Services

Enterprise Risk Management

Enterprise Risk Management (ERM) aims to build collaborative relationships across the University to evaluate and manage risk.

ERM integrates with strategy and performance. This allows us to implement a focused, systematic approach to addressing risk and identifying opportunities involving our:

• Strategic plan
• Performance-based funding metrics
• Pre-imminence metrics
• U.S. National News and World Report rankings

Purpose

The purpose of our Enterprise-Wide Risk Assessment is to:

• Identify risks to the achievement of goals and objectives
• Measure the significance of each identified risk
• Determine the most appropriate business response to each risk
• Evaluate and report on how well the chosen responses are carried out

Managing risk is part of all activities associated with the University, and affects every department, unit and person. In that way, we consider everyone a Risk Manager!

leadership commitment

Managing risk is an integral part of governance and assists the Universtiy in setting strategy, achieving objectives and making informed decisions. 

process

Enterprise Risk Management (ERM) is a cyclical process that involves three major steps to include:

Identification and Assessment of Risks

• Formally identify institutional risks across all areas to uncover root causes or risks
• Use established scale to consistently prioritize risks

Reporting Risks

Formally report on current risks and risk management initiatives

Mitigation and Treatment of Risks

Develop mitigation plans and hold risk owners accountable

 

 

Types of Risk

The purpose of risk identification is to find, recognize, and describe risks (uncertainties) that might help or deter the University in achieving its objectives. We categorize risks into five main types. For more details about the types of risks that fall into these main categories, please consult our Risk Dictionary, which is based on the Associaton of College and University Auditors (ACUA) Risk Dictionary.

Compliance Risks

Risks impacting compliance with legal, regulatory, contractual, policy, accreditation, NCAA, and other requirements. E.g. compliance with laws and regulations, conflict of interest.

Financial Risks

Risks impacting resources, financial structure, ability to meet future financial needs, and financial reporting. E.g. financial reporting, fraud, them, and embezzlement.

Operational Risks

Risks impacting continuity of activities, safety and security, IT operations, physical infrastructure, process efficiency, and program effectiveness. E.g. personnel issues or workplace violence.

Reputational Risks

Risks impacting our public image, brand, external opinions, prominence, and standing of our University. E.g. public image, emerging issues.

Strategic Risks

Risks impacting our constituent relationships, ability to generate funds, and goal achievement​. E.g. new programs and delivery models, funding availability.

 

Resources

• Risk Committee Charge Letter
• Risk Assessment Training
• Risk Assessment Survey
• Printable Survey
• Risk Dictionary

Contact us

• Kiara Guzzo
• Email: EnterpriseRisk@usf.edu