UVM’s framework for ERM is based on ISO 31000, an international standard published in 2009. The framework provides the foundations and organizational arrangements for designing, implementing, monitoring, reviewing, and continually improving risk management throughout the University.

ERM visual framework


explaination of graphic above -

ERM Context

Institutional Strategy

  • University mission and vision
  • University strategic plan
  • External and internal context

Institutional Governance

  • Commitment, engagement, and sponsorship
  • Roles and responsibility
  • Program oversite and management
  • Risk decisions

Both of the above categories feed into:

ERM Culture(h3)

  • ERM program goals and objectives
  • ERM guiding principles
  • UVM risk philosophy
  • UVM risk tolerance
  • Risk awareness
  • Risk ownership
  • Common language
  • ERM policy and procedures

In our framework, the ERM Context greatly informs the ERM Process:

ERM Process

  • Risk assessment
  • Risk identification
  • Risk evaluation
  • Risk response

All enable

  • Communication, coordination & consultation
  • Change management
  • Education & training
  • Monitoring & reporting
  • Continuous improvement