Overview
Enterprise Risk Management (ERM) is defined by the Committee of Sponsoring Organizations (COSO) as "a process, effected by an entity's board of directors, management and other personnel, applied in strategy-setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives." COSO (pdf) was adopted by the Regents in January 1996. (For additional information on ERM, please visit the Resources section of this site.)
Like organizations within the private sector, the UC system operates in an inherently risky environment. By strategically managing risk, we can reduce the chance of loss, create greater financial stability, and protect our resources so we can continue our mission of supporting teaching, research and public service.
As part of this strategic approach to managing risk, the UC leverages an Enterprise Risk Management Information System, which provides users with a single portal through which they can access and analyze information related to their specific area.
Enterprise Risk Management Information System (ERMIS)
Background
The operational needs of the various UC campuses are different, and so are their needs for defining and classifying data. Business units and divisions across the UC have a need to identify available risk and controls information, acquire it, conduct data analysis, and interpret the results.
The University recognized a need to enable the UC's faculty, staff, and students to identify and manage risks associated with their activities, consistent with the UC's mission of teaching, research, and public service. By strategically managing risk, UC can reduce the chances of loss, create greater financial stability, and protect UC resources.
As a result, the University embarked on the creation of a data warehouse which will serve as the data repository for risk and controls related information. With this vision, and sponsorship from the Office of the President, the Enterprise Risk Management Information System (ERMIS) was implemented.
Objectives
The ERMIS objectives include the following:
- Better quantitative analysis capabilities
- Improved analytical and reporting capabilities
- Support for leading risk governance and compliance processes
- System-wide visibility, with local flexibility
- Scalability without additional burden on UC staff
These capabilities help to lower the overall cost of risk (often times associated with day to day operations) across the institution.
ERMIS Solution Overview
The ERMIS is based on a Cognos web-based Business Intelligence solution, which has been customized by the University to help quantify and track pre-defined key performance indicators (KPIs). Deployed in February 2009, the application has been configured to integrate claims data (losses), corporate data (exposures) and other information sources in an effort to create a centralized data management environment. The Safety Index, Medical Center Dashboard, and Human Capital Index are just the first of many indexes. The UC Irvine Dashboard is the first campus-specific dashboard, and other dashboards are being developed on an ongoing basis. As long as a subject area has data which can be referenced, additional dashboard indexes can be created utilizing this technology.
In addition to referencing selected information from established data warehouses, web-based survey tools are components of the solution, which can be utilized to facilitate data collection and analysis. Component enhancements coming in the near future will include application features to support Governance Risk and Controls (GRC) and the Statement on Auditing Standards (SAS) Number 112/115.
Access and Support
Currently, the Office of Risk Services is able to provide access to ERMIS to additional users, based on requests from the UC Campus or Medical Center representatives. Once users are granted access, the ERMIS will make location-specific data available, in conjunction with enterprise trends based on user privileges. This will facilitate a better understanding and management of the cost of risks across the enterprise.
The Office of Risk Services has created an ERM interest list for future project requests, dashboard and report development activities. Projects added to this list can involve the integration of new and existing data or the customization of the existing ERMIS dashboards to meet the needs of each location respectively.
For additional information, or to obtain a user name and password for the Enterprise Risk Management Information system, please .
ERMIS Conceptual Architecture
Selected subject areas from each source system have been integrated to create the foundation of the ERMIS database. Data extracts are obtained from each source system on an agreed upon scheduled frequency.
The figure below illustrates the various sources of information currently being utilized by ERMIS:
* Corporate Data Warehouse
** National Fire Protection Association
It is important to note that the data reported by the ERMIS solution are not granular in nature. The system is not intended to replace or become a substitute for any of the existing source systems referenced. Rather, the system provides a high level perspective and directional trends which can be further investigated in respective source systems as needed.