risks n a regular basis Maintaining adequate dcumentatin that risks and pprtunities are prperly identified, assessed, managed and mnitred Ensuring risk standards, measures and methdlgies are cnsistently applied Facilitating risk management training in cnjunctin with the Office f Enterprise Risk Management. The Office f Enterprise Risk Management assists the Vice President Administratin with the develpment and rll-ut f the ERM Prgram. The Office f Enterprise Risk Management als prvides assistance t the Dean, Directrs and Department Heads and prvides technical expertise where required, including but nt limited t: Develping ERM plicies fr apprval, including defining rles and respnsibilities and participating in setting gals fr implementatin Develping a cmmn risk management language fr apprval, that includes cmmn measures arund likelihd and impact, and cmmn risk categries Develping fr apprval prcesses, prcedures and tls fr the identificatin, assessment, measurement, management and mnitring f business risks Facilitating develpment f technical ERM expertise Assisting Deans, Directrs and Department Heads t align risk respnses with Cllege s risk tlerance limits and develping apprpriate cntrls Facilitating develpment f reprting prtcls and mnitring the reprting prcess Reprting t the Vice President Administratin n prgress and exceptins and recmmending actins as needed Implementing actins t address ERM Prgram deficiencies and 9

STAKEHOLDER ERM Participants (All Cllege Emplyees) RESPONSIBILITIES enhancements Executing risk management activities in accrdance with the ERM Prgram and Guidelines and the directin f their respective Dean, Directr r Department Head. 10. Exceptins t the Plicy 10.1. N exceptins are permitted t this Plicy. 11. Amendments (Revisin Histry) 11.1. Amendments t this Plicy will be published frm time t tie and circulated t the Cllege Cmmunity. 10

Appendix A ERM Guidelines 11

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information