Governing Policies

UNC System Code, Chapter III, Section 301G (Standing Committee on Audit, Risk Management, and Compliance (CARMC))

States the CARMC shall:

Recommend for approval University-wide policies regarding… enterprise risk management…; and
Take such other actions as are necessary or appropriate to ensure that risks are identified and properly managed.

The CARMC Charter provides the purpose of the CARMC is to act on behalf of the Board to provide structured, systemic oversight of the UNC System’s audit, risk management, and compliance activities. (See July 22, 2020 CARMAC Agenda Item A-3)

Directs the President to establish and oversee enterprise risk management and compliance processes for the University of North Carolina.

Shall establish and oversee University-wide processes to address enterprise risk management, …to complement and support the risk management and compliance processes and activities of the constituent institutions.
Furthermore, each constituent institution shall establish an enterprise risk management process that aligns with the institution’s programs, activities, and management systems and that supports the institution’s strategic and other goals.

The enterprise risk management processes established at each constituent institution shall include components and appropriate procedures for:

Identifying risks that impact the constituent institution’s goals;
Developing plans to monitor and mitigate risks;
Providing periodic updates to the Chancellor and the Board of Trustees; and
Reporting significant enterprise risks to the President and, with the President’s guidance, to the Board of Governors.