Enterprise Risk Management Program Charter

The purpose of the University of Massachusetts Systemwide Enterprise Risk Management (ERM) Program is to establish a comprehensive framework for university leadership to identify, assess and document how existing and emerging risks are managed, coordinate risk-informed decision-making and enhance transparency and efficiency across the University system. This Charter outlines the objectives, scope, governance, and responsibilities of the Systemwide ERM Program. 

• Identify and assess risks with impacts across the University system
• Inform and influence the coordination and prioritization of activities to reduce risk exposure
• Increase the transparency of risk and associated risk mitigation strategies
• Inform decision-making

The ERM program applies to the University of Massachusetts system and includes a comprehensive range of risk categories such as operational, financial, legal/compliance, workforce, reputational and life safety risks.

The ERM program follows a two-year program cycle to conduct a systemwide risk assessment to set risk-based priorities, identify and assess risk mitigation strategies, and issue formal biennial reports on the ERM Program. Throughout this cycle, the University continuously monitors identified and emerging risks during meetings of the governance structure and implements risk mitigation strategies.

The ERM Program has a governance structure with defined membership, roles, and responsibilities. Membership includes representation from all five UMass campuses and the President’s Office, as well as representation from specific disciplines. The governance structure ensures that perspectives from across system are shared and heard, and that risk is discussed and explored in a multi-disciplinary, collaborative manner, providing a broader understanding and enhanced transparency of risk for the University.

The governance structure is comprised of the following:

• Board of Trustees: The UMass Board of Trustees (BOT) provides direction and guidance to the Program. The BOT Audit and Risk Committee receives regular updates on the Program during regular meetings of the Committee; additional BOT committees are provided updates as needed.
• President’s Council: Consisting of the President, the President’s senior staff, and each Chancellor, President’s Council provides direction and guidance as needed.
• ERM Executive Committee: Consisting of leadership representatives from the campuses and President’s Office, the ERM Executive Committee validates the risk assessment, prioritizes risks and affirms risk mitigation strategies.
• ERM Working Group: Consisting of campus ERM representatives and discipline-specific subject matter experts from across the university system, the ERM Working Group identifies and assesses systemwide risks.  In addition, the ERM Working Group facilitates access to risk owners who develop, implement and assess risk mitigation strategies.
• Campus ERM Committees: Campus ERM Committees are responsible for identifying, assessing, and mitigating campus-level risks.

All members of the governance structure are responsible for monitoring risk and flagging emerging risks to the ERM Program. 

The ERM program leverages an Urgency rating in its risk assessment process to articulate risk appetite and tolerance.  The Urgency rating reflects leadership’s prioritization of risk and risk mitigation activities.  The Urgency rating is assigned by the ERM Executive Committee and based upon the Committee’s understanding of the University’s strategic priorities, the knowledge of the impact of the risk to the University system, and the degree to which the risk is actively mitigated. 

To ensure stakeholders are informed and engaged, the following communication strategies are implemented:

• Regular Meetings of Governance Structure: The ERM governance bodies, including the ERM Executive Committee and ERM working group, will hold regular meetings to discuss ongoing risk assessments, mitigation strategies, and other relevant ERM activities.
• Regular Updates to the Board of Trustees (BoT): The ERM Program provides updates to the Audit & Risk Committee of the Board of Trustees at every regularly scheduled meeting of the Committee.
• Engagement with National Risk Associations: ERM Program staff maintains membership in national risk associations and provide information to associations’ membership through presentations, articles, blogs, etc.
• ERM Program Website: ERM Program staff maintains an ERM Program website with content on the ERM Program, governance structure, risk assessment process, mitigation assessment process, and presentation materials, articles, blogs, etc. developed by the ERM Program.
• Biennial Report: The ERM Program issues and publicly posts a comprehensive report every two years detailing the activities, findings, and progress of the ERM program.

The ERM Program regularly reviews and as needed, updates the ERM framework and processes to adapt to new challenges, external changes, and internal feedback, ensuring continuous improvement, relevance, effectiveness and alignment with the University's objectives and external environment.

This charter is subject to review by the ERM Executive Committee on a biennial basis in line with the ERM program cycle to ensure its alignment with University’s objectives and its continued relevance and effectiveness.