Enterprise Risk Management | Compliance & Ethics

What is Enterprise Risk Management?

Enterprise Risk Management (ERM) is a systematic business that aims to identify potential events that may negatively impact an organization. It focuses on managing or mitigating risks associated with these events, aligning with the organization’s strategic goals. At RIT, we view risk broadly as any event that could affect the university’s competitive position or hinder its ability to achieve its mission, vision, and strategic objectives. Rather than eliminating all risk, RIT strives to be risk-aware and effectively manage the inherent uncertainty in its environment. Through ERM, we identify, understand, assess, and respond to risks while considering the impact on the RIT community, as well as RIT’s reputation, financial position, and overall performance.

The RIT Senior Leadership team oversees ERM for the university. However, all employees play a critical role in identifying and addressing risk at RIT. OCE manages the ERM program and associated processes.

For further details, you can explore our Risk Philosophy and ERM Program Purpose, Goals and Objectives, and Guiding Principles.

Resources and Information

ERM Annual Report & Institute Risk Map

Purple "Person Pointing to Board" icon on a gray background

ERM Program and Risk Assessment Training

ERM Overview Video

Risk Categories + Impact and Likelihood Scales

Yellow "report paper" icon on a gray background

Guide to Risk Assessment & Response

2024 ERM Survey Results

Report an Enterprise Risk

A circular image that shows the six main steps in RIT's ERM Risk Cycle

The ERM Risk Assessment Survey process occurs annually during the spring semester. If a new Enterprise Risk is identified or there are significant changes to a current Enterprise Risk outside of the annual assessment process, please contact OCE at complianceandethics@rit.edu.