UCalgary Campus

Enterprise Risk Management

Assessing our University's Risks

Enterprise Risk Management (ERM) is a coordinated activity that exists to identify, analyze, mitigate, and monitor internal and external risks that threaten institutional, departmental, and/or project goals at the university. Risk is broadly defined to be any obstacle that has the potential to inhibit or prevent the successful achievement of goals or objectives.

Key benefits derived from identifying and managing risks through this framework include: alignment between institutional goals and frontline initiatives, an increase in the likelihood of achieving objectives, provides an effective way to prioritize and allocate resources, an improved ability to identify not only threats, but possible opportunities, and improved governance and controls.

The university's ERM framework is based on the concepts and definitions described in the International Organization for Standardization’s ISO 31000. The framework consists of the standards, objectives, accountability, governance, and policy that support the ERM initiative. A primary principle for ERM is to embed these concepts, processes, and reporting into existing analysis and decision making of the university.

Institutional ERM

Enterprise Risk Management has identified key institutional risks that affect the University of Calgary. These are entity-wide risks that affect all aspects of the university and they are analyzed and discussed regularly at the executive and senior leadership level and annually reported to the Board of Governors and Audit Committee.

The Enterprise Risk Management program assesses the following areas for institutional risks:

  • business environment
  • compliance and standards
  • ethics and values
  • infrastructure
  • funding
  • health, safety, and security
  • information technology
  • policy development and governance
  • student attraction, recruitment, and retention
  • workforce.

The Provost’s Risk program

The Provost’s Risk program focuses on the Academic and Research plans of the university. Using the same concepts and methodology as the Institutional ERM program, this is a comprehensive review and assessment of the goals set out in the Academic and Research Plans that identify critical barriers that specifically challenge our ability to attract, recruit and retain students at the university. This process is iterative and is analyzed and discussed regularly with the Provost and Research teams.


The ERM team provides consulting services to other departments within the university. We help to align prioritization of departmental objectives and projects with the university's Ahead of Tomorrow objectives. Specifically, we scale the ERM Framework accordingly to facilitate better decision making and management of scarce or competing resources. If you would like consultation for a current project, contact jstein@ucalgary.ca.

Frequently Asked Questions

The ERM team does not directly manage the risks at the university. Risk management is a collective effort by everyone from top to bottom. Our approach is to reframe and formalize how the departments and individuals manage risks that impede their ability to obtain our goals. Embedding ERM concepts into existing controls is our focus. 

ISO 31000 has been adopted as the university’s risk management framework. It is a comprehensive standard that expects ERM to be rooted firmly in the culture of an organization.

Contact ERM anytime. Our objective is to support the operational needs of the university. ERM uses the broadest definition of a risk — the effect of uncertainty on an objective where an objective can be institutionally, departmentally, or project focused.