Definitions of Common Terms

  1. Continuous Risk Cycle – an approach of enterprise risk management as an ongoing structured process for identification, prioritization, mitigation, management and monitoring of risks and analysis of opportunities
  2. Enterprise Risk Management (ERM) - an ongoing process to inculcate a risk-aware culture across an organization and establish a holistic approach to risk management, which identifies and prioritizes risks, and creates informed and strategic responses, in order to achieve institutional goals and objectives and maximize opportunity, based on a foundation of ownership, accountability and transparency
  3. ERM Steering Committee – a senior level committee appointed by the UMB President, comprised of a broad cross-section of individuals familiar with the varied aspects of the University’s operations, charged with general management and implementation of the UMB ERM program
  4. ERM Subject Area Workgroups (SAWs) – workgroups, each with a specific area of focus (e.g., human resources; financial and internal controls), comprised of individual subject experts from across the campus, which identify risks, risk consequences and rankings; work with risk owners to develop risk mitigation plans; and monitor and report on implementation of the risk mitigation plans
  5. Public Safety - prevention of and from events that could endanger the safety of the campus community and the general public from significant danger, injury/harm, or damage, such as crimes or disasters
  6. Risk – the combination of the possibility of an action or event occurring and the consequences of that act or event on the institution, its people, and the achievement of its goals and objectives
  7. Risk Appetite – the tolerance for risk
  8. Risk Categories (Consequences)
    • Financial – a consequence that impacts financial condition or well-being
    • Strategic – a consequence that may create a lasting impact or change on a fundamental objective or mission 
    • Operational – a consequence that impacts day-to-day activities
    • Compliance – a consequence that constitutes a violation of a law or regulation, or institutional policy or requirement
    • Opportunity – the loss of a benefit or advantage caused by not pursuing a course of action
    • Reputational – a consequence that impacts image, standing or character
  9. Mega – a consequence  of enormous measure that threatens the existence of an organization or institution
  10. Risk Frequency – the likelihood that a specific risk will occur and reoccur
  11. Risk Mitigation – actions that reduce the consequences of a risk
  12. Risk Owner – an individual within an organization familiar with an identified risk and responsible for understanding and managing the risk
  13. Risk Rating (Assessment) – a measurement of the combination of risk frequency and risk severity using an established algorithm
  14. Risk-Reward Analysis – a process to identify and measure the risks and benefits of an action or decision in order to act in an informed manner
  15. Risk Severity – the extent of the damage to the institution, its people, and its goals and objectives resulting from a risk occurring
  16. Silos – individual schools, departments, programs, centers, institutes, offices or areas of an institution
  17. Threat – another term for risk
  18. UMB Executive Committee – an existing committee comprised of the Deans and Vice Presidents of UMB; this senior leadership group is charged to implement ERM goals and objectives established by the President, and to make recommendations to the President regarding the ERM program