College Policies
Enterprise Risk Management |
|
| Policy ID: | #1-108 |
| Manual Classification: | 1 – College Policies |
| Approved by Board of Governors: | October 25, 2017 |
| Effective Date: | November 1, 2017 |
| Last Policy Revision Date: | September 30, 2020 |
| Next Policy Review Date: | October 2021 |
| Administrative Contact for Policy Interpretation | Vice-President, Corporate Services & CFO |
| Linked to an Operating Procedure | #OP 1-108 |
Policy Statement
This policy is a statement of commitment by Fleming College (the “College”) to the introduction, adoption and implementation of formal risk management throughout the College.
Purpose
Enterprise Risk Management (ERM) is a continuous, proactive, and dynamic process to identify, assess, manage, and communicate risks that may impact the achievement of the strategic goals of the College.
ERM supports and improves decision-making, planning and prioritization processes by ensuring that risk is continually assessed and addressed.
The College’s ERM Program objectives are:
- To recognize risk management as critical to the attainment of all College goals, objectives and priorities;
- To encourage a culture that embraces innovation and opportunity, informed risk-taking and acceptance of risk as inherent in all activities of the College;
- To provide assurance that risks are identified and appropriately managed; and
- To support each school, department and division in operational and strategic decision-making.
Definitions / Acronyms
Risk: the effect of uncertainty on objectives.
Enterprise Risk Management (ERM): the framework to identify, assess and manage risks. It provides the methodology for integrating risk into decision-making.
Risk Analysis: the process of determining the likelihood of a particular event, trend or course of action(s) occurring, and the impact on operational or strategic objectives if it/they occur.
Risk Evaluation:Ā a comparison of the results of the risk analysis with the established risk criteria to determine where additional action is required.
Risk Profile:Ā the broad risk parameters an organization considers in executing its business strategy.
Risk Register: a list of identified enterprise risks. Documents the risk analysis, risk scores, risk treatments, owner(s), results of risk treatment(s) and status.
Risk Tolerance Statement(s): describes the level of risk the College is willing to accept in relation to a threat that may cause loss(es) or, an opportunity in its day-to-day business activities.
Risk Treatment or Risk Control: the measures used to modify a risk/risks so that it falls within the Collegeās identified risk tolerance for that risk. Options include accept, mitigate, transfer and avoidance of the event/trend/course of action.
Risk Responsibility:Ā a person is ‘responsible’ for a risk if it is their duty to ensure that ERM processes are adhered to for that risk. The degree of ‘responsibility’ can vary from risk to risk, multiple roles can share responsibility for a given risk, and responsibility can be delegated to another person if the person who is Accountable for that risk allows. Risk Responsibility does not necessarily also mean Risk Accountability.
Risk Accountability:Ā the person who has final accountability to ensure that a risk is managed according to the ERM program. Accountability can not be shared or delegated.
Employee:Ā full-time, part-time and contract faculty, full-time and part-time support staff, student employees, and administrators of the College. Includes, without limitation, employees, volunteer board members, students, and any person acting on behalf of or at the request of the College.
Scope
This policy applies to all College employees.
General Principles
Overview
a) The College engages in a wide range of activities, both on and off campus, all of which have some level of risk. The College will:
- Embed risk management into all planning, operations and assessment at the College;
- Integrate risk management into strategicĀ and operational planning, performance management, and resource allocation decisions;
- Manage risk to enable the realization of opportunities that support the strategic direction of the College;
- Regularly review the College risk register and the effectiveness of risk treatments to understand the ERM effectiveness/performance in helping fulfill the College’s Strategic Plan;
- Anticipate and respond through appropriate risk management actions to changing social, environmental and legislative requirements.
ERM Committee
a) The College will establish and maintain an ERM Committee, sponsored by the Vice-President, Corporate Services & CFO, reporting to the Senior Management Team to oversee implementation of the College’s ERM program.
ERM Responsibilities
a) All College employees are responsible for:
- Complying wth internal controls, identifying and managing risk, and being aware of the risks inherent in their job duties/activities;
- Advising their supervisor(s) of potential or emerging risks.
b) The College Board of Governors isĀ responsible for providing general oversight of the ERM program. The Board will be made aware of any/all critical risks to the College. The Board is responsibleĀ for understanding the principal risks facing Fleming College and ensuring that appropriate systems/processes are adopted to manage, minimize and eliminate those risks, as appropriate.
c) The Senior Management Team isĀ responsibleĀ for:
- Leadership related to, and implementation of, appropriate risk management in their areas of responsibility;
- Ensuring effective mitigation strategies for all risks, consistent with the Board’s established risk tolerance;
- Providing, through the President, regular risk Dashboard reports to the Board, describing ERM activities and processes.
d) Senior Management Team members areĀ accountable for the risk(s) for which they are designated as ‘risk lead’.
- Designation is determined by the President of the College and may only be reassigned by the President and/or their designate.
e) The ERM committee isĀ responsibleĀ for:
- Developing and overseeing the ERM program;
- Overseeing the development and management of the risk management framework and risk register for the College;
- Regularly reporting to the Senior Management Team on identified risks, risk treatment implementation and risk re-evaluation timeline(s);
- Providing support to managers and supervisors to identify, assess and manage risks in their area(s) of operation.
f) Deans and Directors are responsible for:
- Identifying, evaluating and managing risks within their areas of responsibility;
- Ensuring that all employees in their respective school and/or division understand their risk management responsibilities and the extent to which they are permitted to accept risks.
g) Managers and Supervisors are responsible for ensuring that all risks in their area of operations are identified, reported to their direct supervisor, and managed appropriately.
Related Documents
- Operating Procedure #1-108 OP, Enterprise Risk Management
- ERM Committee Terms of Reference – To Be Developed
Appendices
n/a
History of Amendments / Reviews:
| Sections(s) | Effective Date | Comments |
|
New Policy Revisions Revisions |
November 1, 2017 November 1, 2018 October 1, 2020 |
Approved by Board of Governors Approved by Board of Governors Approved by Board of Governors |