Enterprise Risk Management Policy

Smith College aspires to have a strong risk management culture where employees understand the strategic objectives they support and are encouraged to raise risks to their managers. Cabinet members, risk owners, and partners monitor and manage risk as part of their ordinary day-to-day responsibilities. The college is committed to an Enterprise Risk Management (ERM) program that provides a structured, consistent, and continuous process for identifying, assessing, responding to, and reporting on risks and opportunities that may affect the achievement of the college’s mission, strategy and objectives. The program is designed to leverage existing management processes, reporting and approval channels, and organizational structures, and is linked to strategic planning and budgeting processes.

This Enterprise Risk Management (ERM) Policy is applicable to all of the college’s strategic, academic, and operational activities. This policy establishes minimum standards and expectations regarding risk management activities at the college.

Board of Trustees

1. The Smith College Board of Trustees provides oversight of the ERM program to ensure that management has implemented an effective system to identify, assess, manage, respond to, and monitor risks to the college and its strategic objectives.
2. The Board of Trustees shall guide the strategic approach to risk and approve the college’s risk appetite framework.
3. The Board of Trustees also shall advise on the structure for ERM and understand the most significant institutional risks facing Smith College.

The Audit and Risk Committee of the Board of Trustees

1. The Audit and Risk Committee represents the Board of Trustees in providing oversight of the college’s ERM practices.
2. The Audit and Risk Committee shall:
   1. Work with the committee liaisons to understand and agree on the types, frequency, and format of risk information that the Board of Trustees will review.
   2. Review risk information prior to presentation to the Board of Trustees, including review of the bi-annual risk assessment, and interim status updates to ensure the risk mitigation actions identified in the annual risk assessment are implemented.
   3. Monitor the college’s ERM policies and processes, its overall risk and control environment, and its process for mitigation of risks.
   4. Periodically assess and evaluate risk management policies and processes within their scope of responsibilities.

The President

1. The President leads the establishment of the strategic objectives for the college and ensures management discussions regarding strategy and risk philosophy occur with the Board of Trustees.
2. The President and President’s Cabinet shall be routinely informed of risk information and ERM progress updates submitted to the Audit and Risk Committee.
3. The President ensures that the ERM program has sufficient resources to carry out its responsibilities.

The Executive Vice President for Finance and Administration

1. The Executive Vice President for Finance and Administration is the owner of, and is ultimately responsible for, the ERM program and process.
2. The Executive Vice President for Finance and Administration ensures that the ERM operating model supports institutional risk management and awareness in a manner commensurate with the internal and external risk environment.
3. The Executive Vice President for Finance and Administration or their designee is responsible for working with risk owners and partners on all aspects of the ERM framework and operating model elements.

The President’s Cabinet (ERM Committee)

1. The President’s Cabinet provides a broad management perspective on the college's risks and opportunities and ensures active engagement in ERM at the leadership level.
2. The President’s Cabinet meetings serve as the venue for ERM discussions. The Executive Vice President for Finance and Administration serves as the leader for ERM-related agenda items that are part of the President’s Cabinet meetings.
3. Cabinet members refer any newly identified risk issues or new initiatives that may pose risk to the responsible cabinet member or to ERM for further assessment and development of recommendations as necessary.
4. Cabinet collectively determines the college’s top strategic risks that are shared with the Board of Trustees in bi-annual updates and as-needed.

The Enterprise Risk Management Operational Group

1. The ERM Operational Group is chaired by the ERM lead.
2. The ERM Operational Group shall:
3. Foster a culture of risk management at all levels of the college
4. Mitigate top risks through strategic resource allocation, operations, and community engagement
5. Increase visibility of the most significant risks
6. Identify risk-related connections across functional areas
7. Proactively identify, report, and manage critical risks, including key operational risks and issues that require mitigation
8. Provide a platform for broad discussion and evaluation of risk tolerance
9. Recognize emerging risks, and
10. Convey top risks and mitigation efforts to the appropriate risk owner.

All managers

Each manager shall understand:

1. The requirement to report in a timely manner to senior staff any perceived new or emerging risks and any near misses or operational losses that occur related to their activities
2. The risks relevant to their roles and responsibilities
3. How the Smith College ERM program supports the success of the college
4. Their accountability for risks and mitigation strategies to reduce risks they are responsible for managing, and
5. That risk management is a key part of the college’s culture

Smith College is committed to an ERM program that assists leadership with aligning risk appetite and strategy, identifying and managing cross-departmental risks, enhancing risk response decisions, reducing narrowly avoided accidents and operational losses, and providing integrated responses to multiple risks. ERM serves to enhance the college’s ability to achieve its mission, strategic objectives and its governance requirements to successfully respond to the changes in the financial, operational, and regulatory environments in which the college operates.

Employees at all levels are responsible for documenting and reporting risks according to departmental requirements and, where applicable, the ERM framework and processes.

Violations of college policies are adjudicated according to procedures outlined in the Employee Handbook and Smith College Charters, with disciplinary consequences imposed by the adjudicating authority up to and including dismissal. Some offenses are punishable under state and federal laws.

Procedures for policy adherence:

Departments shall develop and maintain internal procedures relevant to their business processes that support adherence to this policy. All risks, including regulatory compliance risks, should be reviewed at least annually or as needed when operational changes occur. Review and approval of internal procedures by the policy administrator is strongly recommended.