ERM Process

ERMProcess DiagramThe ERM process consists of:

  1. Identifying major activities, processes, and functions after reviewing missions, goals, and objectives.
    1. Categorizing and prioritizing the major activities.
  2. Identifying and assessing risks and building risks portfolios.
    1. Receive input from representatives within the University.
    2. Prioritize and rank those risks identified as to potential impact and probability of occurrence while considering the day-to-day activities to control risk.
  3. Identifying risk mitigation strategies.
    1. Review mitigating activities performed for all risks while focusing on how we deal with those risks ranked highest.
    2. Review mitigation where two or more parties (groups) are identified as responsible.
    3. Evaluate the effectiveness of current mitigation and identify any gaps.
    4. Evaluate whether resources and mitigating strategies are appropriately allocated based on the level of risk and desired level of effectiveness.
  4. Review the monitoring and executive management reporting.
    1. Identify who is responsible for monitoring that the mitigating activity is effectively managing the risk and being performed as planned.

Additionally, the process will involve performing status/follow-up reviews.

  1. Review executive management reporting and communication.
  2. Assess the efficiency and effectiveness of mitigation, monitoring, and communication.