1-108 Enterprise Risk Management

College Policies

Enterprise Risk Management

Policy ID: #1-108
Manual Classification: 1 – College Policies
Approved by Board of Governors: October 25, 2017
Effective Date: November 1, 2017
Last Policy Review Date: November 1, 2018
Revision Date: N/A
Administrative Contact for Policy Interpretation Vice-President Finance and Administration
Linked to an Operating Procedure In development

Policy Statement

This policy is a statement of commitment by the College to the introduction, adoption and implementation of formal risk management throughout the College.


Enterprise Risk Management (ERM) is a process to gather, assess and report on risk. ERM activities will form an integral part of College planning and operations. ERM supports and improves the decision-making, planning and prioritization processes by ensuring that risk is continually assessed and addressed. ERM is a continuous, proactive and dynamic process to identify, assess, manage and communicate risks that may impact the achievement of the strategic goals of the organization.
ERM will assist the College in attaining its goals, helping to avoid pitfalls and surprises along the way. It involves employees at every level of the institution and requires the development of risk profiles across the entire organization. This Policy sets out the structure of how ERM is to be carried out and is intended to operate in conjunction with all other policies and strategies of the College.


This policy applies to all members of the College community. Also refer to “Responsibilities” listed the “General Principles” section.

Definitions / Acronyms

Risk: an event, trend or course of action that will have either a positive or negative effect on an institution’s ability to meet its strategic or operational objectives.

Enterprise Risk Management (ERM): the framework to identify, assess and manage risks. It provides the methodology for integrating risk into decision-making.

Risk Analysis: the process of determining the likelihood of a particular event, trend or course of action occurring and the impact on operational or strategic objectives if it does.

Risk Register: a list of identified enterprise risks which documents the risk analysis, risk scores, risk treatments, risk owner, results of risk treatments and status of each risk.

Risk Appetite: Establishes the boundaries for the broad risk taking activities of the organization.

Risk Tolerance Statements: describes the level of risk the College is willing to accept in relation to a threat that may cause loss or an opportunity in the day-to-day business activities.

Risk Treatment or Risk Control: the measures used to modify the risk to fall within the College’s identified risk tolerance for that risk. Options include accept, mitigate, transfer or avoid the event, trend or course the action.

College Community: includes, without limitation, employees, volunteer board members, students, and any person acting on behalf of or at the request of the College.

General Principles

1. Fleming College engages in a wide range of activities, both on and off campus, all of which give rise to some level of risk. Fleming College will:

1.1. embed risk management into the culture and operations of the College;
1.2. integrate risk management into strategic planning, operational planning, performance management and resource allocation decisions;
1.3. manage risk to enable the realization of opportunities that support the strategic direction of the College;
1.4. regularly review the College risk register and the effectiveness of risk treatments in addressing the institutional environment and the achievement of the College strategic plan;
1.5. anticipate and respond through appropriate risk management actions to changing social, environmental and legislative requirements.

2. The College will establish a Risk Leadership Committee sponsored by the Vice-President Finance and Administration, reporting to the Executive Leaders Team to oversee implementation of the Fleming College Enterprise Risk Management Program.


1. All employees have responsibility for adhering to internal controls and managing risk. Everyone shall be aware of the risks that are present in their activities.

2. The Board of Governors is responsible for providing the general oversight of the Enterprise Risk Management Program. The Board will be aware of critical risks to the College. The Board is responsible for understanding the principal risks facing Fleming College and to ensure there are systems and processes put in place by the President to minimize or manage but not eliminate those risks.

3. The Executive Leaders Team is

3.1 responsible for the leadership and the implementation of risk management;
3.2 accountable for ensuring effective mitigation strategies for all risks consistent with the Board’s established risk appetite and risk tolerance statements;
3.3 responsible for providing, through the President, regular risk reports to the Board of Governors describing ERM activities and processes.

4. The Risk Leadership Committee is responsible for

4.1 developing and overseeing the Enterprise Risk Management Program;
4.2 overseeing the development and management of the risk framework and risk register;
4.3 providing support to assist managers in identifying, assessing and managing risks;
4.4 reporting regularly to the Executive Leaders Team on identified risks, risk treatments implemented and risk re-evaluation timeline.

5. Deans and Directors are responsible for

5.1 identifying, evaluating and managing risks within their areas of responsibility;
5.2 ensuring that everyone in their school or division understands their risk management responsibilities and making clear the extent to which the employees are permitted to accept risks.

6. Managers and Supervisors are responsible for ensuring that all risks in their area of operations are identified and managed appropriately.

7. All employees are responsible for effectively identifying and managing risks in their area of responsibility and advising their supervisor of potential or emerging risks.

Related Documents

  • Administrative Operating Procedure #1-108 OP, Enterprise Risk Management IN DEVELOPMENT
  • All College Policies and related Administrative Operating Procedures
  • All Governance Policies and Board Procedures



History of Amendments / Reviews:

Sections(s) Date Comments
New Policy Developed over 2016-2017 Board approval of policy
(Resolution BoG Oct 2-2017 #2

1-108 Enterprise Risk Management