ÌÇÐÄvlog¾«Æ·

Enterprise Risk Management Appendix

Approver:
Academic Coordinating Committee
Policy Owner:
Associate Vice President, Risk Management
Policy Lead(s):
Manager, Campus Safety
Defining policy:
Effective date:
2022-06-22
Date of last approval:
2022-06-22
Status:
Approved

Elaboration

Accountability 

The accountability for risk management applies to all levels of the organization:

ERM Appendix.jpg

Conestoga Board of Governors: The Board of Governors oversees the overall ERM strategy and performance of Conestoga, including: 

  • Effective monitoring of Conestoga’s ERM framework and program; 
  • Periodic review of the risk management activities of Conestoga; and 
  • Review of the risk report that Conestoga Risk Management Committee (RMC), or other committees bring to the attention of the Board of Governors. 

Conestoga Risk Management Committee (RMC) 

  • The Conestoga Risk Management Committee (RMC) is accountable for advancing risk management practices at The ÌÇÐÄvlog¾«Æ· Institute of Technology and Advanced Learning (Conestoga). This includes implementing an Enterprise Risk Management (ERM) framework and developing a risk aware culture, to effectively establish a strategic approach to risk management at Conestoga. 
  • Please see the RMC Terms of Reference for further detail. 

Three Lines of Defense 

Risk affects operations and strategies at all levels. As the risk landscape becomes more complex and expediates, it is crucial for Conestoga to identify and respond effectively to emerging risks. To enable response and decision making, the Conestoga ERM framework will follow and implement the three lines of defense model. 

Business Units, Management, and Employees (process owners) (First Line of Defense

  • The first line of defense will: 
    • Have the primary responsibility to own and manage risks associated with operational activities; 
    • Ensure that a sound control environment exists in their business unit; 
    • Implement effective policies and procedures to outline controls, roles and responsibilities; 
    • Be fully aware of the risk factors that should be considered in every decision and action; 
    • Be able to execute effective internal control in their business units, as well as the monitoring process and maintaining transparency in the internal control itself. 

Risk Management Group / Corporate Services (Second Line of Defense

  • The second line of defense will: 
    • Support Conestoga in developing processes and tools to identify, assess, manage, monitor and report key risks in a consistent and timely manner. 
    • Develop, implement and manage the ERM policy, plan and framework; 
    • Provide risk management leadership and guidance to assist management in prioritizing, managing and communicating risks across the institution; 
    • Maintain the Enterprise Risk Register with input from the RMC members and applicable internal and external stakeholders; 
    • Keep abreast of factors in the internal and external environments that may affect the achievement of Conestoga’s strategic objectives and/or key performance measures; 

Audit (Third Line of Defense

  • Internal/External Audit is an independent function established to provide assurance to the Board of Governors on the effectiveness of risk management practices at Conestoga. 

Revision Log

‸¾²¹³Ù±ð

‸¾±ð³Ù²¹¾±±ô²õ

​2022-06-08​Academic Forum
​2022-06-22​Academic Coordinating Committee 
Enterprise Risk Management Appendix