Enterprise Risk Management
The purpose of risk analysis is to develop an understanding of the risk or opportunity in order to inform evaluation and decision of whether a response is required.
Risks and opportunities are analyzed in terms of their overall risk category (see table below); their potential impact, were the event to occur; the estimated likelihood of the event’s occurrence; and whether the issue overall presents more risk or more opportunity to the institution.
UVM rates the potential impact of a risk or opportunity on a scale of 1 to 6, with 6 being the most severe. Likelihood is rated on a scale of 1 to 3, with 3 being the most likely. The impact and likelihood scores are multiplied to produce an initial risk score for each risk or opportunity. For example, a risk with an estimated impact of 3-Substantial and an estimated likelihood of 2-Medium would receive an initial risk score of 6. UVM's impact and likelihood rating scales are available in the Guide to Risk Assessment & Response.
UVM's Risk Categories
|Compliance & Privacy||Risks or opportunities related to violations of
federal, state or local
law, regulation, or University policy, that creates exposure to fines,
penalties, lawsuits, reduced future funding, imposed compliance
settlements, agency scrutiny, injury, etc.
|Financial||Risks or opportunities related to physical assets or financial resources, such as: tuition, government support, gifts, research funding, endowment, budget, accounting and reporting, investments, credit rating, fraud, cash management, insurance, audit, financial exigency plan, long-term debt, deferred maintenance|
|Hazard, Safety, or Legal Liability||Risks or opportunities related to legal liability (negligence), injury, damage, or health and safety of the campus population or the environment, including impacts caused by accidental or unintentional acts, errors or omissions, and external events such as natural disasters.|
|Human Capital||Risks or opportunities related to investing in, maintaining, and supporting a quality workforce, such as: recruitment, retention, morale, compensation & benefits, change management, workforce knowledge, skills, and abilities, unionization, employment practices|
|Operational||Risks or opportunities related to management of day-to-day University programs, processes, activities, and facilities, and the effective, efficient, and prudent use of the University’s resources|
|Strategic||Impacts related to UVM's ability to achieve its strategic goals and objectives, including competitive market risks, and risks related to mission, mission, values, strategic goals; diversity; academic quality; research; student experience; business model; market positioning; enrollment management; ethical conduct; accreditation|
*Note: UVM recognizes that many institutions of higher education use another category: “reputational risk.” In UVM’s view, however, a significant event in any of the above risk categories has the potential to impact the institution’s reputation. UVM therefore does not classify reputational risks separately, and instead considers reputational impacts in assessing impact.
Last modified June 20 2012 12:44 PM