UNIVERSITY RISK MANAGEMENT PROCESS

1. UNIVERSITY RISK MANAGEMENT PROCESS Executive Compliance Committee Oversight of Institutional Compliance Program Institutional Risk Assessment Conducted annually with Executive Officers and other senior management • Compliance Plan • Top risks from Institutional Risk Assessment presented to ECC for approval • Risks designated “A” or “B” risks by ECC • Institutional Risk Owner (IRO) assigned for each high risk area by ECC • Office of Institutional Compliance & Risk Services (OICRS) develops Compliance Plan schedule • Status of Compliance Plan presented to ECC at quarterly meetings • “A” Risks • High Importance/High Concern risk area • OICRS facilitates risk assessment • Top risks approved by IRO • IRO develops risk management plans • OICRS performs inspection of management plan (ideally on quarterly basis but not less than annually) • “B” Risks • Past “A” risk area, still High Importance but less Concern • OICRS facilitates risk assessment • Top risks approved by IRO • IRO develops risk management plans • OICRS performs inspection of management plan (not more than annually)