Preventative Risk Strategies
PREVENTATIVE RISK STRATEGIES & APPROACHES
- Compliance Steering Committee
- University Leadership: providing C&I Program attributes, direction, strategy, policy and authority
- Compliance Working Group
- Compliance Supervisors: identifying risks, trends, initiatives, and the provision of data and recommendations to Steering
- OGC Deputy General Counsel; OGC Compliance Manager; IA Director
- C&I Program implementation
- Risk identification and mitigation
- Complaint reporting mediums
- Central influence and substantive improvements over decentralized environment
- Facilitator/Convener for specific projects e. NIST security standard; HIPAA Review; minors/youth on campus
- Emerging Issues & Trends e. International Activities; Minors/Youth on Campus; Cybersecurity; Free Expression/Speech events
- Questions: Single most compelling risk? Factors used to identify risk? Mitigation measures to help reduce risk? Unit culture/commitment to address mitigation? Two-year look ahead at high probability risks? And low probability but high impact risks?
- Strategic Risk Management (SRM)
- Risk Assessments Tied to Strategic Goals – university-wide assessments
- Identification of Risk by Type the University is likely to face e. KRI’s
- Prioritize University-Wide Risks
- Data & Barriers to manage the risks (organizational size, nature or uncertainty of the risk, cost/benefits to manage), analyze the data
- Management Process; risk mitigation, shifting, transfer
- Recognition of Compliance as a Risk
- Continued vigilance and improvement
- Culture of Compliance
- Report, Report, Report