Risk Registry Tool
Welcome to the Risk Registry tool. This tool will help you develop an inventory of your risks so that you can then prioritize your approach and track your progress in effectively managing risks in your area.
Why is Risk Identification Important?
As a manager at Middlebury, it is important for you to understand what a risk is so you’re able to focus on events that can still be mitigated.
At the foundation of risk management is a four-step risk management process:
- Identifying your risk
- Assessing it (for likelihood of occurrence and significance of impact)
- Putting controls in place to mitigate risks
- Monitoring those controls over time to ensure they are effective
This tool focuses on identifying your risk. Other tools and resources will guide you through steps 2-4 (assessment, control, and monitoring).
What is Risk?
This is a critical step in the risk management process and is important to understand what constitutes a risk so you’re certain to focus on a risk rather than an event or impact that cannot be mitigated.
When it comes to risk, what do you think? How do you think about Risk?
- Does it feel like engagement in compliance and concerns about adhering to increasing regulations?
- Or are you concerned about those issues that we seek to insure against?
These types of issues are certainly a part of risk considerations, but they do not present the full picture.
We invite you to think about:
- Risk is any circumstance or event which if it were to occur, could keep you from accomplishing your goals.
- A risk is a possible event that can have significant impact on something that matters to you.
- Risk management is the process of identifying risks early so that you have a plan, or a bridge to navigate them when and if they arise.
- Risk management isn’t about mitigating every conceivable risk either. Rather, it’s about identifying and addressing those you think are significant.
How to Identify Risk
Let’s say you’re an Admissions counselor and you’re worried about meeting enrollment numbers, then the question becomes, what is the event that happens right before this risk could occur?
The answer is probably, “not enough yield.” So yield is the actual risk.
When you are trying to identify a risk, remember that a risk is the event that can still be mitigated.
How to Complete Your Risk Inventory
Please make sure you have downloaded the worksheet and have it opened in another window or on another screen.
What Are Your Risks?
Take a moment to consider your risks and type them into the worksheet. Significant risks should come to mind very quickly as they are probably issues that worry or concern you on a daily basis.
When Will Your Risks Occur?
Now let’s consider the timing of each of your risks. Is it an existing risk? Might it occur next year? Within the next three years? Or maybe in more than three years?
Click on the cell under “Timing” and select an answer from the drop down menu for each of your risks.
What Are Your Risk Types?
Now consider the risk type that indicates the impact each risk may have to the larger organization at Middlebury.
Let’s go back to the Admission Counselor’s example—not enough Yield—this risk may impact the College at a strategic, reputational and financial level if the risk is not mitigated.
The definition for each risk type can be found on the second tab of your worksheet.
Take a moment now and enter an ‘x’ under each risk type for each risk you listed. As noted in the example, a single risk might have multiple risk types.
Risk Type Definitions
- Strategic: Risks that may have a positive or negative effect on achieving departmental or institutional strategic goals and objectives.
- Reputational: These risks impact the good name or standing of the institution, which can arise directly from actions of the institution, or indirectly due to actions of our faculty, staff, or students or tangentially through peripheral actions of third parties with whom we advocate.
- Operational: The risk of loss resulting from inadequate or failed internal processes, resources, systems, or from external events that may impact the possibility of achieving deliverables of projects or functions. This definition excludes legal, strategic, and reputational risk.
- Compliance: Compliance risk is exposure to legal penalties, financial forfeiture, and material loss an organization faces when it fails to act in accordance with industry laws and regulations, internal policies, or prescribed best practices.
- Reporting: Risks associated with reliability of information for internal and external reporting.
- Safety: Risk relating to hazards in the work environment, such as processes and equipment which may impact the health and safety of people or damage property in the short or long term.
- Financial: Risk that the institution is unable to meet its financial obligations.
- Human Resources: Risk arising from our ability to recruit and retain sufficient staffing (i.e. staffing gaps, competitiveness of compensation and benefits, low markets for specific talent), staff training needs, managerial and/or employment practices, and/or employee behaviors (i.e. ethics violations, employee conflicts). This also includes risk associated with change management.
You can now successfully identify risks and understand the timing and the risk types as they may impact the College. In completing this exercise you have experienced the first step in successful risk management.
You can now:
- Identify Risks
- Identify the timing of your Risks
- Identify Risk Types
- Please email a copy of your risk identification worksheet to firstname.lastname@example.org where it will be evaluated as part of the overall institutional Risk Registry.
- The ERM will offer an online version of the Risk Bowtie Workshop where your risks can be put through the entire risk management process—assessment , controls and monitoring.
- With the submission of this Risk Identification worksheet, we will contact you when the online Bowtie Workshop is available.
Enterprise Risk Management
Middlebury, VT 05753