Background: All organizations struggle to maintain the appropriate balance of risk and control. With too much risk, organizations can lose assets or bring on increased regulation, scandal, or public scrutiny. With too much control, processes tend to become too bureaucratic and complex, and productivity can suffer. This is why departments are encouraged to identify risks and how they impact our environment, people, and processes.
Effectively managining risk includes the following general steps:
- Identify and assess risks. Think about risks associated with current processes and procedures within your department. How likely is it that something could go wrong? How severely would that affect your business objectives and the University’s mission? For example, a breach of files containing non-sensitive data would have a much lower impact than a breach of files containing personal information.
- Determine the cause of the risk and implement control practices to prevent it.
- Compare the cost of control activities with the cost of an unfavorable event.
- Determine the priority of the risk and focus resources and internal control practices on the higher-priority risks.
- Share and communicate best operational practices for managing risk.
See risk positively: Try to think of risk proactively, as something that can be used to your advantage, rather than as a negative event or hazard. (This PowerPoint graphic illustrates that approach.) By being proactive, you can:
- Focus on the highest priority risks and manage risk in an integrated, organization-wide fashion
- Build risk identification and management into systems and processes
- Share knowledge and take a consistent approach to control methodologies and tools
- Commit leadership to ensure an effective risk management structure
For more information, see the risk sections of the Administrative Responsibilities Handbook.
Questions? Contact Debbie Rico, (858) 822-2797.
|
At Your Service Online
