| |
Identify Risks |
|
Analyze Risks |
|
Evaluate Risks |
Treat Risks |
| VP Area |
Description of Risk (Identify the risk and the impact or effect of the risk) |
Likelihood of Risk Occurring - Highly Likely, Likely, Possible, Unlikely |
Consequence - (Degree of Severity of the consequence should the risk occur) - Catastrophic, Major, Moderate, Minor |
Key Controls - (What are we doing now to manage the risk? (Ex. Policies & Procedures) |
Rank Adequacy of Controls - 1. Weak 2. Adequate 3. Excessive |
Risk Tolerance - A. Acceptable U. Unacceptable AT. Acceptable with Treatment |
Action Treat - 1. YES 2. NO 3. DON'T KNOW |
New Risk Treatment - Mitigation Strategies (Complete Risk Treatment Action Plan) |
By Whom |
| Admin & Finance |
Weak business continuity plans for Purchasing/AP, Payroll, HR, student account and fiscal offices. |
Possible |
Major |
Policies and procedures being reviewed and developed where necessary. |
1 |
AT |
1 |
Annual review of emergency protocol to ensure continuity of functions in the event of emergency or disaster. Cross references will be made to the college's emergency management plan. Staffing and system access from remote locations will be evaluated and plans will be put in place to address basic business functions with depth of staff . Policies and procedures will be documented and posted for reference by the college community. |
K. Eichelroth |
| Admin & Finance |
Noncompliance with state laws, rules and regulations specifically in the areas of state finance, procurement and environmental health and safety. |
Possible |
Moderate risk |
Internal policies and procedures regarding proper procurement and safety/compliance policies and guidelines. |
1 |
AT |
1 |
In the process of creating and maintaining a central repository of federal, state and local compliance standards. College wide review, led by the Executive Leadership Team, of all laws, rules and regulations will be conducted. Factors to be identified include identifying who is responsible for compliance, what procedures exist and where are they posted, is compliance active or passive, what reporting is required, who is responsible for ongoing monitoring, tracking and keeping up with changes. |
K. Eichelroth |
| Admin & Finance |
Downward enrollment trends and future demographic changes. |
High likely |
Major |
Strategic plan ? Other?? |
1 |
AT |
1 |
Create a comprehensive monitoring plan that pulls together all related action items from the strategic plan. The monitoring plan will include metrics for assessment against goals and historical trends and data for forecasting and projection. Areas of reporting and accountability will be clearly defined. |
K. Eichelroth |
| Admin & Finance |
Fraud and misappropriation of funds. |
Possible |
Major |
Internal control policies regard cash transactions and authorizations for electronic funds transfer/policies and procedures surrounding decentralized functions that set and collect fees. |
1 |
AT |
1 |
Ensure all internal control policies and procedures are up to date and filed centrally for access by the college community. Policies to be update with specific reference to controls over decentralized functions and segregation of duties to ensure adequate mitigation or risk from fraud or misappropriation of funds. |
K. Eichelroth |
| Admin & Finance |
Fiscal instability resulting form decreased state appropriations, uncertainty of other revenue streams and the need to maintain or improve quality of services. |
Highly likely |
Catastrophic |
Conservative approach to budget preparation, appropriating reserves, exploring other revenue producing opportunities. |
1 |
AT |
1 |
Create a comprehensive monitoring plan that pulls together all related action items from the strategic plan. The monitoring plan will include metrics for assessment against goals and historical trends and data for forecasting and projection. Areas of reporting and accountability will be clearly defined. |
K. Eichelroth |
| Admin & Finance |
Fire or Chemical Spill - Life Safety systems - a.) Not all buildings have sprinklers b.) No campus-wide or individual building notification systems in place to warn campus of event. |
Possible |
Major |
Policy for chemical spills via Environment Safety. |
2 |
AT |
1 |
Policy for chemical spills via Environment Safety reviewed. |
S.Olson |
| Admin & Finance |
Fire or Chemical Spill - Facilities Document Storage Organization- Building files and prints in desperate need of updating- First responders (fire, police, Hazmat) will require immediate hard copies of architectural and MEP plans when they arrive on campus. (Prints should be in two locations) |
Possible |
Major |
Work in progress. |
1 |
U |
1 |
Work in progress: Quote from Docutron in Hand - No Funding. |
S.Olson |
| Admin & Finance |
Utility Infrastructure reaching expected useful life. |
Possible |
Major |
Capital Improvement Plan. |
1 |
U |
1 |
Capital Improvement Plan -Funding? |
S.Olson |
| Admin & Finance |
Lack of formal safety programs and procedures (asbestos management, confined space entry, lock-out/tag-out, personal protective equipment. |
Unlikely |
Minor |
Formal safety training program implemented. |
2 |
AT |
1 |
Formalize programs for each risk variable. |
S.Olson |
| Info Tech |
Failure of primary data center; interruption or cessation of network, data communication, and data storage functions. |
Possible |
Catastrophic to Major |
Policies and procedures drafted; secondary data center established; separation and segregation of resources in process; data duplication will be implemented July 09; formal disaster recovery plan under draft. |
2 |
AT |
1 |
Policies and procedures drafted; secondary data center established; separation and segregation of resources established; formal disaster recovery plan under draft, est. completion Dec 15, 2010. |
CIO; Director of Network Services |
| Info Tech |
Breach of PII, PCI, Level 1 (highly sensitive) data. |
Possible |
Sanctions, fines, legal action; risk ranges from moderate to major, depending on the specific nature and size of the breach. |
Policies and procedures in place; network scanning in place; intrusion detection audits in place; employee education under development; portable computers disk encrypted. |
2 |
A |
1 |
Policies and procedures in place; training in place, network scanning in place; intrusion detection audits in place; employee education scheduled implementation Nov 010, portable computers disk encrypted. |
CIO; Director of Network Services |
| Info Tech |
Loss or corruption of ERP database (Colleague). |
Possible |
Moderate risk, possible loss of twenty-four hours of data/transactions; up to two days downtime. |
Policies and procedures in place; security access audited monthly; implemented application logout; staged secondary Colleague server for restoration. |
2 |
A |
1 |
Policies and procedures in place; security access audited monthly; implemented application logout; staged secondary Colleague server for restoration; definition of critical user group completed. |
CIO; Director Admin Services |
| Info Tech |
Loss of PBX. |
Possible |
Major impact; would result in loss of all campus telephone service, loss of some life-safety services. |
PBX under maintenance contract with six hour response time; exploring short-term recovery options (i.e., cell phones), long-term options (VoIP). |
2 |
AT |
1 |
PBX under maintenance contract with six hour response time; exploring short-term recovery options (i.e., cell phones), identifying hosted VOIP slns; emergency communication plan implemented. |
CIO; Director Admin Services |
| Info Tech |
Loss of external internet connectivity. |
Possible |
Major impact |
Building out multiple fiber pathways; exploring microwave and other point-to-point technologies. |
1 |
AT |
1 |
Building out multiple fiber pathways; exploring microwave and other point-to-point technologies; alternate bandwidth provider in place January 2010. |
CIO; Director of Network Services |
| Academic Affairs |
International Programs--students, faculty, and staff on faculty-led programs; and study-abroad students in an emergency situation, such as a terrorist attack. |
Likely |
Catastrophic |
International Programs Office has established Emergency Response Protocol that includes Pre-Departure Orientation Session; comprehensive list of persons abroad by semester; and contact with local U.SD. Embassy. |
2 |
A |
2 |
Present Controls are adequate, but will review annually. |
C. Cullum |
| Academic Affairs |
Instructional Interruptions in classrooms due to technology breakdowns. |
Highly likely |
Major |
Work with Information Technology of short- and long-range approaches, including adequate I.T. staffing and prioritization of response and faculty training on equipment. |
2 |
AT |
1 |
Change job descriptions; monitor performance. |
C. Cullum |
| Academic Affairs |
Failure of technology systems or functions serving basic needs such as admissions, registrar, room scheduling, and financial aid. |
Likely |
Major |
Work with Information Technology on back-up plans and systems. |
2 |
A |
2 |
Present Controls are adequate, but will review annually. |
C. Cullum |
| Academic Affairs |
Unrealized Success of NEASC Self-Study and Evaluation 2012. |
Possible |
Catastrophic |
Establish clear review process involving entire University. |
2 |
AT |
1 |
Present plan are adequate but will monitor progress throughout the year. |
C. Cullum |
| Academic Affairs |
Institutional Assessment - critical function, NEASC focus for 2012 self study, academic departments at various stages of compliance. |
Possible |
Major |
Hire New Assessment and Planning assistant VP; work across departments on assessment plans. |
2 |
AT |
1 |
Search Committee formed; small pool of candidates; expanded pool; made offer to excellent candidate; Seek expertise within institution. |
C. Cullum |
| Academic Affairs |
DGCE - strategic growth area, critical revenue source; risk of stagnant growth. |
Possible |
Major |
Continue and expand special initiative accelerated programs and other programs. |
1 |
AT |
1 |
Look for successor, discuss plans with Department; Determining what are key metrics in the Program. |
C. Cullum |
| Student Affairs |
Not having a succession plan for the entire college for continuity of operations. |
Likely |
Moderate to Major |
In process of updating employee contact of each department and for each dept. head cross training personnel. |
2 |
AT |
1 |
End of 1st Quarter 2011 plans must be submitted and approved by ELT. |
ELT |
| Student Affairs |
Failure to decrease the amount of alcohol consumption by the student population. |
Possible |
Moderate |
Police and Residence Life are putting together some preventive programs for students. |
2 |
AT |
1 |
To collaborate with internal/external agencies to enhance awareness/educational preventive programs in regards to personal safety i.e.; alcohol/drugs for the whole WSU community. |
R. Naughton |
| Student Affairs |
Failure to increase dispatcher staff to monitor automated life safety systems on a 24/7 basis. |
Possible |
Major |
Currently have one Full Time dispatcher for camera, fire alarms, and C.O. alarms with substantial increase in the volume of calls; 37.5 hours out of 168 weekly hours are staffed-at 22.3% of optimal staffing levels. |
1 |
AT |
1 |
Hire a minimum of 2 Full Time dispatchers to handle automation and growth of campus next budget cycle to hire these positions. |
R. Naughton |
| Institutional Advancement |
Loss of reputation (and potential funding?) resulting from negative press. |
Possible |
Major |
Contemplating proactive approach to marketing successes. |
1 |
AT |
1 |
Reinforce positive newsworthy events via media outlets. |
T. McNamara |
| Institutional Advancement |
Economic Downturn - affecting donors and college. |
Possible |
Major |
Cultivate new revenue prospects. |
2 |
AT |
1 |
Aggressively reinforce relationships with present donors and cultivate new revenue prospects. |
T. McNamara |
| |
|
|
|
|
|
|
|
|
|
| |
|
|
|
|
|
|
|
|
|
| |
|
|
|
|
|
|
|
|
|
| |
|
|
|
|
|
|
|
|
|
| |
|
|
|
|
|
|
|
|
|