Risk Assessment
The University Office of Enterprise Risk Management (ERM) conducts a periodic comprehensive risk assessment and updates identified risks with risk owners as part of the process. Compliance risks are included among the identified risks, allowing the University Ethics and Compliance Office to focus efforts on those risks posing the most serious consequences to the System if left without adequate mitigation. Generally, this means the University Ethics and Compliance Office focuses its efforts on areas relating to the safety of the University community, areas where the noncompliance could result in significant monetary fines, and matters where noncompliance could result in significant reputational damage to the University. The University Ethics and Compliance Office supplements ERM’s risk assessment as necessary to further determine and prioritize compliance efforts.
In addition, the Chief Ethics and Compliance Officer participates in ongoing risk discussions with the President, university Chancellors, and System Vice Presidents in a forum known as the System Executive Risk Management Council (SERMC). The SERMC approves risk strategy and confirms key enterprise risks are effectively managed and mitigated. The University Ethics and Compliance Office uses the SERMC’s discussions to help shape compliance program efforts.