NYU's Enterprise Risk Management Program

The focus of NYU’s Enterprise Risk Management (ERM) program is to recognize the University’s goals, identify risks to these goals and work toward mitigating and managing these risks while helping the University to grow as an organization.

The ERM program works to identify risks and consequences and their effect on the University community. Within these risks, we then work closely with the risk owners to assess the likelihood of the risks, the time frame of the consequences, the impact it may have on the University and the preparedness toward the risk. Once these are identified, determining an acceptable tolerable level of the risk is important in building a mitigation strategy.

ERM Resources

Determining Risk Criteria

The risk criteria should be defined by an organization and used to evaluate whether or not something is a risk. The criteria should embody the organizations values and objectives and be aimed at the organizations overall goal. When setting criteria for an organization, some can be easily developed from legal and compliance standards, while other criteria may be based on the type of organization for which your program is developed for. The risk management program should develop from an organization’s mission statement. Here at NYU, we are a leading institution of higher education and set high standards for our University community. Our commitment is to creating an environment that is diverse and inclusive, while educating and leading the way in higher education.

What is Risk?

While risk has a variety of meanings, within the realm of insurance and risk management, risk is an uncertainty about an outcome an organization takes, whether that outcome is positive or negative. All activities in an organization involve risk.
Risks can be associated in a variety of categories including:

  • financial
  • political
  • legal
  • health & safety
  • environmental
  • and many more

Risks are also categorized throughout many levels at an organization depending upon their impact. These levels may include organization wide risks, project or process specific risks or strategic risks.

What is Risk Management?

Risk management is a defined set of coordinated activities to direct and control an organization with regard to risk. Risk management can be quickly described in three key steps: identify, analyze and treat. Throughout each step of this process, it is important that risk managers work closely with the risk owners to gather accurate information regarding their risks, to appropriately assess the risk and then ensure that the necessary mitigation is being developed. Identifying risks early on allows for the organization to create mitigation strategies and achieve its goals.

Enterprise Risk Management (ERM) is a coordinated set of processes that enables risks to be identified, analyzed and prioritized to meet the university’s key objectives. Once prioritization is determined, mitigation is developed, implemented and monitored. When a risk becomes fully mitigated, the mitigation plan is updated to reflect the ongoing monitoring plan.

Principles of Risk Management