Enterprise Risk Management
Overview
Georgetown University utilizes an enterprise risk management (ERM) process to enhance the University’s ability to identify, understand and manage institutional risks. The ERM process assists executive management and the Board of Directors in understanding what the most critical institutional risks are in order to ensure that risks are managed effectively and that resources are allocated appropriately.
The ERM Executive Committee is chaired by the President and includes the Senior Vice President & Chief Operating Officer, Provost, Executive Vice President of the Law Center, Executive Vice President of the Medical Center and the Vice President and General Counsel (ex officio).
- The ERM Executive Committee is responsible for identifying the strategic risks facing the University as a whole, and assuring that both strategic risks and financial, compliance and operational risks across the University are being effectively managed.
- Strategic risks and mitigation strategies are assessed annually and reported to the full Board of Directors.
- The ERM Executive Committee approves the annual risk management process and presents it to the Audit Committee of the Board for approval.
Management conducts individual risk assessments for finance, compliance and seven operational risk areas (Academic/Research, Facilities, International, Human Resources, Athletics, Information Technology, and Student Affairs).
- The relevant Vice President for each
area convenes University leaders to perform a risk assessment to identify the top
risks in their area and identify risk mitigation strategies.
- Finance and Compliance assessments are performed annually.
- Operational risk assessments are performed every two years.
- The resulting risk heat maps and
mitigation plans from the individual assessments are presented to the ERM
Executive Committee and inform Board Committee agendas.
- Financial risks are reported annually to the Finance & Administration Committee of the Board by the Chief Financial Officer
- Compliance risks will be reported annually to the Audit Committee of the Board by the Associate Vice President for Compliance.
- Operational risks may be reported to the relevant Board Committees by the relevant Vice Presidents.
- Urgent risks that arise in between board meetings are reported up pursuant to the Board Reporting Up Policy.