Enterprise Risk Management

ERM Program

Enterprise risk management, or ERM, is a holistic approach to manage all of an organization’s risks, including operational, financial, hazard, and strategic risk, to meet the organizations objectives. The definition of risk leans away from risk is bad, and has become understood to mean “the effect of uncertainty” on an organization’s objectives.

Syracuse University uses the international standard, ISO 31000 framework, for the foundation of the ERM program. We work with University leadership to continually monitor, identify, assess and mitigate enterprise-wide risks that could impact the Syracuse University community.

ERM Working Group

Syracuse University has an Enterprise Risk Management Working Group, made up of individuals from across campus to help advise, review, and monitor the identified risk areas. The working group helps engage in identifying and assessing risk areas, maintaining risk awareness, and assists in the development of strategies and polices to help mitigate risks. The working group is also a resource for the campus community to learn more about the ERM program at the University.

The ERM program of Syracuse University regularly reports to the Board of Trustees Audit and Risk Committee.

2-Year ERM Cycle

Our program at Syracuse University is a two-year cycle of risk identification and risk assessment. In accordance with best practice, Year 1 is used to reevaluate the current risk environment for the University through input from leadership across the campus community. Year 2 is used to focus on mitigations and addressing any potential gaps identified in Year 1.


For more information contact:

Gretchen Fitzgerald

Email: gmrauch@syr.edu

Phone: 315.443.1437