The ERM process consists of:
- Identifying major activities, processes, and functions after reviewing missions, goals, and objectives.
- Categorizing and prioritizing the major activities.
- Identifying and assessing risks and building risks portfolios.
- Receive input from representatives within the University.
- Prioritize and rank those risks identified as to potential impact and probability of occurrence while considering the day-to-day activities to control risk.
- Identifying risk mitigation strategies.
- Review mitigating activities performed for all risks while focusing on how we deal with those risks ranked highest.
- Review mitigation where two or more parties (groups) are identified as responsible.
- Evaluate the effectiveness of current mitigation and identify any gaps.
- Evaluate whether resources and mitigating strategies are appropriately allocated based on the level of risk and desired level of effectiveness.
- Review the monitoring and executive management reporting.
- Identify who is responsible for monitoring that the mitigating activity is effectively managing the risk and being performed as planned.
Additionally, the process will involve performing status/follow-up reviews.
- Review executive management reporting and communication.
- Assess the efficiency and effectiveness of mitigation, monitoring, and communication.