ºÚÁϲ»´òìÈ

Accountability 

The accountability for risk management applies to all levels of the organization:

ºÚÁϲ»´òìÈ Board of Governors: The Board of Governors oversees the overall ERM strategy and performance of ºÚÁϲ»´òìÈ, including: 

• Effective monitoring of ºÚÁϲ»´òìÈ’s ERM framework and program; 
• Periodic review of the risk management activities of ºÚÁϲ»´òìÈ; and 
• Review of the risk report that ºÚÁϲ»´òìÈ Risk Management Committee (RMC), or other committees bring to the attention of the Board of Governors. 

ºÚÁϲ»´òìÈ Risk Management Committee (RMC) 

• The ºÚÁϲ»´òìÈ Risk Management Committee (RMC) is accountable for advancing risk management practices at The ºÚÁϲ»´òìÈ Institute of Technology and Advanced Learning (ºÚÁϲ»´òìÈ). This includes implementing an Enterprise Risk Management (ERM) framework and developing a risk aware culture, to effectively establish a strategic approach to risk management at ºÚÁϲ»´òìÈ. 
• Please see the RMC Terms of Reference for further detail. 

Three Lines of Defense 

Risk affects operations and strategies at all levels. As the risk landscape becomes more complex and expediates, it is crucial for ºÚÁϲ»´òìÈ to identify and respond effectively to emerging risks. To enable response and decision making, the ºÚÁϲ»´òìÈ ERM framework will follow and implement the three lines of defense model. 

Business Units, Management, and Employees (process owners) (First Line of Defense) 

• The first line of defense will: 
• Have the primary responsibility to own and manage risks associated with operational activities; 
• Ensure that a sound control environment exists in their business unit; 
• Implement effective policies and procedures to outline controls, roles and responsibilities; 
• Be fully aware of the risk factors that should be considered in every decision and action; 
• Be able to execute effective internal control in their business units, as well as the monitoring process and maintaining transparency in the internal control itself. 

Risk Management Group / Corporate Services (Second Line of Defense) 

• The second line of defense will: 
• Support ºÚÁϲ»´òìÈ in developing processes and tools to identify, assess, manage, monitor and report key risks in a consistent and timely manner. 
• Develop, implement and manage the ERM policy, plan and framework; 
• Provide risk management leadership and guidance to assist management in prioritizing, managing and communicating risks across the institution; 
• Maintain the Enterprise Risk Register with input from the RMC members and applicable internal and external stakeholders; 
• Keep abreast of factors in the internal and external environments that may affect the achievement of ºÚÁϲ»´òìÈ’s strategic objectives and/or key performance measures; 

Audit (Third Line of Defense) 

• Internal/External Audit is an independent function established to provide assurance to the Board of Governors on the effectiveness of risk management practices at ºÚÁϲ»´òìÈ.