Supplemental Information Print this PDF

Name: Enterprise Risk Management Policy
Responsible Office: Information Technology

Applies to: (examples; Faculty,Staff, Students, etc)

Faculty , Staff

Policy Overview:

Issued: 11-01-2016
Next Review Date: 06-01-2024
Frequency of Reviews: Every 2 years

Updated 04-12-2023

The Board of Trustees of University of Health Sciences & Pharmacy in St. Louis (“UHSP” or “University”) has adopted a Risk Appetite Statement to guide the University in making decisions regarding acceptable levels of risk in pursuit of achieving the University’s strategic direction and objectives under the umbrella of its overarching mission.  

This Enterprise Risk Management Policy establishes the Enterprise Risk Management Committee (“ERMC”) and the procedures intended to identify, communicate, rate and prioritize material risks across the entire University. Together, the Risk Appetite Statement and the Enterprise Risk Management Policy create a framework to guide the University’s risk management activities.

This policy applies to all members of the University Leadership Team and employees assigned to or delegated responsibility for managing specific risks.



Annual Enterprise Risk Assessment:  A comprehensive report that identifies and prioritizes the University’s top enterprise risks.

Enterprise Risk Management:  A continuous, proactive and systematic process to understand, manage, mitigate and communicate risk from an organization-wide perspective. It is about making strategic decisions that contribute to the achievement of the University’s overall mission and strategic objectives.

Enterprise Risk Management Committee:  A committee that is responsible for implementation of the University’s Enterprise Risk Management Policy and program consisting of: 

  • the Chair of the ERMC;
  • the Vice President of Finance and Chief Financial Officer;
  • the Vice President of Operations;
  • the General Counsel and Chief Compliance Officer; and,
  • Such other representatives who may from time-to-time be appointed by the President or members of the ERMC.

Risk:  The effect of uncertainty on objectives expressed as the likelihood and impact of an event with the potential to affect achievement of the University’s objectives.

Risk Champions(s):  University personnel assigned primary responsibility for effectively managing specific risks.

Risk Appetite:  The amount of risk, on a broad level, the University is willing to accept or tolerate in the pursuit of its mission and strategic objectives.


The ERMC will conduct an annual assessment to identify, understand and effectively manage key Risks, consistent with the UHSP Risk Appetite Statement. This will allow UHSP to support the responsible assumption of risk in pursuit of its mission and strategic objectives. The ERMC is responsible for communicating the results of the Annual Enterprise Risk Assessment to the Audit Committee of the Board of Trustees, the President, and senior administrators (or designees) responsible for operating units or school level leadership responsibilities. Accountability for managing Risks will be achieved by assigning Risks to University Leadership Team Members and Risk Champions for the development of effective risk mitigation plans approved by the ERMC, and through effective reporting to the University Leadership Team and the Audit Committee of the Board of Trustees.


Risk Assessment

The ERMC will coordinate the Annual Enterprise Risk Assessment and development of risk mitigation strategies with the University Leadership Team and such other administrators deemed appropriate based on the specific risk(s).

Rating and Prioritization of Risks

The University Leadership Team and Risk Champions will be asked to evaluate, prioritize and develop risk mitigation plans for each Risk taking into account the “Likelihood” and “Impact” of each Risk and the level of preparedness (e.g. insurance, training, controls) using the criteria approved by the ERMC. The ERMC will submit an annual list of top Risks for approval by the Audit Committee of the Board of Trustees and the University Leadership Team.

Monitoring and Reporting

The ERMC will prepare an annual report for the President that includes a summary of the key Risks, the designated Risk Champions and status of the Risk Champion’s risk mitigation plan. This report will also be updated whenever a significant, new Risk is identified. The ERMC will monitor Risks by obtaining an annual status update from the Risk Champions prior to the commencement of the annual budget cycle. The ERMC, the President and the University Leadership Team will develop an Enterprise Risk Management Scorecard to monitor the risks identified in the Annual Enterprise Risk Management Assessment.  The ERMC will take appropriate steps to communicate the annual Risk report to the Audit Committee of the Board of Trustees.



ERMC:  The ERMC is responsible for coordinating and overseeing the activities required under the Enterprise Risk Management Policy.

General Counsel/Chief Compliance Officer:  The General Counsel/Chief Compliance Officer will provide legal advice, education and training.

University Leadership Team:  Each member of the University Leadership Team is tasked with overseeing their respective areas to effectively manage Risk and administer this policy. Additionally, each University Leadership Team member, Risk Champion and other designated personnel will be charged with initiating required education and training with respect to particular Risks identified for their areas of responsibility. 

President:  The President oversees the ERMC and has ultimate responsibility for prioritization of Risks, assignment of resources, determining Risk Tolerance, and communicating information regarding the University’s Annual Enterprise Risk Management Report and program to the Board of Trustees.

Risk Champions:  Individuals identified will be assigned critical Risk management responsibilities. University Leadership Team members are primarily responsible for enterprise risk management administration for their respective areas. 

Policy Contacts:


Contact Information

Vice President Operations

 Vice President Finance & CFO

Kenneth Fleischmann, JD, General Counsel