Assessment
The enterprise, campus, college or school, or department must identify events or key risks based on the internal environment or risk management philosophy in which the unit operates. At Purdue, integrity is indispensable to its mission which sets the tone throughout the enterprise. Objectives or goals must align with Purdue’s strategic plan. Opportunities must be recognized and successes in achieving objectives measured.
Higher Education Risk Categories |
|
 |
Risk Assessment Impact Measures
|
Risk Levels
The Education Advisory Board developed a risk register model that universities could use to fast-cycle the risk identification process, which included the distinction of risk levels:
- Higher Education Industry Risks
- Institutional Risks
- Unit Level Risks
When assessing whether a risk is at the Higher Education Industry Risk level, the following should be considered:
| Risk Type: External, uncontrollable; impacts all of higher education | |
| Measurability: Low. Difficult to measure or estimate likelihood | |
| Risk Assessment Approach: Mental models | |
| Risk Treatment Objective: Reduce impact should risk occur | |
| Risk Treatment Methods: Contingency planning | |
| Board Involvement: High. Board wants to be actively engaged in discussion | |
| Risk Example: Sustainability of high-cost/high-discount pricing model |
When assessing whether a risk is an Institutional Risk, the following should be considered:
| Risk Type: Controllable risk; generally related to strategic objectives | |
| Measurability: Medium. Can estimate probability and impact | |
| Risk Assessment Approach: Risk maps with nominal scales | |
| Risk Treatment Objective: Reduce likelihood in a cost-efficient manner | |
| Risk Treatment Methods: Risk reviews and key risk indicator scorecard | |
| Board Involvement: Medium. Board prefers periodic updates. Engagement is at senior management level | |
| Risk Example: Inability to meet enrollment targets |
When assessing whether a risk is a Unit Level Risk, the following should be considered:
| Risk Type: Controllable, generally relates to an existing broken process | |
Measurability: High. Can measure probability and impact |
|
| Risk Assessment Approach: Control self assessments | |
| Risk Treatment Objective: Drive incidence of occurrence to zero | |
| Risk Treatment Methods: Internal controls, internal audit, etc. | |
| Board Involvement: Low. Board wants to know risk management process exists. Engagement is at department and process owner level | |
Risk Example: Inadequate controls over tuition billing |
For questions about ERM or the content of this website, contact us.