Enterprise Risk Management Policy
Enterprise Risk Management Policy
Approval Date: March 31, 2021
Effective Date: April 1, 2021
Date Reviewed: December 2020
Replaces: Version 2014
Purpose
The purpose of this Enterprise Risk Management Policy (the “Policy”) is to set out the requirements of Cambrian College’s (the “College”) Enterprise Risk Management program.
Scope
This Policy applies to the College’s Risk Management Framework and Process with respect to risks managed and reported in accordance with this Policy. This Policy applies to all administrative and academic units of the College and to all faculty and staff.
Definitions
Enterprise Risk Management: the framework to identify, assess and manage Risks. It provides the methodology for integrating Risk into decision making.
Risk: is defined as the chance of something happening that will have an impact upon objectives.
Policy Statements
- In order to continue to succeed in fulfilling its vision, mission and strategic objectives, the College must assume varying degrees of Risks. As such, the College shall engage in systematic, highly effective Enterprise Risk Management in order to maximize opportunity, optimize resource allocation and maintain the College’s exposure to uncertainty at a tolerable level.
- Risk management is an integral part of strategic planning and operations. It forms part of business planning and decision making, investment analysis, as well as project approvals.
- Risk exists in all activities and cannot be avoided. The Risks taken and accepted on behalf of the College must be tolerable.
- The College must identify, manage and accept Risks consciously.
- Where feasible, Risks should be contractually transferred to other parties.
- External risks are to be considered as well as internal risks.
- The College maintains a Risk register identifying the critical Risks to the College and its various departments.
- The President or the Vice-President, Finance and Administration submits an annual Risk report to the Audit Committee of the Board of Governors.
Responsibilities and Accountability
Senior Team is responsible for:
- embracing and providing leadership over Enterprise Risk Management, as well as approving this Policy and the Enterprise Risk Management Framework; and
- ensuring effective mitigation strategies for key Risks.
Director Financial Services is responsible for:
- managing a Risk Management register on behalf of the College; and
- establishing a mechanism to facilitate the regular review of College-identified Risk.
Administrators are responsible for:
- ensuring that all Risks in their areas of operations are identified and managed appropriately;
- maintaining appropriate internal controls that support the effective management of Risk.
Deans and Directors are responsible for:
- identifying, evaluating and managing Risks within their areas of responsibilities;
- ensuring that staff in their department understand their Risk management responsibilities; and
- making clear the extent to which the staff members are empowered to accept Risks.
College staff are responsible for:
- adhering to good internal controls and managing Risk; and
- being aware of the Risks that are present in their activities;
- identifying and disclosing potential or emerging Risks.
Procedures/Forms
None