Enterprise Risk Management in an Academic Health System: The National University Health System Case Study

Background: Academic Health Systems (AHSs) operate in complex environments where clinical, academic, and research functions intersect, creating interdependent risks that conventional governance models cannot fully address. Enterprise Risk Management (ERM) provides a structured approach to navigating these risks, yet limited studies describe its implementation within AHSs.

Approach: NUHS implemented the OneNUHS ERM Framework, built on two complementary pillars of system and culture. The system pillar focused on establishing governance structures, standardised risk assessment processes while the culture pillar emphasised cultivating a risk-awareness through leadership visibility, capability building, and sustained risk communication.

Outcomes: NUHS maintained a stable enterprise risk profile alongside a steady improvement in audit outcomes, with increasing proportions of reports achieving “Satisfactory” and “Good” ratings. Engagement from the first line of defence strengthened over time, reflecting a shift from a “push” model of risk management to a “pull” mindset where operational teams actively sought risk insights. Insights generated through ERM activities also supported broader organisational improvements, including process optimisation.

Implications: The NUHS experience demonstrates that effective and sustainable ERM requires deliberate alignment between systems and people. Health systems seeking to strengthen ERM should embed risk management as an organisational practice that supports both governance and enterprise value creation.