Purpose The Evolving ERM Ecosystem at UC Riverside

advertisement
The Evolving ERM Ecosystem at UC Riverside
Purpose
• Provide an Overview of the Evolution of the Enterprise Risk
Management (ERM) Ecosystem at UC Riverside
o from the early efforts of reacting & responding
o to the drafting & modifying of an effective compliance & ethics annual
work plan & enterprise risk management maturity work plan
o to the current focus of developing a coordinated & comprehensive
methodology
• with the goal of having a campus culture of ingrained shared
governance, responsive risk management, & collaborative
compliance.
The Evolving ERM Ecosystem at UC Riverside
Learning Objectives
 Objective 1:
Provide an Overview of the ERM Model at UCR
 Objective 2:
Provide Insights to the Importance of CampusWide Collaboration
 Objective 3:
Identify the Challenges & Opportunities in
Starting & Maintaining an Effective &
Energized Campus ERM Program
The Evolving ERM Ecosystem at UC Riverside
Practical Overview
Where have we been?
The Evolving ERM Ecosystem at UC Riverside
Practical Overview
Where are we at?
The Evolving ERM Ecosystem at UC Riverside
Practical Overview
Where are we going?
The Evolving ERM Ecosystem at UC Riverside
Practical Terms
Compliance
Compliance is either a state of being in accordance with established guidelines,
specifications, or legislation or the process of becoming so.
(What we are required to do)
The Evolving ERM Ecosystem at UC Riverside
Practical Terms
Ethics
The basic concepts & fundamental principles of decent human conduct.
(What we should do)
UC Standards of Ethical Conduct
Tartan Pride
Integrity
Excellence
Accountability
Respect
The Evolving ERM Ecosystem at UC Riverside
Practical Terms
Risk
A probability or threat of damage, injury, liability, loss, or any other negative
occurrence that is caused by external or internal vulnerabilities, & that may be
avoided through preemptive action.
(What we must & should be aware of)
The Evolving ERM Ecosystem at UC Riverside
Practical Terms
Risk Management (RM)
The identification, analysis, assessment, control, & avoidance,
minimization, or elimination of unacceptable risks.
(What we do to optimize effectiveness in achieving objectives)
The Evolving ERM Ecosystem at UC Riverside
Practical Terms
Internal Controls
Process for assuring achievement of an organization's objectives in
operational effectiveness & efficiency, reliable financial reporting, &
compliance with laws, regulations, & policies.
(What we do to check on effectiveness in achieving our mission)
The Evolving ERM Ecosystem at UC Riverside
Practical Terms
Enterprise Risk Management (ERM)
Process, effected by entity’s board of directors, management, & other personnel,
designed to provide reasonable assurance regarding the achievement of objectives
relating to operations, reporting, & compliance.
(What we do to optimize effectiveness in achieving objectives)
http://www.ucop.edu/enterprise-risk-management/procedures/what-is-erm.html
The Evolving ERM Ecosystem at UC Riverside
Practical Terms
Shared Governance
"The University has a dual-track system of authority & responsibility which presumes that faculty
members are best qualified to chart the University's educational course, while administrators are
most competent to direct its finances & organization. In practice, these domains are overlapping &
interdependent. To function successfully together, faculty & administrators depend upon a high
degree of consultation, trust, mutual respect, & a tradition of collegiality."
(Collaboration in UCR 2020 The Path to Preeminence)
The Evolving ERM Ecosystem at UC Riverside
System Historical Overview
• UCOP ECAS Oversight (Beginning in Fall 2007)
Establish & Champion System-Wide C&E Program
The Evolving ERM Ecosystem at UC Riverside
System Historical Overview
UC Ethics & Compliance Risk Council
Monthly Meetings with Campus CECOs
The Evolving ERM Ecosystem at UC Riverside
System Historical Overview
UCOP ECAS Organization (2008)
The Evolving ERM Ecosystem at UC Riverside
System Historical Overview
UC System-Wide Compliance (2008)
The Evolving ERM Ecosystem at UC Riverside
Campus Historical Overview
2009-2010
Ethics, Compliance, Risk, and Audit Controls Committee (ECRAC)
ECRAC Charter (July 2009)
•
•
•
•
•
•
•
•
•
•
•
•
Provide Campus Oversight to UC E&C Program
Advises SVP/Chief Compliance & Audit Officer thru UC E&C Risk Council
Quarterly Meetings Co-Chaired by Campus EVC&P & CECO
Facilitated by Director of A&AS
Committee Membership Comprised of 20 Senior Campus Reps
Responsible for Overall Campus Culture
Identify & Implement Tools, Metrics, & Processes to Effectively Monitor Climate
Encourage Awareness of Compliance & Open Lines of Communication
Monitor Effectiveness & Consistency of Compliance
Track Effectiveness of Risk Assessment Tools
Advise on Guidance, Education, & Training
Provide Quarterly & Annual Campus Compliance Reports to
o UC Ethics & Compliance Risk Council
o SVP/Chief Compliance & Audit Officer
The Evolving ERM Ecosystem at UC Riverside
Campus Historical Overview
2009-2010
Enterprise Risk Work Group (ERWG)
•
•
•
•
•
•
•
•
•
•
•
•
Commissioned 2009 by CECO Providing Oversight of Campus ERM
Chaired & Facilitated by RM Director
Advises Campus ECRAC
Meets Quarterly
Membership of 20 Comprised from Major Functional Areas
Establish Common Language for Managing Campus Risk
Collaborate on Comprehensive & Balanced Approach to Identify & Manage Risks
Provide Assurance ERM Decisions are Aligned with Campus Vision & Goals
Communicate Strategies to Respective Stakeholders
Responsible for Campus Overall ERM Program (Implementation, Metrics, & Monitoring)
Advise on Need for Campus-Specific P&Ps, Training as it Relates to Specific Risk Areas
Review Risk Areas of High Priority & Proposed Risk Mitigation Activities
The Evolving ERM Ecosystem at UC Riverside
Campus Historical Overview
2009-2010
Research Integrated Safety Committee
• Commissioned in 2000
• Advises, Consults, & Participates with Campus EH&S on
o Programs & Standards for Safe Conduct of Teaching & Research
o Issues Related to Research & Lab Safety
o Effective Operational Strategies with







Institutional Bio-Safety Committee
Radiation Safety Committee
Institutional Animal Care & Use Committee
Institutional Bio-Safety Committee
Institutional Review Board
Pesticide Safety Committee
Other Related Committees
• Monthly Meetings
o Chaired by Faculty Member
o Facilitated by Campus EH&S Director
o Membership of 23 Comprised from Major Functional Areas
o Campus Executive Committee Provided Annual Briefing
The Evolving ERM Ecosystem at UC Riverside
Campus Historical Overview
2009-2010
Reacting & Responding
Campus Compliance Program Highlights
҉
Mandated & Implemented New "Violence in the Workplace" Training for All Campus Employees
҉
Developed Monthly Reporting Tool for Effective Tracking of Contracts and Grants "Principal Investigator Web Reporting System"
҉
Implemented Campus Emergency Status Website with Quarterly Emergency Response Testing
҉
On-Going Campus-Wide Effort to Create, Implement, and Maintain Unit-Specific Business Continuity Plans
҉
Research Integrity
 Established a Campus Conflict of Interest Committee
 Established a Campus Stem Cell Research Oversight Committee
҉
Lab Safety
 Developed New Laboratory Safety Program Under Purview of Campus Environmental Health and Safety Director
 Established "Accountability in Laboratory Safety" Protocol Outlining Actions and Responsibilities at All Campus Levels
҉
Event Management
 Efforts in Place to Develop and Implement Policy & Procedures to Ensure Safety and Security at All Campus Events
 Efforts in Place to Develop Uniform Practices for Facility Scheduling & Use Applicable Campus-Wide
 Campus Director of Risk Management Taking Lead to Coordinate a Standardized Process Applicable to All Activities
A&AS, RM, & CECO Not Yet Actively Collaborating
The Evolving ERM Ecosystem at UC Riverside
ERWG Members Initially Identified 39 Risks within 10 Risk Categories
Risk Category
Infrastructure
Identifiable Risks




























Deferred Maintenance
Value Engineering
Life Cycle Costs
Space Planning
Emergency Planning
Continuity Planning
System Security
Data Security
System Accessibility
Building/Physical Crimes
Employee-Employee
Student-Student
Student-Employee
Third Party Non-Affiliated
Reduction In Workforce
Overloaded Workforce
Aging Workforce
Succession Planning
Attracting Qualified Candidates
EPL/Discrimination Claims
Academic Misconduct
Administrative Misconduct
Conflict of Interest
Ethics
Student Conduct
Premises Safety
Lab Safety
Safety/Risk Training
Non-Compliance/Sanctions




Laws
Regulations
Grants
Policies
Travel
 Auto/Driver Training
o UC Vehicles
o Personal Vehicles
 Team/Athletics
 Faculty/Staff/Students
o Domestic
o International
 Concerts/Festivals
 Unsupervised Student Events
 Open Campus Events
 Unknown Events
Catastrophic/Violence in the Workplace
IT Security
Crime/Violence in the Workplace
Workforce/Budget/Economy
Reputational
Campus Safety
Event Management
The Evolving ERM Ecosystem at UC Riverside
Campus Historical Overview
2009-2010
Reacting & Responding
• RM Drafts First Campus ERM Maturity Work Plan
o UCOP RS (Developed & Adopted in 2009)
o Five Components





Internal Environment/Objective Setting
Event Identification/Risk Assessment
Risk Responsibility/Control Activity
Information & Communication
Monitoring
o Input from Several Risk Focus Areas in Campus E&C Annual Work Plan
o Challenge in Fully Understanding COSO Model
o Connection Among Three Plans not Strong
• UCOP RS Tasks Campuses with Completing HERA Workbook
• Formal ERM Process Not Yet In Place
o Ad-Hoc Committee in Place Addressing ERM Issues for Past Four Years
o ECRAC Designated to Provide Campus Oversight through E&C Program
o Strategic Goals Also Used to Address Alignment with ERM Objectives
The Evolving ERM Ecosystem at UC Riverside
2010
The Evolving ERM Ecosystem at UC Riverside
2010
UCR Campus Ethics and Compliance Program - Key Components
Incorporating the Federal Sentencing Guidelines Seven Essential Elements for an Effective Compliance Program
1.
2.
3.
4.
5.
6.
7.
Active Oversight
Policies, Standards, & Code of Conduct
Education & Training
Open Communications
Monitoring & Metrics
Enforcement Tools
Responsive Initiatives
Auditing
Controls
Operating
Controls
Auditing
Responsibilities
Employee
Responsibilities
Leadership
Engagement
Oversight
Controls
Monitoring
Controls
Compliance
Responsibilities
Supervisory
Responsibilities
The Evolving ERM Ecosystem at UC Riverside
Campus Historical Overview
2010-2011
• UCOP ECAS Provides Template for Developing E&C Annual Work Plan
ERWG Identifies 28 Risk Focus Areas in 7 General Risk Categories
o Reporting to UCOP ECAS on Quarterly Basis is On-Going Challenge
The Evolving ERM Ecosystem at UC Riverside
Campus Historical Overview
2010-2011 E&C Annual Work Plan
12 Risk Focus Areas Recommended for Tracking & Reporting
Campus
Metric
Campus Safety
UC Riverside
Government Reporting
Accuracy
Data Privacy and Security
1) Develop a new Lab Safety
program, which includes a new
"Accountability in Laboratory
Safety" protocol which outlining
actions and responsibilities at
all campus levels - including
faculty, Deans and Provosts.
1) Develop a monthly
UCR requires those involved
reporting tool for contract with student systems to take
and grants - "Principal
FERPA training annually.
Investigator Web
Reporting System" (PIWRS).
2) Mandate a new "violence in
the workplace" training course
for all employees.
2) UCR is securing campus
wide access to the website
"A Guide to Managing
Federal Grants for Colleges
and Universities;" a
subscriber-only service
that includes access to its
website, monthly print and
PDF newsletters, and print
and web access to
pertinent government
documents.
3) Implement a Campus
Emergency Status website and
campus emergency response is
tested quarterly.
4) Draft a new "Accountability in
Laboratory Safety " which
outlines actions and
responsibilities at all campus
levels - including faculty, Deans
and the Provost.
Research
UCR has established a Conflict of
Interest Committee (Research), as
well as a Stem Cell Research
Oversight Committee.
Culture of Ethics and Compliance
Investigations
1) UCR has undertaked steps to to Establish and
review delegations of authority
mainatain LDO liasions
and administrative policies.
with the other UC
campuses and UCOP.
2) Campus is rolling out Principle
Investigator reporting application
which includes responsibility
overviews.
3) Senior adminstration takes
action on policy violations, such
as systems access removal and
funding limitations.
Health Care
Reform
The Evolving ERM Ecosystem at UC Riverside
Campus Historical Overview
2010-2011
• UCOP ECAS Distributes E&C Services Program Policy (February 2011) Providing
o
o
o
o
o
Program Guidance
Annual E&C Work Plan Procedures
Annual Report Requirement
Annual Education Plan
Confidential Reporting Mechanisms
• RM Becomes Familiar with Available ERM Activities & Tools
The Evolving ERM Ecosystem at UC Riverside
Campus Historical Overview
2011-2012
Identifying Key Components/Players/Activities
• UCOP ECAS Provides Guidance to Report on Select Critical Risk Focus Areas
• ERWG Solicits Input from Campus Departments with Risk Assessment Template
• ERWG Reviews Risk Focus Areas Using UCOP ECAS Template
•
•
•
•
•
o 33 Risk Focus Areas Identified
o Quarterly Reports Remains Work-In-Progress
CECO Submits Campus E&C Annual Work Plan Narrative & Work Plan
UCOP RS Provides Summary of ERM Maturity Work Plan Efforts for Campuses
RM Drafts Campus Enterprise Management Maturity Work Plan
RM Director Works with CECO Rep with Goal of having Both Plans in Synch
A&AS, RM, & CECO Reps Meet to Discuss UCR IA 2010-2011 Annual Report
The Evolving ERM Ecosystem at UC Riverside
Audit & Advisory Services
Risk Assessment & Audit Planning Timeline
January
Data
Gathering
/Analysis
A&AS Tools
•
•
•
•
•
February
March
April
Prepare
Draft Plan
Assess Current
Plan Status
Complete Risk
Assessment
Model
Interviews
E&C Annual Work Plan
Risk Focus Assessment Work Sheets
Data Analytics
Internal & External Sources
May
Revise Draft
Plan
ECRAC
Approves
Draft Plan
ECRAC
Approves
Final Plan
The Evolving ERM Ecosystem at UC Riverside
Audit & Advisory Services
Audit Plan Development Timeline
March
March 17
Draft Plan
Approved by
ECRAC
Draft Plan
to UCOP
April
May
May 23
Assess
Current
Plan
Status
/Revise
Draft
Plan
Final Plan
Approved by
ECRAC
Draft Plan
Reviewed by
Regent’s Audit
Committee
Final Plan
Reviewed
by Regent’s
Audit
Committee
The Evolving ERM Ecosystem at UC Riverside
Audit & Advisory Services
Audit Risk Assessment Methodology
• Data Gathering & Analysis
•
•
•
•
•
•
Interviews with Management & Staff
Data/Financial Analysis
Ethics & Compliance Annual Work Plan
Risk Focus Assessment Work Sheet
Campus Committees
Prior Internal & External Audit Coverage
• Complete Risk Assessment Model
• Universe of Processes, Functions, Units
• Scoring Universe Using Predictive Factors
The Evolving ERM Ecosystem at UC Riverside
Campus Historical Overview
2012-2013
Refining Reporting Tools/Establishing Collaboration
•
•
•
•
•
UCOP ECAS Provides Campuses System-Wide E&C Annual Work Plan
UCOP RS Tasks Campuses with Updating HERA Workbook
ERWG Identifies & Recommends Tracking & Reporting on 8 Risk Focus Areas
ERM Maturity Work Plan Built with Input from E&C Annual Work Plan
A&AS Director/RM Director/CECO Reps Meet to Compare & Contrast Respective Plans
The Evolving ERM Ecosystem at UC Riverside
Campus Historical Overview
2012-2013
E&C Annual Work Plan
R
1
Risk Focus Area
Campus Safety

Lab Safety & Integrity
Responsible Unit/POC
Stakeholder(s)
Objectives/Goals


Laboratory Safety Accountability Project
Lab Safety Training Modules


EH&S/Director
RISC/BCOE/CNAS/Other

EH&S/Training & Communications
Manager
HR/RISC/CSC/BCOE/CNAS/Other

2
Campus Safety

Motor Vehicle Safety


3
Campus Safety

Safety of Minors

Working Smarter P&P Project
Implement Comprehensive Motor Vehicle
Safety Initiative
Develop & Implement Guidelines & Best
Practices in Concert w/UCOP Initiatives
Involving the Safety of Minors on All
Campuses






Outcomes Metrics
(Tracking Indicators)







4
5
Data Privacy & Security/
Government Reporting

PCI Compliance
Research

Conflicts of Interest
Conduct Internal Audit of
of Minors Program
Campus Safety

On Going

Current Ready Reference for Campus
Community
Reduce/Eliminate Incidents Involving UCR
Motor Vehicles
Reduce Costs of Vehicle Repairs &
Maintenance
Determine Effectiveness of Vehicle Usage
On Going

On Going

Review & Update Campus Policies &
Departmental Procedures/Guidelines to
Ensure Adherence to Applicable Sections in
BUS-49
IS-2, 3, 11, 12
Define Audit Scope/Review & Respond to
Findings

Review & Stay Current w/Information
Provided by UCOP General Counsel & Office
of Research
Monitor for Completion & Documentation
Training to Include
Introduction of Applicable Federal & State
Requirements
Required Signed Documentation
 Statement of Economic Interest
 UC Conflict of Interest Code
 Faculty Commitment of Time
 Industry-Sponsored Research
 Publications
 Patents
 Gifts & Honoraria
Provide Greater Visibility to Policies Involving
Research Concerns Working with Campus to
Implement UCOP Standard Format, as
applicable
Ensure Conflict of Interest Committee
Remains Active & Providing Two-Way
Communications

Identify & Position Compliance & Privacy
Program Officer

Devise & Implement Effective Compliance &
Privacy Program
Review Requirements Involving Clinics &
Residencies
LDO records, tracks, & maintains all reports
of allegations of non-compliance not
reflected in
Ethics Point
ECAS: Maintain system-wide Ethics Point
data
OGC: Record & track amount of attorney
fees associated with retaliation cases (and/or
attorney hours); settlement amounts
Risk Services: Record & track liability claims
A&AS/Director
UCPD/RM/GC/SMG/Other



Conduct Internal Audit of Campus PCI:DSS
Program


A&AS/Director
FS/C&C/FBO/RM/SMG Other


Conflict of Interest Initiative


OR/VC
SMG/GC/Academic Senate




HS/Dean
SMG/Others


12/31/2012


FS & C&C/AVC-FS & AVC-C&C
SMG/Others Including All Campus Units
Involved in Process of Electronic Payment
Card Transactions
Systems are in place to report with the
expectation of prompt follow-up involving
activities contrary to Statement of Ethics
Values & Standards of Ethical Conduct

Develop & Implement General Guidelines &
Program-Specific Protocols for Sponsored
Events/Activities
Determine Whether There is need to
Develop Campus-Wide Policy w/ProgramSpecific Procedures
Define Audit Scope/Review & Respond to
Audit Findings

•

Review & Update Applicable
P&Ps/Guidelines/Best Practices
Monitor & Report on
Training Through LMS
Vehicle Usage & Trends
Compliance to Applicable Federal, State,
Local, System-Wide Regulations


Culture of E&C

Whistleblower Hotline
Increase Number of Persons Properly
Trained w/Supporting Documentation &
Reduce Number & Severity of Lab Incidents
On Going

7






On Going
Identify & Monitor & Track Campus
Units/Programs that Sponsor
Events/Activities Involving Minors
Comprehensive Review of Campus PCI:DSS
Program
Compliance & Privacy Program Initiative







Increase & Maintain Number of Safety
Compliant Labs w/Overall Goal of 100%
Compliance
RM/Director
UCPD/GC/SMG/SA/RISC/CSC /Others to
Include All Campus Units w/Programs
Involving Minors


Culture of E&C

School of Medicine



6

LDO

UCPD/RM/GC/SMG/Other




Outcome Metrics
(Behavioral Expectations)
On Going
Quarterly Status Reports
Track Key Safety Factors
Plan & Conduct
 Internal Lab Assessments
 EH&S Follow Ups
LMS Development
Identify Mandatory Training
Develop Lab-Specific Training Modules
Provide Notices to Stakeholders
TAPS/Director
CSC/Others
TAPS/Director
RISC/CSC/HR/Other


Estimated Date of
Completion Date



Establish Campus Culture that Protects &
Promotes Overall Well-Being & Safety of
Minors on Campus, as well as for
Sponsored Activities /Events Off Campus
12/31/2012

Identify & Implement Plan to Address
Areas of Concerns
On Going

Update PCI:DSS Safeguards to Eliminate
Network Security Breaches & Mitigate
Losses

12/31/2012

Identify & Implement Plan to Address Areas
of Concerns

On Going

Establish Conflict of Interest Program that
Provides Requisite Guidance & Clarity to
Faculty & Staff to Allow for Educated
Decision to Pursue Other Interests

04/16/2012


On Going

Individual Identified & Hired w/Extensive
Experience w/UC System& Technical
Expertise for Programs Involving School of
Medicine
Establish & Maintain Effective Compliance
& Privacy Program & Implement Tools to
Address Upcoming Compliance
Requirements as School of Medicine
Matures

On-Going
with 4Q
reporting to
reflect data
gathered for
FY 2012-13

Include indicators related to:

number of hotline reports;

number of substantiated reports; &

settlement costs.
These combined metrics provide a baseline for
review & initial indications of increased
awareness of what types of incidents need to be
reported & employees’ responsibility to report.
In addition, by beginning to review the cost of
resolving claims of allegations and measuring
their increase or decrease over time will provide
another indicator of effective communication.
8
Investigations

Claims

Campus Claims Annual Review Trends


RM/Director
SMG/FBO/Others


Track, Reconcile & Report on Claims Entered
into iVOS & ERMIS
Provide Trend Analysis for Risk Assessment
for ERWG Members

06/30/2012

Use Annual Claims Review & Trend Analysis
as Tool to Prioritize Risks & Develop Plans to
Track & Mitigate Selected Metrics
The Evolving ERM Ecosystem at UC Riverside
Campus Historical Overview
2013-2014
Identifying & Implementing a Process
• Implementing an E&C/ERM Process
o
o
o
o
o
o
o
o
o
o
o
UCOP ECAS Provides RAP Timeline FY2013-2014
CECO Provides UCOP ECAS Rating Tool for FY 2013-2014
CECO Calls for First E&C Focus Group
ERWG Members Provided RFA Worksheet at May Meeting
E&C Focus Group & ERWG Recommend Tracking & Reporting on 9 Risk Focus Areas
CECO Presents E&C Annual Work Plan Assessment at ECRAC Meeting in June
ECRAC Reviews & Prioritizes Risk Focus Areas
CECO Submits Campus E&C Work Plan in June to UCOP ECAS
CECO Works with Stakeholders to Put Together Metrics & Plans
CECO Conducts Quarterly Reviews of E&C Annual Work Plan
CECO Drafts ERM Maturity Work Plan
• CECO Meets Quarterly with A&AS Director & RM Director
• FRMP Work Plan Drafted & Approved (First Plan to Use COSO Model)
The Evolving ERM Ecosystem at UC Riverside
Campus Historical Overview
2013-2014
E&C Annual Work Plan
The Evolving ERM Ecosystem at UC Riverside
System Historical Overview
UCOP ECAS Organization (2014)
The Evolving ERM Ecosystem at UC Riverside
2014
The Evolving ERM Ecosystem at UC Riverside
2014
UCR Campus Ethics and Compliance Program - Key Components
Incorporating the Federal Sentencing Guidelines Seven Essential Elements for an Effective Compliance Program
1.
2.
3.
4.
5.
6.
7.
Active Oversight
Policies, Standards, & Code of Conduct
Education & Training
Open Communications
Monitoring & Metrics
Enforcement Tools
Responsive Initiatives
Auditing
Controls
Operating
Controls
Auditing
Responsibilities
Employee
Responsibilities
Leadership
Engagement
Oversight
Controls
Monitoring
Controls
Compliance
Responsibilities
Supervisory
Responsibilities
The Evolving ERM Ecosystem at UC Riverside
Current Efforts
2014-2015
Reviewing & Revising the Process
•
•
•
•
•
•
•
•
•
•
•
•
•
UCOP ECAS
UCOP RS
ECRAC
E&C Focus Group
E&C RFA Worksheet
ERWG
RM
CECO
A&AS
E&C Annual Work Plan
ERM Maturity Work Plan
Internal Audit Work Plan
E&C Clearinghouse Website
UCOP General Category
Risk Focus Area
Initial FY
20132014
2014-2015
ECRAC
Identified
Ranking
Delta
AVG
Ranking
Ranking
3
4.04
4.38
0.34
4.213
1
Risk Rank (1-5 [1=Slight to 5=Severe])
ERWG
( 16/20)
FG
( 15/19)
Campus Safety
Lab Safety & Integrity
2009-2010
Campus Safety
Safety of General Community
2013-2014
1
4.00
4.23
0.23
4.115
2
Ca mp u s Sa fe ty
Da ta Pri va cy & Se cu ri ty/
Gove rn me n t Re p orti n g
Ph ys i ca l I n fra s tru ctu re
2009-2010
14
3.54
3.92
0.38
3.732
3
PCI Comp l i a n ce
2010-2011
12
3.58
3.85
0.26
3.715
4
Campus Safety
Safety of Minors
2012-2013
2
3.85
3.46
0.38
3.654
5
I n ve s ti ga ti on s
Al l e ga ti on s
2014-2015
NR
3.50
3.71
0.21
3.607
6
Da ta Pri va cy & Se cu ri ty
Ca mp u s Sta n d a rd s & I n te rn a l Con trol s
2014-2015
NR
3.50
3.43
0.07
3.464
7
Culture of E&C
Crisis Management
2013-2014
4
3.67
3.15
0.51
3.410
8
Ca mp u s Sa fe ty
Vi ol e n ce Aga i n s t Wome n Act (VAWA)
2014-2015
NR
3.36
3.36
0.00
3.357
9
Research
NSF/NIH New Auditing Techniques
2013-2014
5
3.36
3.25
0.11
3.307
10
He a l th ca re
Th i rd Pa rty Re l a ti on s h i p s
2013-2014
NR
3.45
3.15
0.30
3.304
He a l th ca re
Re gu l a tory Con ce rn s
2014-2015
NR
3.45
3.15
0.30
3.304
Culture of E&C
School of Medicine
2012-2013
8
3.23
3.33
0.11
3.280
Campus Safety
Student Concerns (Alcohol Use/Driving)
2013-2014
7
3.23
3.31
0.08
3.269
Ca mp u s Sa fe ty
Fa cu l ty-Stu d e n t Re l a ti on s h i p s
2013-2014
20
3.54
3.00
0.54
3.269
Da ta Pri va cy & Se cu ri ty
E-Di s cove ry
2013-2014
13
3.42
3.08
0.34
3.247
Ca mp u s Sa fe ty
Bu s i n e s s Con ti n u i ty Pl a n
2013-2014
NR
3.00
3.43
0.43
3.214
Ca mp u s Sa fe ty
Re p u ta ti on of Un i ve rs i ty
2013-2014
11
3.35
3.08
0.27
3.212
Culture of E&C
OFCCP Areas of Concerns
Co-Exi s te n ce of Tra ve l Mod e s on
Ca mp u s
2013-2014
6
3.00
3.38
0.38
3.192
2014-2015
NR
3.29
3.07
0.21
3.179
I n ve s ti ga ti on s
Ca mp u s Sa fe ty/
Cu l tu re of E&C
Cl a i ms
2010-2011
16
3.29
2.92
0.38
3.104
Ame ri ca n s Di s a b i l i ti e s Act (ADA)
2011-2012
NR
3.29
2.86
0.43
3.071
Cu l tu re of E&C
De ve l op me n t of Fa cu l ty
2014-2015
NR
2.77
3.33
0.56
3.051
Cu l tu re of E&C
Sa l a ry I n e q u i ti e s
2014-2015
NR
2.89
3.13
0.24
3.007
Culture of E&C
2013-2014
9
2.83
3.15
0.32
2.994
2014-2015
NR
3.04
2.92
0.12
2.982
Cu l tu re of E&C
Work Force Stressors/Staff Development
Con fl i ct of I n te re s t/Con fl i ct of
Commi tme n t
En ga ge d & I n forme d Ri s k
As s e s s me n ts
2013-2014
21
2.88
2.92
0.04
2.904
Cu l tu re of E&C
NCAA Re gu l a ti on s
2014-2015
NR
3.04
2.71
0.33
2.878
Da ta Pri va cy & Se cu ri ty
Re cord s Ma n a ge me n t & Re te n ti on
2013-2014
18
2.73
2.92
0.19
2.827
Ca mp u s Sa fe ty
Motor Ve h i cl e Sa fe ty
2009-2010
10
2.92
2.69
0.23
2.808
Cu l tu re of E&C
Eve n ts Ma n a ge me n t
2011-2012
NR
2.93
2.64
0.29
2.786
Gove rn me n t Re p orti n g
Pa yrol l Ce rti fi ca ti on
2009-2010
19
2.73
2.83
0.11
2.780
Cu l tu re of E&C
Ca mp u s Cl i ma te Su rve y
2014-2015
NR
2.44
3.00
0.56
2.722
Cu l tu re of E&C
Pol i cy Ma n a ge me n t
2010-2011
NR
2.71
2.71
0.00
2.714
I n ve s ti ga ti on s
Wh i s tl e b l owe r
2010-2011
22
2.83
2.46
0.37
2.647
Re s e a rch
I n te l l e ctu a l Prop e rty
2014-2015
NR
2.45
2.77
0.31
2.612
Re s e a rch
Exp ort Con trol s
2013-2014
15
2.44
2.73
0.28
2.586
Cu l tu re of E&C
I n te rn a ti on a l Agre e me n ts
2013-2014
NR
2.38
2.75
0.37
2.567
Cu l tu re of E&C
Ca mp u s Comp l i a n ce Ca l e n d a r
2014-2015
NR
2.36
2.21
0.14
2.286
Ca mp u s Sa fe ty
As s e mb l y & Fre e Sp e e ch
2012-2013
17
2.23
2.23
0.00
2.231
3.11
3.12
0.00
3.115
Ca mp u s Sa fe ty
Re s e a rch
The Evolving ERM Ecosystem at UC Riverside
Moving Forward
• ERWG Involvement
• ECRAC Commitment
• CECO Champion
• ERM Website
• Research
• School of Medicine
The Evolving ERM Ecosystem at UC Riverside
Moving Forward
Heat Maps, Balanced Scorecards, Data Dictionaries
http://www.ucop.edu/enterprise-risk-management/procedures/objective-setting/using-the-balanced-scorecard.html
The Evolving ERM Ecosystem at UC Riverside
Moving Forward
Data Analytics
The science of examining raw data with the purpose
of drawing conclusions about that information.
The Evolving ERM Ecosystem at UC Riverside
Moving Forward
UCOP RS MMR
http://www.ucop.edu/enterprise-risk-management/tools-templates/ermis/index.html
The Evolving ERM Ecosystem at UC Riverside
Moving Forward
UCOP RS ERMIS
http://www.ucop.edu/enterprise-risk-management/tools-templates/ermis/ermis-dashboards.html
ERMIS Objectives Include:
• Better Quantitative Analysis Capabilities
• Improved Analytical & Reporting Capabilities
• Support for Leading Risk Governance & Compliance
Processes
• System-Wide Visibility, with Local Flexibility
• Scalability without additional burden on UC staff
The Evolving ERM Ecosystem at UC Riverside
Moving Forward
Sharing Within UC
The Evolving ERM Ecosystem at UC Riverside
Moving Forward-One Step at a Time
Challenges/Opportunities
The Evolving ERM Ecosystem at UC Riverside
Committed Risk Owners
The Evolving ERM Ecosystem at UC Riverside
Systematically Prioritizing Risks
The Evolving ERM Ecosystem at UC Riverside
UCOP ECAS/RS
Continued Guidance & Collaboration
/
The Evolving ERM Ecosystem at UC Riverside
Move Forward with Purpose
Contact Information
• Nida Niravanh: nniravan@uci.edu
• Greg Moore: greg.moore@ucr.edu
• Tim Willette: tim.willette@ucr.edu
Download