Skip to header Skip to Content Skip to Footer

Enterprise Risk Management (ERM) Program

At UNC Wilmington, our goal is to support a culture of proactive risk awareness and informed decision-making that aligns with our institution's mission, values, and strategic priorities.

What is ERM?

Enterprise Risk Management is a structured, institution-wide approach to identifying, assessing, managing, and monitoring risks that could impact our ability to achieve strategic and operational goals. ERM helps us:

  • Anticipate and prepare for potential challenges
  • Make informed decisions and allocate resources effectively
  • Protect institutional resources and reputation
  • Foster innovation and resilience

Our Approach

Our ERM program is structured based on the International Organization for Standardization (ISO) 31000, an international standard that provides principles and guidelines for managing risks organizations face. This standard provides a uniform vocabulary and concepts for discussing risk management and is tailored to meet the unique needs of our campus. We focus on collaboration, transparency, and continuous improvement.

Risk Assessment

The overall risk identification, analysis, and evaluation process. Risk assessments are conducted methodically and collaboratively, using the knowledge and views of risk stakeholders and the best information available. Key Elements of the risk management process are:

Stakeholders are engaged to find and define risks that may positively or negatively impact the University and can be framed by thinking about topics that can potentially affect the institution’s strategic goals and objectives.

Evaluating the likelihood and impact of identified risks.

Once a risk has been identified and assessed, the most appropriate risk treatment based on the university’s risk appetite is identified. Risk treatments may include one or several of the following:

The risk and current mitigation activities are within the university’s risk appetite and will continue to be monitored for any changes.

The risk and current mitigation activities are outside the university’s risk appetite and will undergo further mitigation and control activities until the risk demonstrates improvement with a reduction in potential likelihood and severity of occurrence.

  • Risk Transfer: the risk and current mitigation activities are outside the university’s risk appetite and will be transferred to a third party for additional management to lessen the burden of the likelihood and severity of occurrence.
  • Risk Avoidance: the risk and current mitigation activities are outside the university’s risk appetite and will be avoided by discontinuing the activities, decreasing the likelihood and severity of occurrence.

 Tracking risk trends and reporting to leadership and governance bodies.

Risk Categories

We organize risks into six broad categories:

  1. Strategic: Risks or opportunities that affect mission fulfillment and long-term strategic goals.
  2. Operational: Risks or opportunities related to managing day-to-day processes, activities, facilities, infrastructure (including technology), and the efficient, effective, and prudent use of university resources.
  3. Financial: Risks or opportunities related to physical assets, budgets, funding, and financial sustainability.
  4. Compliance: Risks or opportunities related to violations of state and federal laws and regulations, local municipal law, accreditation standards, University policies and procedures, and contractual obligations.
  5. Reputational: Risks or opportunities related to the university’s reputation, such as the risk of failure to meet stakeholder expectations as a result of any event, behavior, action, or inaction.
  6. Hazard: Risks or opportunities related to injury, damage, health and safety, including impacts caused by accidental or unintentional acts, errors or omissions, and external events such as natural disasters.

How You Can Participate

ERM is a shared responsibility. Faculty, staff, and administrators are encouraged to:

  • Report emerging risks or concerns
  • Participate in risk assessments
  • Integrate risk thinking into planning and decision-making

Have a risk to report or a question about ERM? Email us at erm@uncw.edu.