Georgia Health Sciences University (GHSU) will maintain a campus-wide approach directed towards the effective management of potential opportunities and adverse effects associated with the institution’s academic, administrative, and business/healthcare activities.
Reason For Policy
The Institutional Risk Management Policy provides direction to the campus community in a coordinated effort to identify high risks, understand the impacts of all activities (fiscal, programmatic, environmental, societal, reputational), and to ensure that institutional risks are appropriately managed. This policy aligns GHSU risk management activities with the Board of Regents’ Risk Assessment Policy.
Entities Affected By This Policy
All units of Georgia Health Sciences University are covered by this policy.
Who Should Read This Policy
Every GHSU employee, including faculty and staff, and every representative performing work on behalf of GHSU, should read this policy.
|Office of Institutional Audit and Compliance (Director, Chief Audit and Compliance Officer)||firstname.lastname@example.org
Printable Version of This Policy
BOR Risk Assessment Policy
GHSU Due Diligence/Risk Worksheet (Attachment A)
Risk: the chance of an event occurring (positive or negative) that will have a significant impact on the institution’s mission, strategic objectives, and/or operations, and is measured in terms of consequence and likelihood.
Risk Assessment: the process used to determine risk management priorities by evaluating/comparing the level of risk against predetermined acceptable levels of risk.
Risk Management: a logical and systematic approach of organizational policies and procedures/practices that will allow an organization to maximize opportunities and minimize losses/negative impacts.
Risk Response and Description: the management action(s) that allow the organization to accept, avoid, transfer or reduce the identified risk.
The institution has adopted a campus-wide risk management approach for managing the financial, programmatic, environmental, societal, and reputational risks associated to the Medical College of Georgia. The campus-wide risk management policy documents the required internal processes necessary to ensure that risks are appropriately managed and the appropriate risk response actions are being properly executed.
In general, all GHSU employees are responsible for the effective management of risk. All personnel, including managers, faculty, and staff, are responsible for identifying potential risks. Managers are responsible for developing and implementing the risk response and risk action description. The risk management approach should be incorporated with other planning processes and management activities, i.e., the university initiative submission process.
Risk assessments will be undertaken at two different levels within the institution. One level of risk assessment will involve the completion of Sections G (Customer Benefits) and H (Due Diligence/Risk Assessment) of the University Initiative Submission form for all new university initiatives. The review of the risk assessment associated with the Submission form will be performed by the University Project Steering Team. Questions regarding the identified risk and/or response by the review team may be directed to the campus unit submitting the form or another campus unit/leader.
The other level of risk assessment involves management within an identified unit performing and completing the Due Diligence/Risk Worksheet. The request for this worksheet to be completed may originate from the President, unit senior leadership, the Compliance Oversight Council, or as a part of a campus-wide effort. The review of this worksheet will involve the requesting unit/leader as well as other institutional leaders or Board of Regents’ System office management.
The responsibilities each party has in connection with the Risk Management Policy are:
|President or Chair of the COC||Responsible for ensuring that a campus-wide risk management system is established, implemented and maintained in accordance with this policy and the Board of Regents’ Risk Assessment policy. Assignment of responsibilities in relation to risk management is at the discretion of the President.|
|Compliance Oversight Council||Responsible for the oversight of the risk management processes, assisting in the identification of high risk areas, ensuring the necessary risk assessments are being performed, and advising management as necessary.|
|Department Chair, Director, Manager, and/or appropriate level staff||The responsibility for performing the risk assessment and/or completing the risk worksheet may be assigned to the appropriate level of management or staff as determined by the respective campus unit or senior leadership.|
|All Medical College of Georgia faculty, employees, and students||Responsible for adhering to the Administrative Policies of the Medical College of Georgia.|
Due Diligence/Risk Worksheet (Attachment A) – to assist in understanding the worksheet and potential questions, the worksheet is accompanied by a descriptive document and a legend (with definitions) for ranking the various probabilities.
University Initiative Submission Form– to assist with the submission form, the form is linked as well to the descriptive document and legend information.