Carnegie Mellon University

The Enterprise Risk Management (ERM) department is led by Melanie Lucht, Associate Vice President and Chief Risk Officer. The role of ERM is to provide the governance, framework, and guidance to assist and support campus leadership and stakeholders in identifying events that have the potential to impact the CMU community both positively and negatively, and to manage risks associated with those events.

The goals are to support organizational resiliency with a risk-conscious culture that aligns to the strategic mission and values of the university. This is achieved by enabling the understanding of actual risks and their criticality through the development of effective and efficient mitigation planning, and the proactive identification and management of emerging risks to prevent future issues.

Defining Enterprise Risk Management (ERM)


ERM is a business-continuous process, led by senior leadership, that extends the concepts of risk management and includes:

  • Identifying risks across the entire enterprise;
  • Assessing the impact of risks to the operations and mission;
  • Developing and practicing response of mitigation plans;
  • Monitoring the identified risks, holding the risk owner accountable, and consistently scanning for emerging risks.