Purpose:

The purpose of this policy is to establish a framework for conducting an annual risk assessment at Rockhurst University to identify potential risks that could negatively impact the University's reputation, financial health, and operations. The policy aims to ensure that appropriate measures are taken to mitigate identified risks and to promote a culture of risk management throughout the University.

Policy Statement:

Rockhurst University shall conduct an annual risk assessment to identify potential risks that could negatively impact the University's reputation, financial health, and operations. The risk assessment shall be conducted by the Risk Management Office, in collaboration with other relevant departments and stakeholders, and shall cover all areas of the University's operations.

Scope:

This policy applies to all departments and units of Rockhurst University, including faculty, staff, students, and third-party contractors.

Procedure:

  1. The Risk Management Office shall develop a risk assessment plan that outlines the scope, methodology, and timeline for conducting the assessment.
  2. The risk assessment plan shall be approved by the University's senior leadership team.
  3. The Risk Management Office shall identify and assess potential risks to the University, including but not limited to:
    1. Financial risks, such as budget shortfalls, investment losses, or fraud.
    2. Operational risks, such as disruptions to key services, information security breaches, or natural disasters.
    3. Reputational risks, such as negative publicity, damage to brand image, or non-compliance with legal and ethical standards.
  4. The Risk Management Office shall prioritize identified risks based on their likelihood and potential impact.
  5. The Risk Management Office shall develop a risk mitigation plan that outlines specific measures to be taken to reduce the likelihood and impact of identified risks.
  6. The Risk Management Office shall present the risk assessment findings and risk mitigation plan to the University's senior leadership team for review and approval.
  7. The Risk Management Office shall monitor and update the risk mitigation plan on an ongoing basis to ensure that identified risks are adequately addressed and that new risks are identified and assessed in a timely manner.
  8. The Risk Management Office shall provide regular reports to the University's senior leadership team and the Board of Trustees on the status of the risk assessment and risk mitigation efforts.

  

Policy Review:

This policy shall be reviewed annually by the Risk Management Office in consultation with the University's senior leadership team to ensure that it remains current and effective in addressing the University's risk management needs.

Conclusion:

By implementing this policy, Rockhurst University aims to promote a culture of risk management that enables the University to identify potential risks and take appropriate measures to mitigate them. The policy ensures that the University's operations are resilient, sustainable, and aligned with its strategic goals and objectives.