Rutgers Enterprise Risk Management Program

Enterprise Risk Management is defined as "a process, effected by an entity's board of directors, management and other personnel, applied in strategy-setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objects." (as defined by the Committee of Sponsoring Organizations). At Rutgers, we practice ERM to understand, prioritize, and develop action plans. Our approach enables management to work collaboratively to identify, assess, and manage existing and future risks that are integrated across all Rutgers' campuses.

Rutgers ERM program operates on a 3-tiered structure. At the top of the structure is the ERM Council, comprised of executive level management, and co-chaired by the Chief Risk and Compliance Officer and the General Counsel. The ERM Council serves as an integral component of Rutgers' operations in order to maximize opportunities and minimize setbacks to the University's mission, strategy and objectives. Its' role will help the University define its risk appetite and tolerance levels, and respond effectively when a significant event occurs.

The core of the ERM program is the ERM Steering Committee. This committee serves as the core working group for the ERM process by assessing the prioritizing the top risks to the university. The Committee is also tasked with assigning the critical risks to a risk owner and a risk management process owner. Finally, the foundation of the Rutgers ERM process is the 10 local ERM committees. The local committees are centered around 10 risk areas: Academics, Research, Information Technology, Healthcare, Athletics, Student Affairs, Human Resources, Public Safety, Facilities, and Finance. Each local ERM Committee convenes to provide the Steering Committee a list of relevant risks to the university. The Steering Committee then prioritizes these risks and ranks them by frequency and severity. We will then focus our attention on the "Top 25" risks and assign responsibility to an individual to overseeing management of each risk. These key risks will then be reviewed with the ERM Council at Rutgers "risk hearings." The process is succinct, simple, and effective.

Ultimately, this process serves to apprise Rutgers' leaders of emerging university-wide issues and to provide the necessary action plans to address them. This process hopes to break down the silos and establish a university-wide system to recognize potential problems and to take appropriate steps to mitigate and resolve them before they become actual problems.