Purdue University Mark

Purdue University

Enterprise Risk Management (ERM)



The enterprise, campus, college or school, or department must identify events or key risks based on the internal environment or risk management philosophy in which the unit operates. At Purdue, integrity is indispensable to its mission which sets the tone throughout the enterprise. Objectives or goals must align with Purdue’s strategic plan. Opportunities must be recognized and successes in achieving objectives measured.


Higher Education Risk Categories

Risk Assessment

Impact Measures

  • Reputation
  • Strategic
  • Safety
  • Interruption
  • Fiscal


Risk Levels


The Education Advisory Board developed a risk register model that universities could use to fast-cycle the risk identification process, which included the distinction of risk levels:

                  • Higher Education Industry Risks
                  • Institutional Risks
                  • Unit Level Risks

When assessing whether a risk is at the Higher Education Industry Risk level, the following should be considered:

  Risk Type: External, uncontrollable; impacts all of higher education
  Measurability: Low. Difficult to measure or estimate likelihood
  Risk Assessment Approach: Mental models
  Risk Treatment Objective: Reduce impact should risk occur
  Risk Treatment Methods: Contingency planning
  Board Involvement: High. Board wants to be actively engaged in discussion
  Risk Example: Sustainability of high-cost/high-discount pricing model


When assessing whether a risk is an Institutional Risk, the following should be considered: 

  Risk Type: Controllable risk; generally related to strategic objectives
  Measurability: Medium. Can estimate probability and impact
  Risk Assessment Approach: Risk maps with nominal scales
  Risk Treatment Objective: Reduce likelihood in a cost-efficient manner
  Risk Treatment Methods: Risk reviews and key risk indicator scorecard
  Board Involvement: Medium. Board prefers periodic updates. Engagement is at senior management level
  Risk Example: Inability to meet enrollment targets


When assessing whether a risk is a Unit Level Risk, the following should be considered:

  Risk Type: Controllable, generally relates to an existing broken process

Measurability: High. Can measure probability and impact

  Risk Assessment Approach: Control self assessments
  Risk Treatment Objective: Drive incidence of occurrence to zero
  Risk Treatment Methods: Internal controls, internal audit, etc.
  Board Involvement: Low. Board wants to know risk management process exists. Engagement is at department and process owner level

Risk Example: Inadequate controls over tuition billing


For questions about ERM or the content of this website, contact us.

Feedback | E-mail Webmaster
Maintained by: Purdue Marketing and Media

Purdue University, West Lafayette, IN 47907
(765) 494-4600, E-mail: marketing@purdue.edu
© 2010 Purdue University | An equal access/equal opportunity university | Copyright Complaints
If you have trouble accessing this page because of a disability, please contact Purdue Marketing and Media at marketing@purdue.edu.