Current Structure and Framework
Northwestern’s current ERM framework, initiated in 2016 and refined in 2018, balances leadership awareness of risk with operational ownership of risk by individuals and units. The governance for Northwestern’s ERM program ultimately falls under the Audit, Risk and Compliance (ARC) Committee of the Board of Trustees. The ARC receives regular updates on ERM activities, as well as specific presentations on strategic risk topics.
ERM Sponsorship Group
Consisting of the President, Provost and Senior Vice President for Business and Finance, the Sponsorship Group internally champions the ERM process as essential to informed decision making. Annually, the Group provides insight on the key risks to, and created by, Northwestern’s strategic plan, and approves the ERM, Compliance and Internal Audit plan for the upcoming fiscal year.
ERM and Compliance Leadership Team
Comprised of a select group of University Vice Presidents and Deans, the Leadership Team plays an essential role in the ERM framework. The Leadership Team meets four times annually, to review the landscape and mitigation plans associated with certain identified enterprise-level risks, and also sets the topics for risk work-groups that operate over the course of the year. The Leadership Team completes an annual prioritization of key risks, and recommends the annual ERM plan to the Sponsorship Group. Importantly, this Team also recommends resource allocation needs, and outlines where appropriate levels of residual risk may exist.
Risk and Compliance Committee (RCC)
The broadest of the three ERM committees, the Risk and Compliance Committee brings together the functional operational leads from units playing key roles in managing risk or compliance issues. Members of the RCC also include the Associate Deans and chief operating officers from key units and schools across campus. The Committee meets to share best practices about managing risk and compliance, and identifies emerging or changing risks that leadership needs to be aware of. Members from the RCC present to the Leadership Team on their relevant risk and compliance topics, and come together to form risk work-groups throughout the year.