Meridith,
It may matter less where ERM directly reports, as long as it is supported by leadership and the board. Ideally it should report to senior leadership, perhaps the EVP or higher. We have a fairly mature ERM program, the chief risk officer (responsible for the ERM program) reports the the VP for Admin, while the Director of Risk Management also reports up to the same VP but is a separate office. We are fortunate in that our president and board support the function and it regularly reports results at board meetings. As long as this continues, I think the reporting structure may be less relevant. Erica Erica Heffner, MEd, CCEP Asst. Director Compliance Services University of Vermont [email protected]<mailto:[email protected]> p. (802)-656-1398 Ethics and Compliance Reporting and Help Line<https://secure.ethicspoint.com/domain/media/en/gui/24544/index.html> or Toll Free (877) 310-0413 **********CONFIDENTIALITY NOTICE*********** This e-mail and any attachments may contain private, confidential, and privileged information for the sole use of the intended recipient. This information is intended for receipt and use by authorized addressees only. If you are not the intended recipient, please notify the sender immediately; any dissemination, distribution or copying is strictly prohibited. From: <[email protected]<mailto:[email protected]>> on behalf of Meredith Canady Reply-To: Association of College and University Policy Administrators Date: Thursday, February 25, 2016 at 11:09 AM To: "[email protected]<mailto:[email protected]>" Subject: [acupa-l] Enterprise Risk Management Good morning, all, I apologize that this question deviates from the traditional policy-related questions, but I am hoping for input from a policy-administrator perspective. Our policy management is housed in University Compliance, and as a department, we work closely with the Risk Manager on a daily basis. We are looking for models of organizational responsibility, function, and reporting regarding Enterprise Risk Management (ERM). Our 10,000 student public university has the Risk Manager charged with implementation. Would the reporting and oversight of ERM and the Risk Manager be best housed in Compliance? With the Executive Vice President? Internal Audit? Why or why not? Thank you all for any insight you may have! Meredith Canady, J.D. Deputy Compliance Officer Coastal Carolina University The Prudential Building- 114 P.O. Box 261954 | Conway, SC 29528 Tele: (843) 349-6984 [email protected]<mailto:[email protected]> [logo]<http://www.coastal.edu/> Confidentiality Notice This message is intended exclusively for the individual or entity to which it is addressed. This communication may contain information that is proprietary, privileged, confidential or otherwise legally exempt from disclosure. If you are not the named addressee, you are not authorized to read, print, retain, copy or disseminate this message or any part of it. If you have received this message in error, please notify the sender immediately by reply to this email and delete all copies of this message. Replying to Messages: Replying (using Reply) to an ACUPA-L e-mail will distribute your message to the ENTIRE list of members. To send a message privately, reply directly to the individual who sent the message (their e-mail address appears in the "From" line of their original e-mail). To Unsubscribe: Go to http://www.acupa.org/MembershipForm_Discontinue.html and complete the form. We will remove you from the list within 24 hours, during normal business hours. Questions about the ACUPA e-list? Contact Jamie Parris at [email protected]<mailto:[email protected]?subject=ACUPA%20e-list%20assistance> or 607-255-6837.
