Make Everyone a Risk Manager

Source: Harvard Business Review
Author: Grace Crickette

By the nature of their work, people at The University of California, where I serve as Chief Risk Officer, are risk takers. Their risk appetite is amplified by an urgency or impatience to “get the job done,” a belief that they have all the information they need and therefore don’t need the assistance or interference of others, and a feeling that if all of the potential risks were uncovered, they would not be allowed to proceed.

UC employs more than 170,000 faculty and staff. Its five medical centers handle more than three million patient visits each year. UC manages three U.S. Department of Energy national laboratories and operates the largest fleet of research vessels in the world. UC is also actively involved in locations beyond its campuses, national labs, and medical centers — in places throughout California, around the world and online. So, how do we align faculty and staff risk appetites with what the system can tolerate?

Our solution is to put people in charge of their own risks and my role is to provide tools to help them identify, manage, and monitor their risks — not to manage the risks for them.

Our Office of Risk Services (ORS) takes an organization-wide approach to attack the University’s portfolio of risk by utilizing a host of different tools, workgroups, and initiatives. Key to the program is our Enterprise Risk Management Information System (ERMIS), which provides a variety of qualitative and quantitative tools to help UC unit managers identify their risks and determine where to strategically deploy resources.

ERMIS can define, highlight, and predict risks and trends to allow managers to intervene before problems arise, and it can be adapted to many different sectors. It creates efficiencies by automating manual processes and the application flexibility reduces IT redundancy across different units and locations.

In one recent application, a UC researcher wanted to take a team of graduate students to a country that was a security and safety concern. In many universities, he would have struggled to obtain funding for such a project. Working with the Risk Services group, the researcher was able to identify specific likely risks and could modify the project plans so as to reduce the risk and unlock the funds he needed. Read more >