Preventative Risk Strategies

PREVENTATIVE RISK STRATEGIES & APPROACHES

  • Compliance Steering Committee
    • University Leadership: providing C&I Program attributes, direction, strategy, policy and authority
  • Compliance Working Group
    • Compliance Supervisors: identifying risks, trends, initiatives, and the provision of data and recommendations to Steering
  • OGC Deputy General Counsel; OGC Compliance Manager; IA Director
    • C&I Program implementation
    • Risk identification and mitigation
    • Complaint reporting mediums
    • Central influence and substantive improvements over decentralized environment
    • Facilitator/Convener for specific projects e. NIST security standard; HIPAA Review; minors/youth on campus
  • Emerging Issues & Trends e. International Activities; Minors/Youth on Campus; Cybersecurity; Free Expression/Speech events
  • Questions: Single most compelling risk? Factors used to identify risk? Mitigation measures to help reduce risk? Unit culture/commitment to address mitigation? Two-year look ahead at high probability risks? And low probability but high impact risks?
  • Strategic Risk Management (SRM)
    • Risk Assessments Tied to Strategic Goals – university-wide assessments
    • Identification of Risk by Type the University is likely to face e. KRI’s
    • Prioritize University-Wide Risks
    • Data & Barriers to manage the risks (organizational size, nature or uncertainty of the risk, cost/benefits to manage), analyze the data
    • Management Process; risk mitigation, shifting, transfer
  • Recognition of Compliance as a Risk
    • Continued vigilance and improvement
  • Culture of Compliance
    • Report, Report, Report