Apr. 28, 2025
POSTED IN: ETHICS, COMPLIANCE AND ENTERPRISE RISK > NEWS

Enterprise Risk Management (ERM): Empowering Resilience through Mitigation

Enterprise Risk Management (ERM) is about more than just identifying risks—it's about understanding how they impact our mission and implementing strategies to navigate uncertainty. 

Campus Sunrise

At Rice, we align risk management with strategic priorities and foster collaboration across the university to ensure we remain adaptable and resilient to risks and opportunities.

Rice’s ERM program, managed by the Office of Ethics, Compliance and Enterprise Risk (OECE), provides a structured approach to identifying uncertainties that could negatively—or positively—impact the university’s mission, strategic objectives, operations, and reputation. It helps protect Rice in an increasingly complex world by identifying, assessing, and responding to risks and opportunities before they become issues, or worse, crises. 

The ERM function, established in 2015, continues to mature the way Rice looks at key risks across the university. OECE takes a collaborative approach to risk management through Joint Risk Assessments (JRA), conducted in partnership with Internal Audit (IA). This cycle, we've engaged 150 university leaders, including key administrators and all Deans, to help us identify and evaluate key risks across the university so leadership can have a clear understanding of the most pressing challenges and opportunities we face as a university. 

The insights gained from the JRA process help us:

  • Finalize the university’s top enterprise risks, enabling leadership to prioritize key risks and opportunities; and
  • Support the development of the Internal Audit Plan, ensuring that audits align with areas of highest risk.

Through this process, ERM is not just an abstract concept but a practical tool for proactive risk management and informed decision-making. The results of the FY26 JRAs are displayed below in alphabetical order.
 

erm 1

erm 2

 

The Process:

Each year, the ERM cycle begins with interviews in which stakeholders are asked a simple, colloquial question as a discussion starter: What keeps you up at night? OECE and IA engage university leaders and key administrators across academic and administrative units, including schools, institutes, and centers, to gather qualitative insights on emerging risks facing the university. This data is analyzed to identify the top risks facing the university, which are then assessed by the parameters of likelihood and impact to create the annual Top Enterprise Risk list. To capture a broader range of risk areas, Tier 2 risks are also identified for ongoing monitoring and mitigation by management. Both risk lists are reviewed by the executive leadership before being presented to the Audit Committee of the Board of Trustees, reinforcing a comprehensive approach to risk management.

ERM is not just about mitigating risks—it’s about enabling the university to pursue its academic mission with confidence. By staying ahead of challenges and fostering a culture of risk awareness, Rice can continue to thrive in an increasingly complex environment and remain committed to path-breaking research, unsurpassed teaching, and contribution to the betterment of our world by championing the spirit of inquiry, imagination, and individual action. At OECE, we are committed to empowering a resilient future for the university through a culture of risk awareness.