We use cookies on this site to enhance your experience.
By selecting “Accept” and continuing to use this website, you consent to the use of cookies.
5.16 Enterprise Risk Management Policy
This online version is for convenience; the official version of this policy is housed in the University Secretariat. In case of discrepancy between the online version and the official version held by the Secretariat, the official version shall prevail.
Approving Authority: Board of Governors
Original Approval Date: June 25, 2015
Date of Most Recent Review/Revision: April 21, 2022
Office of Accountability: Vice President Finance & Administration
Administrative Responsibility: Enterprise Risk and Insurance Office
1.00 Purpose
1.01 Wilfrid Laurier University (Laurier or University) is commitment to thoughtful consideration and integration of Risk into the culture and strategic planning processes of the University that support decision-making and resource allocation to achieve the University’s strategic goals. This Enterprise Risk Management (ERM) policy sets the foundation of the ERM framework to be implemented at the University.
1.02 This ERM policy complements other University internal controls and incorporates a consistent approach to risk management that supports the University’s governance responsibilities for responsible risk-taking and policy development.
Definitions
2.01 Accountable Risk Leader: the Risk owner who is primarily accountable for the effective management of a specific Risk or Risk category.
2.02 Delegated Risk Leader: the most senior operational leader responsible for the direction, activities and budget of an operational unit.
2.03 Enterprise Risk Management Framework: the organizational structure for designing, applying, monitoring and continually improving the Enterprise Risk Management processes throughout the organization in support of the University’s strategy, goals and objectives.
2.04 Enterprise Risk Management Program: includes the policy, framework and processes that support enterprise risk management at the University.
2.05 Enterprise Risk Management: the planned and systematic approach to the identification, evaluation, and control of uncertainties to maximize opportunities and minimize losses related to the University’s strategic goals.
2.06 Insurance: A risk treatment option that transfers the potential financial consequences of certain specified loss exposures from the insured to the insurer.
2.07 Risk Appetite: The amount and type of Risk the University is willing to pursue or retain to meet its strategic objectives.
2.08 Risk Management: the coordinated activities to identify, assess and respond to risk.
2.09 Risk Tolerance: the willingness to accept or reject a given level of Risk aligned with the overall risk appetite. Risk tolerance may be different for different risks and will inform the University’s approach to assessing and treating risk.
2.10 Risk: the potential for loss or the diminished opportunity for gain caused by factors that can affect the ability to achieve an administrative, academic, operational, or strategic objective or desired outcome.
3.00 Jurisdiction/Scope
3.00 This policy applies to all activities, processes, policies, procedures, individuals and property that comprise Wilfrid Laurier University.
4.00 Policy
4.01 Laurier recognizes that risk and opportunity exist in all university activities. Laurier will seek to embed effective ERM processes within the management and planning activities across the University through the implementation of an ERM framework.
4.02 Laurier will support a systematic approach to identifying, evaluating and implementing effective controls to avoid, mitigate or manage Risks in support of university activities. Risks and opportunities will be identified and managed within acceptable Risk Tolerances.
4.03 The University has a responsibility to manage the negative effects of any unanticipated events that impinge on its, or its officer’s ability, to conduct normal operations. Laurier recognizes that insurance is an effective risk treatment option to reduce the University’s financial exposure and will use insurance, as necessary, to transfer the assessed risk of the financial consequences of unanticipated events. In this way, normal operations following an event can be restored as soon as possible, while minimizing financial consequences to the University.
5.00 Roles and Responsibilities
5.01 The Board of Governors is responsible for oversight of the ERM Program to ensure that it is used to achieve the strategic objectives of the University.
5.02 Within the Board of Governors, the Audit, Risk and Compliance Committee is responsible for supporting the effective implementation of ERM and mitigation strategies.
5.03 The University’s Office of Internal Audit provides independent review and testing of internal controls and Risk Management processes through a comprehensive, Risk-based internal audit plan.
5.04 The Executive Leadership Team (ELT) is comprised of the President, Vice-Presidents or equivalent, and other senior executives as designated by the President. ELT members are the Accountable Risk Leaders in their respective administrative areas and are responsible for embedding ERM within the strategic and operational management processes of the University.
5.05 The Enterprise Risk Management Committee (ERMC) is comprised of Delegated Risk Leaders who lead the risk assessment and reporting processes across the University and support the ongoing maintenance and promotion of the ERM program.
5.06 Academic and administrative leaders are responsible for implementing Risk Management processes and maintaining appropriate internal controls that support the effective management of Risk.
5.07 All employees at Laurier are responsible for the effective management of Risk including the identification and disclosure of potential or emerging Risks.
5.08 Administration of the ERM program is delegated to the Enterprise Risk and Insurance Office, which will report to the Audit, Risk and Compliance Committee quarterly on the University’s Enterprise Risk Management activities. The Enterprise Risk and Insurance Office also has primary responsibility for ensuring the sufficiency and suitability of the University’s insurance portfolio and shall report annually on the University’s insurance coverage and Enterprise Risk Management activities to the Audit, Risk & Compliance Committee.
Related Policies, Procedures and Documents
- Enterprise Risk Management Framework
- Enterprise Risk and Insurance Processes
- Audit, Risk and Compliance Committee Terms of Reference
- Enterprise Risk Management Committee Terms of Reference