Enterprise Risk Management Policy

Policy Number: CS-1800-2014
Policy Title: Enterprise Risk Management
Policy Owner: Vice President, Corporate Services
Effective Date: April 2014
Last Revised: January 16, 2024

On this page:

  1. Purpose
  2. Application and Scope
  3. Definitions
  4. Principles
  5. Accountability and Compliance
  6. Rules
  7. Roles and Responsibilities
  8. Policy Revision Date
  9. Attachments

Attachment 1 - Enterprise Risk Management Framework (PDF)

10. Specific Links

1. Purpose

Mohawk College recognizes that risk is present in all institutional activities and that the successful management of risk is a critical factor in achieving the College’s strategic priorities, objectives and operational commitments.  As such, the College will develop, implement and sustain a flexible Enterprise Risk Management (ERM) process to proactively identify, evaluate, treat and report on and monitor challenges and choices that can impact the College. ERM will serve to assist in strengthening our institutional governance; inform our strategic planning and management practices in a manner that creates value for our stakeholders; and, provide institutional guidance to liberate the institution in order to optimize Mohawk College’s approach to risk and foster innovation. The Program is based on the ISO 31000 Risk Management Framework. 

 

2. Application and Scope

This policy applies to Mohawk College and any of its wholly owned subsidiaries.

 

3. Definitions

“Enterprise Risk Management (ERM)” is a strategic institutional approach that supports the achievement of the College’s objectives by addressing the full spectrum (reputational, strategic, financial, operational and compliance) of its risks and managing the combined impact of an interrelated risk approach.

“Risk” refers to any event that can potentially impact (positively or negatively) the College's ability to achieve its mandate, its mission, strategic priorities and objectives.

 

4. Principles

Mohawk College is committed to establishing an ERM process that:

  • will identify, evaluate and respond to adverse risks in a manner that is structured, consistent and continuous across the entire organization
  • raises awareness, harmonizes risk management and fosters risk intelligence within the College’s culture;
  • assists in accomplishing the College’s strategic priorities and objectives;
  • informs decision-making from strategic to day-to-day operations of the College;
  • assists leadership in understanding challenges and choices and supports the proactive management of risk optimization which fosters innovation at the College;
  • supports continuous improvement and renewal; and
  • assists the institution in aligning Senior Leadership, the Board of Governors and its committees in managing to optimize Mohawk College’s risk appetite.

 

5. Accountability and Compliance

5.1 Accountability Framework

This policy has been approved by the Senior Leadership Team.

5.2 Compliance

The Vice President, Corporate Services is responsible for monitoring the effectiveness of this policy and ensuring compliance.

 

6. Rules

6.1 The College will establish and maintain an Enterprise Risk Management Process.

6.2 The Enterprise Risk Management Process will be carried out systematically, with a view to supporting and facilitating the achievement of the College’s reputational, strategic, operational, financial and compliance objectives. This will be accomplished by identifying, analyzing, evaluating, treating, monitoring and providing institutional guidance on risks on a continual basis.

6.3 The Enterprise Risk Management Process will serve not as an independent activity but as a fully integrated flexible source of valuable guidance to assist College management in making informed, consistent decisions throughout the institution.

6.4 The College will promote a culture of risk management and will strive to anticipate and evaluate risks at the point of conception for strategies, plans and objectives.

6.5 With respect to each identified risk, the College will provide guidance on how to approach the treatment of the risk. As appropriate, the College will seek to encourage the optimization of risk through collaboration, information, mitigation and education in order for the College to effectively realize strategic objectives and operational commitments.

6.6 In conjunction with its regular reports, the College will maintain a formal register of top college risks, indicators and other information that will facilitate management of its ongoing ERM activities.

 

7. Roles and Responsibilities

7.1 Enterprise Risk Management Committee (ERMC)

The Committee is chaired by the General Counsel. The function of the ERMC is to:

  • Exercise oversight for the successful incorporation of ERM principles and activities into the College organization.
  • Oversee the ongoing development and direction of the ERM Process.
  • Develop, review and approve the risk threshold guidance for the College and support the communication of guidance throughout the organization.
  • Develop, review and approve the top college risks on an annual basis.
  • Determine whether material risks being accepted across the College are consistent with the College’s risk threshold.
  • Review and assess processes, policies, controls and mitigation strategies.
  • Receive, review and approve regular reports of all ERM activities provided to the Committee and the Board of Governors.
  • Identify risk leaders for each of the College’s top college risks. 
  • Act in an advisory capacity to assist and provide input into the identification, analysis, evaluation, treatment, monitoring and provision of institutional guidance for risks. 

7.2 Risk Leaders

Risk Leaders are individuals and/or groups identified by the ERMC as holding management accountability and responsibility for mitigating, monitoring and reporting on the designated top risk assigned to them.  The function of Risk Leader is to:

  • Participate in the ERM process by providing knowledge and understanding about designated risk(s) and actions being taken to mitigate, manage, monitor and leverage opportunities for the risks identified including leading the risk(s).
  • Provide regular updates on the status of the key risk.
  • Provide ad hoc communication on the top risk should a significant change in its status occur.

7.3 General Counsel

The General Counsel leads the Enterprise Risk Management Process in cooperation with the Manager, Risk, Legal and Governance Services and is responsible for:

  • Chair the ERMC
  • Overseeing and maintaining the ERM Policy and processes.
  • Facilitating, monitoring and managing institution’s ERM process to ensure appropriate risk optimization and value to the College.
  • Facilitating and coordinating the incorporation of risk identification, assessment and mitigation into the College’s strategic planning process. 
  • Coordinating and building Enterprise Risk Process awareness and a common risk language across the College.
  • Facilitating and managing the annual review processes of identification, assessment, evaluation, mitigation, monitoring and provision of institutional guidance on risks.
  • Developing risk assessment and management tools to assist the College community with managing challenges and choices.
  • Developing a risk register for the College.
  • In collaboration with risk leaders, reporting on the status of top college risks to the Board of Governors
  • Corporate policy development.

7.4 Faculties and Departments

Faculties and departments are accountable for implementation of this policy within their respective areas of responsibility. They have the responsibility of:

  • Incorporating risk management in their planning processes and management activities;
  • Actively participating in the risk assessment process; and
  • Reporting on the status of items in the risk register as required when it has an impact on their respective responsibilities as part of the annual planning or review cycle.

7.5 Internal Audit

The function of Internal Audit is to provide independent oversight of the effectiveness of, and adherence to, the institution’s organizational and procedural controls.

Through internal audit reviews Internal Audit will:

  • Evaluate controls and advise managers at all levels
    • Appraise the soundness, adequacy and application of internal controls.
  • Evaluate risks
    • Identify key activities and relevant risk factors and assess their significance
  • Analyze operations
    • Work closely with line managers to review operations ascertain whether results are consistent with established goals and objectives.
  • Review compliance
    • Ensure the College is adhering to rules, regulations, laws, codes of practice and policies as they apply individually and collectively tall parts of the College.

 

8. Policy Revision Date

8.1 Revision Date

January 2029

8.2 Responsibility

The Vice President, Corporate Services is responsible for reviewing this policy every five years or earlier where required.

 

9. Attachments

Attachment 1 - Enterprise Risk Management Framework (PDF)

 

10. Specific Links