Office of Enterprise Risk Management
Street Sign

Office of Enterprise Risk Management

Welcome!

The University has begun a refresh of the Enterprise Risk Program framework to supports its strategic and operational decision-making process. This website will evolve over time as McMaster's Enterprise Risk approach continues to develop and mature.

Quick Links:
What is Risk?
What is Enterprise Risk Management (ERM)?
What are the benefits of an Enterprise Risk Program?
Contact Us
That's a Great Idea

What is Risk? (Back to top)

A risk is any event or action that impacts the University's ability to achieve its objectives. Risks can be opportunities or threats and can be categorized into five areas:

  • Strategic — events that affect the University's ability to achieve its goals and objectives, including support of the University's mission.
  • Reputational — protecting the University's brand and most valuable asset.
  • Compliance — events that affect compliance with laws and regulations, including safety and environmental issues, litigation and conflicts of interest.
  • Operational — events that affect ongoing management processes and procedures.
  • Financial — events that affect the University's financial health.

What is Enterprise Risk Management (ERM)? (Back to top)

Enterprise risk management is:

  • a university-wide risk management process applied in strategic setting across the university,
  • designed to identify potential events that may positively or negatively affect the institution, and
  • designed to manage the risks so they are within the university's risk appetite, thus contributing to the assurance that the institution's objectives can be achieved.

What are the benefits of an Enteprise Risk Program? (Back to top)

  • Useful tool to identify institution-wide and department risks and prioritize their impact and resource requirements to address them.
  • Identifies interdependencies and key areas where coordination across the institution is required.
  • Development of an ongoing comprehensive risk database using a common methodology across the institution.
  • Provides information and feedback to the Senior Management Team and the Board of Governors' Audit Committee regarding key risks being faced by the university and departments/faculties within it.
  • Coordinates with other groups/programs within the university in addressing threats and opportunities for the university.
  • Enterprise Risk Management is a best practice that has been embraced by higher education institutions.

Contact Us (Back to top)

Debbie Sabatino
Senior Manager, Enterprise Risk
Tel. (905) 525-9140, ext. 23554





Created August 12, 2011