Preventative Risk Strategies

PREVENTATIVE RISK STRATEGIES & APPROACHES

• Compliance Steering Committee
  • University Leadership: providing C&I Program attributes, direction, strategy, policy and authority
• Compliance Working Group
  • Compliance Supervisors: identifying risks, trends, initiatives, and the provision of data and recommendations to Steering
• OGC Deputy General Counsel; OGC Compliance Manager; IA Director
  • C&I Program implementation
  • Risk identification and mitigation
  • Complaint reporting mediums
  • Central influence and substantive improvements over decentralized environment
  • Facilitator/Convener for specific projects e. NIST security standard; HIPAA Review; minors/youth on campus
• Emerging Issues & Trends e. International Activities; Minors/Youth on Campus; Cybersecurity; Free Expression/Speech events
• Questions: Single most compelling risk? Factors used to identify risk? Mitigation measures to help reduce risk? Unit culture/commitment to address mitigation? Two-year look ahead at high probability risks? And low probability but high impact risks?
• Strategic Risk Management (SRM)
  • Risk Assessments Tied to Strategic Goals – university-wide assessments
  • Identification of Risk by Type the University is likely to face e. KRI’s
  • Prioritize University-Wide Risks
  • Data & Barriers to manage the risks (organizational size, nature or uncertainty of the risk, cost/benefits to manage), analyze the data
  • Management Process; risk mitigation, shifting, transfer
• Recognition of Compliance as a Risk
  • Continued vigilance and improvement
• Culture of Compliance
  • Report, Report, Report