risk assessment and matrix

22

RisksActivities 1 2 3 4 5 6 7

Governance and Leadership HM HM Governance HH HM HL Budgeting MM MM MM

HM Strategic Planning HM HM MM Monitoring

Plant Operations and Maintenance HM Construction HM HM MM Utilities ML LL Transportation

HH Biosafety HM MH MH MH MM MM MM

Student Services HM Financial Aid HM HL Student Records HL HL Registration HL MM Student Life MM

Human Resources Management HM HM MM Compensation MM MM Turnover ML ML Staff Development ML

Asset and Risk Management HM MH Cash Handling MM Investments MM MM Endowments MM MM Risk Management MM

HM HL MH Travel MH Signature Authority MH MM Budget Operation MM MM

University Relations and Alumni Affairs HM Gifts MM Planned Giving MM ML Partnerships ML LL Public Service LL LL

Instruction and Academic Support HH MM MM Library MM MM MM MM MM

Purchasing MH MM MM MM MM LL Central Receiving

Auxiliary and Service Departments ML Housing ML Student Union ML LL Food Services LL Printing LL Bookstore

MM

HH, HM

HL, MH Manage and Monitor (all levels of control, but no traditional audit)

MM, ML, LH Monitor (only execution controls and supervisory controls)

LM, LL Accept (accept the risk and have no controls)

Impact = The effect a single occurrence of that risk will have upon the achievement of org's goals & objectives.

Strategic Planning Process

Organizational Structure

Disaster Recovery Planning for Business Processes (Not IT Disaster Recovery)

Institutional Policies & Procedures

Internal Communications

Information Technology - See Appendix D for detailed risk assessment for IT areas.

Acquisition and Implementation

Delivery and Support

Work Orders & Billings

Organizational Structure - Facilities Management

Contracted Services

Research and Development - See Appendix C for detailed risk assessment for Research.

Contract and Grant Accounting (CGA): Time & Effort Reporting

Engineering & Science Research Enhancement Initiative

Animal Research & Safety Issues

CGA: Allowable Costs

CGA: Cash Management

OSP: Preparation of Research Protocols

Scholarships & Fellowships

Enrollment Services

Admissions Processing

Strategic Plan does not address Human Resources

Human Resources Organization and Staffing

Employment - Recruiting

Employment - Diversity

Campus Safety & Security

Tuition and Fee Collection Process

Fixed Assets / Equipment

Financial Management - See Appendix H for detailed risk assessment for Financial Areas.

Internal Financial Controls

Financial Reporting

Outside Sales by Schools and Division

Organization and Management

Annual Fundraising

Governmental Relations

Continuing Education

Accreditation / Institutional Effectiveness

Deployment of Resources Among Academic Programs

Course Scheduling and Availability

Instructional & Academic Technology

Management of Departments and Programs of Study

Classroom and Building Utilization

Contracting Process

Policies and Procedures

Operations and Bid Processes


Minority and Small Business Vendors (HUB)

University Police and Parking

Institutional Compliance Program - see Appendix E for listing of high-risk areas.

Compliance Program

Extensive Risk Management & Considerable Risk Management (all levels of control plus traditional audit)

23

RisksActivities 1 2 3 4 5 6 7

High: The effect will cause org not to achieve its goals and objectives.Medium: The effect will cause org to operate inefficiently and/or expend unplanned resources to meet goals and objectives.Low: There will be no measurable effect upon the achievement of org's goals and objectives.

Probability = The probability that a risk will become reality at org.High: The risk will become a reality frequently at org.Medium: The risk will become a reality infrequently at org.Low: The risk will rarely become a reality at org.

24

Activities

Governance and Leadership

Plant Operations and Maintenance

Student Services

Human Resources Management

Asset and Risk Management

University Relations and Alumni Affairs

Instruction and Academic Support

Purchasing

Auxiliary and Service Departments

HH, HM

HL, MH MM, ML, LH

LM, LL

Impact = The effect a single occurrence of that risk will have upon the achievement of org's goals & objectives.

Information Technology - See Appendix D for detailed risk assessment for IT areas.

Research and Development - See Appendix C for detailed risk assessment for Research.

Financial Management - See Appendix H for detailed risk assessment for Financial Areas.

Institutional Compliance Program - see Appendix E for listing of high-risk areas.

8 9 10 11 12 13 14 15

Facility Planning MM MM MM MM Compliance Office ML

MM MM MM MM MM ML Research Training ML

Administration MM Recruiting MM Student Health MM ML ML LM LL

ML ML LL

MM MM MM ML Internal Auditing LM Records Retention

Accounts Payable MM Payroll MM MM

LL Alumni Relations

MM MM Special Programs ML ML LL K-16 Issues LL

Office of the President

Meetings & Committees

Upward Evaluation of Administrators

Performance Measures

OSP: Research Integrity (objectivity, scientific misconduct)

Institutional Review Board

Office of Sponsored Projects (OSP): Negotiation of Agreements

CGA: Financial Reporting

CGA: Cost Sharing

Technology Transfer

CGA: Facilities and Administrative Cost Accounting

International Students

Student Organizations & Activities

Student Counseling

Activities Center Operations

Student Grievances

Employee Relations

Employment - Hiring

Faculty Credentials

Policy and Procedure

Cash Management

Bonded Indebtedness and Issuance

Accounts Receivable


Contract and Grant Accounting

Budget Preparation Process

News and Information

Deferred Maintenance

Distance Education

Program Development & Program Evaluation Process

Faculty (recruitment, tenure, development, turnover, workload, productivity)

Institutional Affiliations

FISCAL YEAR 20**

RisksActivities 1 2 3 4 5 6

HM HM HM

Time and Effort Reporting

HH HH HM HM HL ML

MH MH

Records Archiving

MH MH MH

HL HL

HL

MH

Technology Transfer HL HL

Training - Research

HL HL

Animal Research - Safety

HL HL HL

Protection of Animal Subjects

HL HL HL

Institutional Review Board (IRB)

HL HL HL

Protection of Human Subjects

HL HL HL HL

Protection of Researcher

HL HL

Protection of Research

HL HL HL HL

APPENDIX C: Risk Assessment for Research Areas

Laboratory Safety (Biosafety, Chemical Safety,Controlled Substances, Laser/Radiation Safety)

Financial, criminal, and/or physical harm from misapplication of laboratory procedures and parctices.

Inappropriate disposal of hazardous waste resulting in fines and criminal charges.

Financial of physical harm to the University, its students, faculty and staff.

Loss of Federal/State funding and incurrence of penalties due to PI over-committing his time-not charging minimum or charging more than maximum,

Loss of Federal/State funding and incurrence of penalties due to RAs not knowing the name of the project they're working on, the funding source, and the link between their work and the project.

School Effort Coordinators not performing independent reviews.

Loss of Federal/State funding and incurrence of penalties due to lack of documentation for hourly time changes in the school departments.

Loss of Federal/State funding and incurrence of penalties due to someone other that a knowledgeable person signing the certification form.

Loss of Federal/State funding and incurrence of penalties due to signed certification reports not being returned to C&GA in a timely fashion.

Coordination of Gifts and Grants with Development Office Improper classification of

grants or contracts as an unrestricted gift.

Funding agency sends confusing award letters as to if the award is a gift or a grant.

Improper maintenance of records.

Noncompliance with record retention.

Noncompliance with University or applicable sponsor policies.

International Initiatives (Export Control)

Export of controlled information not properly processed and reported.

Unauthorized foreign nationals working on restricted research.

Research Integrity - Objectivity of Research

Research protocols are not reviewed and approved by IRB and IACUC committees for scientific merit.

Research Integrity - Scientific Misconduct

PI or research staff reports invalid and inaccurate data to funding agency.

Patent and agreement violations occur.

PI fails to report earning returned from technology.

PIs and research staff are not properly trained and record of training is not on file with research compliance.

Funding opportunities are missed because documentations are not provided to the funding agency.

Lack of training for PI and Research Staff.

Lack of independent monitoring of research activity by PI and animal resources staff.

Incidences of non-compliance are not properly reported to research compliance.


Lack of independent monitoring of research activity by PI and animal resources staff.

Incidences of non-compliance are not properly reported to research compliance.

IRB Committee is not familiar with state and federal regulations concerning human participant research.

Proper measures are not taken to review and approve research protocols thoroughly.

Protocols are not pre-reviewed by research compliance.


Proper measures are not taken to ensure confidentiality of research participants.

Consent forms and research data are not stored properly.

Non-compliance issues and adverse effects are not reported to research compliance.


Non-compliance issues and adverse effects are not reported to research compliance.


Research data is not stored properly.

Access to research data by unauthorized personnel.

Issues of non-compliance are not reported to research administration.

FISCAL YEAR 20**



OSP - Negotiation of Agreements

HL HL HL

Preparation of Research Protocols

HL HL HL

Cost Estimates

MH MH

Cost Sharing

MH MH MH MH

Financial Reporting

HL

Allowable Costs

HL HL

Training - Post Award Research

HL HL HL HL

Sub-Contractor monitoring

MH MH MH MH MH

Cash Management

MH MH ML MM

HL MM MM IDCs not charged, if required. MM MM

Invention Disclosure

ML ML ML PI does not patent invention. ML

ML ML

MM MM MM

Lack of expertise when negotiating other than System approved contracts and agreements.

Lack of knowledge of System rules and regulations regarding contracts.

Lack of knowledge about intellectual property agreements.

Animal subject and human participant research protocols are not pre-reviewed by research compliance.

Protocols will not get approved by IACUC and IRB.

Funding opportunities are missed because of delay in protocols approvals.

Faculty does not have any idea of how to calculate the actual cost of the research project.

Faculty underestimates what the research will cost and will be unable to complete the research.

Disallowed costs due to inability to get cost share documentation from schools on closed federal grants.

Unallowable costs due to separately identifiable cost share account does not get opened and budgeted before grant is opened, per org policy.

Loss of Federal/State funding and public embarrassment due to inaccurate reporting of or failure to provide mandatory cost sharing per contract.

Sponsor disallowed costs due to charging unallowable costs to mandatory cost share accounts.

Disallowed costs due to inaccurate or incomplete reporting requirements reflected on contract documents.

HL

Loss of Federal/State funding and public embarrassment due to reports not done in a timely fashion.

Disallowed costs due to PIs doing major purchases at end of grant to use up funds.

Unallowable costs incurred and not reimbursed by sponsors.

Disallowed costs and damage to reputation due to training programs not being tailored to the individual needs of faculty/staff/management.

Disallowed costs and damage to reputation due to lack of training programs offered.

Disallowed costs and damage to reputation due to lack of training policy and plan for continuous improvements.

Disallowed costs due to lack of participation in program.

org sub-contracts may not include clause requiring sub-contractors to comply with applicable laws & regulations.

Subcontractors may not be in compliance with Federal and other applicable regulations.

Subcontracts are not reviewed annually per new org policy. Effective approximately 8/06.

Annual sub-contractor risk assessments not being done, per new policy.

Sub-contractor invoice certification not included on sub-contractor purchase orders and invoices.

Overspending Sponsored Programs Budgets resulting in unreimbursed costs.

Schools not handling Petty Cash per org policy

Letter of Credit draws not made in timely fashion

Not collecting all billed revenue.

Incomplete/inaccurate contract/grant documentation or no documentation received.

Delay in filing financial reports to the sponsor(s).

Sponsor billing does not take place, or is not done per the contract. Negative effect on cash flow.

Risk of not being reimbursed in a timely fashion. Negative cash flow.

Contract versus grant designation incorrect on brief. Some federal contracts do not require quarterly reporting.

PI does not accurately list the percentage of work spent on agreement or work with other inventors.

PI does not disclourse an invention.

PI does not disclose royalty revenues.

Preparation of Certifications and Assurances PIs and research staff do not

have proper certifications and assurance on file with research administration.

Funding opportunities are missed because documentations are not provided to the funding agency.

Facilities and Administrative Cost Accounting

Incorrect IDC rate/base entered into FINS due to incorrect paperwork.

IDC rate changes during term of grant and separate account is not opened. (The only way FINS can handle this).

Loss of Federal/State funding and public embarrassment due to incorrect calculations in F&A rate proposal.

FISCAL YEAR 20**



MM MM MM

Records Archiving

MM MM

MM MM

MM MM

MM MM MM

MM MM MM MM MM

= Extensive Risk Management & Considerable Risk Management (all Levels of Control* plus a traditional audit)

= Manage and Monitor (all Levels of Control but no traditional audit)

= Monitor (only Execution Controls & Supervisory Controls)

= Accept (accept the risk and have no controls)

Impact = The effect a single occurrence of that risk will have on org.High: The effect will cause org to materially misrepresent its financial position.Medium: The effect will cause org to misrepresent its financial position.Low: There will be no measurable effect upon financial statement reporting.

Probability = The probability that a risk will become reality at org.High: The risk will become a reality frequently at org.Medium: The risk will become a reality infrequently at org.Low: The risk will rarely become a reality at org.

Minority and Small Business Vendors

Loss of Federal/State funding and damage to reputation due to PI not using small business/minority and women owned business to fullest extent practicable.

Loss of Federal/State funding and damage to reputation due to PI not making information on forthcoming opportunities available to encourage and facilitate participation by small business/minority and women owned business.

Loss of Federal/State funding and damage to reputation due to vendor being on debarment list

Loss of Federal/State funding and public embarrassment if org Accounts Payable and the Schools cannot produce receipts for contract/grant expenditures.

Untimely closing of grants creating increased risk for unallowable costs due to audits.

Administration/creation of contract and grant documentation: Lack of clarity between sponsor & org regarding carry-forward of funds

Unreimbursed costs due to opening and budgeting sponsored programs accounts before obtaining official sponsor commitments.

Excessive cost transfers may affect the audit trail of transactions which in turn may result in unsubstantiated costs leading to disallowances.

Authorized spending of contract/grant funds without signed pre-award or signed agreement.

Funds expended before official contract date may be disallowed by the sponsor(s)).

Negative effect on cash flow until funds can be reimbursed, if and when signed contract is received.

Purchase Orders for services are treated as sub-contracts in violation of OMB Circular A-133, sect $___.210.

Loss of Indirect Cost revenue due to expenses charged to sub-contractor expense instead of M&O. Breakdown on invoices and financial reporting by expense category are incorrect.

Incorrect breakdown of costs on invoices and financial reporting by expense category.

Vendors providing services are treated as sub-contractors in violation of OMB A-133, section $___.210.

Data input to systerm not accurate and/or differs from paperwork received.

Lacking CFDA # - required for Federal reporting.

Accurate contract/grant start/stop dates cannot be counted on leading to inaccurate financial reporting of grants.

Missing Sponsor or PI ID numbers-leading to inaccurate reporting.

Pre-award specialist assigns grant number from wrong range (fed., state, pvt., or local)- Reporting category is in error.

Sponsor/sub-sponsor switched on brief.

HHHM

HLMH

MMMLLH

LMLL

risk assessment and matrix

Documents