Risks
Risks are
anything that could adversely impact achieving the objectives of the
unit or the university.
Ask:
What could go wrong?
To identify risks, ask yourself
and your staff what could go wrong. Also consider what would be
the potential loss or consequences if something did happen. Sometimes
the impact is difficult to measure in dollar terms, such as damage to
reputation or loss of critical data.
| Systems |
Damage
to servers due to disaster, unauthorized access to data, unavailable
systems, inadequate systems, sensitive data not secured |
| Financial
and Operational |
Program
losses, incorrect calculations and reports, inefficient use of resources,
inadequate programs |
| Revenues |
Theft,
revenues not collected, inappropriate refunds |
| Purchases and Payroll |
Fraud,
purchases for personal use, conflict of interest |
| Property
and Assets |
Damaged
or stolen equipment, loss of tickets or items for sale |
| Research |
Non-compliance
with federal regulations, unallowable costs charged to project,
research fraud, improper animal research or human testing |
| Safety
and Liability |
Injury
or death due to unsafe conditions or disaster |
Controls
Management is responsible
for implementing appropriate controls to reduce risk and to achieve
operational objectives.
Ask:
Do
current practices sufficiently reduce each risk?
Assess whether your practices would
reduce each risk to an acceptable level. For example, daily backup
of an important database would keep potential loss of data to only one
day's worth. The backup also needs to be stored off-site in case
of fire or other disaster. In general, controls should be cost-effective,
with the cost to implement the procedures in proportion to the benefit.
Click on
the links below for examples of controls to mitigate risk:
Systems
Financial and Operational
Revenues
Purchases and Payroll
Property and Assets
Research
Safety and Liability
|
