1. Home
  2. Enterprise Risk Management
  3. Annual Risk Assessment

Annual Risk Assessment

Risk Assessment Process

Annually, we perform a campus wide risk assessment, with the support of Internal Audit and the University’s Compliance Program. We embraces a holistic strategy for risk identification, utilizing a multitude of methods such as interviews, surveys, incident reports, and thorough analyses of industry trends. Stakeholder participation is vital in this endeavor. By assessing each risk according to its potential impact, likelihood of occurrence, and readiness for mitigation, we lay a robust groundwork for effectively prioritizing risks. Additionally, the annual risk assessment helps Compliance identify vulnerabilities in compliance functions across the organization.

Our Internal Audit (IA) team uses data-driven analytics to precisely rank the identified risks. After gathering data, the IA team works closely with the university leadership to validate these risks. This collaboration results in a final prioritized assortment of the university's most critical risks, informed by insights from leadership, industry knowledge, historical incident data, and existing control. 

This prioritized list guides our Enterprise Risk Management (ERM) and Internal Audit (IA) work plans and is presented to the Audit Committee. This ensures that strategic decisions are made to protect and advance the university's mission. By prioritizing risk management, we are dedicated to creating a secure and supportive environment for our academic and community initiatives.

The University’s Risk Management Framework consists of the following steps:

  • Risk Identification: Risks are identified through interviews, surveys, reported incidents, and consideration of top industry risks.
  • Risk Assessment (Risk Perception): Risks are rated by stakeholders across the university based on impact, probability, and maturity of mitigation preparedness. These identified risks, along with Key Performance Indicators (KPIs) and industry risks, are used for as risk inputs to understand the top perceived risks. The IA team uses analytics and dashboarding to evaluate and rank the identified risks.
  • Risk Assessment (Risk Validation): After gathering data, IA meets with university leadership in key risk areas to validate risks identified by university stakeholders.
  • Result (Top University Risks): Utilizing perceived risks, validation input from leaders, industry knowledge, incident data, and the current state of controls and management preparedness, the refreshed list of the top University risks is then used to inform the ERM and IA workplan and be presented to the Audit Committee.