University Risk Management Topics Assigned to Committee

Similar documents
Enterprise Risk Management

2016 Business Continuity / Disaster Recovery Internal Audit Report

Gap analysis for transition from OHSAS to ISO Clauses of ISO Clauses of OHSAS Evidence required

Benchmarking Procedure

People and Safety Committee Charter

Enterprise Risk Management

STRATEGIC PLAN AND BUDGETING: Criterion 5, Core Component 5.C

Quality Management Policy. University-wide Specific. Staff Only Students Only Staff and Students. Vice-Chancellor

Building Inclusive Workplaces: Accountability and Metrics Principles

Students First Administrative Planning PRESENTATION OF SAMPLE DRAFT PLANNING TEAM RECOMMENDATIONS OCTOBER 19, 2017

HUMAN RESOURCES COMMITTEE CHARTER

Enterprise Risk Management, Compliance, and Management Advisory Services: An Integrated Approach. SCCE s Higher Education Compliance Conference

Committee Chair Permanent Members Additional Members Meets

KENT STATE UNIVERSITY UNIVERSITY EMPLOYEE SEPARATION PLAN (UESP) STRATEGIC HIRING PROCESS OVERVIEW FY 2017

SPHERA CUSTOMER CASE STUDIES. ADVANCING OPERATIONAL EXCELLENCE A focus on Incident Management

10/27/2016. Banner Health s Journey Towards Information Governance March 2016

Emergency Support Function (ESF) #18: PERSONNEL (Volunteer) MANAGEMENT

CORPORATE GOVERNANCE KING III COMPLIANCE

USC Compliance and Ethics Program Governance and Standards

The Red (Book) Rocks The Latest and Greatest Audit Standards

VICE PRESIDENT ENROLLMENT, MARKETING and COLLEGE COMMUNICATIONS POSITION SUMMARY

Developing an Integrated Anti-Fraud, Compliance, and Ethics Program

Office of Compliance, Risk and Ethics Program Report. January 2016 December 2016

POSITION DESCRIPTION Head of School ECG College

INTERNAL AUDIT OFFICE

CORPORATE GOVERNANCE King III - Compliance with Principles Assessment Year ending 31 December 2015

SAMPLE SECURITY PLAN

CORPORATE GOVERNANCE KING III COMPLIANCE REGISTER 2017

The Road to Shared IT Services. John Gohsman, Vice Chancellor and CIO

Market Systems Enhancement

Organizational Excellence Forum. Wednesday, June 8, 2016

Acting as a Single Enterprise Workgroup (AASE) Executive Summary of Initial Recommendations Revised February 20, 2008

Data Analytics, Diagnostics and Risk Mitigation Solutions. Brian Mitchell Warshawsky Manfred Zorn UCOP

External Quality Assessment Are You Ready? Institute of Internal Auditors

Withheld under section 9(2)(f)(iv) of the Official Information Act

IT Prioritization CHARTER

FY17-FY18 Audit Plan. Office of Internal Auditing

KING III COMPLIANCE ANALYSIS

A New Framework for Risk Management

This charter defines the purpose, authority and responsibility of News Corporation s (the Company ) Corporate Audit Department.

Risk Assessment & Internal Audit Plan /2018

DineEquity, Inc. Corporate Governance Guidelines

Commonwealth Bank of Australia

Title IX, X Topics, XI Grievance Procedures

Information Technology Services. Strategic Plan

OFFICE OF EQUITY AND COMPLIANCE COMPLIANCE PROGRAM

Securitas Global and National Accounts Group

EHRA Non Faculty Salary Structure

IT Management & Governance Tool Assess the importance and effectiveness of your core IT processes

Independent Validation of the Internal Auditing Self-Assessment

Integrated Planning and Institutional Effectiveness: Improvement and Renewal

ENTERPRISE RISK MANAGEMENT THE KEY TO BUSINESS SUCCESS By Phil Griffiths FCA

USG Comprehensive Administrative Review

Business Resilience They Cannot Do This Without You!

Enterprise Risk Management Handbook. June, 2010

Risk Management Policy

Foreword from Vice Chancellor Professor John Raftery

Southern Oregon University Internal Audit Plan Fiscal Year 2017

UNIVERSITY STANDARD. Title UNIVERSITY OF NORTH CAROLINA AT CHAPEL HILL STANDARD ON ENTERPRISE DATA GOVERNANCE. Introduction

KPMG s Major Projects Advisory Project Leadership Series: Stakeholder Management and Communication

Risk Management BEST PRACTICES. A Collection of Best Practices for: Includes Detailed Best Practices for:

MPAC BOARD OF DIRECTORS MANDATE

Enterprise Systems Committee

Job Description Assistant HR Business Partner Document Owner: Head of Human Resources & Organisational Development

BEFORE THE BOARD OF COUNTY COMMISSIONERS FOR MULTNOMAH COUNTY, OREGON ORDINANCE NO. 1000

December Business and Finance Division Service Assessment Survey. Summary Report To Finance Division December 1, 2006

KING III ON CORPORATE GOVERNANCE. The AEEI level of compliance continually increases since the introduction of the Code.

Gulfstream SMS. Safety Management International Collaboration Group Meeting Seattle - October 25, Fred Etheridge / Rick Trusis / Carmen Schooley

Audit Project Process Overview 1/18/ Compliance and Audit Symposium. Agenda. How to Kick-start your. Audit Planning and Risk Assessment

Implementation Guide 2000

The New Engagement: A Bold Statement of Colliding Concepts Transcending Traditional Solutions

UNIVERSITY OF COLORADO DEPARTMENT OF INTERNAL AUDIT 2018 AUDIT PLAN As of June 1, 2017

Audit of Shared Services Canada s Information Technology Asset Management

Maggie Jesse Tim Shie. Romy Bolton

Audit Committee - Agenda

State: Original. July 2015 June Status: Planned. State: Original. July 2015 June 2018

Administrative Council February 15, 2011

Plans for a Balanced Scorecard Approach to Information Security Metrics

QUARTERLY BUSINESS OFFICERS MEETING JANUARY 2017

BOARD OF REGENTS AUDIT/COMPLIANCE AND INVESTMENT COMMITTEE 3 STATE OF IOWA FEBRUARY 6-7, 2013 INTERNAL AUDIT REPORTS ISSUED

Pipeline Integrity Management Programs

A Vision of an ISO Compliant Company by Bruce Hawkins, MRG, Inc.

DIAMOND OFFSHORE DRILLING, INC. Corporate Governance Guidelines

Gartner Campus Access Program. Enable staff, faculty and student access to the authoritative Gartner research library.

Juniper Networks, Inc. Corporate Governance Standards. (As amended on October 6, 2009)

LIST OF TABLES. Table Applicable BSS RMF Documents...3. Table BSS Component Service Requirements... 13

Human Resources and Compensation Committee report

WORKGROUP-LEVEL OVERVIEW. What You Will Learn. What You Will Apply To Your Workgroup

AUDIT COMMITTEE CHARTER. Specifically, the Audit Committee is responsible for overseeing that:

RSA ARCHER MATURITY MODEL: AUDIT MANAGEMENT

Audit Committee Presentation FY2011 Audit Plan (annual risk assessment) August 16, 2010

Senior Academy Business Manager

MISSISSIPPI STATE UNIVERSITY INTERNAL AUDIT CHARTER

IT Governance Framework. Western Illinois University. Revised May, 2017

IT Due Diligence in an Era of Mergers and Acquisitions

BUILDING BLOCKS FOR AN EFFECTIVE INTERNAL AUDIT FUNCTION Presentation by:

Agenda. Enterprise Risk Management Defined. The Intersection of Enterprise-wide Risk Management (ERM) and Business Continuity Management (BCM)

PROGRAM PRIORITIZATION. for Administrative and Service Units

Environment and Sustainability Policy

RESEARCH REPORT. Includes complete survey data. Project Management Maturity & Value Benchmark

Transcription:

University Risk Management Topics Assigned to BACKGROUND In 205, OSU senior leaders initiated a project titled, University Risk Management. The project is a best practice activity designed to further assist Oregon State University in meeting strategic, operational, compliance, and financial objectives. The goals of the project are to: Identify top risks that may hinder OSU s ability to achieve the objectives outlined in Strategic Plan 3.0; Implement activities intended to mitigate each risk identified; and, Provide senior leadership and the Board with a tool to monitor progress in implementing the risk mitigation activities. As part of this effort, in concert with key University stakeholders, the University s senior leaders evaluated the top risks they had identified, considering industry and external influences, prior OSU experiences, and the current OSU environment. In January 206, these efforts resulted in a presentation to the Executive & Audit on the subject, highlighting the issues most likely to hinder OSU s ability to meet University-wide objectives. In March 206, the Executive & Audit (EAC) reviewed a model for developing action plans to mitigate the top risks and, advised by staff, assigned the risks to the various Board s based on alignment with each s charter and work load. Attachment provides an initial draft of the action plans for each risk topic assigned to the EAC. The summary documents are intended to provide campus leadership and the Board with information to monitor progress. The action plans will continue to be refined over the next year, especially with regard to metrics and goals. NEXT STEPS Staff will provide updates to the on progress for each risk action plan over the next year. In addition, the will discuss how to incorporate follow-up and discussion of these action plans in their 207 work plan. September 2, 206 Executive & Audit Meeting Page

Attachment Discussion Draft Oregon State University University Risk Management 206-7 Priorities All Hazard Planning Board Risk Topic University Goal Type(s) of Risks to be Prevented Risk Owner(s) Primary Risk Strategy(ies) Risk Team Executive & Audit All Hazard Planning A safe environment for the OSU community through swift and adequate response to emergencies Operational (safety),, Financial, Reputational Provost, VP for Finance and Administration (VPFA) Reduce, Share/Insure, Accept Emergency Planning, Chief Risk Officer Director of Department of Public Safety, Oregon State Police, Vice Provost for Student Services, Chief Officer Plan Objectives to Achieve Goal Actions to Satisfy Objectives Status Report. Develop and implement updated university Emergency Operations Plan (EOP) 2. Institute training on emergency protocols a. Convene a university committee to update EOP b. Seek approval and adoption of EOP by the Provost and VPFA c. Create a communication protocol for EOP a. Establish and implement a list of baseline trainings for OSU emergency personnel and the OSU Incident Management Team (IMT). September 2, 206 Executive & Audit Meeting Page 2

3. Test emergency response programs 4. Raise awareness of all relevant parties b. Establish and implement outreach communications to inform all OSU staff and students of proper procedures in emergencies. a. Conduct emergency drills of major disaster events at OSU campuses a. Conduct survey of employee and student regarding plans, protocols, and training drills Performance Metrics Metric Current Measure Goal Comments. Number of OSU emergency personnel and OSU Incident Management Team trained Percentage of IMT trained 00% 2. Number of training drills Clery required Surpass Clery drill requirements and include all 3 OSU campuses 3. Number and schedule of awareness notices distributed Two per month 00% Provide Status Report Plan Review and Report Schedule Action Group Completion Date or Frequency of Action Campus Executive Quarterly Approval of plan Provost, VPFA Winter 207 Discuss annual progress report Review annual progress report; schedule educational and discussion items as identified in the committee s annual work plan Cabinet Academic Strategies Comments In advance of annual report Executive & Audit August 9, 206 Academic Strategies Meeting Page 3

Attachment Discussion Draft Oregon State University University Risk Management 206-7 Priorities Information Technology Security Board Risk Topic University Goal Type(s) of Risks to be Prevented Risk Owner(s) Primary Risk Strategy(ies) Risk Team Executive & Audit Information Technology (IT) Security Efficient IT systems that meet strategic needs and ensure continuity of service to the campus Operational,, Financial, Reputational Provost, Chief Information Officer (CIO) Accept, Reduce, Share/Insure Chief Information Security Officer, AVP Infrastructure and Operations, Director of Enterprise Computing, IT Security Plan Objectives to Achieve Actions to Satisfy Objectives Status Report. Identify risks a. Establish a methodology for identifying IT risks b. Perform annual assessment of systems and infrastructure c. Communicate results to Campus Executive 2. Develop priorities a. Develop an IT security plan that outlines the strategies for mitigating high-risk areas b. Review the plan with information security committee annually c. Concurrent with planning activities above, implement immediate actions identified in the assessment. 3. Communicate security standards a. Communicate and publish new and updated policies related to: Data management September 2, 206 Executive & Audit Meeting Page 4

Acceptable use Network Incident response Metric. Percentage of critical business processes and IT services identified and risks assessed against industry standard benchmarks. 2. Percent of critical risks with completed action plans. Performance Metrics Current Measure Goal Comments Action Performed IT Security Audit CIO Presented to EAC about Information Security Planned Follow-Up Audit IT Security Plan Update Discuss annual progress report Review annual progress report, including trends and significant incidents; schedule educational and discussion items as identified in the committee s annual work plan Plan Review and Report Schedule Group Office of Audit Services Executive & Audit Office of Audit Services Campus Executive Cabinet Executive & Audit Completion Date or Frequency of Action May, 205 May 28, 205 October 206 Fall 206, Quarterly Afterwards Comments In advance of annual report to Executive & Audit September 2, 206 Executive & Audit Meeting Page 5

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback