What is the mission of ERM?

The Enterprise Risk Management (ERM) office assists the Middlebury community—faculty, staff, and students—in their ongoing endeavors and in their pursuit of new initiatives and opportunities, while limiting risks to the institution and keeping our resources on mission.

Our risk philosophy is to create a risk-aware culture, permitting the institution to ensure an effective means to identify, measure, control, and assign responsibility to manage risks, while encouraging the acceptance of reasonable opportunities.

What is the ERM mitigation process?

The ERM mitigation process is the framework for risk management at Middlebury. The process is the general approach of how Middlebury continues to identify, assess, manage, and monitor risk. Middlebury has developed several tools to help managers assess and prioritize risk: the risk assessment tree, risk registry tool,  risk bowtie tool, etc. The ERM mitigation process is the cornerstone of the ERM office and our training, and is the process to successful risk mitigation, as illustrated in the graphic below:

What is a heat map, and how is it used?

A heat map is a tool that the Enterprise Risk Management office uses to assess the likelihood of occurrence and possible impact of each potential risk.

At Middlebury, our institutional-wide heat map is reviewed annually and is supported with input from senior leaders and managers across the organization. The heat map provides the Enterprise Risk Management office with a better understanding of where to support risk mitigation efforts and where to help manage risk more effectively. Examples of enterprise risk may include risks that are financial, operational, strategic, reputational, and/or safety related.

What is the difference between enterprise risk and departmental risk?

The Enterprise Risk Management office focuses on risks that have impacts or present opportunities across the institution. An example of enterprise risk is financial sustainability. We manage financial sustainability as a risk and as an opportunity on how it impacts the institution (Midd, MIIS, Bread Loaf, Schools Abroad, etc.). Departmental risks are those that are typically identified at the department level and are more effectively managed at the department level where the risk or opportunity resides.

How do I help identify and manage risk?

Everyone at Middlebury is a risk manager. It takes a collective approach to recognize potential risk across the institution. Within every risk there is opportunity, and within every opportunity there is risk. Risk and uncertainty are everywhere. You can help influence the impact of risk across Middlebury by recognizing it, understanding its impact, taking steps to manage risk and opportunity, and knowing who to go to for help. You can learn more about managing risk at Middlebury by reviewing our training and the other resources on the ERM website. If you suspect there is a current unattended risk that needs immediate attention, please contact your manager.

If I see an icy sidewalk, an intoxicated student, improper lab safety conduct, etc., should I contact the ERM office?

The office for Enterprise Risk Management (ERM) is focused on risks that may have a high likelihood and high impact on the institution (Middlebury, MIIS, Bread Loaf, Schools Abroad, etc.). Violations of the Middlebury handbooks, a surprising safety condition, an insurance issue, etc., should be addressed to the appropriate department such as Facilities, Public Safety, the Title IX Office, Business Services, etc. The Middlebury community can also submit anonymous reports to EthicsPoint for issues related to finance, human resources, and workplace safety.

What is a risk bowtie?

The risk bowtie online tutorial allows members of our community to work through a risk assessment (“things that keep you up at night”) to include identification, assessment, management, and monitoring of risks. The ERM office recommends that every department review this online exercise. Departments can reach out to the ERM office for consultation or with questions.

Is it expected that I eliminate every risk in my department?

Across the institution we must assume a certain level of risk in whatever we do, as it is the nature of business and innovation to accept a healthy level of risk. The ERM office does not expect that every risk will be eliminated. Through careful assessment, management, and monitoring, stakeholders will begin to see how some levels of risk can be lowered and, in other instances, how certain levels of risk remain flat. Our community must consider how risks can be minimized while balancing the expectation to meet their goals and objectives.

How do I manage a risk that has a high impact and high likelihood?

We recommend that risks be assessed and discussed within the group where the risk occurs because often that is where the experts reside who can help mitigate the risk. Managers can use ERM assessment tools to help identify a potential risk’s likelihood and impact. If you believe you have identified a risk that cannot be mitigated further and has a high likelihood of occurrence and a high impact, please contact your manager.

Is all risk bad?

No, not all risk is bad. The ERM office looks at risk as both adverse impact and opportunity. There is risk all around us and it is inherent to the work we do and the place where students learn and live. We help mitigate potential risks by putting controls in place to reduce their likelihood and impact. We are also aware that many potential risks have opportunity that helps support our mission. At the end of the day, it is finding the balance between impact and likelihood of risk and its potential opportunity to support our mission.

What is the Board of Trustees Standing Risk Committee?

The Board of Trustees Standing Risk Committee meets three times a year during the Board of Trustees meeting. The chief risk officer is the senior administrative officer (SAO) of the Standing Risk Committee. The committee is responsible for “evaluating, monitoring, and addressing all matters of institutional risk.” For further information, please see our Middlebury Bylaws, Article IV.

What is the Risk Outreach Committee?

Middlebury’s Risk Outreach Committee is led by the chief risk officer and includes the Title IX coordinator, a member of Student Activities and Organizations (Derek Doucet), a member of Business Services (Matt Curran), the ERM outreach specialist (Amy Dale), and a member of the emergency management team (Rick Christoffersen). The Risk Outreach Committee meets monthly to discuss current and potential issues across the institution.

Should I contact the ERM office if I'm planning a special event, new program, or initiative?

The ERM office does not manage the approval of special events; however, when a small program or initiative (e.g., Fund for Innovation) is funded by Middlebury, risks related to travel, food, alcohol, event space, inclusion of minors, ADA compliance, etc., should be given consideration. The risk assessment decision tree can help you understand these risks. We strongly encourage program leads, students, etc., to complete this assessment tool to better understand the potential risks and how they can be addressed.