The Enterprise Risk Management Advisory Committee (ERMAC) is authorized in its duties by the President’s Advisory Committee on Enterprise Risk Management (PAC-ERM). The Committee has no executive powers or supervisory functions. Rather, it will function in an advisory role to the PAC-ERM and the Chief Risk Officer on behalf of the entire University.


The ERM Advisory Committee is a standing committee appointed by the PAC-ERM. The Director of Risk Management & Safety and the Senior Strategist for Enterprise Risk & Planning will serve as Co-Chairs. The Deputy General Counsel will serve as the committee’s legal counsel and the Deputy Compliance Officer and the Office of Audit Services’ Lead Auditor will serve as consultants. Remaining members will be appointed based on knowledge of the University’s key risk areas (strategic, financial, compliance, operational, human capital, safety/legal liability, and reputational), a balance of academic and administrative perspectives, and leadership roles with the University.

Members (Voting)

  • Director of Compliance Services and Chief Privacy Officer (Tri-Chair)
  • Director of Risk Management & Safety (Tri-Chair)
  • Chief Risk Officer (Tri-Chair)
  • Director, Physical Plant
  • University Controller
  • Director, University Communications
  • Senior Associate Dean for Finance & HR, College of Medicine
  • Associate Dean for Student Affairs
  • Executive Director for Research Administration
  • Director, International Education Services
  • Associate Chief Human Resource Officer
  • Assistant Provost and Chief of Staff
  • Associate Chief Information Officer

Consultants (non-voting)

  • Chief Internal Auditor

Committee Counsel (non-voting)

  • Deputy General Counsel



The Committee will meet at least quarterly and more frequently if deemed necessary, especially during program implementation. The Committee may form sub-committees to facilitate its work. Non-members may be invited to attend Committee meetings.

Roles and Responsibilites

With direction from and approval of the PAC-ERM and the Chief Risk Officer, the ERMAC will:

  • Support and advise the PAC-ERM and CRO.
  • Identify risks and opportunities, using a variety of appropriate techniques (e.g., interviews of senior management, SWOT analysis, brainstorming, etc.).
  • Review and validate or revise selected risk assessments prepared by ERM support staff, department heads, responsible officials, the Department of Risk Management, or others.
  • Prepare annually for review by the PAC-ERM a University risk register that includes an assessment of the risks’ and opportunities’ impact and likelihood.
  • Prepare annually for review by the PAC-ERM an institutional risk portfolio of risks and opportunities having the greatest potential impact on the University’s objectives.
  • Prepare and submit to the PAC-ERM a draft ERM annual report.
  • Assess and develop recommendations for newly identified risks, opportunities, or initiatives as requested by the PAC-ERM.
  • Assist in developing risk response plans and monitoring risk responses, and advise responsible officials.
  • Act as a technical resource of subject matter experts, participating in education, training, communication, and awareness building of ERM at UVM.
  • Assist in the development and maintenance of the University’s ERM procedures and protocols (“ERM User’s Guide”).
  • Assist in addressing functional, cultural, and departmental barriers to managing risks.