Jump to content

Recent events

June 2017 Received consultant outbrief, reviewed risk management process, discussed risk tolerance methodologies, and began analysis of workshop outputs. Analysis to be continued later in the summer.
April 2017 Shared workshop outputs with process owners; verifying accuracy of data collected, identifying opportunities to consolidate or realign redundancies, and to make recommendations for closing risks that have been satisfactorily mitigated.
March 2017 Second round of workshops completed. Interview notes to be summarized and shared with process / risk owners.
January 2017 First round of workshops for 2017 Risk Assessments occurred January 10th – 12th. Second round to be conducted March 7th – 9th.
December 2016 The Audit and Compliance Committee presented synopsis of Risk Mitigation and Management Plans reviewed in November, ERM Steering Committee Charter, and FAQs by VCU Police on Safety to the Board of Visitors.
November 2016 Two Risk Mitigation and Management Plans were reviewed. Monitoring activities and completion of open action items were significant. Final version of the Steering Committee Charter was accepted by members present and will be presented for approval. Project Plan for conducting the 2017 Risk Assessments (surveys) illustrated and acknowledged.
September 2016 During their September meeting, the ERM Steering Committee discussed a draft version of a proposed Charter to formalize the purpose, membership and duties of the Committee. Proposed charter will be edited to include the Committee’s feedback and then reviewed by Senior Leadership before finalizing. Interviews of risk management consultants concluded and the Committee approved the selection of Albert Risk Management Consultants for conducting 2017 Risk Assessments. The Audit and Compliance Committee provided the Board of Visitors with an update on the VCU Police Risk Mitigation and Management Plan.
July 2016 The ERM Steering Committee reviewed and discussed one Risk Mitigation and Management Plan with no additional updates requested. Risk Themes have been migrated to the new ERM software and existing RMM plans will be entered by the end of July. The process of interviewing Risk Management Consultants risk management consultants is underway for the purpose of conducting the next round of risk assessments.
June 2016 The ERM Steering Committee (Committee) reviewed and discussed two Risk Mitigation and Management Plans. A deployment proposal for the newly acquired ERM software was discussed and accepted by the Committee.
May 2016 Progress was made in selecting an ERM software module and submitting for its purchase. Existing staff within Safety and Risk Management will maintain data and access for the new software. Identification of a risk management consultant who could facilitate the risk assessment collection process also occurred.
March 2016 The ERM Steering Committee (Committee) began evaluating automated system opportunities that could further assist in the process of collecting, identifying, and confirming enterprise risks for the university.
January 2016 During their January meeting, the ERM Steering Committee (Committee) reviewed and discussed two Risk Mitigation and Management Plans. The Committee’s member composition was also reviewed to ensure that adequate university representation continues to occur. The Committee’s discussion of the Office of the State Inspector General’s performance review did not reveal any new enterprise or unknown risks. Progress continued to be made in the transitioning of the new Assistant Vice President for Safety and Risk Management to the Committee Chairman role.
December 2015 ERM updates were communicated to the Audit, Integrity, and Compliance Committee.
November 2015 The ERM Steering Committee received status updates on two of the highest ranked Risk Mitigation and Management (RMM Plans). Significant progress in monitoring and mitigating these risks were noted. Additional updates to other RMM Plans will be requested from the risk and process owners. The new position of Assistant Vice President for Safety and Risk Management (also known as the Chief Risk Officer) has been filled.
September 2015 The ERM program status was communicated to the Audit, Integrity, and Compliance Committee. No unknown risks were identified in preparation for the Office of the State Inspector General’s performance review on the university.
August 2015 While all risks are subject to review, the primary focus for the ERM Steering Committee (Committee) will be on the top nine risk themes that were identified during the March 2015 prioritization. (Some risk themes were subdivided based on progress and responsibilities during the ranking and prioritization that was performed by the Committee during March.) The Committee established plans for reviewing mitigation plan updates and pursuing the next risk assessment during the spring of 2016.
July 2015 Due to personnel changes, the ERM Steering Committee (Committee) added four new members. An interim Committee Chairman will assist the Committee until the senior management positions at VCU are filled. Recruitment continued for the position of Assistant Vice President for Safety and Risk Management (also known as the Chief Risk Officer position in other industries).
May 2015 The Audit, Integrity, and Compliance Committee was informed of the ERM Steering Committee’s prioritization performed in March. VCU’s Internal Audit continued to monitor ERM best practices and assisted in leading an ERM panel discussion with University of Virginia and Emory University representatives during the College and University Auditors of Virginia annual conference.
April 2015 The ERM Steering Committee researched and found four other universities with similar profiles (including academic medical centers) that had mature ERM programs. Upon comparison, VCU’s ERM program was determined to be comprehensive and progressive due to the broad number of interviews that were performed, active support by senior management, consideration of strategic impact, identification of industry risks, and use of internet and intranet for communication.
March 2015 The ERM Steering Committee (Committee) summarized the Risk Mitigation and Management (RMM) Plans to one page in order to provide a quick overview of each risk’s status. The Committee prioritized the one page RMM Plans based on impact and likelihood ratings and developed a heat map to illustrate the perceived risk level. The Committee’s comparison to a Journal of Accountancy article on top ten business risks provided positive validation of the inclusiveness of the university’s ERM program’s progress.
Feb. 2015 All fourteen risk themes were reviewed by the ERM Steering Committee, and the second round on-site interviews for the Assistant Vice President for Safety and Risk Management candidates have occurred.
Jan. 2015 The ERM Steering Committee (Committee) continued to receive updates on the RMM Plans. In an effort to provide additional review time by the Committee on the presented risk themes, the Committee extended its meeting time from one to two hours. The Committee increased its focus on the risk scoring methodology in order to assist in differentiating the urgency level for the university and to encourage consistency of use. The Committee’s review of risks and mitigation plans resulted in several inquiries as to possible further evaluation and refocusing of some risks.
Dec. 2014 The ERM Steering Committee (Committee) had received presentations on seven of the fourteen enterprise level RMM Plans. Recruitment for the Assistant Vice President for Safety and Risk Management (also known as the Chief Risk Officer position in other industries) continued. The Committee recognized early successes with risk mitigation in several enterprise risk areas. The results were demonstrated through policy enhancements, process changes, more effective personnel placement, and gaining efficiencies through system replacement.
Nov. 2014 The ERM Steering Committee (Committee) began strengthening their review and monitoring expectations further by developing and discussing specifics relating to the Committee’s responsibilities and evaluating risk rating prioritizations. In addition, RMM Plan presentation expectations continued to be communicated to the associated Risk Owners and Process Owners to further refine the effectiveness of the Committee meetings.
Oct. 2014 The ERM Steering Committee (Committee) continued to receive updates on the RMM Plans. During the Committee meetings, an open dialog was established where Committee members would provide immediate feedback to Risk and/or Process Owners.
Sept. 2014 The ERM Blackboard site was finalized and communicated to those with ERM responsibilities. This site is the primary resource for maintaining the most recent versions of the RMM Plans (and will archive past versions). The ERM Steering Committee began receiving updates from risk owners on the current status of their risk mitigation plans.
Aug. 2014 The ERM Steering Committee held its first meeting, and an ERM overview was provided to its members. Recruitment for the Assistant Vice President for Safety and Risk Management (CRO) began.
July 2014 The ERM Steering Committee members were identified and requested to serve. The ERM Implementation Committee established a Blackboard site to house ERM resources.
June 2014 A meeting was held with the Vice President (VP) of Finance and Administration to discuss the transition of the ERM Implementation Committee to the ERM Steering Committee. This VP will be the ERM Steering Committee Chair. The ERM Implementation Committee Chair was requested to continue to provide support to the Steering Committee until the Assistant Vice President for Safety and Risk Management (i.e. Chief Risk Officer or CRO) position is filled. As part of the transition process, the ERM Implementation Committee finalized edits on the RMM Plans.
May 2014 The Audit, Integrity and Compliance Committee was notified about the ERM Implementation to Steering Committee transition plan and the prioritization of 13 risk themes for review and monitoring by the respective board committees. The plan recommended appointments of a Chief Risk Officer and ERM Steering Committee Chairman. The membership for the ERM Steering Committee members will include administrators with strategic decision making responsibility.
April 2014 The ERM Implementation to Steering Committee transition plan was reviewed by the ERM Implementation Committee and the executive sponsors. The plan was presented to and accepted by the President’s Cabinet. In order to streamline the focus of the ERM program, the ERM Implementation Committee further prioritized and consolidated the 31 risk themes into thirteen for reporting to senior leadership and the Board.
March 2014 A plan was drafted to transition the ERM Implementation Committee to the ERM Steering Committee. The transitioning of this Committee will focus on ensuring that ERM is a sustainable process and incorporated into management practices of the university. The plan included suggested ERM Steering Committee members, responsibilities of key roles, reporting and monitoring functions, identification of future risks and formalization of ERM program through either a policy or charter.
Feb. 2014 The committee continued to follow up with those process owners whose RMM plans had completion date extensions. A status update was prepared for the Audit, Integrity and Compliance Committee meeting scheduled in February; however, due to inclement weather, this update was postponed for discussion until the May meeting.
Jan. 2014 The ERM Implementation Committee requested and reviewed those RMM plans that were completed and identified potential areas of clarification to be addressed by process owners.
Dec. 2013 Due to the complexity or quantity of certain RMM plans, the ERM Implementation Committee granted extensions to process owners on their RMM plan completion.
Nov. 2013 Process owners coordinated and completed risk mitigation and management(RMM) plan templates and reviewed these RMM plans with their risk owners (i.e., vice presidents).
Oct. 2013 Additional trainings were scheduled for individuals that were unable to attend the September sessions. Pre-populated mitigation planning templates were provided to the process owners to assist with the development of the plans and more in-depth vetting of sub-risks within the risk themes. Individual support is available to assist with the development of these plans. Process owners were requested to do a deeper vetting of the sub-risks definition to ensure that sub-risks are accurate and complete.
Sept. 2013 The top 12 risk themes were presented to the Board of Visitors’ Audit, Integrity and Compliance Committee. Risk mitigation and management training was developed by the implementation committee and KPMG. The training was provided to the process owners and a timeline was given for the completion of these plans.
Aug. 2013 An overview of the ERM program was presented to new board members at their orientation and an update on the program was provided to all of the members.
July 2013 The president’s cabinet reviewed the summary of risk themes to finalize wording. The listing was divided into three levels, or tiers, based on impact to the university. The top tier risk themes will be presented to the Board of Visitors for their awareness and future oversight of mitigation plans.
June 2013 The president’s cabinet members were provided with the 33 risk themes. With their guidance, two risks were merged with others, creating 31 risk themes. Those risk themes were vetted with the cabinet. Additionally, the cabinet identified process owners and risks owners. The cabinet members each selected their top 10 risks, and those scores were used to create an initial prioritization listing.
May 2013 A status report was provided to the BOV’s Audit and Compliance Committee members and their inquiries were addressed. The 33 risk themes (including risk descriptions, mitigation to date, process owners and risk owners) were provided to the university's vice presidents for their initial review, additions and suggested edits.
April 2013 KPMG and members of the ERM Implementation Committee conducted 14 follow-up interviews to learn more about current risk mitigation practices or gain clarification about the identified risks.
March 2013 KPMG consolidated the 180 sub-risks into 33 broader risk themes, which were reviewed and approved by the ERM Implementation Committee.
Feb. 2013 KPMG and members of the ERM Implementation Committee conducted additional interviews with senior leadership of the university. In total, the January and February interviews identified 180 discrete sub-risks or concerns. The sub-risks were validated by principal participants of the group interviews. A status report was provided to the BOV’s Audit and Compliance Committee.
Jan. 2013 KPMG and members of the ERM Implementation Committee conducted 12 group interviews with high-level university administrators.
Dec. 2012 ERM Implementation Committee selected KPMG from several RFP responses as a partner consultant to assist with implementing ERM at the university. KPMG will be working with the university primarily in first half of 2013.
Sept. 2012 ERM Implementation Committee met to discuss ERM RFP review and scoring process, RFP presentation discussion and scoring date, on-site vendor presentation dates, monthly committee meeting dates and approval of official ERM Web pages and content on the Office of the President’s website
Aug. 2012 Statement of work developed; request for proposal issued [PDF]; pre-proposal conference held (RFP addenda [PDF])
Aug. 2012 Timeline established
July 2012 Committee conducted additional research with universities that have existing ERM programs
July 2012 Decision by ERM Committee to use outside consultant to assist with designing an ERM framework and resource augmentation (consultant deliverables [PDF])
June 2012 ERM Implementation Committee established to provide oversight, guidance and implementation
May 2012 ERM white paper presented to the Audit and Compliance Committee of the Board of Visitors
Feb.-May 2012 Researched processes and best practices; white paper drafted by VCU staff
Feb. 2012 Discussion of need for ERM program by Audit and Compliance Committee chairman and request for white paper

For a more detailed schedule on the implementation of the program, including specific project deliverables, please see our ERM timeline [PDF].