Risk Definitions

Risk: Is an activity, situation, or condition which impacts an organization's ability to meet its objectives.

Impact: Is a cumulative result of consequences from an exposure (Physical, Financial, Reputation, Legal, Strategic/Mission damage)

Controls: Are any conscious action or inaction to reduce or eliminate likelihood and/or impact (Avoidance, Prevention, Reduction, Separation, Duplication, or Transfer)

Inherent Risk: Degree of uncertainty measure by Likelihood x Impact (Baseline measurement before controls)

Residual Risk: Degree of uncertainty measure by Likelihood x Impact (After controls are put in place…it is the risk which is leftover)

Risk Appetite: The amount of risk in which the university is willing to accept in the pursuit of its objectives or creating value.

Important considerations when defining Risk Appetite:

  1. Informs decision-making over strategy and objectives
  2. Guides allocation of key resources
  3. Requires continued monitoring and discussion
  4. Informs risk assessment and prioritization
  5. Tend to be broad and are tied to the university’s strategy and goals

Risk Tolerance: The acceptable range of risk by which an operational unit can take before it encroaches on the institution’s risk appetite.

Important considerations when defining Risk Tolerance:

  1. Statements are more specific and are at times unit or department-specific
  2. Implemented at the operational level of the university
  3. Considered more tactical and actionable
  4. Informs the comfortable range of risk by which departments/units can take