Enterprise Risk Management

The Enterprise Risk Management (ERM) program at Boston University provides a structured, enterprise-wide approach to identifying, assessing, and managing risk. It aims to assist in coordinated and risk-informed decision making, safeguard the University’s reputation, and ultimately strengthen long-term resilience and competitive position.

At a time when the speed, complexity, and impact of risks are increasing at an unprecedented pace, Boston University has reimagined its approach through ERM 2.0. This framework is designed to anticipate and respond to rapidly evolving and emerging risks. By adopting a more agile and forward-looking model, ERM 2.0 sharpens leadership’s focus on the risks that matter most—prioritizing active threats, improving visibility into mitigation efforts, and enabling more informed decisions about where to allocate resources for greater impact in alignment with institutional priorities.

ERM 2.0 introduces several new components to the existing program:

• A clearly defined Risk Appetite Framework that can be used at any level within the organization to determine acceptable risk-taking boundaries
• Active risk prioritization and tracking of Risk Response Strategies of those risks
• Clear accountability by assigning ownership to leaders best positioned to act
• Executive oversight through quarterly meetings of a Risk Committee, with members appointed by the President
• Tools and resources that may be adapted and used within your own schools or departments

Please reach out to Silvia Alberta if you have questions about ERM or if you’d like to learn more about how you can apply ERM techniques within your own unit.