404.1 Policy
College of Eastern Idaho (CEI) maintains a systematic, organization-wide approach for identifying, assessing, and managing risks and opportunities. Risk management protects the College’s ability to meet its strategic, operational, and financial goals; preserve its reputation for excellence; and protect its students, employees, and visitors.
404.2 Procedure
The College recognizes that risk is inherent in nearly every aspect of our operations and functions. The Risk Management Policy serves as a statement of the overall CEI risk management goals and focus. It is intended to ensure a consistent approach to risk management throughout the college.
Risk refers to the probability of an event and potential consequences, both positive and negative, to CEI. Risks do not exist in isolation from other risks, and a series of risk events may result in a collective set of consequences that have a greater impact than the individual consequences associated with each risk event taking place in isolation. Risk is inherent to any activity, and it is neither possible nor advantageous, to entirely eliminate risk from an activity without ceasing that activity.
Proper management of risk is a core leadership function that must be practiced throughout the College. Risk management is a process-driven tool that enables administrators to visualize, assess, and manage significant risks that may impact the attainment of key CEI objectives. It is the responsibility of CEI and its leaders to identify, assess, and manage risks using the risk management process.
Some level of risk is not only expected in normal everyday activities but can be beneficial. However, acceptance of risk shall not include the following:
- Willful exposure of students, employees, or others to unsafe environments or activities;
- Intentional violation of federal, state, or local laws;
- Willful violation of contractual obligations; or
- Unethical behavior
Definition of Risk:
Risk can be the possibility of something bad happening i.e. peril involving injury or loss. It involves uncertainty about the likelihood of something happening as well as the uncertainty of the consequences or impact to the organization should the risk become a reality.
Risk is also involved in making strategic choices that could benefit the college, but the results are not guaranteed to make progress. Think of projects like software adoption or new buildings as a risk with potential gain and obvious financial concerns that must be mitigated/studied/addressed.
Categorizing risk:
- Helps determine where our concentrations of risks are greatest
- Helps identify common causes
- Helps develop better risk responses
Categories
- Political – (impact on CEI’s image or reputation)
- Economic - (Financial: added expenses or reduced revenues)
- Social and Human - (including health and safety) (HR)
- Technological – (generally IT and Cyber related)
- Legal – (fines, law suits, prosecution, judgements, etc.)
- Environmental – (the spaces around us on and off the campus, from natural disasters to human made disasters)
Categories of risks managed through the risk management process include:
- Strategic Risks
- Compliance Risks
- Reputational Risks
- Financial Risks
- Operational Risks
- Hazard Risks
Risk Assessment Process (See article on 5 Step Risk Management Process)
- Identify risks that impact the College: (See article: 8 Ways to Identify Risks) (Use Risk registry Worksheet)
- Involve employees in all departments and at all levels; not everyone, just a representation. This will ensure the widest perspective of risk is considered.
- Gain an understanding of each risk (Use the Risk Map)
- assess each scenario with a strong understanding of the college and how the risks can impact your ability to continue operations.
- Seek outside guidance if needed
- Think about what is likely to cause the risk and the consequences (impact) it will have if it occurs.
- It is also important to be consistent in how you rank each risk in terms of frequency (likelihood) and severity (impact) so that the final product is a clear depiction of how the risks compare to each other.
- Prioritize: Using information from the Risk Map to rank all risks from highest likelihood/highest impact to lowest likelihood/lowest impact
- Examine Alterative Solutions
- Accept the risk - (some risks are inherent – benefits outweigh risks)
- Avoid the risk - (don’t participate in the activity)
- Control the risk – (prevention [reduce likelihood] or mitigation [reduce impact]
- Transfer the risk – such as insurance
- Allocate Limited Resources: Determine best approach for Managing and Mitigating each Risk and implement the solution
- Monitor Results: Review and modify as needed but at least annually
Risk Management Cycle: