Report a Concern

Submit a report to the Compliance Helpline

Definition of Common Terms


Continuous Risk Cycle

An approach of enterprise risk management as an ongoing structured process for identification, prioritization, mitigation, management and monitoring of risks and analysis of opportunities.


Enterprise Risk Management (ERM)

An ongoing process based on a foundation of ownership, accountability and transparency to inculcate a risk-aware culture across an organization and establish a holistic approach to risk management, which identifies and prioritizes risks, and creates informed and strategic responses to achieve institutional goals and objectives and maximize opportunity.


Key Risk Indicator

A key risk indicator (KRI) is a metric for measuring the likelihood that the combined probability of an event and its consequences will exceed the organization’s risk tolerance



Risks can originate from internal vulnerabilities or external threats, or a combination of a vulnerability affected by a threat. Risk is a combination of the likelihood of a vulnerability or threat occurring and if so, the magnitude of the negative impact on the organization (people, goals, opportunities, reputation, etc.).


Risk Appetite

The level of risk an organization is willing to accept in pursuit of its strategic objectives.


Risk Categories

Financial – Risks related to physical assets or financial resources

Human Capital — Risks related to investing in, maintaining, and supporting a quality workforce

Strategic – a consequence that may create a lasting impact or change on a fundamental objective or mission Operational – Risks related to management of day‐to‐day University programs, processes, activities, and facilities, and the effective, efficient, and prudent use of the University’s resources.

Legal/Compliance – Risks related to legal liability, violations of federal, state or local law, regulation, or University policy


Risk Controls

Policies and procedures or frameworks designed to help an organization meet or exceed activities that are either governed by regulatory compliance, or enhanced through risk considerations for safety, reputation, financial certainty, and operation risk.


Risk Driver

An event or condition that will make a risk more likely to occur or affect the impact if it does occur.


Risk Likelihood

The likelihood that a specific risk will occur or reoccur.


Risk Mitigation

Actions that reduce the likelihood an event will occur or the impact of a risk occurrence.


Risk Owner

An individual within an organization familiar with an identified risk and responsible for understanding and managing the risk.


Risk Profile

A comprehensive view of the risks faced by the organization.


Risk Rating (Assessment)

A measurement of the combination of risk likelihood and risk impact using an established formula.


Risk-Reward Analysis

A process to identify and measure the risks and benefits of an action or decision in order to act in an informed manner.


Risk Impact

The extent of the damage to the institution, its people, and its goals and objectives resulting from the occurrence of a risk.



Areas within the University, such as Individual schools, departments, programs, centers, institutes, that do not share information or operate freely with one another. Rather, individuals and departments “within a silo” operate mainly within their own areas without understanding the impact of their operations across the University or missing opportunities of collaboration for the good of the University as a whole.