Learn about Risk Management
Learn about risk management at Columbia University.
Details
What Is Risk?
Risk is an event or action that may adversely affect the University’s ability to achieve its organizational objectives and execute its strategies successfully. This does not mean the risk currently exists or that the University is unaware or has not taken actions to mitigate the risk. Understanding risk in the context of its related business or operational area allows the University to address events or actions through risk management activities and to hopefully minimize the probability of occurrence and consequences of the adverse event.
Additionally, risk can be associated and identified for new opportunities the University is exploring so that a more informed assessment of the success of the initiative can be considered. Every organization has risk and there are fundamental risks and uncertainties that are common to all colleges and universities.
What Are Different Types of Risk?
- Compliance – Non-compliance with laws, regulations, or policies
- Financial Risks – these risks include liquidity, credit, and interest rate risk Information
- Technology Risks – failure of IT systems
- Operational/Strategic Risks – included inadequate or failed internal processes, employee actions
- Reputational Risks – anything that can damage the opinion (more technically, a social evaluation) of the public toward the University
What Are Indicators of Risk?
- Changes in management/staffing
- Complexity of operations
- Size of operations
- Degree of decentralization
- Degree of judgment/estimates
- Depth of personnel resources
- Economic/industry conditions
- Management concerns
- New systems/changing technology
- Process issues
- Past audit problems
- Quality of information/reporting
- Rapid growth
- Regulatory compliance
- Reputational impact
How Are Risks Mitigated?
Risks are mitigated by controls—which are the entire system of policies, monitoring, reports, communication, and other procedures that encompass the internal control structure. The audit process involves testing of internal controls.
- Risk Types
- Compliance
- Key Risks (what could go wrong)
- Fines and penalties
- Conflicts of Interest may occur
- Policies and procedures are not adhered to
- Regulations are not adhered to
- Inadequate licensing/agreement monitoring provisions
- Sample Impacted Business Processes
- Alliances
- Intellectual Property
- International Operations
- Research
- Financial Management
- Faculty Practice Organization (FPO)
- Risk Types
- Financial
- Key Risks (what could go wrong)
- Lack of ability to expand
- Untimely payments and receivables
- Fraud
- Reduced revenues and increased costs
- Loss and/or misappropriation of assets
- Capital availability and other economic factors
- Sample Impacted Business Processes
- Enrollment Management
- Facilities
- Financial Management
- FPO
- Risk Types
- Information Technology
- Key Risks (what could go wrong)
- Information may not be kept secure/confidential
- Failure of system implementations
- Unauthorized system access/transactions
- Inadequate business continuity and disaster recovery preparedness
- Sample Impacted Business Processes
- All
- Risk Types
- Operational/Strategic
- Key Risks (what could go wrong)
- Decentralized business practices decrease operational efficiencies
- Lack of ability to hire/recruit may impact operations
- Employee turnover may impact operations
- Inadequate staffing to support business operations
- Economic downturn may cause enrollment declines
- Lack of ability to expand enrollment
- Ineffective use of assets and/or resources
- Sample Impacted Business Processes
- Environmental Health and Safety
- Human Resources
- Public Safety
- Financial Management
- FPO
- Enrollment Management
- Risk Types
- Reputational
- Key Risks (what could go wrong)
- Increased risk of negative public exposure
- Regulatory issues
- Loss of funding
- Individuals attending or participating in University events may be injured
- Inadequate safeguarding of human capital (students/faculty/administrators)
- Sample Impacted Business Processes
- Strategic Management
- Public Safety
- Enrollment Management
- Environmental Health and Safety
Compliance Hotline
Visit the Compliance Hotline website to anonymously report or seek guidance on possible compliance issues, via telephone or online.
Office of the General Counsel
You are invited and encouraged to contact the Office of the General Counsel for assistance on matters affecting the University.
Contact Us
Contact the Office of Internal Audit by phone at 212-851-7234 or by email at [email protected].
Still have questions?
Visit our Service Center.