The Compliance & Enterprise Risk Committee (CERC) serves senior leadership as the working committee charged with identifying, assessing, and monitoring campus risks. It was formed in 2012 to coordinate campus obligations arising from the UC systemwide Ethics and Compliance Program (2008) and Enterprise Risk Program (2012).
Committee members come from each division that represents major administrative functions and/or areas across the campus. They have the subject matter knowledge and authority to speak for their constituency and understand they are accepting their willingness to analyze risk challenges from a campuswide perspective.
CERC’s responsibilities include the following:
- Review the campuswide Compliance Risk Assessment, forward a Compliance Plan recommendation to the Chancellor’s Cabinet, and monitor campus progress on the Cabinet-approved Compliance Plan.
- Review and approve the campus’s annual Compliance Report.
- Review and approve campuswide administrative policies.
- Timely circulate information about emerging risks to one another and to the Chancellor’s Cabinet to support prompt risk mitigation strategies, risk ownership, and effective decision-making.
- Identify, prioritize, and evaluate risks with broad campus impact, using subcommittees as needed to study the risks and make recommendations to the full committee for action.
- Monitor the campus response to prioritized risks using appropriate risk intelligence tools.
The Chief Executive Risk and Compliance Officer (CERCO) chairs the bi-monthly meeting that brings together the core membership to advise and report on compliance and risk areas of high priority as outlined in the annual plan, present best practices guidance and education, and authorize campus policies to support systemwide requirements. The meeting agendas conform to the established schedule that will is published in advance for reviewing in reporting and addressing the key risks identified in the Risk Intelligence platform
Between meetings, members are encouraged to alert the rest of the group to emerging risks, especially those risks that may affect multiple campus constituencies. Approximately one week prior to each full CERC meeting, the chair or her designee will send a survey to all members asking which emerging risks are most relevant to the member’s constituency. The emerging risks designated by the most members will be added to the agenda at the upcoming meeting. Members will decide at the meeting whether to let management handle the emerging risk, create a subcommittee to respond to the risk, recommend further study of the risk by an appropriate campus unit, or table the risk for future consideration.
Membership and Authority
CERC membership comprises of the major functions of the University to assure that enterprise risk management and compliance decision are aligned with the campus overall vision and goals. This collaborative and inclusive model brings the full range or risks forward, helps to develop and champion risk mitigation strategies, and identifies and charges key stakeholders with communicating ownership with each respective area of risk. The composition of the membership is the designee of each Vice Chancellor Office, Campus Counsel, Audit, Human Resources, Police, Athletics, Graduate Education, Students and selected representatives from Office of Ethics, Risks, and Compliance Services (see roster).
To assist the full committee with risk management policies and procedures dealing with risk identification and risk assessment for the principal operational, business, and compliance risks facing the campus, the subcommittee structure has been useful in performing these critical on the ground assessment and action plans. The organizational structure aligns the risk work with the annual compliance plan, policy development, and emergent risks to be assigned to one of the Standing Sub‐Committees, Ad hoc Committees, and or Campus Committees which reports up to the main body of CERC on a periodic basis (see enclosed chart).
Standing Committee (See Roster - Core Membership)
b) Student Risks
c) Investigations & Conduct
d) Ethics & Compliance Training (New)
e) Information Risk Governance
f) Enterprise Risks
Ad Hoc Subcommittees
a) Life Safety Compliance
c) Campus Climate/HR Policies
d) Other Compliance Plan Focus Areas
· January/February - Compliance Risk Assessment
· March/April - Compliance Plan Development and Recommendation to the Chancellor's Cabinet
· May - Review and approve annual compliance report
· Ongoing - Identification of Emerging Risks
· Ongoing - Policy Review and Approval
· Ongoing - Monitoring of Progress on the Compliance Plan
· Ongoing - Receive committee reports, provide feedback, address needs
Chancellor's Cabinet (formerly CARE and CAICFA) Calendar
· September/October - Discuss and Approve Annual Reports and Observations Risk, Audit, and Compliance
· November/December - Approve proposed risk assessment process
· November/December - Confirm campus priorities and strategic goals
· November/December - Identify campus level strategic risk areas
· November/December - Receive annual financial statement report and required communication from the external auditors
· March - Review and discuss the results of the annual risk assessment
· March - Review and approve the draft campus audit plan
· May - Review and approve the final campus audit and compliance plans to be forwarded to the Regents for approval at the July meeting through Ethics, Compliance, and Audit Services at the UC Office of the President
· May - Receive financial statement audit scope and plans from the external auditors
· Ad Hoc - Discuss scope and impact of open and upcoming California State and other significant external audits
· Ongoing - Identify and make provisions to address strategic risks