Risk Policy

Approved by: Senior Team – September 9, 2015

Approved by: Academic Advisory Council – May 4, 2015

Effective Date September 9, 2015 – Replaces January 1, 2014


Risk exists in all activities and cannot be avoided. The risks taken and accepted on behalf of Cambrian College must be tolerable. The College must identify, manage and accept risks consciously.

The College demonstrates a strong and sustained commitment by senior management to risk management. This includes defining and endorsing a Risk Management Framework and Process, aligning the College’s culture, identifying methods of measuring the management of risk, and understanding and aligning the College’s objectives and strategies with the Risk Management Process.

Policy Statement

Cambrian College operates in a dynamic and competitive environment. In order to continue to succeed in fulfilling its vision, mission and strategic objectives, the College must assume varying degrees of risks.

Some of these risks can be passed on to others, and the remainder fall to the institution. The College therefore needs to engage in systematic, highly effective risk management across the enterprise in order to maximize opportunity, optimize resource allocation and maintain the College’s exposure to uncertainty at a tolerable level.


The purpose of this policy is to formalize the College’s enterprise risk management program and articulate the roles and responsibilities of the Cambrian College Board of Governors, College management and employees.


Risk – the chance of something happening that will have a negative impact upon objectives.

Enterprise Risk Management – provides the framework to identify, assess, and manage risks. It provides the methodology for integrating risk into decision making.


This policy is to be applied to activities undertaken by, and on behalf of, the College.


Risk management is an integral part of strategic planning and operations. It forms part of business planning and decision making, investment analysis, as well as project approvals.

Cambrian College will foster a culture of communicating best practices and expertise acquired from our risk management activities across the College for the benefit of the entire organization.

Risk Appetite and Tolerance

The College will issue Risk Appetite and Tolerance Statements in line with the Strategic Plan. Appetite is the amount of risk, on a broad level, that the College is willing to accept in pursuit of value, and should reflect:

  • The College’s strategic objectives, business plan, and respective stakeholder demands;
  • Evolving industry and market conditions; and
  • Tolerance for failures with quantitative values, where applicable.

A formal statement of Cambrian College’s risk appetite and tolerances will be reviewed annually and approved by the Senior Team. Activities that are outside these parameters shall not be undertaken unless specifically approved by the President or the President’s designate.

Integration of ERM into the Organization

ERM will be integrated into the College within the following process as examples:

  • Strategic Planning
  • Operational planning and changes
  • Budget planning (operational budget requests and capital expenditures)
  • Project Management (see Project Risk Management)
  • Contract management

Responsibilities and Accountability

Risk management responsibilities, accountabilities and authorities are set out in:

• This Policy;

• Positions descriptions;

• Work assignments/responsibilities and accountabilities;

• Project documentation;

• Employee performance planning and evaluation documentation; and

• Risk registers and mitigation plans.

All staff members have a responsibility for adhering to good internal controls and managing risk. Everyone shall be aware of the risks that are present in their activities.

As new risks are identified by a staff member, the latter shall report it to their supervisor, with recommended risk management strategies.

Supervisors and Managers

Supervisors and managers are responsible for ensuring that all risks in their areas of operations are identified and managed appropriately.

Deans and Directors

Deans and Directors are responsible for identifying, evaluating and managing risks within their areas of responsibilities. Deans and Directors shall ensure that everyone in their organization understands their risk management responsibilities and must make clear the extent to which the staff members are empowered to accept risks.

Risk Leadership Team

Risk Leadership Team are responsible for developing and overseeing the enterprise risk management program. Risk Leadership Team will provide support to assist managers in identifying, assessing, and managing risks and will oversee the management of the risk framework and risk register.

Senior Team

The Senior Team is responsible for embracing and providing visible leadership over enterprise risk management, as well as approving this risk policy and the framework. It is accountable for ensuring effective mitigation strategies for key risks.

Board of Governors

The Board of Governors is responsible for ensuring that general oversight of the enterprise risk management program is satisfactory. It will be aware of critical risks to the College.

Monitoring, Review and Continual Enhancement of the ERM Program

The College will monitor and mitigate critical risks; measure risk management performance against indicators; periodically review the ERM program; report on risk and assess compliance with the risk management policy; and review effectiveness of the risk management process and make decisions on how the overall program can be enhanced.

Related Resources

  • Enterprise Risk Management Framework and Process
  • Risk Appetite/Tolerance Standards
  • Project Risk Management