Enterprise Risk Management (ERM) focuses on managing the uncertainty that exists around the achievement of enterprise-wide strategic objectives, and ensuring the long-term sustainability of the organization itself.
Enterprise Risk Management (ERM) at Indiana University is:
- A discipline and mindset,
- Currently applied by Risk Owners and Subject Matter Experts and eventually to be embedded throughout the university,
- Which improves decision making by more closely linking objectives to risk and opportunity in a more formal and structured manner, and
- Provides reasonable assurance to executive management and the Board of Trustees that the university will achieve its mission and key objectives.
WHAT is an enterprise risk?
An enterprise risk is any potential event, condition, circumstance, threat, or action that could substantially impair the university’s ability to achieve its key objectives, execute its strategies, or pursue strategic opportunities.
HOW does IU manage enterprise risks?
Using a systematic, coordinated, and disciplined set of processes and tools within an organizational structure, Enterprise Risk Management (ERM) enables proactive and ongoing identification, assessment, and prioritization of the major risks associated with the university’s key objectives; development, implementation, and monitoring of risk mitigation activities; and consideration of ways to turn risks into opportunities.
WHY did IU establish an ERM program?
To provide reasonable assurance to executive management and the Board of Trustees that Indiana University is more likely to achieve its mission and key objectives due to increased knowledge of risks when strategy setting, increased attention to managing both the negative and positive effects of major risks, and increased maturity of response when damaging things do happen.
While the IU Program’s activities are applied across the enterprise, they focus only on an entity-level view of risk, known as a “top-down” approach.