大学政策3016

弗吉尼亚法典第23条.第1-1301条，经修正, grants authority to the 参观委员会 to make 规则 and policies concerning the institution. 第七节.第01(a)(6)条 访客委员会章程 授权校长执行董事会与大学运作有关的政策及程序.

Agency Risk Management and Internal Control Standards, published by the Commonwealth Office of the Comptroller, 建立基于目标和原则的赞助组织委员会(COSO)，以促进联邦机构风险管理和内部控制标准的实施.

附属机构及附属机构 -那些通过运营协议为大学利益而建立的独立实体，包括但不限于基金会, 社区发展公司, 及校友会.

法规遵循需求 -联邦和州法律, 规则, 规定, standards and institutional policies and procedures that 大学的员工, 学生, 志愿者, and 供应商 are expected to be aware of and in compliance with.

合规风险 - The organization's potential exposure to legal penalties, 金融没收, and material loss resulting from its failure to act in accordance with industry laws and 规定, 内部政策或规定的最佳实践.

企业层面风险 -需要识别和评估可能影响战略业务目标实现的风险.

企业风险管理(ERM) -承诺将风险管理作为实体运营的一个组成部分，以最大限度地利用机会，最大限度地减少实体使命的挫折, 策略, 和目标.

金融风险 - The risk potential for losing money on an investment or having a negative business outcome.

Enterprise Risk Management Registry (ERM Risk Registry) - A database of ERM requirements that includes a description of the risk, 副总裁责任区, 负责办公室, 负责职位编号及职衔, 风险评级, 以及风险的状态.

管治及文化风险 - The risk created when there is misalignment between an organization's values and leader actions, 员工的行为, 或者组织系统.

风险管理办公室(ORM) - The unit responsible for Environmental 健康与安全.

操作风险 - The risk of loss from ineffective or failed internal 流程, 人, 系统, or external events that can disrupt the flow of business operations.

声誉风险 - The risk that develops when the 期望s of stakeholders - such as customers, 员工, 第三方供应商, 投资者, 捐助者, 校友, and regulatory bodies - are higher than the reality of what the business delivers.

风险咨询委员会(RAC) - A University-wide group made up of key individuals knowledgeable of ERM issues, whose chair is the Vice 总统 for 政府 and Finance, 或被任命者.

风险偏好 - The amount of risk, on a broad level, an entity is willing to accept in pursuit of value. It reflects the entity's risk management philosophy, and 反过来 influences the entity's culture and operating style.

风险承受能力 - The acceptable level of variation relative to achievement of a specific objective, and often is best measured in the same units as those used to measure the related objective. 在设定风险承受能力方面, 管理层考虑相关目标的相对重要性，并使风险承受能力与风险偏好保持一致. Operating within risk tolerances helps ensure that the entity remains within its risk appetite and, 反过来, 该实体将实现其目标.

战略风险 - The internal and external events that may make it difficult, 甚至不可能, for an organization to achieve its objectives and strategic goals. These risks can have severe consequences that impact organizations in the long term.

供应商 - Those individuals and entities who have a relationship with the University by virtue of a contract.

志愿者 - Those individuals who perform services in support of the University's 任务 without promise, 期望, or receipt of compensation for services rendered.

This policy applies to all 员工, 学生, 志愿者, and 供应商. 员工包括所有员工, 管理员, 教师, 全职或兼职, and classified or non-classified persons paid by the University. Students include all persons admitted to the University who have not completed a program of study for which they were enrolled; student status continues whether the University's programs are in session. 志愿者 include individuals who perform services in support of the University's 任务 without promise, 期望, or receipt of compensation for services rendered.

企业风险管理(ERM) deals with compliance risks, 治理和文化风险, 金融风险, 操作风险, 声誉风险, 以及大学面临的战略风险. 评估合规风险, 监控, 并由风险管理办公室负责合规官报告，并应遵循修改后的 用于ERM遵从性的COSO框架模型. 文化, 金融, 操作, 声誉, 并对战略风险进行评估, 监控, and reported on by the responsible risk analyst and shall follow a modified version of the COSO企业风险管理框架. ERM合规和ERM风险工作人员向行政和财务副总裁组织内的风险管理办公室(ORM)报告.

这项政策概述了大学在致力于培养一种坚持ERM原则以进行识别的制度文化方面的责任, 评估, 缓解, 监控, and reporting on enterprise-level risk to senior leadership and the 参观委员会. University ERM is a shared responsibility among all 员工, 学生, 志愿者, 供应商, 以及风险咨询委员会, 下面描述了谁的职责.

1. 副总统 are responsible for promoting ERM awareness and responsibilities within their respective organizations; maintaining a current inventory of all enterprise-level risks; developing 缓解 requirements for units within their organizations; and developing programs, 流程, and controls to ensure ERM requirements are being met.

2. 大学的员工, 学生, 志愿者, 供应商也有责任认识到风险环境中的任何变化，这些变化可能会影响到这些责任, 在适用情况下, 与大学其他受影响的单位合作，以确保满足整个大学的要求.

3. 风险谘询委员会的职责是提高大学学术及行政单位对风险管理的认识. 这些职责包括:

   1. Promoting effective communication and collaboration among those responsible for ERM;

   2. Monitoring emerging enterprise-level risk trends and disseminating information as needed;

   3. Serving as a resource in developing or improving ERM-related 流程;

   4. Working with the University's Policy 审查 Committee to incorporate into policies any required ERM practices and procedures; and

   5. 就大学ERM成功所需的资源或行动向高级管理层提出建议.

4. 负责行政和财务的副总裁(或其指定人)将主持风险咨询委员会(RAC)，并与其他副总裁协商任命委员会成员. 主席在履行本政策所概述的职责时，决定理事会会议的范围和频率. RAC应至少每季度召开一次会议.

5. 副总统, 与ORM一起工作, will develop and maintain an inventory of all enterprise-level risks for the units within their organizations. 该清单应包括负责每个企业级风险和任何相关报告要求的员工的职位编号和头衔. The risk inventories will be submitted to the RAC at the Chair's request, and as risks are identified for addition or removal. 副总裁提交的风险清单将用于更新RAC维护的ERM风险登记册. 副总裁应确保那些被确定为负责满足ERM要求的员工的职位描述将ERM作为核心责任，并在年度评估过程中进行评估. 每年一次，由RAC决定, 与ORM工作人员一起工作的副总裁将提交一份年度状态报告，内容是确定影响其组织内战略目标实现的企业级风险.

6. 负责行政和财务的副总裁(或其指定人员)将定期向访客理事会行政和财务委员会报告风险咨询委员会的活动.

7. RAC主席应根据需要将发展中的企业级风险问题提交RAC，以分析其对大学战略计划的潜在影响, 任务, 和视觉.

8. 访问委员会的行政及财务委员会负责确定大学的风险偏好和风险承受能力，并在委员会认为有必要时向全体董事会提出与风险管理机制有关的建议.

9. ERM风险评估指南, 基于E节中描述的COSO模型, shall be developed by the Risk Advisory Council documenting the ERM framework to address compliance, 管治及文化, 金融, 操作, 声誉, 战略风险.

10. 大学企业风险分析师/官员应协助企业风险管理执行主任执行本政策.

Applicable records must be retained and then destroyed in accordance with the 联邦记录保留时间表.

Executive Director for Enterprise Risk Management

高校企业风险管理网站

Policy #1003 University Responsibility for Compliance

Policy #6023 Policy for the Use of Non-研究 Related 志愿者