Legal and Compliance
Enterprise Risk Management Program
July 16, 2019
This policy item applies to:
The State University of New York (University) recognizes it is subject to a number of risks including strategic, financial, operational, compliance, and reputational risks, and is committed to implementing and utilizing an Enterprise Risk Management (ERM) Program for identifying, assessing, and managing risks and opportunities to effectuate the achievement of the University’s goals and objectives. The ERM Program should be a formal and continuous process involving all programmatic and functional areas of the University.
The University will maintain a systematic organization-wide approach for identifying, assessing, and managing risks and opportunities that affect the University’s ability to meet its strategic, operational, and financial goals and objectives; preserve its reputation for excellence; and protect its students, employees, and visitors. To meet these objectives, the University will develop and maintain an ERM Program that is intended to incorporate risk management efforts at all levels of the organization.
The ERM Program will leverage and enhance the University’s existing formalized programs of internal control and compliance. These programs are designed to help ensure that the University has a system of accountability for and oversight of its operations, assist the University in achieving its goals and objectives, and facilitate ethical behavior, integrity of operations, and compliance with applicable laws, regulations, and policies.
Furthermore, these programs help ensure that the University and its campuses meet their mission, promote performance leading to the effective accomplishment of goals and objectives, safeguard assets, provide for the accuracy and reliability of financial and other key data, promote operational efficiency and effectiveness, and encourage adherence to applicable laws, regulations and prescribed policies and practices. The ERM Program will elevate risk awareness, with a primary focus on leveraging and consolidating these efforts and incorporating a strategic focus on risk management.
Elements of the University’s ERM Program will include:
There are no definitions relevant to this policy.
SUNY Procedure, Document No. 7501 - Internal Control Program Guidelines
Forms and Evaluation templates are available on the SUNYBlue Internal Control and Risk Management webpage.
July 16, 2019, Updated to reflect the adoption of the Compliance Program Policy, as well as provide clarification to program roles and responsibilities and leadership titles
There are no appendices relevant to this policy.