Definitions and Common Terms

This section provides general terms for an ERM program and many definitions were tailored to UMB culture. 

CALIBRATE Committee 

The Council of Advisors in Leadership Involved in Broad Risk Analysis Throughout the Enterprise (CALIBRATE) Committee is an executive-level group appointed by the UMB president composed of a broad cross-section of individuals familiar with the varied aspects of the University’s mission and charged with advising UMB leadership on high-level ERM matters. The CALIBRATE Committee provides strategic guidance on all ERM matters and submits final recommendations to the president on UMB’s annual risk assessment process. The committee meets several times per year. Current CALIBRATE Committee members are:

Provost and Executive Vice President, Roger J. Ward, EdD, JD, MSL, MPA (Chair)

Senior Vice President, Administration and Finance, Dawn M. Rhodes, DBA, MBA (Vice Chair)

School Dean, Mark A. Reynolds, DDS, PhD, MA

Clinical and Clinical Education, Donna L. Parker, MD, FACP

Senior Vice President for External Relations, Jennifer B. Litchman, MA

Vice President and General Counsel, Alana Kyriakakis, JD

 

Continuous Risk Cycle 

An approach of enterprise risk management as an ongoing structured process for identification, prioritization, mitigation, management, and monitoring of risks and analysis of opportunities

Enterprise Risk Management Implementation Committee (ERMIC) 

The Enterprise Risk Management Implementation Committee (ERMIC) is a management-level group appointed by the manager for enterprise risk management with a broad range of committee members representing various mission areas, functions, and shared governance perspectives. Its major tasks include developing qualitative and quantitative risk frameworks for use by schools and units; reviewing select risks and opportunities and advising on next steps; being established as risk owners within their respective areas to collaborate among their colleagues; and establishing principled sorting methods between strategic and major functional risks. In addition, ERMIC members are champions of the ERM program, particularly in strengthening the risk-aware culture of UMB. Current ERMIC committee members are: 

Victoria Meadows (Acting Chair), Provost Office and Office of Enterprise Risk Management

Jane Allgair, Office of Research and Development

Patty Alvarez, Office of Student Affairs

Sarah Archibald, Office of Accountability and Compliance

Justin Codd, Staff Senate Representative 

Andy Coop, School of Pharmacy

Herty Cortez Diaz, Office of International Operations

Steven Deck, Office of Public and Occupational Health

Kevin Donegan, Budget & Financial Analysis

Crystal Edwards, School of Law

Michelle Evans, Office of Change Management and Advisory Services

Jodi Frey, School of Social Work

Reetta Gach, Office of Equity, Diversity, and Inclusion

Bill Gardiner, School of Nursing

David George, School of Dentistry

Brian Godette, Ombudsperson

Aaron Graham, Staff Senate Representative

Carl Jackson, Office of the Provost

Laura Kozak, Office of Communications and Public Affairs

Marc Lennon, School of Social Work

Tricia O’Neill, Office of the Provost

Irma Robins, Office of General Counsel

Lacie Rockel, Office of Risk Management

Brian Scruggs, Institutional Effectiveness, Strategic Planning and Assessment

Nirav Shah, School of Medicine

Fred Smith, Center for Information Technology Services

Christopher Stanton, Office of Emergency Management

Brian Sturdivant, Office of Community Engagement/Partnerships

Stephanie Suerth, Office of Accountability and Compliance

Enterprise Risk Management (ERM)  

An ongoing process to embed, sustain, and support a culture of responsible risk-taking and opportunity identification across UMB. In 2017 the Committee of Sponsoring Organizations (COSO) defines ERM as “The culture, capabilities, and practices, integrated with strategy-setting and performance, that organizations rely on to manage risk in creating, preserving, and realizing value.” This definition is intentionally broad and deals with risks and opportunities. In addition, COSO has stated that ERM is a “process, effected by an entity’s board of directors, management, and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risks to be within its risk appetite, to provide reasonable assurance regarding the achievement of its objectives.”

 

Risk  

An event that, when realized, can bring about a negative impact (or positive opportunity) to an organization. Different types of risks include rewarded and unrewarded risks.

Risk Altitude 

The level of an organization at which a risk or opportunity should be addressed. In general, institutional risks are those strategic and sector-level risks that could have a major influence on UMB’s mission or vision, one of its core functions or strategic themes, or high-value cross-functional processes, whereas functional risks affect ongoing management or administrative processes, which are often confined to one or a limited number of functions at the University.

Risk Appetite 

The Committee of Sponsoring Organizations (COSO) defines risk appetite as “the types and amount of risk, on a broad level, an organization is willing to accept in pursuit of value.”

Risk Assessment 

An entity's ability to evaluate an existing risk within the university.

The assessment consists of:

  • Risk Likelihood
  • Risk Impact
  • Risk Speed of Onset
  • Risk Mitigation 

Risk Calibration 

A mix of qualitative and quantitative measures to guide decision-makers as to the general levels of risk that should be analyzed, without dictating specific decisions.

Risk Capacity 

The Committee of Sponsoring Organizations (COSO) defines risk capacity as “the maximum amount of risk that an entity is able to absorb in the pursuit of strategy and business objectives.”

Risk Category  

A broad topic area that impacts whether an organization can achieve one or more of its strategic goals. UMB’s current risk categories are:

  • Compliance with Laws, Regulations, and Policies
  • Equity, Diversity, and Inclusion
  • External Competition or Market Conditions
  • Funding and Budget
  • Health and Safety
  • Human Capital
  • Infrastructure, Technology, and Facilities
  • Operational and Administrative Processes
  • Organizational Culture and Structure
  • Partnerships
  • Reputation of UMB, School, or Program
  • Student Enrollment and Engagement

More details about considering risk categories in the context of UMB’s Strategic Planning efforts is published under the strategic planning tab.

Risk Frequency  

The likelihood that a specific risk will occur and reoccur.

Risk Impact 

The extent to which a risk event might affect an organization.

In evaluating risk impact, consider the following categories:

  1. Strategic
  2. Health and Safety
  3. Financial
  4. Operations
  5. Legal and Compliance
  6. Reputation

The impact rating scale is as follows:

  • Severe
  • High
  • Medium
  • Low

Risk Likelihood 

The possibility that an event will occur, or the rate of occurrence, and the degree to which an event is detectible given current automated and management oversight.

The likelihood rating scale is:

  • Almost Certain
  • Likely
  • Possible
  • Unlikely

Risk Mitigation 

The action that an entity has already taken or will take to reduce the risk likelihood, risk impact, and risk speed of onset of the identified risk. 

Risk Owner  

An individual within an organization familiar with an identified risk and responsible for understanding and managing the risk.

Risk Register 

A collection of strategic or major risks that could impact the university.

Risk Score 

The combined value of the Likelihood, Impact, Speed of Onset, and Mitigation evaluations associated with a risk as determined using an established algorithm. 

Risk Speed of Onset 

The time elapsed between the occurrence of an event and when the organization first feels its effects.

The speed of onset rating scale is:

  • Immediate
  • Fast
  • Moderate
  • Slow

Risk Tolerance 

The formalized risk appetite of an organization, which outlines the limits of how much risk an organization is willing to accept.

Risk Vigilance 

One or more systems implemented at UMB to scan for emerging risks and alert relevant stakeholders.