Risk is defined as “the effect of uncertainty on objectives.” [1] Enterprise risk management is a holistic approach to managing risks; risks which can impact the successful execution of the university’s mission and objectives.
The goal of the UCF enterprise risk management (ERM) program is to provide a systematic approach to identify and manage various types of risk, regardless of the origin. Risks can include those affecting the whole of higher education, risks specific to the UCF, or risks related to certain units and processes. A robust ERM program will benefit UCF by:
Value Creation Protection
Integration across the organization, a structured and thorough approach, customization to specific needs, inclusivity, adaptability, reliance on the best information, acknowledgment of human factors, and a focus on continual improvement. Together, these principles ensure a balanced and effective way to create and safeguard value.
Leadership and commitment
Integration, Design, Implementation, Evaluation, and Improvement. These elements represent how strong leadership and commitment drive the entire process, ensuring each step is connected and continuously refined for success.
Risk Assessment
The image shows the process of “Risk Assessment,” with key components in a continuous cycle. At the core, risk assessment involves Risk Identification, Risk Analysis, and Risk Evaluation. Surrounding this are supporting processes: defining the Scope, Context, and Criteria, Communication and Consultation, Monitoring and Review, and Recording and Reporting. Finally, Risk Treatment is applied based on the evaluation, completing the risk management process.
Risk Categories
Compliance/Legal/Regulatory: Risks related to adherence to federal and state laws and regulations, local municipal laws, case law, accreditation standards, university policies and procedures, and contractual obligations, including contractual agreements, employment contracts, and collective bargaining agreements.
Hazard/Safety: Risks related to injury, damage, or health and safety of the campus population, including impacts caused by accidental or unintentional acts, errors or omissions, or external events such as natural disasters.
Financial: Risks related to the university’s financial position and resources including tuition, government support, gifts, research funding, endowment, budgeting, accounting and reporting, investments, credit rating, fraud, cash management, long-term debt, etc.
Operational: Risks related to people, processes, and technology systems including efficient and effective use of university resources.
Strategic: Risks related to achievement of UCF’s strategy including development and execution of business plans and initiatives, change and disruption management, competition, adaptation, innovation, etc.