Skip to content

Texas Enterprise Risk Management Guidelines

Texas Labor Code, Section 412.011(b)(3) provides that the State Office of Risk Management shall develop, update, and maintain risk management statewide program guidelines and assist state entities in their implementation. The following Texas Enterprise Risk Management (TERM) Guidelines replace and simplify the previous Risk Management for Texas State Agencies (RMTSA) guidelines. The retired RMTSA Guidelines are still available as a resource until they are permanently phased out of use. These new guidelines implement and adhere to the global risk management standards adopted by the International Organization for Standardization (ISO 31000), and distills each chapter into the following four major sections:

  • Context – Risk Factors. Describe the scope, nature, impact of the risk; from inventory identification.  (ISO 31000 nomenclature is “scope, context, criteria”)
  • Approach – Summarize the best practices and how they address the risk; may include +/. (ISO 31000 nomenclature is “risk assessment”
  • Application – Show how it’s done; what to look out for; conditions precedent/exigent; exemplars; steps. (ISO 31000 nomenclature is “risk treatment”)
  • Resources – Include links to resources and tools; internal reference/external links

These guidelines are designed to be straightforward, practical, and adaptable, and will be regularly revised. All entities are strongly encouraged to share feedback and suggestions on the use and modification of the guidelines for the benefit of other entities, the state, and the general public.

The State Office of Risk Management is ready to serve state entities as a resource for any information and technical assistance. For more information or assistance, please contact:

State Office of Risk Management
P.O. Box 13777
Austin, TX 78711-3777
512-475-1440

If you are interested in providing feedback about the TERM Guidelines, please follow the link below to complete the online survey. The survey allows users to select the option to be identified, to be contacted, or to remain anonymous.

By law, some of the information you submit may be considered public record. However, an e-mail address of a member of the public that is provided for the purpose of communicating electronically with SORM is protected by the Texas Public Information Act. If you would like more information about the public or confidential nature of information maintained by SORM, please consult our Open Records Policy.

Texas Enterprise Risk Management Guidelines

FOREWORD

  • The following Texas Enterprise Risk Management Guidelines (TERM) Guidelines replace and simplify the previous Risk Management for Texas State Agencies (RMTSA) guidelines. The new guidelines implement and adhere to the global risk management standards adopted by the International Organization for Standardization (ISO 31000).

    The TERM Guidelines were developed by the State Office of Risk Management through an Advisory Council of participating entities, acknowledged herein. These guidelines provide concise frameworks and processes for enterprise risk management (ERM) and are intended to support users of all levels of ERM, from novice to expert.

    As outlined throughout the guidelines, the framework addresses context, approach, application, and includes supporting resources to organizations with subject matter expertise (CAAR). This simplified framework is intended to convey model techniques for developing a comprehensive risk management program. Where applicable, the accompanying Resource Guide also includes sample templates and checklists.

    These guidelines do not prescribe required actions, but rather encourage consistency in decision-making through a common and interoperable framework. Entities, risks, and enterprise risk management are each constantly evolving. As new risks emerge, or new techniques are developed, these guidelines will be updated to reflect the current best practices of ERM. As a result, this document’s timeliness is reliant on the continued engagement from users. We encourage your feedback and contributions to future development.

    Stephen S. Vollbrecht
    JD, MA, AINS, AIS, ARM, MCP, MEMS
    State Risk Manager for Texas, Executive Director

ACKNOWLEDGEMENTS

Thank you to the participants of the Advisory Council for their valuable input regarding content, language, and formatting. We appreciate the leadership of our participating agencies for prioritizing this project and supporting staff participation, and are grateful to the Board of Directors of the State Office of Risk Management for their continued support, direction, and input to these guidelines.

SECTION A - Enterprise Risk

SECTION B – Risk Transfer

Section C - Risk Retention

Section D - Continuity of Operations

SECTION E – Employee Safety & Health

SECTION F – Hazards

SECTION G – Entity Operations