Definitions and Common Terms


The Council of Advisors in Leadership Involved in Broad Risk Analysis Throughout the Enterprise (CALIBRATE) Committee is an executive-level group appointed by the UMB president composed of a broad cross-section of individuals familiar with the varied aspects of the University’s mission and charged with advising UMB leadership on high-level ERM matters. The Committee meets several times per year. Current CALIBRATE Committee members are:

Provost and Executive Vice President [Roger J. Ward, EdD, JD, MSL, MPA] (Chair)
Senior Vice President, Administration and Finance [Dawn M. Rhodes, DBA, MBA] (Vice Chair)
School Dean [Mark A. Reynolds, DDS, PhD, MA]
Clinical and Clinical Education [Donna L. Parker, MD, FACP]
Senior Vice President for External Relations [Jennifer B. Litchman, MA]
Vice President and General Counsel [Alana Kyriakakis, JD]
President’s Office and Assistant Vice President for Enterprise Risk Management [Jon Kucskar, JD]

Continuous Risk Cycle

An approach of enterprise risk management as an ongoing structured process for identification, prioritization, mitigation, management, and monitoring of risks and analysis of opportunities

Enterprise Risk Management Implementation Committee (ERMIC)

The Enterprise Risk Management Implementation Committee (ERMIC) is a management-level group appointed by the Assistant Vice President for Enterprise Risk Management with a broad range of committee members representing various mission areas, functions, and shared governance perspectives. Its major tasks include developing qualitative and quantitative risk frameworks for use by schools and units; reviewing select risks & opportunities and advising on next steps; being established as risk owners within their respective areas to collaborate among their colleagues; and establishing principled sorting methods between strategic and functional risks. Current ERMIC Committee members are:

Jon Kucskar (Chair), President’s Office and Office of Enterprise Risk Management

Victoria Meadows, Office of Enterprise Risk Management

Jane Allgair, Office of Research and Development

Patty Alvarez, Office of Student Affairs

Sarah Archibald, Office of Accountability and Compliance

Andy Coop, School of Pharmacy

Herty Cortez Diaz, Office of International Operations

Steven Deck, Administration & Finance

Kevin Donegan, Budget & Financial Analysis

Crystal Edwards, School of Law

Michelle Evans, Office of Change Management and Advisory Services

Jodi Frey, School of Social Work

Bill Gardiner, School of Nursing

Brian Godette, Ombudsperson

Aaron Graham, Staff Senate Representative

Carl Jackson, Office of Academic Affairs

Laura Kozak, Office of Communications and Public Affairs

Marc Lennon, School of Social Work

Tricia O'Neill, Office of the Provost

Sarah Porter, Office of Community Engagement

Irma Robins, Office of General Counsel

Lacie Rockel, Office of Risk Management

Brian Scruggs, Institutional Effectiveness, Strategic Planning and Assessment

Nirav Shah, School of Medicine

Fred Smith, Center for Information Technology Services

Christopher Stanton, Office of Emergency Management

Stephanie Suerth, Office of Accountability and Compliance

Enterprise Risk Management (ERM)

An ongoing process toembed, sustain, and support a culture of responsible risk-taking and opportunity identification across UMB. The Committee of Sponsoring Organizations defines ERM as a “process, effected by an entity’s board of directors, management, and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risks to be within its risk appetite, to provide reasonable assurance regarding the achievement of its objectives.”



An event that, when realized, can bring about a negative impact (or positive opportunity) to an organization. Different types of risks include rewarded and unrewarded risks.

Risk Altitude

The level of an organization at which a risk or opportunity should be addressed. In general, institutional risks are those strategic and sector-level risks that could have a major influence on UMB’s mission or vision, one of its core functions or strategic themes, or high-value cross-functional processes, whereas functional risks affect ongoing management or administrative processes, which are often confined to one or a limited number of functions at the University.

Risk Calibration

A mix of qualitative and quantitative measures to guide decision-makers as to the general levels of risk that should be analyzed, without dictating specific decisions.

Risk Category

A broad topic area that impacts whether an organization can achieve one or more of its strategic goals. UMB’s current risk categories are as follows:

  • Compliance with Laws, Regulations, and Policies
  • Equity, Diversity, and Inclusion
  • External Competition or Market Conditions
  • Funding and Budget
  • Health and Safety
  • Human Capital
  • Infrastructure, Technology, and Facilities
  • Operational and Administrative Processes
  • Organizational Culture and Structure
  • Partnerships
  • Reputation of UMB, School, or Program
  • Student Enrollment and Engagement

More details about considering Risk Categories in the context of UMB’s Strategic Planning efforts is published under the strategic planning tab.

Risk Frequency

The likelihood that a specific risk will occur and reoccur.

Risk Impact

The extent to which a risk or opportunity event might affect an organization, which may include financial, reputational, legal, health, and safety impacts. More details about considering Risk Impact in the context of UMB’s Strategic Planning efforts will be published soon.

Risk Owner

An individual within an organization familiar with an identified risk and responsible for understanding and managing the risk.

Risk Score (Assessment)

The aggregate value of the impact, vulnerability, and velocity of occurrence associated with any one risk determined by using an established algorithm.

Risk Tolerance

The formalized risk appetite of an organization, which outlines the limits of how much risk an organization is willing to accept.

Risk Velocity

The time it takes between the occurrence of an event and when an organization first feels its effects. More details about considering Risk Velocity in the context of UMB’s Strategic Planning efforts will be published soon.

Risk Vigilance

One or more systems implemented at UMB to scan for emerging risks and alert relevant stakeholders.

Risk Vulnerability

The susceptibility of an organization to a risk; specifically, the likelihood that an event will occur combined with the degree to which an event is detectible given current automated and management oversight. More details about considering Risk Vulnerability in the context of UMB’s Strategic Planning efforts will be published soon.