Enterprise Risk Management and Regulatory Compliance Policy and Program
Purpose
The purpose of the Enterprise Risk Management (“ERM”) and Regulatory Compliance Policy and Program is twofold. First, it is to strengthen the University’s management of risk through the proactive process of identifying, assessing, evaluating, mitigating and monitoring risk in all University operations and activities. Second, it is to ensure the University’s compliance with all applicable laws, regulations and policies through the proactive process of identifying, describing and assigning responsibility for compliance.
Risk management and regulatory compliance are fundamental responsibilities of University leadership and management. Seton Hall is committed to developing a culture that utilizes the ERM and Regulatory Compliance Program as a means of managing risk and enhancing compliance in all University operations and activities.
This policy is intended to implement the ERM and Regulatory Compliance Program approved by the Board of Regents on December 1, 2011 (BOR.Res.11.1201.01).
Scope
This policy is a University policy and applies to all administrators, faculty and staff.
Definitions
- Risk refers to the probability of a negative event and potential consequences to the
University if the event occurs. Risk is inherent in all academic, administrative and
business activities of the University. Risk may adversely impact the attainment of
the University’s strategic goals and objectives.
- Enterprise Risk Management (ERM) is the consistent, structured and process-driven
tool that enables University leadership and management to identify, assess, evaluate,
mitigate, monitor, prioritize and respond to risk that affects the achievement of
University strategic goals and objectives. ERM enables the ongoing identification
of risks and controls and monitoring of risk levels and trends over time.
- Regulatory Compliance is the process under the University’s ERM Program that assigns responsibility to Seton Hall administrators, faculty and staff for identifying and complying with applicable laws, regulations and policies.
Policy
It is the responsibility of each divisional vice president to identify, assess, evaluate, mitigate, monitor and report risks in their respective divisions utilizing the University’s ERM Program.
As part of an annual top-down risk assessment facilitated by Internal Audit, each divisional vice president defines 3-4 metrics that can be used to monitor and report on current risk levels and trends (i.e., discount rate, selectivity, or crime statistics). A tolerance is established for each risk metric – this is the maximum amount of risk the University is willing to accept in pursuit of its strategic objectives in this area. Then, on a quarterly basis, division management tracks the actual risk levels for the metric against the established tolerance and reports it to the Internal Audit Department. The Internal Audit Department analyzes metrics and identifies any risk trends from previous quarters (increase or decrease in risk levels). Finally, the Internal Audit Department presents a risk dashboard to the Audit Committee of the Board of Regents summarizing risk levels and trends for the period.
It is the responsibility of each divisional vice president to develop a Compliance Calendar listing all applicable federal, state and local laws and regulations for which his/her division is responsible. The template for the Compliance Calendar is included in the Procedures for implementing the ERM Program.
University leadership is required to create an environment where managing risk and ensuring regulatory compliance is the responsibility of each member of the Seton Hall community. The roles of administrators, faculty and staff may range from identifying and reporting risks associated with their job functions and responsibilities, to creating plans to mitigate or manage risks to taking action to comply with applicable law.
Procedures
The Internal Audit Department will develop and maintain documented procedures for implementing the University’s ERM and Regulatory Compliance Program.
Responsible Offices
- Internal Audit
- Office of the President
- Office of the Provost
Approval
Approved
This policy was approved and promulgated by the President on the recommendation of the Executive Cabinet on August 7, 2013. The President is empowered to amend and update the Policy and procedures as necessary. This policy is intended to implement the ERM Program approved by the Board of Regents on December 1, 2011 (BOR. Res. 11.1201.01). The University reserves the right to amend this policy at any time.
Effective Date
August 7th, 2013