Definitions and Common Terms

Continuous Risk Cycle

An approach of enterprise risk management as an ongoing structured process for identification, prioritization, mitigation, management, and monitoring of risks and analysis of opportunities

Enterprise Risk Management (ERM)

An ongoing process to inculcate a risk-aware culture across an organization and establish a holistic approach to risk management, which identifies and prioritizes risks and creates informed and strategic responses in an effort to achieve institutional goals and objectives and maximize opportunity, based on a foundation of ownership, accountability, and transparency

ERM Steering Committee

A senior-level committee appointed by the UMB president, composed of a broad cross-section of individuals familiar with the varied aspects of the University’s operations, charged with general management and implementation of the UMB ERM program.

ERM Subject Area Workgroups (SAWs)

Workgroups, each with a specific area of focus (e.g., human resources, financial and internal controls), composed of individual subject experts from across the campus, that identify risks, risk consequences and rankings; work with risk owners to develop risk mitigation plans; and monitor and report on implementation of the risk mitigation plans.

Public Safety

Prevention of and from events that could endanger the safety of the campus community and the general public from significant danger, injury/harm, or damage, such as crimes or disasters.


The combination of the possibility of an action or event occurring and the consequences of that act or event on the institution, its people, and the achievement of its goals and objectives.

Risk Appetite

The tolerance for risk.

Risk Categories (Consequences)

Financial: A consequence that impacts financial condition or well-being.
Strategic: A consequence that may create a lasting impact or change on a fundamental objective or mission.
Operational: A consequence that impacts day-to-day activities.
Compliance: A consequence that constitutes a violation of a law or regulation or an institutional policy or requirement.
Opportunity: The loss of a benefit or advantage caused by not pursuing a course of action.
Reputational: A consequence that impacts image, standing, or character.
Mega: A consequence of enormous measure that threatens the existence of an organization or institution.

Risk Frequency

The likelihood that a specific risk will occur and reoccur.

Risk Mitigation

Actions that reduce the consequences of a risk.

Risk Owner

An individual within an organization familiar with an identified risk and responsible for understanding and managing the risk.

Risk Rating (Assessment)

A measurement of the combination of risk frequency and risk severity using an established algorithm.

Risk-Reward Analysis

A process to identify and measure the risks and benefits of an action or decision in order to act in an informed manner.

Risk Severity

The extent of the damage to the institution, its people, and its goals and objectives resulting from a risk occurring.


Individual schools, departments, programs, centers, institutes, offices, or areas of an institution.


Another term for risk.

UMB Executive Committee

An existing committee composed of the deans and vice presidents of UMB, this senior leadership group is charged with implementing ERM goals and objectives established by the president and making recommendations to the president regarding the ERM program.