Learn about Risk Management

Learn about risk management at Columbia University.


What Is Risk?

Risk is an event or action that may adversely affect the University’s ability to achieve its organizational objectives and execute its strategies successfully. This does not mean the risk currently exists or that the University is unaware or has not taken actions to mitigate the risk. Understanding risk in the context of its related business or operational area allows the University to address events or actions through risk management activities and to hopefully minimize the probability of occurrence and consequences of the adverse event.

Additionally, risk can be associated and identified for new opportunities the University is exploring so that a more informed assessment of the success of the initiative can be considered. Every organization has risk and there are fundamental risks and uncertainties that are common to all colleges and universities.

What Are Different Types of Risk?
  • Compliance – Non-compliance with laws, regulations, or policies
  • Financial Risks – these risks include liquidity, credit, and interest rate risk Information
  • Technology Risks – failure of IT systems
  • Operational/Strategic Risks – included inadequate or failed internal processes, employee actions
  • Reputational Risks – anything that can damage the opinion (more technically, a social evaluation) of the public toward the University

What Are Indicators of Risk?
  • Changes in management/staffing
  • Complexity of operations
  • Size of operations
  • Degree of decentralization
  • Degree of judgment/estimates
  • Depth of personnel resources
  • Economic/industry conditions
  • Management concerns
  • New systems/changing technology
  • Process issues
  • Past audit problems
  • Quality of information/reporting
  • Rapid growth
  • Regulatory compliance
  • Reputational impact

How Are Risks Mitigated?

Risks are mitigated by controls—which are the entire system of policies, monitoring, reports, communication, and other procedures that encompass the internal control structure. The audit process involves testing of internal controls.

Compliance Hotline

Visit the Compliance Hotline website to anonymously report or seek guidance on possible compliance issues, via telephone or online. 

Office of the General Counsel 

You are invited and encouraged to contact the Office of the General Counsel for assistance on matters affecting the University.

Contact Us

Contact the Office of Internal Audit by phone at 212-851-7234 or by email at [email protected].

Still have questions?

Visit our Service Center.