University of Illinois System

ERM Framework

The ERM framework implemented by the University of Illinois System (University System) is based on the widely employed framework developed by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Modified to incorporate the unique environment at the University System, it defines essential components, suggests a common language, and provides clear direction and guidance for risk management.

ERM Process

All the activities presented here might be performed sequentially or simultaneously, as the need arises, and are augmented by a strong risk culture that promotes the efficacy of these actions.

Diagram with the five actions that make up the ERM Process: Internal Environment and Objective Setting, Event/Risk Identification, Risk assessment and Measurement, Risk Response and Action, and Communication and Monitoring.

ERM Stakeholder Roles

Everyone in the University System has a role in ERM. Leveraging leadership and expertise provides an effective means to engage the right people across the enterprise, including significant participation by the universities.

ERM Stakeholder Roles
Risk Stakeholder Role
Board of Trustees Set tone, approve risk appetite levels
President Provide risk oversight and direction
System Executive Risk Management Council Approve and endorse risk strategy, ensure risks are effectively managed
Chancellors and Senior Leaders Review and implement risk mitigation plans
System & University Work Groups (SMEs) Advise and propose risk mitigation plans
University Audits Provide independent assurance
University Ethics & Compliance Ensure compliance with laws & regulations
ERM Program Coordinate/ facilitate ERM process & reporting
University Units/ Departments Take and manage risks

The System Executive Risk Management Council

The System Executive Risk Management Council (Risk Council), was created in 2016 to approve risk strategy and confirm that key enterprise risks are effectively managed and mitigated. Increasing the focus on risk at the executive levels results in more discussion of risk at all levels. The Risk Council provides a balanced view of risk and emphasizes collaboration among the universities to provide collective impact.
Membership is listed below.

  • Timothy Killeen, President 
  • Nick Jones, Executive Vice President and Vice President for Academic Affairs and chair of Risk Council
  • Paul Ellinger, CFO and Vice President
  • Jay Walsh, Vice President of Economic Development & Innovation
  • Robert Jones, Chancellor UIUC & Vice President
  • Marie Lynn Miranda, Chancellor UIC & Vice President
  • Janet Gooch, Chancellor UIS & Vice President
  • Thomas Bearrows, University Council
  • Adrienne Nazon, Vice President for External Relations and Communications
  • Joda Morton, Associate Director of Enterprise Risk Management
  • Julie Zemaitis, Executive Director of University Audits
  • Donna McNeely, Executive Director of University Ethics and Compliance
  • Joe Barnes, Chief Digital Risk Officer

Why Have Executive Level Risk Discussions?

four icons next to the words, Risk Aware Culture, Collective Impact, Action Agenda, and Reduce Risk.

Comparative Responsibilities


  All University Units Enterprise Risk Management University Office of Risk Management (Insurance Services)      University Ethics and Compliance Office University Audits
SHARED GOAL Support ACHIEVEMENT OF UNIVERSITY OBJECTIVES by reducing the likelihood and impact of material events while facilitating the acceptance of manageable risks.
PURPOSE Own and manage risks with responsibility for loss control and prevention Promote a risk-aware culture by facilitating an integrated and coordinated risk identification, measurement, and management process Protect the university's human, physical and financial assets by coordinating a program of commercial and self-insurance Promote a culture of ethical conduct and committment to compliance with federal, state, and local laws and regulations Provide independent assurance on effectiveness of governance, risk management and internal controls

Last Updated: May 21, 2021