• President Fogel approves ERM program and appoints the Vice President for Finance & Administration as UVM’s Chief Risk Officer
  • Board of Trustees Audit Committee forms an ERM Working Group



  • 1st ERM Advisory Committee drafts ERM program, process/timeline, risk assessment tool
  • Board of Trustees calls for external consultant review of ERM implementation plans
  • Consultant Arthur J. Gallagher issues independent report of UVM’s ERM efforts to date
  • President’s Advisory Committee on ERM established
  • Additional ERM research conducted using resources from internal audit, internal control, board governance, and higher education perspectives and review of ERM programs at 29 institutions



  • ERM Advisory Committee Co-Chairs and Deputy Compliance Officer interview senior UVM officials to identify risks and opportunities facing UVM
  • ERM program purpose and goals, guiding principles, framework, roles and responsibilities, and institutional risk philosophy statement approved by Board of Trustees ERM Working Group, Audit Committee, and Committee of the Whole





  • ERM Risk Assessment moves to a biennial cycle.



  • ERM becomes part of the University’s Office of Compliance and Privacy Services with the Director of Compliance Services and Chief Privacy Officer taking over the day-to-day oversight and management of the ERM program.
  • Enterprise Risk Management Advisory Committee (ERMAC) merges with the Operational Compliance and Privacy Committee and changes its name to form the Enterprise Risk Management and Operational Compliance Committee (ERMOCC).



  • The ERM program is given a “re-boot” that includes updated reference materials, an updated Guide to Risk Assessment & Response (PDF) (including assessment scales and heat map) and a biennial project plan.