Risk Assessment and Matrix

Download as xls, pdf, or txt
Download as xls, pdf, or txt
You are on page 1of 6

Risks

Activities 1 2 3 4 5 6 7
Disaster Recovery
Planning for
Business
Processes (Not IT Institutional
Strategic Planning Organizational Disaster Policies & Internal
Governance and Leadership HM Process HM Governance HH Structure HM Recovery) HL Budgeting MM Procedures MM Communications MM

Information Technology - See Appendix


D for detailed risk assessment for IT Acquisition and Delivery and
areas. HM Strategic Planning HM Implementation HM Support MM Monitoring
Organizational
Work Orders & Structure - Facilities Contracted
Plant Operations and Maintenance HM Construction HM Billings HM Management MM Utilities ML Services LL Transportation

Contract and
Research and Development - See Grant Accounting OSP: Preparation
Appendix C for detailed risk (CGA): Time & Engineering & Science Animal Research CGA: Allowable CGA: Cash of Research
Research Enhancement
assessment for Research. HH Biosafety HM Effort Reporting MH Initiative MH & Safety Issues MH Costs MM Management MM Protocols MM

Scholarships & Enrollment Admissions


Student Services HM Financial Aid HM Fellowships HL Student Records HL Services HL Registration HL Processing MM Student Life MM

Strategic Plan Human Resources


does not address Organization and Employment - Employment -
Human Resources Management HM Human Resources HM Staffing MM Compensation MM Recruiting MM Turnover ML Diversity ML Staff Development ML

Campus Safety & Tuition and Fee Fixed Assets /


Asset and Risk Management HM Security MH Cash Handling MM Investments MM Collection Process MM Endowments MM Equipment MM Risk Management MM
Financial Management - See Appendix Outside Sales by
H for detailed risk assessment for Internal Financial Financial Schools and Organization and
Financial Areas. HM Controls HL Reporting MH Travel MH Signature Authority MH Division MM Budget Operation MM Management MM

Annual Governmental Continuing


University Relations and Alumni Affairs HM Gifts MM Planned Giving MM Fundraising ML Partnerships ML Relations LL Public Service LL Education LL

Deployment of
Accreditation / Resources Among Course Instructional & Management of
Institutional Academic Scheduling and Academic Departments and Classroom and
Instruction and Academic Support HH Effectiveness MM Programs MM Library MM Availability MM Technology MM Programs of Study MM Building Utilization MM

Minority and Small


Contracting Policies and Operations and Organization and Business Vendors
Purchasing MH Process MM Procedures MM Bid Processes MM Management MM (HUB) LL Central Receiving

University Police
Auxiliary and Service Departments ML Housing ML Student Union ML and Parking LL Food Services LL Printing LL Bookstore

Institutional Compliance Program - see Compliance


Appendix E for listing of high-risk areas. MM Program

Extensive Risk Management & Considerable Risk Management (all levels of control plus traditional
HH, HM audit)
HL, MH Manage and Monitor (all levels of control, but no traditional audit)
MM, ML, LH Monitor (only execution controls and supervisory controls)
LM, LL Accept (accept the risk and have no controls)

Impact = The effect a single occurrence of that risk will have upon the achievement of org's goals & objectives.
22
Risks
Activities 1 2 3 4 5 6 7
High: The effect will cause org not to achieve its goals and objectives.
Medium: The effect will cause org to operate inefficiently and/or expend unplanned resources to meet goals and objectives.
Low: There will be no measurable effect upon the achievement of org's goals and objectives.

Probability = The probability that a risk will become reality at org.


High: The risk will become a reality frequently at org.
Medium: The risk will become a reality infrequently at org.
Low: The risk will rarely become a reality at org.

23
Activities 8 9 10 11 12 13 14 15

Upward
Office of the Meetings & Evaluation of Performance
Governance and Leadership Facility Planning MM President MM Committees MM Administrators MM Compliance Office ML Measures

Information Technology - See Appendix


D for detailed risk assessment for IT
areas.

Plant Operations and Maintenance


OSP: Research Office of
Integrity Sponsored
Research and Development - See (objectivity, Projects (OSP): CGA: Facilities
Appendix C for detailed risk scientific Institutional Negotiation of CGA: Financial CGA: Cost Technology and Administrative
assessment for Research. misconduct) MM Review Board MM Agreements MM Reporting MM Sharing MM Transfer ML Research Training ML Cost Accounting

Student
International Organizations & Student Activities Center Student
Student Services Administration MM Recruiting MM Student Health MM Students ML Activities ML Counseling LM Operations LL Grievances

Employee Employment - Faculty Policy and


Human Resources Management Relations ML Hiring ML Credentials LL Procedure
Bonded
Cash Indebtedness and Accounts Organization and
Asset and Risk Management Management MM Issuance MM Receivable MM Management ML Internal Auditing LM Records Retention
Financial Management - See Appendix Budget
H for detailed risk assessment for Contract and Preparation
Financial Areas. Accounts Payable MM Payroll MM Grant Accounting MM Process

News and
University Relations and Alumni Affairs Information LL Alumni Relations

Program Faculty
Development & (recruitment, tenure,
Program development,
Deferred Distance Evaluation turnover, workload, Institutional
Instruction and Academic Support Maintenance MM Education MM Special Programs ML Process ML productivity) LL K-16 Issues LL Affiliations

Purchasing

Auxiliary and Service Departments

Institutional Compliance Program - see


Appendix E for listing of high-risk areas.

HH, HM

HL, MH
MM, ML, LH
LM, LL

Impact = The effect a single occurrence of that risk will have upon the achievement of org's goals & objectives.
24
APPENDIX C: Risk Assessment for Research Areas

FISCAL YEAR 20**

Risks
Activities 1 2 3 4 5 6
Laboratory Safety (Biosafety,
Chemical Safety,Controlled Financial, criminal, and/or
physical harm from Inappropriate disposal of Financial of physical harm to
Substances, Laser/Radiation Safety) misapplication of laboratory hazardous waste resulting in the University, its students,
HM procedures and parctices. HM fines and criminal charges. HM faculty and staff.
Time and Effort Reporting Loss of Federal/State funding
and incurrence of penalties
Loss of Federal/State funding due to RAs not knowing the Loss of Federal/State funding Loss of Federal/State funding Loss of Federal/State funding
and incurrence of penalties name of the project they're and incurrence of penalties and incurrence of penalties and incurrence of penalties
due to PI over-committing his working on, the funding School Effort Coordinators not due to lack of documentation due to someone other that a due to signed certification
time-not charging minimum or source, and the link between performing independent for hourly time changes in the knowledgeable person signing reports not being returned to
HH charging more than maximum, HH their work and the project. HM reviews. HM school departments. HL the certification form. ML C&GA in a timely fashion.
Coordination of Gifts and Grants with
Development Office Improper classification of Funding agency sends
grants or contracts as an confusing award letters as to if
MH unrestricted gift. MH the award is a gift or a grant.
Records Archiving
Improper maintenance of Noncompliance with record Noncompliance with University
MH records. MH retention. MH or applicable sponsor policies.
International Initiatives (Export Export of controlled
Control) information not properly Unauthorized foreign nationals
HL processed and reported. HL working on restricted research.
Research Integrity - Objectivity of Research protocols are not
Research reviewed and approved by IRB
and IACUC committees for
HL scientific merit.
Research Integrity - Scientific PI or research staff reports
Misconduct invalid and inaccurate data to
MH funding agency.
Technology Transfer Patent and agreement PI fails to report earning
HL violations occur. HL returned from technology.
Training - Research Funding opportunities are
PIs and research staff are not missed because
properly trained and record of documentations are not
training is not on file with provided to the funding
HL research compliance. HL agency.
Animal Research - Safety Lack of independent
monitoring of research activity Incidences of non-compliance
Lack of training for PI and by PI and animal resources are not properly reported to
HL Research Staff. HL staff. HL research compliance.
Protection of Animal Subjects Lack of independent
monitoring of research activity Incidences of non-compliance
Lack of training for PI and by PI and animal resources are not properly reported to
HL Research Staff. HL staff. HL research compliance.
Institutional Review Board (IRB) IRB Committee is not familiar
with state and federal Proper measures are not taken
regulations concerning human to review and approve Protocols are not pre-reviewed
HL participant research. HL research protocols thoroughly. HL by research compliance.
Protection of Human Subjects Non-compliance issues and
Proper measures are not taken adverse effects are not
Lack of training for PI and to ensure confidentiality of Consent forms and research reported to research
HL Research Staff. HL research participants. HL data are not stored properly. HL compliance.
Protection of Researcher Non-compliance issues and
adverse effects are not
Lack of training for PI and reported to research
HL Research Staff. HL compliance.
Protection of Research Issues of non-compliance are
Lack of training for PI and Research data is not stored Access to research data by not reported to research
HL Research Staff. HL properly. HL unauthorized personnel. HL administration.

Page 24
APPENDIX C: Risk Assessment for Research Areas

FISCAL YEAR 20**

Risks
Activities 1 2 3 4 5 6
OSP - Negotiation of Agreements Lack of expertise when
negotiating other than System Lack of knowledge of System Lack of knowledge about
approved contracts and rules and regulations regarding intellectual property
HL agreements. HL contracts. HL agreements.
Preparation of Research Protocols
Animal subject and human
participant research protocols Funding opportunities are
are not pre-reviewed by Protocols will not get approved missed because of delay in
HL research compliance. HL by IACUC and IRB. HL protocols approvals.
Cost Estimates Faculty does not have any Faculty underestimates what
idea of how to calculate the the research will cost and will
actual cost of the research be unable to complete the
MH project. MH research.
Cost Sharing
Unallowable costs due to Loss of Federal/State funding
Disallowed costs due to separately identifiable cost and public embarrassment due Sponsor disallowed costs due
inability to get cost share share account does not get to inaccurate reporting of or to charging unallowable costs
documentation from schools opened and budgeted before failure to provide mandatory to mandatory cost share
MH on closed federal grants. MH grant is opened, per org policy. MH cost sharing per contract. MH accounts.
Financial Reporting Disallowed costs due to
inaccurate or incomplete Loss of Federal/State funding
reporting requirements and public embarrassment due
reflected on contract HL to reports not done in a timely
HL documents. fashion.
Allowable Costs Disallowed costs due to PIs Unallowable costs incurred
doing major purchases at end and not reimbursed by
HL of grant to use up funds. HL sponsors.
Training - Post Award Research
Disallowed costs and damage
to reputation due to training Disallowed costs and damage
programs not being tailored to Disallowed costs and damage to reputation due to lack of
the individual needs of to reputation due to lack of training policy and plan for Disallowed costs due to lack
HL faculty/staff/management. HL training programs offered. HL continuous improvements. HL of participation in program.
Sub-Contractor monitoring
org sub-contracts may not Sub-contractor invoice
include clause requiring sub- Subcontractors may not be in Subcontracts are not reviewed Annual sub-contractor risk certification not included on
contractors to comply with compliance with Federal and annually per new org policy. assessments not being done, sub-contractor purchase
MH applicable laws & regulations. MH other applicable regulations. MH Effective approximately 8/06. MH per new policy. MH orders and invoices.
Cash Management Overspending Sponsored
Programs Budgets resulting in Schools not handling Petty Letter of Credit draws not Not collecting all billed
MH unreimbursed costs. MH Cash per org policy ML made in timely fashion MM revenue.
Incomplete/inaccurate contract/grant
documentation or no documentation Sponsor billing does not take Contract versus grant
received. place, or is not done per the Risk of not being reimbursed in designation incorrect on brief.
Delay in filing financial reports contract. Negative effect on a timely fashion. Negative Some federal contracts do not
HL to the sponsor(s). MM cash flow. MM IDCs not charged, if required. MM cash flow. MM require quarterly reporting.
Invention Disclosure PI does not accurately list the
percentage of work spent on
agreement or work with other PI does not disclourse an PI does not disclose royalty
ML inventors. ML invention. ML PI does not patent invention. ML revenues.
Preparation of Certifications and Funding opportunities are
Assurances PIs and research staff do not missed because
have proper certifications and documentations are not
assurance on file with research provided to the funding
ML administration. ML agency.
Facilities and Administrative Cost
Accounting IDC rate changes during term Loss of Federal/State funding
Incorrect IDC rate/base of grant and separate account and public embarrassment due
entered into FINS due to is not opened. (The only way to incorrect calculations in F&A
MM incorrect paperwork. MM FINS can handle this). MM rate proposal.

Page 25
APPENDIX C: Risk Assessment for Research Areas

FISCAL YEAR 20**

Risks
Activities 1 2 3 4 5 6
Minority and Small Business
Vendors
Loss of Federal/State funding
and damage to reputation due
Loss of Federal/State funding to PI not making information
and damage to reputation due on forthcoming opportunities
to PI not using small available to encourage and Loss of Federal/State funding
business/minority and women facilitate participation by small and damage to reputation due
owned business to fullest business/minority and women to vendor being on debarment
MM extent practicable. MM owned business. MM list
Records Archiving Loss of Federal/State funding
and public embarrassment if
org Accounts Payable and the Untimely closing of grants
Schools cannot produce creating increased risk for
receipts for contract/grant unallowable costs due to
MM expenditures. MM audits.
Administration/creation of contract
and grant documentation: Unreimbursed costs due to Excessive cost transfers may
Lack of clarity between sponsor & opening and budgeting affect the audit trail of
org regarding carry-forward of funds sponsored programs accounts transactions which in turn may
before obtaining official result in unsubstantiated costs
MM sponsor commitments. MM leading to disallowances.
Authorized spending of Negative effect on cash flow
contract/grant funds without signed Funds expended before official until funds can be reimbursed,
pre-award or signed agreement. contract date may be if and when signed contract is
MM disallowed by the sponsor(s)). MM received.
Purchase Orders for services are Loss of Indirect Cost revenue
treated as sub-contracts in violation due to expenses charged to
of OMB Circular A-133, sect sub-contractor expense
$___.210. instead of M&O. Breakdown Vendors providing services are
on invoices and financial Incorrect breakdown of costs treated as sub-contractors in
reporting by expense category on invoices and financial violation of OMB A-133,
MM are incorrect. MM reporting by expense category. MM section $___.210.
Data input to systerm not accurate Accurate contract/grant Pre-award specialist assigns
and/or differs from paperwork start/stop dates cannot be grant number from wrong
received. counted on leading to Missing Sponsor or PI ID range (fed., state, pvt., or
Lacking CFDA # - required for inaccurate financial reporting numbers-leading to inaccurate local)- Reporting category is in Sponsor/sub-sponsor switched
MM Federal reporting. MM of grants. MM reporting. MM error. MM on brief.

HH
= Extensive Risk Management & Considerable Risk Management (all Levels of Control* plus a traditional audit)
HM
HL
= Manage and Monitor (all Levels of Control but no traditional audit)
MH
MM
ML = Monitor (only Execution Controls & Supervisory Controls)
LH
LM
= Accept (accept the risk and have no controls)
LL

Impact = The effect a single occurrence of that risk will have on org.
High: The effect will cause org to materially misrepresent its financial position.
Medium: The effect will cause org to misrepresent its financial position.
Low: There will be no measurable effect upon financial statement reporting.

Probability = The probability that a risk will become reality at org.


High: The risk will become a reality frequently at org.
Medium: The risk will become a reality infrequently at org.
Low: The risk will rarely become a reality at org.

Page 26

You might also like