What is risk?
A risk is any event or action that adversely impacts the University’s ability to achieve its objectives. For the purposes of ERM, risk can be found in six categories:
- Strategic – events that affect the University’s ability to achieve its goals and objectives, including competitive and market factors.
- Compliance – events that effect compliance with laws and regulation, including safety and environmental issues, litigation, and conflicts of interest.
- Operational – events that affect ongoing management processes and procedures.
- Technological - events that affect the electronic information flow and communications, including electronic commerce, storage, disaster recovery, interfaces, development cycle, etc.
- Financial – events that affect profitability and efficiency, including loss of assets, and technology risks.
- Reputational – events that affect the reputation and public perception of the University, including political issues and negative occurrences on-campus.
During the assessment process, risks are ranked on a scale of high, medium, or low as to their impact on the organization and their probability of occurrence.
The impact of a risk is defined by the outcome and consequences should an event occur. The definition varies somewhat for each organizational area according to its individual risk appetite, but traditionally falls within the following guidelines:
- High – consequence include termination of business area or program, significant injury or loss of life, termination of funding, significant financial loss/cost (including legal liability), and criminal penalties.
- Medium – consequences include inefficiencies and extra workloads, fines, minor injuries or property loss.
- Low – consequences have little or no effect on the organization; include warnings and/or reprimands with no other actions taken.
The scale for determining the probability or likelihood that an event will occur are defined as:
- High – happens frequently, occurs often, and is common or predictable.
- Medium – happens infrequently, sometimes occurs, or is unpredictable.
- Low – seldom happens, infrequent, rare, or has not happened before.