Risk Management Policy

I. Purpose

The purpose of this policy is to ensure that risks to Maryville University (“the University”) are identified, considered, and managed in order to support effective operation of the University as an educational institution. This policy establishes the framework for a formal risk management program by designating responsibility for risk identification and analysis, planning for risk mitigation, and outlining program management and oversight. Program management and oversight is a University-wide responsibility that calls for the active involvement of executive leadership, departmental management, data stewards, and others involved in decision-making concerning risks.

II. Definitions

  • Risk:
    The potential of harm to the University or its stakeholders, including but not limited to physical risks, property risks, and risk of criminal conduct and other noncompliance.
  • Risk Assessment:
    An evaluation of the nature and magnitude of risk to the University. The evaluation is based upon known or theoretical vulnerabilities and threats, as well as the likelihood of the threats being realized and the potential impact to the University and its stakeholders.
  • Risk Management: 
    A continual process of analyzing and responding to risks to the University in order to reduce those risks to acceptable levels. Risk management includes the risk assessment process, and uses the results of risk assessments to make informed decisions on the acceptance of risks or on taking action to reduce those risks.

III. Scope

This policy applies to all University employees, departments and functions that deal with risk [(e.g., student organizations)] to the University and its stakeholders in any form. All University employees and functions should consider their safety and the safety of others while working

IV. Oversight

The University risk management office/officer (the Controller) is responsible for coordinating the development and maintenance of risk management policies, procedures, standards, and forms for the University. The Controller is also responsible for the ongoing evaluation and day-to-day management of the University risk management program.

V. Reporting Risks and Claims

Every employee of the University and/or University function dealing with risk is responsible for promptly reporting any property loss, potential liability claim, and/or potential criminal conduct or other noncompliance to the Controller. All reports will be investigated by the appropriate offices (Campus Public Safety/President/etc.) and potential losses or claims reported to the insurance broker\carrier by the Controller. Though individuals are encouraged to identify themselves when making reports to facilitate investigations, reports may be made anonymously to the Controller or Campus Public Safety or via the Employee Feedback Line (1-877-301-7230).

VI. Risk Prevention

The University encourages strategies to prevent loss, including: development of educational materials as well as training programs for employees and students as appropriate; legal and safety audits aimed at early identification and resolution of compliance risks; and cooperation with insurance carriers to take advantage of risk reduction resources.

VII. Related Policies

When engaging in activities presenting potential risks, employees and others representing the University shall comply with University policies and procedures, including but not limited to:

    • Travel (student, employee, foreign)
    • University Vehicle Usage
    • Events (general and student)
    • Alcohol/Drugs
    • Contracts—Members of the University community who deal with contracts are specifically reminded that vendors, contractors, and other parties using University facilities shall:
      • − receive, as appropriate, copies of the University’s [FERPA, HIPAA Equal Opportunity, Title IX Harassment/Sexual Misconduct, Nepotism, Conflicts of Interest, Alcohol/Drugs, Events, Facilities Usage, Other policies, and
      • − meet insurance requirements and furnish proof of insurance as determined by risk management office/officer.

VIII. Risk Assessment

Department heads/departments shall ensure that risk assessments are performed on all activities, systems and/or business processes under their department’s control in conjunction with guidance from the risk management office/officer on assessment method, format, content, and frequency. Risk assessments shall include (1) a description of potential risks, (2) potential remediation plans with specific actions and recommended completion dates, and (3) an explanation of residual risks. Department heads/departments shall submit the risk assessments to the risk management office/officer for review on an as-needed basis.

The Controller shall periodically advise the Vice President for Administration and Finance or a designee regarding risk management assessments, evaluation, and risk management program progress.

IX. Governance-Level Reporting

Information on insurance coverage, major risks and progress of the risk management program is provided to the Vice President for Administration and Finance on an on-going basis.