Enterprise Risk Management

Enterprise Risk Management (ERM) is a structured, consistent and continuous process across the whole organization for identifying, assessing, deciding on response to, and reporting on threats and opportunities that affect the achievement of its objectives.” - From the Institute of Internal Auditors (IIA).

Enterprise Risk Management is designed to measure an institution's achievement of four primary objectives:

  • Strategic - high-level goals, aligned with and supporting its mission
  • Operations - effective and efficient use of its resources
  • Reporting - reliability of financial and regulatory reporting
  • Compliance - compliance with applicable laws and regulations

Why is ERM relevant in the higher education environment?

Like organizations within the private sector, Virginia State University operates in an inherently risky environment. Risks can include financial risk, operating risk, strategic risk, regulatory risk, environmental risk, and political risk among others. Managing this range of risks is especially important to help ensure the university can continue to serve the university's faculty, staff, students and the citizens of the Commonwealth of Virginia. Strategically managing risk can reduce the chance of loss, create greater financial stability, and protect resources to enable the University to continue our mission of “Building a Better World”.

Links to information on enterprise Risk Management (ERM)