Report a Concern
Submit a report to the Compliance Helpline
Definition of Common Terms
Continuous Risk Cycle
An approach of enterprise risk management as an ongoing structured process for identification, prioritization, mitigation, management and monitoring of risks and analysis of opportunities.
Enterprise Risk Management (ERM)
An ongoing process based on a foundation of ownership, accountability and transparency to inculcate a risk-aware culture across an organization and establish a holistic approach to risk management, which identifies and prioritizes risks, and creates informed and strategic responses to achieve institutional goals and objectives and maximize opportunity.
Key Risk Indicator
A key risk indicator (KRI) is a metric for measuring the likelihood that the combined probability of an event and its consequences will exceed the organization’s risk tolerance
Risks can originate from internal vulnerabilities or external threats, or a combination of a vulnerability affected by a threat. Risk is a combination of the likelihood of a vulnerability or threat occurring and if so, the magnitude of the negative impact on the organization (people, goals, opportunities, reputation, etc.).
The level of risk an organization is willing to accept in pursuit of its strategic objectives.
Financial – Risks related to physical assets or financial resources
Human Capital — Risks related to investing in, maintaining, and supporting a quality workforce
Strategic – a consequence that may create a lasting impact or change on a fundamental objective or mission Operational – Risks related to management of day‐to‐day University programs, processes, activities, and facilities, and the effective, efficient, and prudent use of the University’s resources.
Legal/Compliance – Risks related to legal liability, violations of federal, state or local law, regulation, or University policy
Policies and procedures or frameworks designed to help an organization meet or exceed activities that are either governed by regulatory compliance, or enhanced through risk considerations for safety, reputation, financial certainty, and operation risk.
An event or condition that will make a risk more likely to occur or affect the impact if it does occur.
The likelihood that a specific risk will occur or reoccur.
Actions that reduce the likelihood an event will occur or the impact of a risk occurrence.
An individual within an organization familiar with an identified risk and responsible for understanding and managing the risk.
A comprehensive view of the risks faced by the organization.
Risk Rating (Assessment)
A measurement of the combination of risk likelihood and risk impact using an established formula.
A process to identify and measure the risks and benefits of an action or decision in order to act in an informed manner.
The extent of the damage to the institution, its people, and its goals and objectives resulting from the occurrence of a risk.
Areas within the University, such as Individual schools, departments, programs, centers, institutes, that do not share information or operate freely with one another. Rather, individuals and departments “within a silo” operate mainly within their own areas without understanding the impact of their operations across the University or missing opportunities of collaboration for the good of the University as a whole.