Skip to main content

Policies

Go Search
Home
  
Policies > Wiki Pages > Enterprise Risk Assessment Combined 2010-2011  

Enterprise Risk Assessment Combined 2010-2011

  Identify Risks                                                                                                                                             Analyze Risks         Evaluate  Risks Treat Risks
VP Area Description of Risk                                                                                    (Identify the risk and the impact or effect of the risk)                                                                                                                   Likelihood of Risk Occurring  -  Highly Likely, Likely, Possible, Unlikely               Consequence - (Degree of Severity of the consequence should the risk occur) - Catastrophic, Major, Moderate, Minor                 Key Controls  -    (What are we doing now to manage the risk? (Ex. Policies & Procedures)  Rank Adequacy of Controls  -                                                                                                                     1. Weak                                                                            2. Adequate                                                                                    3. Excessive                Risk Tolerance  -                                                                                                                     A. Acceptable                                                                            U. Unacceptable                                                                                    AT. Acceptable with Treatment                Action Treat  -                                                                                                                     1. YES                                                                                      2. NO                                                                                3. DON'T KNOW                                                                                                                                                    New Risk Treatment  - Mitigation Strategies (Complete Risk Treatment Action Plan)          By Whom                                                                                                                                                                                                                                                                   
Admin & Finance  Weak business continuity plans for Purchasing/AP, Payroll, HR, student account and fiscal offices.  Possible Major  Policies and procedures being reviewed and developed where necessary.  1 AT 1 Annual review of emergency protocol to ensure continuity of functions in the event of emergency or disaster.  Cross references will be made to the college's emergency management plan.  Staffing and system access from remote locations will be evaluated and plans will be put in place to address basic business functions with depth of staff .  Policies and procedures will be documented and posted for reference by the college community.  K. Eichelroth
Admin & Finance  Noncompliance with state laws, rules and regulations specifically in the areas of state finance, procurement and environmental health and safety.  Possible Moderate risk  Internal policies and procedures regarding proper procurement and safety/compliance policies and guidelines.  1 AT 1 In the process of creating and maintaining a central repository of  federal, state and local compliance standards.  College wide review, led by the Executive Leadership Team, of all laws, rules and regulations will be conducted.  Factors to be identified include  identifying who is responsible for compliance, what procedures exist and where are they posted, is compliance active or passive, what reporting is required, who is responsible for ongoing monitoring, tracking and keeping up with changes.  K. Eichelroth
Admin & Finance  Downward enrollment trends and future demographic changes.  High likely Major  Strategic plan ?  Other??  1 AT 1 Create a comprehensive monitoring plan that pulls together all related action items from the strategic plan.  The monitoring plan will include metrics  for assessment against goals and historical trends and data for forecasting and projection.  Areas of reporting and accountability will be clearly defined.  K. Eichelroth
Admin & Finance  Fraud and misappropriation of funds.  Possible Major  Internal control policies regard cash transactions and authorizations for electronic funds transfer/policies and procedures surrounding decentralized functions that set and collect fees.  1 AT 1 Ensure all internal control policies and procedures are up to date and filed centrally for access by the college community.    Policies to be update with specific reference to controls over decentralized functions and segregation of duties to ensure adequate mitigation or risk from fraud or misappropriation of funds.  K. Eichelroth
Admin & Finance  Fiscal instability resulting form decreased state appropriations, uncertainty of other revenue streams and the need to maintain or improve quality of services.  Highly likely Catastrophic  Conservative approach to budget preparation, appropriating reserves, exploring other revenue producing opportunities.  1 AT 1 Create a comprehensive monitoring plan that pulls together all related action items from the strategic plan.  The monitoring plan will include metrics  for assessment against goals and historical trends and data for forecasting and projection.  Areas of reporting and accountability will be clearly defined.  K. Eichelroth
Admin & Finance  Fire or Chemical Spill - Life Safety systems - a.) Not all buildings have sprinklers  b.) No campus-wide or individual building notification systems in place to warn campus of event.  Possible Major  Policy for chemical spills via Environment Safety.  2 AT 1  Policy for chemical spills via Environment Safety reviewed.  S.Olson
Admin & Finance Fire or Chemical Spill - Facilities Document Storage Organization- Building files and prints in desperate need of updating- First responders (fire, police, Hazmat) will require immediate hard copies of architectural and MEP plans when they arrive on campus. (Prints should be in two locations) Possible Major  Work in progress.  1 U 1  Work in progress: Quote from Docutron in Hand - No Funding.  S.Olson
Admin & Finance  Utility Infrastructure reaching expected useful life.  Possible Major  Capital Improvement Plan.  1 U 1  Capital Improvement Plan -Funding?  S.Olson
Admin & Finance  Lack of formal safety programs and procedures (asbestos management, confined space entry, lock-out/tag-out, personal protective equipment.  Unlikely Minor  Formal safety training program implemented.  2 AT 1  Formalize programs for each risk variable.  S.Olson
Info Tech  Failure of primary data center; interruption or cessation of network, data communication, and data storage functions.  Possible Catastrophic to Major  Policies and procedures drafted; secondary data center established; separation and segregation of resources in process; data duplication will be implemented July 09; formal disaster recovery plan under draft.  2 AT 1  Policies and procedures drafted; secondary data center established; separation and segregation of resources established;  formal disaster recovery plan under draft, est. completion Dec 15, 2010.  CIO; Director of Network Services
Info Tech  Breach of PII, PCI, Level 1 (highly sensitive) data.  Possible Sanctions, fines, legal action; risk ranges from moderate to major, depending on the specific nature and size of the breach.  Policies and procedures in place; network scanning in place; intrusion detection audits in place; employee education under development;  portable computers disk encrypted.  2 A 1  Policies and procedures in place; training in place, network scanning in place; intrusion detection audits in place; employee education scheduled  implementation Nov 010,  portable computers disk encrypted.  CIO; Director of Network Services
Info Tech  Loss or corruption of ERP database (Colleague).  Possible Moderate risk, possible loss of twenty-four hours of data/transactions; up to two days downtime.  Policies and procedures in place; security access audited monthly; implemented application logout; staged secondary Colleague server for restoration.  2 A 1  Policies and procedures in place; security access audited monthly; implemented application logout; staged secondary Colleague server for restoration; definition of critical user group completed.  CIO; Director Admin Services
Info Tech  Loss of PBX.  Possible Major impact; would result in loss of all campus telephone service, loss of some life-safety services.  PBX under maintenance contract with six hour response time; exploring short-term recovery options (i.e., cell phones), long-term options (VoIP).  2 AT 1  PBX under maintenance contract with six hour response time; exploring short-term recovery options (i.e., cell phones), identifying hosted VOIP slns; emergency communication plan implemented.  CIO; Director Admin Services
Info Tech  Loss of external internet connectivity.  Possible Major impact  Building out multiple fiber pathways; exploring microwave and other point-to-point technologies.  1 AT 1  Building out multiple fiber pathways; exploring microwave and other point-to-point technologies; alternate bandwidth provider in place January 2010.  CIO; Director of Network Services
Academic Affairs  International Programs--students, faculty, and staff on faculty-led programs; and study-abroad students in an emergency situation, such as a terrorist attack.  Likely Catastrophic  International Programs Office has established Emergency Response Protocol that includes Pre-Departure Orientation Session; comprehensive list of persons abroad by semester; and contact with local U.SD. Embassy.  2 A 2  Present  Controls are adequate, but will review annually.  C. Cullum
Academic Affairs  Instructional Interruptions in classrooms due to technology breakdowns.  Highly likely Major  Work  with Information Technology of short- and long-range approaches, including adequate I.T. staffing and prioritization of response and faculty training on equipment.  2 AT 1  Change job descriptions; monitor performance.  C. Cullum
Academic Affairs  Failure of technology systems or functions serving basic needs such as admissions, registrar, room scheduling, and financial aid.  Likely Major  Work with Information Technology on back-up plans and systems.  2 A 2  Present  Controls are adequate, but will review annually.  C. Cullum
Academic Affairs  Unrealized Success of NEASC Self-Study and Evaluation 2012.  Possible Catastrophic  Establish clear review process involving entire University.  2 AT 1  Present  plan are adequate but will monitor progress throughout the year.  C. Cullum
Academic Affairs  Institutional Assessment - critical function, NEASC focus for 2012 self study, academic departments at various stages of compliance.  Possible Major  Hire New Assessment and Planning assistant VP; work across departments on assessment plans.  2 AT 1  Search Committee formed; small pool of candidates; expanded pool; made offer to excellent candidate; Seek expertise within institution.  C. Cullum
Academic Affairs  DGCE - strategic growth area, critical revenue source; risk of stagnant growth.  Possible Major  Continue and expand special initiative accelerated programs and other programs.  1 AT 1  Look for successor, discuss plans with Department; Determining what are key metrics in the Program.  C. Cullum
Student Affairs  Not having a succession plan for the entire college for continuity of operations.  Likely Moderate to Major  In process of updating employee contact of each department and for each dept. head cross training personnel.  2 AT 1  End of 1st Quarter 2011 plans must be submitted and approved by ELT.  ELT
Student Affairs  Failure to decrease the amount of alcohol consumption by the student population.  Possible Moderate   Police and Residence Life are putting together some preventive programs for students.  2 AT 1  To collaborate with internal/external agencies to enhance awareness/educational  preventive programs in regards to personal safety i.e.; alcohol/drugs for the whole WSU community.  R. Naughton
Student Affairs  Failure to increase dispatcher staff to monitor automated life safety systems on a 24/7 basis.  Possible Major  Currently have one Full Time dispatcher for camera, fire alarms, and C.O. alarms with substantial increase in the volume of calls; 37.5 hours out of 168 weekly hours are staffed-at 22.3% of optimal staffing levels.  1 AT 1  Hire a minimum of 2 Full Time dispatchers to handle automation and growth of campus next budget cycle to hire these positions.  R. Naughton
Institutional Advancement  Loss of reputation (and potential funding?) resulting from negative press.  Possible Major  Contemplating  proactive approach to marketing successes.  1 AT 1  Reinforce positive newsworthy events via media outlets.  T. McNamara
Institutional Advancement  Economic Downturn - affecting donors and college.  Possible Major  Cultivate new revenue prospects.  2 AT 1  Aggressively reinforce relationships with present donors and cultivate new revenue prospects.  T. McNamara
                   
                   
                   
                   
                   

Last modified at 11/26/2010 2:05 PM  by Polakowski, Renee