Enterprise Risk Management | Compliance & Ethics

What is Enterprise Risk Management?

Enterprise Risk Management is a structured approach to identifying, assessing, and managing risks that could impact an organization’s ability to achieve its mission and strategic goals. At RIT, risk is broadly defined as any event that may affect the university's competitive position or hinder progress toward our mission, vision, and objectives. Rather than eliminating all risk, RIT strives to be risk-aware and effectively manage uncertainty. Through ERM, we identify, evaluate, and respond to risks while considering their impact on the RIT community, reputation, finances, and overall performance.

While ERM is overseen by the university's senior leadership and managed by the Office of Compliance & Ethics, every employee plays a critical role in identifying and addressing risk.

For further details, you can explore our Risk Philosophy and ERM Program Purpose, Goals and Objectives, and Guiding Principles.

Resources and Information

ERM Annual Report & Institute Risk Map

Purple "Person Pointing to Board" icon on a gray background

ERM Program and Risk Assessment Training

ERM Overview Video

Risk Categories + Impact and Likelihood Scales

Yellow "report paper" icon on a gray background

Guide to Risk Assessment & Response

2025 ERM Survey Results

Report an Enterprise Risk

A circular image that shows the six main steps in RIT's ERM Risk Cycle

The ERM Risk Assessment Survey is conducted annually during the spring semester as part of the university's ongoing Enterprise Risk Management Program. Because ERM is continuous, if a new enterprise risk emerges or significant changes occur outside the annual cycle, contact the OCE at complianceandethics@rit.edu.