Enterprise Risk Management (ERM) at Purdue University is a continuous risk assessment process that includes identification, prioritization and mitigation of material risks facing the University—all in a manner designed to preserve resources, maintain financial integrity, promote physical safety and information security, and risk transparency.
The ERM team acts in a support role, centralizing risk information and helping risk owners enhance means of identifying, qualifying, quantifying, measuring, monitoring, and mitigating key risks. The ERM team engages university leadership, faculty, and staff to further develop, articulate, and communicate an understanding of the University’s risk landscape, risk profile and mitigation activity effectiveness based on the University’s strategy and its external environment.
Phase 1
Identification
Identify events or key risks based on the internal environment in which the unit operates and the alignment of its objectives with Purdue’s strategic plan
Phase 2
Assessment
Analyze the risk impact and likelihood of identified events based on risk tolerances (heat maps are typically utilized to depict this analysis)
Phase 3
Mitigation
Development of risk mitigation strategies or control activities
Phase 4
Monitoring &
Communication
Identification of successful strategies or course correction opportunities based on information, communication, and monitoring
