Enterprise Risk Management Policy

To outline the requirements of Cambrian College’s (“the College”) Enterprise Risk Management (ERM) program.

This policy applies to all College employees and the College’s Risk Management Framework and Process with respect to risks managed and reported in accordance with this policy.

Enterprise Risk Management: framework for identifying, assessing and managing risks. Integrating Risk into decision making.

Risk: the chance of something happening that will have a negative impact upon objectives.

Risk register: an official records of risks facing different areas of the College.

1. To fulfill its vision, mission, and strategic objectives, the College must assume varying degrees of risks. The College shall engage in Enterprise Risk Management to maximize opportunity, optimize resource allocation, and maintain the College’s exposure according to the College’s Risk Management Framework.
2. Risk management is an integral part of strategic planning and operations. It forms part of business planning and decision making, investment analysis, as well as project approvals.
3. Risk exists in all activities and cannot be avoided. The risks taken and accepted on behalf of the College must be within the level of risk that is acceptable to the Board of Governors or Senior Team in pursuit of its strategic objectives.
4. The College must identify, manage, and accept risks consciously.
5. Where feasible, risks should be contractually transferred to other parties.
6. External risks are to be considered as well as internal risks.
7. The College maintains a Risk Management Register identifying the critical risks to the College and its various departments.
8. The President or the Vice-President, Finance, Administration, and Applied Research submits a semi-annual risk report to the Board of Governors.

Board of Governors is responsible for:

• Reviewing and approving the semi-annual risk report.

Senior Team is responsible for:

• Embracing and providing leadership over Enterprise Risk Management, as well as approving this policy and the Enterprise Risk Management Framework.
• Ensuring effective mitigation strategies for key risks.

Director Financial Services is responsible for:

• Managing a Risk Management Register on behalf of the College.
• Establishing a mechanism to facilitate the regular review of College-identified risk.

Administrators are responsible for:

• Ensuring that all risks in their areas of operations are identified and managed appropriately.
• Maintaining appropriate internal controls that support the effective management of risk.
• Identifying, evaluating, and managing risks within their areas of responsibilities.
• Ensuring that staff in their department understand their risk management responsibilities.
• Making clear the extent to which the staff members are empowered to accept risks.

Employees are responsible for:

• Adhering to internal controls and managing risk.
• Being aware of the risks that are present in their activities.
• Identifying and disclosing potential or emerging risks.

• Risk Management Framework and Process