ERM Toolkit
Risk management is an ongoing process that requires participation from every single employee, and is most effective when everyone actively addresses and consciously responds to the risks that are affecting their functional unit. Please view and utilize the tools that we have created to bolster your department's risk management practices.
The tools provided will aid you in following the processes of identifying, analyzing, prioritizing, and responding to risks that are relevant to your department's strategy and operations.
Please use the Excel file linked above to assist you in creating a risk register for your department. For clarification on how to populate your risk register, comments are visible if you hover over the title cells in row 6 of the spreadsheet.
When assessing risks it can often be difficult to determine which ones should be prioritized, especially when personnel have differing opinions on the matter. In order to reduce the effect of subjectivity on a risk assessment, risk managers can use a scoring system based on impact and likelihood.
Impact is given a score from 1-5, ranging from 'Insignificant' to 'Catastrophic'.
Likelihood is given a score from 2-5, ranging from 'Rare' to 'Almost Certain'.
Example scores for a variety of risks can be found by clicking the links above.
A risk score is then calculated by multiplying impact by likelihood, with higher ratings indicating top risks. Hence, a score of 25 would mean that a risk is almost certain and will be catastrophic on operations, and steps need to be taken to manage that risk immediately. Appropriate responses for any risk score can be found here.
A bow-tie analysis is a risk management tool used to visualize and understand the system of causes and effects surrounding any potential risk event, and to better understand all of the possible solutions for mitigating that risk.
Key Risk Indicators (KRIs) are essential for effective monitoring of risks because they provide a quantifiable indication of risk exposure. KRIs can be compared to historic KRI values to identify trends, or to industry standards to understand if UM is near or far from benchmark KRI values in the Higher Education industry. A worsening KRI value may warrant further analysis to determine if internal changes are needed to proactively address the related risk, and provide assurance that your department’s goals will still be met.
The most successful risk monitoring practices utilize effective KRIs that are relevant to your department’s financial, strategic, and/or operational goals. Once you’ve identified the risks that are influencing your department, consider the data systems that you have available to you and how they may be used as indicators of those risks’ prevalence and likelihood. These could be financial ratios, website traffic, frequency of error corrections, staff turnover rates, etc.
The Montana University System provides grant funding annually for proposals that seek to bolster University risk management practices. If you would like to make a proposal, please complete the form below and send it to OIER@mso.umt.edu.
Funding that was given in FY23 can be found in this excerpt from the Annual ERM Report from OCHE - FY23 MUS ERM Grants