Welcome to Enterprise Risk Management at Purdue
ERM Governance Structure
- ERM Executive Committee
- Steering Committee
- ERM Resource Team
The value of Purdue's ERM model aids leaders in making coordinated and calculated strategic and operational decisions. ERM, simply defined, includes the methods and processes used to manage risks and seize opportunities related to strategic and operational initiatives. Risks are those uncertainties that must be understood in order to execute strategies and achieve objectives. Risk level definitions are on the Assessment tab.
- enable all decision makers, including the Board of Trustees, faculty, management, operational staff, and others
- to identify, assess, and manage risks
- in a continuously changing
- and uncertain environment
Purdue University serves the people of Indiana, the nation, and the world through education, research, and outreach.
Purdue's ERM Goal
ERM provides structure to enable the University to meet its continuing demands brought forth by pressures to:
- sustain competitive advantages
- transform business processes
- improve financial transparency
- increase productivity while reducing costs
- implement new technologies
- transform the infrastructure to handle increasing entrepreneurial ventures
- address rapidly changing regulations
The Committee of Sponsoring Organizations of the Treadway Commission (COSO) published an integrated framework that depicts a three-dimensional matrix representing the relationship between an organization’s objectives (strategic, operations, reporting, and compliance), the eight management processes (interrelated components) represented by horizontal rows, and the entity and its units.
ERM at Purdue
Purdue’s ERM model, based on the COSO framework, allows you to assess, quantify, mitigate, and monitor risks.
- Assessment (identify events or key risks based on the internal environment in which the unit operates and the alignment of its objectives with Purdue’s strategic plan)
- Quantification (analyze the risk impact and likelihood of identified events based on risk tolerances)
- Mitigation (development of risk mitigation strategies or control activities)
- Monitoring (identification of successful strategies or course correction opportunities based on information, communication, and monitoring)