Enterprise Risk Management Policy
1.00 Purpose
The purpose of this policy is to establish enterprise-wide risk management oversight for programs and guidelines to help identify risks, perform analyses of the frequency and severity of potential risks, and select the best management techniques to reduce risk and liabilities for the Cal State Monterey Bay campus.
This policy complies with the CSU Risk Management Policy from the Office of the Chancellor.
This policy is deemed to be consistent with the University's commitment to the principles, goals, and ideals described in the Cal State Monterey Bay Founding Vision Statement and to its core values.
2.00 Scope
This policy applies to all programs or activities that are sponsored by Cal State Monterey Bay and/or its Auxiliaries as well as any programs or activities that utilize facilities of Cal State Monterey Bay and/or its Auxiliaries.
3.00 Enterprise Risk Management Program
The Cal State Monterey Bay enterprise risk management program provides guidance on the application of risk management techniques, risk reduction policies and procedures related to: general liability, property, workers' compensation, continuity, environmental health and safety, construction, foreign travel insurance, student professional/field experience insurance, student travel insurance, and other specialty insurance coverages.
Enterprise risk management will deploy appropriate methods of controlling exposure to risks that may adversely impact the university mission. Risk exposure can be minimized by: transferring risk through third-party waivers, hold harmless agreements, through vendor contracting; transferring risk through personal liability, health, travel and life insurance; preventing/controlling risk through training and supervision; and by analyzing the risk in a manner that considers the whole campus organization and not only its individual components.
3.10 Enterprise Risk Manager
Pursuant to the CSU risk management policy, the university President shall designate a university Risk Manager to assist campus administrators in maintaining campus risk management policies and practices that help identify risks, perform analyses of the frequency and severity of potential risks, select the best risk management techniques to manage the risks without unduly curtailing or modifying activities necessary and consistent with the university mission, implement appropriate risk management techniques and staffing standards, and monitor, evaluate, and document results.
The Cal State Monterey Bay Enterprise Risk Manager shall bear primary responsibility for implementation and maintenance of the Risk Management Program. While all personnel at Cal State Monterey Bay have the responsibility of risk management, the Enterprise Risk Manager is the decision-making administrator (MPP) that fills the official role of “Risk Manager” for the campus. To support operational needs other administrative staff may also be assigned to provide risk analysis duties.
3.20 Enterprise Risk Management Workgroup (ERMW)
A workgroup consisting of decision-making administrative personnel are involved in maintaining enterprise-wide risk management policy at the campus. EMRW members are responsible for providing input, assessment, information and coordination of the dissemination of risk management concepts across the campus. The ERMW members advise campus leadership (cabinet) about the full range of risks the University faces.
3.30 Risk Evaluation
The Risk Manager and EMRW will conduct periodic review of the campus risk management related policies and procedures and initiate any changes to ensure compliance with system-wide requirements.
The Risk Manager and EMRW will prepare and submit to the President and Cabinet a report on enterprise-wide risk management issues and results of risk management activities, by August 1st of each year. In compliance with CSU Risk Management policy, a copy of the annual report will be provided to the Office of Systemwide Risk Management.
4.00 Continuous Renewal
This policy shall be reviewed ten years from its original effective date to determine its effectiveness and appropriateness. This policy may be reviewed before that time as necessary.
s/ President Vanya Quiñones
Effective Date: May 30, 2025
Certification of Process
Reviewed by: University Risk Management, Administration & Finance Leadership Team, and President's Cabinet.
Download a signed .pdf version of this policy