ERM STRUCTURE AT UW
The organizational structure for ERM at UW arose out of the initial recommendations of the SRIRC. In its aggregate, the UW ERM program is comprised of the following areas, working together to create an effective structure: UW units; ERM staff; Compliance, Operations, and Finance Council (COFi Council); President's Advisory Committee on ERM (PACERM); Internal Audit; and the UW President and Provost (see Exhibit 9.8).
At the unit level, staff and faculty take ownership of the activities that give rise to risk. They conduct risk and opportunities identification and self-assessments. They develop strategies and take action to mitigate and monitor risk. They are encouraged to share a summary of their risk assessments with the Office of Risk Management.
ERM Program Staff
There are 1.5 full-time equivalent (FTE) ERM program staff located in the office of the associate vice president/controller for UW. This staff supports the work of the various committees and units, in part by establishing the ERM framework, standards, and templates. They monitor and participate in risk assessments for the purpose of providing the enterprise view. They provide administrative support and
Exhibit 9.8 University of Washington ERM Structure From University of Washington 2010 ERM Annual Report, p. 10.
summary information and analyses to the ERM committees. They also provide professional development in a train-the-trainer format.
Compliance, Operations, and Finance Council (COFi)
The COFi Council, led by the Executive Director of Audits, takes a middle-up, cross-functional view of risks and opportunities, particularly items that have university-wide potential impact or where supervisory authority for various aspects of the risk reside in different departments or divisions across the university. The COFi Council has oversight of risk assessments at the division or functional level. It provides approval of methods to monitor risks and identifies topics for outreach, particularly items that have university-wide potential impact or that involve cross-departmental or divisional silos. The six primary goals of the COFi Council are to:
1. Engage in a continual, cross-functional process that results in effective prioritization of institutional responses to compliance, financial, and operational risks, and consider the impact to strategic and reputational risks.
2. Ensure that the institutional perspective is always present in risk and compliance management discussions.
3. Identify strategies to address emerging risks and compliance management issues.
4. Support risk and compliance management training and outreach efforts throughout the university.
5. Provide external auditors and regulators with information about the university's risk and compliance programs.
6. Avoid the creation of additional bureaucracy by minimizing redundancy and maximizing resources.
President's Advisory Committee on ERM (PACERM)
PACERM, cochaired by the Provost and the Senior Vice President for Finance and Facilities, has oversight of risk assessments at the entity level. Taking a top-down view of risks and opportunities, PACERM advises the university president and other senior leaders on the management of risks and opportunities that may significantly impact strategic goals and/or priorities. They review the ERM dashboard (e.g., key risk indicators and key performance indicators). According to V'Ella Warren and Ana Mari Cauce, cochairs of PACERM in 2008-2009, PACERM "is the one place where participants set aside their individual organizational perspectives, and really think about the major risks and opportunities from an institution-wide view" (2009 ERM Annual Report, p. 6).
Internal Audit provides independent verification and testing of internal controls. The department also provides administrative support and summary information to the COFi Council.
UW President and Provost
The President and Provost play a key role in acknowledging, validating, and supporting the ERM program. They verbally refer to key documents such as the ERM framework, PACERM and COFi Council charters and assessments, and the ERM dashboard. They provide entity-level reporting to the Regents.