Departments are responsible for notifying the Office of Risk Management of any major projects and activities planned for their area.
The Office of Risk Management will perform risk assessments and provide information on required mitigation in order to comply with university policies. Appropriate department administrators are responsible for ensuring that campus programs, activities and policies managed by their department are conducted in a manner that considers the risk of loss or injury.
Risk Management Process
Step 1: Notification/Request – The department will contact Risk Management requesting a risk assessment.
Step 2: Information Gathering – Risk Management will reach out to the department requesting relevant information/documentation of the activity/exposure.
Step 3: Assessment Draft – Risk Management will draft a risk assessment.
Step 4: Assessment Review – Risk Management will share the risk assessment draft with the department for review.
Step 5: Assessment Sign-Off – Once reviewed, Risk Management will send out the risk assessment to the appropriate person in the department for sign-off.
Step 6: Risk Mitigations – Once signed-off, the mitigations should be put in place by the appropriate departments as noted on the risk assessment by the due date.
Notification/Request: The department must notify Risk Management of any procurements and major project undertaking. It is highly recommended that the department notify Risk Management when it is in the research phase. Waiting until the last minute can delay the process.
Information Gathering: The Risk Management team will request information from department.
Assessment Draft: Risk Management will draft a risk assessment document. The document highlights the risks, and mitigations to reduce that risk to an acceptable level.
Assessment Review: Once the draft is completed, Risk Management will share the draft with the appropriate department staff for a review. This is an opportunity for departments to correct any inaccurate information on the risk assessment as well as discuss mitigations and the plan to implement them.
Assessment Sign-Off: Once both Risk Management and the department agree upon the risk assessment draft and the mitigations, the final version will be sent out to the department’s manager/designee via for sign-off.
Risk Mitigation: The appropriate departments, as noted on the risk assessment document, is now responsible for implementing the mitigations. The department may reach out to Risk Management requesting clarification or assistance for implementing the mitigations. Risk Management will follow up with the department requesting a status on mitigations. Once all mitigations are implemented, the risk assessment is closed.
In situations where a required mitigation cannot be implemented for a variety of reasons, a risk exception document will be created. This document is similar to a risk assessment document. A risk exception document requires a signature from both the department head and Vice President/designee of the division.