Enterprise Risk Management Matrix December 1, 2014 West Texas A&M University

Transcription

1 Strategic s Enrollment: Student Recruitment and Retention Impact Likelihood High Medium 1. Invest in enrollment management activities to establish a comprehensive student recruitment and retention plan for the university. 2. Enhance student success at WTAMU. 1. Weekly Admission Reports during student recruiting period. 2. Beginning of Semester Enrollment Reports. 3. Fall Semester Retention Reports. 4. Appropriation funding per full-time student equivalent. 1. Weekly Admission Reports. 2. LBB Performance Measures. 3. Annual Report of the 4. CIRP 5. NSSE Funding from Legislature High High 1. Work closely with local legislative delegation. 2. Work closely with Canyon and Amarillo Chambers of Commerce. Mandated funding reductions High Medium 1. Implement measures for cost containment. 2. Increase tuition and fees. 3. Implement an aggressive annual giving program which would support program enhancement. 4. Analysis by Budget Committee. 5. Analysis by Third Party Reviewer, for the recruitment and retention of students. 6. Lean Six Sigma training Bi-annual funding from legislature. 2. University Master Plan for project planning. 3. THECB Capital Plan. 4. The A&M System Capital Plan. 1. Affordability of educational expenses as compared to other state universities. 2. Appropriated funding per full-time student equivalent. 3. THECB Report of Affordability. 4. Monitor actions taken 1. Annual Report of the 2. Campus Condition Index (THECB). 1. President s Cabinet. 2. Budget Reduction Plan. 3. Periodic reporting from Third Party Reviewer.

2 Impact Likelihood Strategic s Institutional Development/ Advancement Gift Stewardship Recruiting and Retaining Key Faculty and Staff High High 1. Maintain branding through advertising. 2. Training for effective communication with donors and maintain the donor database. 3. Adherence to the A&M System policy 60 series. High Medium 1. Raise the salary levels for faculty and staff to the mean level for similar ranks and positions in the WTAMU peer institutions. 2. Establish endowed professorships to support faculty research. 3. Establish endowed faculty chairs. 4. Ensure faculty procedures regarding annual evaluations, promotion, tenure, merit pay, and retention reflect requirement for peer-reviewed scholarly and/or creative output each year. 5. Workplace Discrimination training. 6. Establishment of Office of Chief Diversity and Inclusion Officer Adequate Facilities High Medium 1. Request TRB. 2. Designated Tuition rate increases. 3. Donor development for facilities. Campus Security & Safety High Medium 1. Create a feeling of campus community safety and reduce opportunity for crime through increased police patrol visibility. 2. Continued upgrade of fire protection systems, security cameras, and security card access to rooms, and process for 3 rd party use of facilities. 3. Educate campus community on matters most relevant to our campus, including underage drinking, crime prevention, and personal safety. 4. Update and post the Annual Campus Security and Fire Safety report. 5. Maintain compliance with Campus Security Act. 6. Develop and maintain an Emergency Operations Plan for UPD and WTAMU that is NIMS compliant as well as tested periodically for practicality and effectiveness. 2 by the THECB Formula Funding Advisory Committee. Review of feedback from advisory committees and Foundation Board. 1. Salary surveys. 2. Success in hiring new faculty and staff. 3. Turnover rates kept by the HR Office. 4. Training monitoring. 1. Annual reviews. 2. Assessments of facilities. 3. Capital Plan Progress 1. Discuss trends and issues. 2. Monthly statistics. 3. Monthly program review. 4. CERT group meetings, training and after-action reports. 5. Security systems test 6. Initial hiring check. 1. Annual Report of the 1. Unit Annual Reports. 2. Annual Salary Survey. 3. Turnover Report. 1. Coordinating Board Reports. 2. Preventative maintenance programs. 1. UPD Annual Report. 2. Annual Campus Security and Fire Safety Report.

3 Impact Likelihood 7. Regularly Test Campus Alert System: Buff Alert, P.A. System in buildings, IP Phone Notifications. 8. Continued training/exercises for response personnel and CERT. Operational Off Campus Student : Study Abroad, Semester Exchange, Internships, Service Learning, Field Trips, Student Travel, Student Organizations High Medium 1. Provide guidelines for the conduct of off-campus student activities: study abroad, semester exchange, internships, service learning, and field trips. 2. Provide orientation sessions for students, faculty and staff participating in off-campus student activities. 3. Ensure that all university forms are completed, all reporting requirements are met, mandatory insurance is purchased, all planning efforts are checked, and all students, faculty and staff have received the proper orientation prior to departures. 4. Ensure that all off-campus experiences are assessed to determine student satisfaction, compliance with guidelines, and that student learning outcomes are acceptable. 5. Ensure that Student Organization Leaders attend mandatory annual Training to present to membership. Safeguard of University Assets High Med- 1. Segregation of duties. 2. Safeguarding capital equipment and cash handling. 3. Cross training of personnel. 4. Compliance with various financial, physical, and routine procedures. 5. Ensure effective budget management. 6. Information Security Awareness Training. 7. PCI compliance training and department procedures. 8. Ethics Training. 9. Reporting Fraud, Waste and Abuse Training. 10. Export Control Training. 11. FERPA Training. 12. Department Continuity of Operations Plans (COOP) for business continuation. 13. Records Retention training and adherence with the A&M System Records Retention Schedule Inspection of offcampus student forms when students, faculty or staff apply for approvals. 2. Trip reports. 3. NOA and trip manifest. 1. Bank signature cards are updated after termination of an employee. 2. Budgeting 3. Use of proper chain of command. 4. Unit planning and operational review. 5. Key (Lock) Policy 6. Periodic spot review of inventory, petty cash, and PCI 1. Unit Annual Reports. 2. Incident Reports. 1. Performance measures list amount of stolen property, police reports. 2. Review of department adherence to procedures.

4 Impact Likelihood 14. Opens records training and adherence with Public Information Office. 4

5 Operational Safety s: Labs, Ranch, Equestrian Facilities, Chemicals, Machinery and Equipment, and Physical Plant Impact Likelihood Medium Medium 1. Maintain written guidelines for safe practices in all laboratories, in all facilities, and for equipment operators and ensure that guidelines are in compliance with state and federal laws and regulations. 2. Require safety training for students, faculty and staff and regular inspections of laboratories, facilities and agricultural equipment by qualified safety personnel. 3. Maintain a chemical inventory with safe storage, check-out and procurement procedures. 4. Require Lab Decommissioning procedure for all exiting faculty who had labs. 5. Dispose of chemicals through Safety Office procedure. 1. Periodic inspections of laboratories and facilities. 1. Unit annual reports 2. Incident reports Reputational Institutional Reputation High Medium 1. Create a student-centered institution. 2. Ensure academic programs achieve and maintain appropriate levels of accreditation. 3. Ensure compliance with state and federal regulations, TAMU System policies, THECB, SACSCOC, NCAA policies, and WTAMU rules and procedures. 4. Maintain branding through advertising. 5. Ensure effective communication both internally and externally. 1. Review of community and alumni feedback. 2. Review of feedback from advisory committees and Foundation Board. 1. Annual Report of the 5

6 Impact Likelihood Technology Security of IT Systems High Medium 1. Physical security policies/restrictions for data center access. 2. Adherence with Texas Administrative Code (TAC) Ch. 202 and WTAMU IT rules and procedures. 3. Maintain accessibility compliance with TAC code 206 and Annual Information Security Awareness training. 5. Daily/Monthly full system backups, electronic vaulting of select data to remote warm site using SAN, offsite storage agreements coupled with monthly rotations using a fire proof vault. 6. Login IDs, mandatory password changes every 90 days and required password length and uniqueness. 7. Dynamic network/host based attack signature blocking. 8. Require workstation/server based anti-spyware/anti-virus software. 9. Implemented network based anti-spam appliance to reduce SMTP based malicious code. Role based security assignments. 10. Account lockout mechanism. 11. System logon banners requiring acceptance before logging on. 12. Perimeter/DMZ access control and segmentation from internal network. 13. Additional firewall protection for SIS and financial systems. 14. Patch management system to globally apply critical patches and updates. 15. Encrypted (AES) VPN remote access using two-factor authentication. 16. Ensure UPS battery in Computer Center is charge-tested and monitored. 17. Test generator and confirm fuel levels with Physical Plant. 18. Annual ISA/ISAAC reports. 19. Data security concerning FERPA and Records Retention. 20. Copyright infringement (P2P). 21. Adopt procedures to ensure confidential data are not available for inappropriate use. 22. Monitor security/access to electronic data systems. 23. Evaluate access privileges and information contained in documents. 24. Perform periodic backups of data with storage in off-site locations. 25. Quarterly scans for PCI 6 1. Data center access monitoring and reporting. 2. Backup media signin/sign-out logging to and from vaults. 3. Virus detection/outbreak monitoring and alerting, electronic audit trails. 4. Network based IDS/IPS monitoring. 5. Firewall archival and reporting. 6. Network baseline & reporting. 7. Yearly disaster recovery testing and enhancement. 8. Periodically review employee and student system access. 9. Remediation activities related to DIR scans. 10. Remediation activities related to Critical Watch PCI scans. Internal audits, reviews and assessments; internal & 3 rd party controlled penetration tests.

7 Impact Likelihood Compliance Non-compliance with Research and Grant Contracts Medium 1. Maintain databases that indicate performance and reporting deadlines for grants and contracts. 2. Develop a protocol for ensuring that all reporting and performance deadlines are met. 3. Maintain policies and protocols relating to research involving animal care and use, human subjects, Biosafety, and chemicals. 4. Compliance with the A&M System policy 15 series. 5. Ensure Export Control training and regulation 6. Maintain financial conflict of interest disclosure forms and ensure training. NCAA Compliance High Medium 1. Training and monitoring by the Athletic Department Compliance Officer to reduce risk and maintain Title IX Compliance High Medium 1. Training, monitoring, reporting on Title IX regulations including incidents of discrimination, sexual harassment, and/or related retaliation. 2. Training and monitoring by STEM program directors to reduce risk and maintain Clery Act Compliance High Medium 1. Update and post the Annual Campus Security and Fire Safety report. 2. Maintain compliance with Campus Security Act. 3. Comply with the stated policies in the DOE Handbook for Campus Safety and Security Reporting. State Authorization for Distance Education Programs Medium Medium 1. Secure authorization from States to grant credit for students enrolled in WTAMU distance education courses. 1. Vice President of Research and Compliance and Director of Office of Sponsored Research Services monitors grants and contracts. 2. Compliance committee reports. 3. Financial Reviews. 1. Reviews of the Athletic Department issues with 1. Internal and the A&M System reviews for 2. Reviews of STEM program issues with 3. EEO report and Title IX updates. 1. Internal and the A&M System reviews for 1. Review of list of authorized States and enrollment. 1. Unit annual reports. 2. Annual report of the on compliance 7

8 Impact Likelihood TAMUS policies and regulations High Medium 1. Distribution of changes and updates to the campus. 1. Internal and the A&M System reviews for WTAMU campus rules and procedures High Medium 1. Review of rule implementation. 1. Internal and the A&M System reviews for 8