Enterprise risk management (ERM) is a comprehensive, organization-wide practice to identify, assess, and manage potential risks while seizing opportunities so an organization can achieve its strategic goals. UO's ERM program takes this practice and applies it to the university's mission and strategic objectives.
Strategic Enterprise Risk Management and Compliance Committee
The program is overseen by the Strategic Enterprise Risk Management and Compliance (SERMC) committee. The committee is made up of the university's senior leadership, namely vice presidents and chief executives, and they come together to evaluate institutional risk exposures and develop mitigation recommendations. These risk owners raise awareness and highlight opportunities to minimize risk in their areas, review and prioritize the university's top risks, and provide accountability to ensure risk management is integrated into daily activities within the university's risk appetite. The advisory committee reports to the university president and gives an annual update to the Board of Trustees.
The presidential charge to the SERMC committee is:
- Develop tools and processes to actively identify, evaluate, and manage university risks that could impact the university's operations and mission.
- Ensure systems and processes are in place to provide accountability for compliance with the university's legal and policy obligations.
- Encourage communication, problem-solving, and collaboration across divisions, units, and departments.
SERMC Approach
The SERMC committee has work groups to better address current or emerging risks, particularly those that have impacts shared by multiple risk owner areas.
- Limited duration work groups have a specific charge to assess gaps or unmitigated risk exposures and make recommendations for next steps.
- Committees and team reports address ongoing risk or safety issues on campus, some of which are regulatory and required by law.
Both work groups and committees are composed of inter-departmental staff with expertise, knowledge, or responsibilities related to the risk exposure they are charged with assessing, monitoring, or mitigating. This approach forges networks and relationships that are critical to leveraging the university's knowledge, expertise, and problem-solving skills to address complex and intertwined risk and safety issues.
Regular Reports from Committees
The following committees and teams provide periodic updates to SERMC on risk exposures and mitigation efforts they are monitoring.
- Incident Management Team
- Campus Vulnerability Assessment Team
- Behavioral Evaluation and Threat Assessment Team
- Data Security Incident Response Team
- HIPAA Privacy Committee
- National Security and Research Committee
- Information and Communication Technologies Accessibility Committee
- Safety Advisory Committee
- Radiation Safety Advisory Committee
- Institutional Biosafety Committee
- Laboratory Safety Committee
- Payment Card Industry Team
- Red Flags Team