The UNC Policy Manual
1300.7
Adopted 03/04/16
University Enterprise Risk Management and Compliance
I. Purpose. This policy directs the president to
establish and oversee enterprise risk management and compliance processes for
the University of North Carolina.
II. Definitions. For purposes of this policy:
A.
“Chancellor” means the administrative and executive head of
a constituent institution of the University of North Carolina, as described in
Section 502 of The Code.
B.
“Constituent institution” means one of the 17 degree/diploma-granting
institutions that comprise the University of North Carolina.
C.
“President” means the chief administrative and executive
officer of the University of North Carolina, as described in Section 501 of The Code.
D.
“Senior officer” means an individual who reports to the
president in a senior officer position as designated by the Board of Governors,
and who exercises University-wide responsibilities to assist the president and
the Board of Governors in administering the affairs and executing the policies
of the University of North Carolina.
E. “University” means the University of North Carolina, a
body politic and corporate defined as a single public multi-campus University
composed of 17 diverse constituent institutions and other educational,
research, and public service organizations.
III. Establishment
and Oversight of Enterprise Risk Management and Compliance Processes. The Board of Governors monitors system-wide
risk and compliance through the Committee on Audit, Risk Management and
Compliance (CARMC). The president, with assistance from the chief audit
officer of the University, the senior vice president and general counsel of the
University, and other senior officers and staff, shall establish and oversee University-wide
processes to address enterprise risk management, including risks related to
compliance with laws and ethical standards at the system level, and to
complement and support the risk management and compliance processes and
activities of the constituent institutions.
A.
The system-wide
processes should include components focused on the following:
1.
Developing,
implementing, evaluating, and monitoring a University system-wide enterprise risk
management process;
2.
Promoting
the establishment of and collaboration among the risk management, ethics, and
compliance programs at the constituent institutions;
3.
Advising, assisting,
and supporting the constituent institution risk management and compliance processes,
and providing other advice and counsel for these purposes;
4.
Promoting a
culture that supports board goals for risk management and compliance;
5.
Promoting a
uniform approach to measuring the University resources expended on regulatory compliance;
6.
Supporting
training and educational efforts;
7.
Providing
regular reports to the board’s CARMC;
8.
Referring
matters to the chancellors of the constituent institutions, the president’s
staff, or other University officers, divisions, and units, as appropriate; and
9.
Performing
such other duties as directed by the president.
B.
Subject to the direction of the president, each constituent
institution shall establish an enterprise risk management process that aligns
with the institution’s programs, activities, and management systems and that
supports the institution’s strategic and other goals. The enterprise risk management processes established
at each constituent institution shall include components and appropriate
procedures for:
1.
Identifying risks that impact the constituent institution’s goals;
2.
Developing plans to monitor and mitigate risks;
3.
Providing periodic updates to the chancellor and the board of
trustees; and
4.
Reporting significant enterprise risks to the president and, with
the president’s guidance, to the Board of Governors.
IV. Other
Matters
A.
Effective Date. This policy shall
be effective March 4, 2016, upon adoption by the Board of Governors.
B.
Regulations and Guidelines. This
policy shall be implemented and applied in accordance with such regulations and
guidelines as may be adopted by the president.