SUNY PP Home Page   Print Page   Close Page   Convert current file into a PDF document



Category:
Audit
Financial
Legal and Compliance


Responsible Office:

Policy Title:
Enterprise Risk Management Program

Document Number:
7502

Effective Date:
August 30, 2024


This policy item applies to:
State-Operated Campuses
Table of Contents
Summary

Policy
Definitions
Other Related Information
Procedures
Forms
Authority
History
Appendices


Summary

The State University of New York (University) recognizes it is subject to a number of risks including strategic, financial, operational, compliance, and reputational risks, and is committed to implementing and utilizing an Enterprise Risk Management (ERM) Program for identifying, assessing, and managing risks and opportunities to effectuate the achievement of the University’s goals and objectives. The ERM Program should be a formal and continuous process involving all programmatic and functional areas of the University.


Policy

  1. Purpose

  2. The University will maintain a systematic organization-wide approach for identifying, assessing, and managing risks and opportunities that affect the University’s ability to meet its strategic, operational, and financial goals and objectives; preserve its reputation for excellence; and protect its students, employees, and visitors. To meet these objectives, the University will develop and maintain an ERM Program that is intended to incorporate risk management efforts at all levels of the organization.

  3. Requirements

  4. The ERM Program will leverage and enhance the University’s existing formalized programs of internal control and compliance.  These programs are designed to help ensure that the University has a system of accountability for and oversight of its operations, assist the University in achieving its goals and objectives, and facilitate ethical behavior, integrity of operations, and compliance with applicable laws, regulations, and policies.

    Furthermore, these programs help ensure that the University and its campuses meet their mission, promote performance leading to the effective accomplishment of goals and objectives, safeguard assets, provide for the accuracy and reliability of financial and other key data, promote operational efficiency and effectiveness, and encourage adherence to applicable laws, regulations and prescribed policies and practices. The ERM Program will elevate risk awareness, with a primary focus on leveraging and consolidating these efforts and incorporating a strategic focus on risk management.
     
  5. Design

  6. Elements of the University’s ERM Program will include:


Definitions

There are no definitions relevant to this policy.


Other Related Information

Standards for Internal Control in New York State Government

SUNY System Compliance Website

SUNY System Internal Controls Website




Procedures

SUNY Procedure, Document No. 7501 - Internal Control Program Guidelines


Forms

Forms and Evaluation templates are available on the SUNYBlue Internal Control and Risk Management webpage.




Authority

State University of New York Board of Trustee Resolution, No. 2015-39.


History

August 30, 2024, Amended to clarify program requirements and update responsible office

July 16, 2019, Updated to reflect the adoption of the Compliance Program Policy, as well as provide clarification to program roles and responsibilities and leadership titles

June 16, 2015, Board of Trustee Resolution No. 2015-39, Adoption of an Enterprise Risk Management Program

 


Appendices

There are no appendices relevant to this policy.