Frequently Asked Questions

How are audits selected?

University audits are selected through a risk assessment process. RMAS communicates with schools, departments and University management to identify and prioritize operational, financial and compliance risks to the University. The specific audit projects for the year are chosen based on these assessed risk factors. The final plan is also evaluated to ensure adequate representation of schools, departments and affiliates.

What is Harvard's Risk Financing Scheme?

Risk financing requires planning and arranging for the sources of funds before loss events occur and then directing the funds offered by these sources, post loss, to assure the desired business recovery objectives as met.

While still in early stages of development, our risk financing scheme has emerged over time from constantly trying to interpret University priorities against these questions:

  1. Is the University taking the right amount of risk?
  2. Is the University taking the right types of risk to achieve its priorities?
  3. Is the University being properly Read more about What is Harvard's Risk Financing Scheme?

What is Risk Financing?

At its core, risk financing exists to address one vexing problem: how to align a company’s willingness to take risks with its ability to do so, an exercise best done within the context of one’s organizational objectives. Risk management, of which financing is an integral part, is the set of measurable and sustainable actions for reducing the effect of uncertainty on those objectives. The establishment of measurable metrics is a key step in an organization’s growth toward a fully mature enterprise-wide risk management program.

Every enterprise of any appreciable size, with Read more about What is Risk Financing?

What is the Risk Management Committee?

The Harvard Risk Management Committee (RMC) provides a forum for identification, discussion and resolution of major risks facing the University. The RMC is charged by the President and Provost to provide advice on:

  • How the University may assure that faculty and staff are aware of their legal and ethical responsibilities as members of the Harvard community
  • What steps should be taken to establish and codify University-wide standards of conduct
  • Coordinating and disseminating information regarding training, oversight functions, and internal controls, especially in Read more about What is the Risk Management Committee?

What is my role in managing risk

You have two roles in managing risk. The first role is to be aware of and understand what areas of risk are present in your current position. For example, if you manage people you need to consider employment laws, discrimination laws and union contracts. You also need to consider the University's policies and practices around hiring, firing and creating a safe work environment.

Once you know your risk areas, you need to consider the implications of these risks on yourself, your department and the University. This second role in managing risk requires that you to assess each situation Read more about What is my role in managing risk

Who manages risk at the University?

Some departments are responsible for managing specific risk areas. For example, the Office of Human Resources manages employment risks. Similarly, Environmental, Health & Safety consults on environmental risks.

However, as employees or agents of the University, we are all risk managers. What does that mean? Whether "risk manager" is in our job title or job description is irrelevant. We all are presented with risk in the workplace. For example, we all have resources at our discretion, such as staff, finances, property and information. What we do or do not do with those resources Read more about Who manages risk at the University?

What types of risk is the University concerned about?

While we often associate risk with financial matters, e.g. investments, insurance, loss prevention, there are many types of risk. The University broadly defines risk as any issue that could impact the University's ability to meet its business objectives. In other words, risk applies to many different aspects of our work.

Specifically, the University is concerned with five risk areas.