Key Terms and Frequently Asked Questions

In order to gain insight to Enterprise Risk Management and how to become a risk manager, it is important to familiarize yourself with the following terms:

KeywordDefinition/Explanation
Action Plan A timeline of steps which must be taken in order to mitigate and manage an identified risk factor/event
Activity Inventory List of primary activities and functions an area is responsible
Assessment Summary A one-page summary of the activity's CURRENT risk assessment
Compliance Risk Risk type related to applicable laws and regulations
Financial Risk Risk type that could result in the loss of assets or financial resources
Heat Map A tool used to present the results of a risk assessment process visually and in a meaningful and concise way
Impact A numeric rating from 1 to 5 (Low to High) of the impact the risk factor/event will have on the University's mission and strategic goal before considering any mitigating controls/factors
Inherent Risk A calculation which averages likelihood and impact; the numeric calculation scores the risk factor/event before considering any mitigating controls/factors
Likelihood (1-5) A numeric rating from 1 to 5 (Low to High) of how likely the risk factor/event is to occur before considering any mitigating controls/factors
Mitigation Controls (1-5) Controls in place to help monitor and prevent a risk factor/event; these can include documented policies and procedures as well as routine monitoring and review practices; scored from 1 to 5 (strong to weak)
Operational Risk Risk type that could affect the execution of ongoing unit-level processes due to the inefficient and/or ineffective use of operational resources, or University policy failure
Priority (1-5) The priority of the activity/function to the success of Clemson's mission, goals, and operations (see scale for rating guidelines); if the activity/function ceased to exist, what effect would there be to Clemson?
Reputational Risk Risk type that impairs or affects the University's image or reputation as perceived by others
Residual Risk A numeric calculation to measure the risk factor/event after taking into consideration any mitigating controls; the calculation averages the inherent risk and mitigation controls, Residual Risk = Inherent Risk - Mitigation
Risk Any action, process, procedure, etc. that might impede the success of the activity
Risk Area Primary area of University activities/functions
Risk Assessment A systematic process of evaluating the potential risks that may be involved in a projected activity or undertaking
Risk Direction The direction the risk is progressing at the time of the assessment: increasing, stable, or decreasing
Risk Owner/Team The person(s) who will be responsible for completing the risk assessment of the consolidated activity/function; this person(s) should have sound knowledge of the activities and functions listed; can include person(s) from other areas
Risk Type Describe the nature of a risk's potential consequences
  • Compliance Risks are related to applicable laws and regulations.
  • Financial Risks are risks that could result in the loss of assets or financial resources.
  • Operational Risks could affect the execution of ongoing unit-level processes due to the inefficient and/or ineffective use of operational resources, or University policy failure.
  • Reputational Risks impair or affect the University’s image or reputation as perceived by others.
  • Strategic Risks affect the University’s ability to achieve high-level goals and objectives.
Strategic Risk Risk type that affects the University's ability to achieve high-level goals and objectives


Frequently Asked Questions

  • What is Enterprise Risk Management?

    Clemson University defines Enterprise Risk Management (ERM) as a process-driven tool that enables visualization, assessment, and management of significant risks that may adversely impact the attainment of key organizational objectives and to maximize opportunities for enhancement in all Clemson University activities.

    What is ERM

  • What is risk?

    Any action, process, procedure, etc. that might impede the success of an activity. The National Association of College and University Business Officers (NACUBO) defines risk as “any issue that impacts an organization’s ability to meet its objectives”.

  • What are the different types of risk within the university?

    Each risk is categorized as one of five risk types; these types are compliance, financial, operational, reputational and strategic.

    • Compliance Risks are related to applicable laws and regulations.
    • Financial Risks are risks that could result in the loss of assets or financial resources.
    • Operational Risks could affect the execution of ongoing unit-level processes due to the inefficient and/or ineffective use of operational resources, or University policy failure.
    • Reputational Risks impair or affect the University’s image or reputation as perceived by others.
    • Strategic Risks affect the University’s ability to achieve high-level goals and objectives.
  • Why is ERM necessary at Clemson University?
    • The University can enhance a culture of risk awareness across campus
    • Relevant risks can be identified, assessed, managed and monitored to ensure that Clemson is fulfilling its mission and purpose to all students, faculty, staff, alumnae, and donors to the best of its ability.
    • University resources are protected and utilized in the most efficient and intuitive manner.
    • University can mitigate these risk areas as best as possible for sustainable development.
  • What is a Risk Assessment?

    A risk assessment is a systematic process of evaluating the potential risks that may be involved in am undertaking. This assessment will help the risk owner critically evaluate their risk responsibilities and create a prioritized plan to manage these risks.

  • What is a Risk Assessment Summary?

    A one-page summary of the activity's CURRENT risk assessment.