Five Years of Assessing Risk at Georgia Tech

*********************************
There is now a CONTENT FREEZE for Mercury while we switch to a new platform. It began on Friday, March 10 at 6pm and will end on Wednesday, March 15 at noon. No new content can be created during this time, but all material in the system as of the beginning of the freeze will be migrated to the new platform, including users and groups. Functionally the new site is identical to the old one. webteam@gatech.edu
*********************************

Atlanta, GA | Posted: February 2, 2016

Contact

Mia Reini
Director, Enterprise Risk Management
Office of Legal Affairs and Risk Management

Sidebar Content
No sidebar content submitted.
Summaries

Summary Sentence:

This year, Georgia Tech’s Enterprise Risk Management (ERM) will celebrate its fifth anniversary.

Full Summary:

No summary paragraph submitted.

Media
  • Managing Risk Managing Risk
    (image/jpeg)

This year, Georgia Tech’s Enterprise Risk Management (ERM) will celebrate its fifth anniversary. The ERM program is a comprehensive and ongoing risk assessment by Georgia Tech’s senior leadership of the key operational, financial, compliance, and reputational risks that could significantly interfere with Georgia Tech’s ability to achieve its Strategic Plan goals and institutional initiatives.

The senior leadership consists of a group of 15 vice presidents, vice provosts, and other senior leaders across campus who make up the Compliance & Risk Management Network. This group reviews the entire range of risks facing the Institute and scores them for likelihood (probability of the risk becoming reality), impact (effect the risk would have on the Institute), and velocity (estimated timing).

“Many people don’t realize that Georgia Tech scores its risks every year,” says Mia Reini, director of ERM. “Not only do we assess risk on an annual basis, but the risks with the highest cumulative scores are addressed with specific risk management plans. These plans have resulted in some significant projects at Tech.” Two such projects are: the Center for Community Health and Wellbeing and the GTPD Enhanced Camera Operations Center.

How Does ERM Work?

Risk Inventory

During ERM’s first year, in 2011, Georgia Tech developed a risk inventory through a series of focused brainstorming sessions with individuals from different areas of campus, including Academic Affairs, Student Life, Campus Services, Human Resources, Finance, Information Technology, and Research Administration. The risk factors identified in those discussions were reviewed by the Compliance & Risk Management Network, grouped into general subject matter areas, and categorized by risk level:

  • Institute (related to strategic objectives)
  • Unit (operational or process-oriented)
  • Systemic (affecting all of higher education)

Since 2011, the risk inventory has further evolved through annual conversations with risk owners across campus.

“If you know of a risk that could keep Georgia Tech from meeting its strategic goals, we’d like to hear from you,” emphasized Reini. “We are always on the lookout for current risks at Tech, how the risk management is going, and what more could be done to better manage the risk. We’ll never eliminate risk, but we can think of ways to manage it.”

Key examples of campus departments and associated risks are:

  • Academic Affairs: faculty retention
  • Administration and Finance: financial misconduct
  • Emergency Preparedness: continuity of campus operations
  • Georgia Tech Police Department: campus safety
  • Information Technology: data security
  • Research Administration: conflict of interest
  • Student Life: student health and safety

Risk Scoring

The Compliance & Risk Management Network scores all of the Institute-level risks using a risk score sheet. Identification of the most urgent risk factors in the total population of risks is what’s most important. The first risk scoring, and subsequent annual scoring, has created a roadmap for the Institute to manage risk strategically rather than perfectly.

Risk Plans

On the recommendation of the Compliance & Risk Management Network, campus individuals are identified as principally responsible for each risk factor and are asked to develop risk management plans for the high priority (high score) risk areas. The risk management plans are reviewed by the Network, presented to the president’s cabinet, and shared with the University System of Georgia Board of Regents.

The risk controls, detailed in the risk management plans, are subsequently included in the risk inventory. The Network annually rescores the risk factors after analyzing how well the controls are working and if additional situational risks are present. 

“Overall, the purpose of ERM is to embed risk resources into existing business processes — with the objective of being strategic, efficient, and supportive of entrepreneurship at Georgia Tech,” said Reini. “We want to help eliminate risk surprises.”

For more information, visit the Compliance & Risk Management Network website.

Related Links

Additional Information

Groups

News Room

Categories
Institute and Campus
Related Core Research Areas
No core research areas were selected.
Newsroom Topics
Campus and Community
Keywords
No keywords were submitted.
Status
  • Created By: Rachael Pocklington
  • Workflow Status: Published
  • Created On: Feb 2, 2016 - 7:49am
  • Last Updated: Oct 7, 2016 - 11:20pm