ERM Framework
The ERM framework implemented by the University of Illinois System (University System) is based on the widely employed framework developed by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Modified to incorporate the unique environment at the University System, it defines essential components, suggests a common language, and provides clear direction and guidance for risk management.
ERM Process
All the activities presented here might be performed sequentially or simultaneously, as the need arises, and are augmented by a strong risk culture that promotes the efficacy of these actions.
ERM Stakeholder Roles
Everyone in the University System has a role in ERM. Leveraging leadership and expertise provides an effective means to engage the right people across the enterprise, including significant participation by the universities.
ERM Stakeholder Roles
| Risk Stakeholder |
Role |
| Board of Trustees |
Set tone, approve risk appetite levels |
| President |
Provide risk oversight and direction |
| System Executive Risk Management Council |
Approve and endorse risk strategy, ensure risks are effectively managed |
| Chancellors and Senior Leaders |
Review and implement risk mitigation plans |
| System & University Work Groups (SMEs) |
Advise and propose risk mitigation plans |
| University Audits |
Provide independent assurance |
| University Ethics & Compliance |
Ensure compliance with laws & regulations |
| ERM Program |
Coordinate/ facilitate ERM process & reporting |
| University Units/ Departments |
Take and manage risks |
The System Executive Risk Management Council
The System Executive Risk Management Council (Risk Council), was created in 2016 to approve risk strategy and confirm that key enterprise risks are effectively managed and mitigated. Increasing the focus on risk at the executive levels results in more discussion of risk at all levels. The Risk Council provides a balanced view of risk and emphasizes collaboration among the universities to provide collective impact.
Membership is listed below.
- Timothy Killeen, President
- Nick Jones, Executive Vice President and Vice President for Academic Affairs and chair of Risk Council
- Paul Ellinger, CFO and Vice President
- Jay Walsh, Vice President of Economic Development & Innovation
- Robert Jones, Chancellor UIUC & Vice President
- Marie Lynn Miranda, Chancellor UIC & Vice President
- Janet Gooch, Chancellor UIS & Vice President
- Thomas Bearrows, University Council
- Adrienne Nazon, Vice President for External Relations and Communications
- Joda Morton, Associate Director of Enterprise Risk Management
- Julie Zemaitis, Executive Director of University Audits
- Donna McNeely, Executive Director of University Ethics and Compliance
- Joe Barnes, Chief Digital Risk Officer
Why Have Executive Level Risk Discussions?
Comparative Responsibilities
| |
All University Units |
Enterprise Risk Management |
University Office of Risk Management (Insurance Services) |
University Ethics and Compliance Office |
University Audits |
| SHARED GOAL |
Support ACHIEVEMENT OF UNIVERSITY OBJECTIVES by reducing the likelihood and impact of material events while facilitating the acceptance of manageable risks. |
| FOCUS |
OPERATIONAL |
STRATEGIC RISK MANAGEMENT |
RISK FINANCING (Insurance) |
REGULATORY |
INDEPENDENT ASSURANCE |
| PURPOSE |
Own and manage risks with responsibility for loss control and prevention |
Promote a risk-aware culture by facilitating an integrated and coordinated risk identification, measurement, and management process |
Protect the university's human, physical and financial assets by coordinating a program of commercial and self-insurance |
Promote a culture of ethical conduct and committment to compliance with federal, state, and local laws and regulations |
Provide independent assurance on effectiveness of governance, risk management and internal controls |
Last Updated: May 21, 2021