Risk (Enterprise)

Maximizing opportunities to achieve the OSU strategic plan is a responsibility for the entire Oregon State University community.

The Office of Audit, Risk, and Compliance (OARC) is charged with overseeing and facilitating the university’s enterprise risk management (ERM) program.  The goal of ERM is to ensure appropriate mitigation strategies are in place over top risks that may impact the university’s ability to meet objectives.  ERM evaluates how we deploy our people, services, tools, and infrastructure to address strategic, operational/safety, compliance, legal, reputational, and financial risks and opportunities present in our environment.

OARC facilitates a coordinated approach to gathering data necessary for evaluation and overseeing the mitigation and monitoring of risks.  The compliance function of OARC informs the ERM process by providing information related to the current compliance risks facing the university.  The audit function of OARC provides the campus executive team, president, and the Executive, Audit and Governance Committee (EAGC) with assurances that controls identified to mitigate risks are functioning as designed and progress toward risk mitigation strategies is taking place.

The Office of General Counsel provides advice to the board, executive leaders, functional leaders, and the Compliance Executive Committee, as well as the audit, risk and compliance offices to help inform the analysis of priorities and university exposures. For information on insurance and risk tools developed by the Department of Finance and Administration, contact the Office of Risk Services.

The OARC engages the board, senior leaders, and unit management annually in a three-phase process to identify areas that may impact the achievement of OSU mission and goals:

  1. Information Gathering – We refresh our understanding of the OSU strategic plans and goals; scan the higher education landscape, examine federal and state agency activity; evaluate current university risk topics and plans
  2. Risk Identification –We reexamine  information and our current university environment to identify the operational, operational/safety, legal, compliance, financial, reputational, and strategic risks that may impede OSU from meeting objectives if not addressed
  3. Remediation and Monitoring – We identify our high-risk areas and create remediation and monitoring programs for the risks that have been identified, assessed, and evaluated

During the ERM discussions, several risk areas may be highlighted, but upon further evaluation, may already have support efforts for mitigation strategy development and monitoring.  Examples of topics that receive ongoing support including financial strategy, enrollment management, student demographic changes, diversity and inclusion, and student success.   

The current OSU enterprise risk priorities are approved by the EAGC of the Board of Trustees. Below are the OSU's current enterprise risk priorities and relevant resources:

Professional Association ERM Resources