Frequently Asked Questions

How are audits selected?

University audits are selected through a risk assessment process. RMAS communicates with schools, departments and University management to identify and prioritize operational, financial and compliance risks to the University. The specific audit projects for the year are chosen based on these assessed risk factors. The final plan is also evaluated to ensure adequate representation of schools, departments and affiliates.

What is Harvard's Risk Financing Scheme?

Risk financing requires planning and arranging for the sources of funds before loss events occur and then directing the funds offered by these sources, post loss, to assure the desired business recovery objectives as met.

While still in early stages of development, our risk financing scheme has emerged over time from constantly trying to interpret University priorities against these questions:

  1. Is the University taking the right amount of risk?
  2. Is the University taking the right types of risk to achieve its priorities?
  3. Is the University being properly...
Read more about What is Harvard's Risk Financing Scheme?

What is Risk Financing?

At its core, risk financing exists to address one vexing problem: how to align a company’s willingness to take risks with its ability to do so, an exercise best done within the context of one’s organizational objectives. Risk management, of which financing is an integral part, is the set of measurable and sustainable actions for reducing the effect of uncertainty on those objectives. The establishment of measurable metrics is a key step in an organization’s growth toward a fully mature enterprise-wide risk management program.

Every enterprise of any appreciable size, with...

Read more about What is Risk Financing?

What is the University Risk Management Council?

The University Risk Management Council (URMC) administers a structured approach to risk management that identifies and manages, to an acceptable level, the key risks that may adversely affect the University’s ability to achieve its goals and objectives. The Council reports to the President and the Harvard Corporation's Joint Committee on Inspection regarding the effectiveness of the University’s risk management program. The URMC works with Harvard's schools and central administration units on continuous improvement of the University’s capabilities around managing...

Read more about What is the University Risk Management Council?

What is my role in managing risk?

Harvard staff and faculty have two roles in managing risk. The first role is to be aware of and understand what areas of risk are present in your current position. For example, if you manage people you need to consider employment laws, discrimination laws and union contracts. You also need to consider the University's policies and practices around hiring, firing and creating a safe work environment.

Once you know your risk areas, you need to consider the implications of these risks on yourself, your department and the University. This second role in managing risk requires that...

Read more about What is my role in managing risk?

Who manages risk at the University?


As employees or agents of the University, we are all risk managers. Whether "risk manager" is in our job title or job description is irrelevant. We all are presented with risk in the workplace and must act to address risk in an informed manner. 

A list of risk management leads at Harvard's schools and central administration units can be accessed below. These individuals can help you think about how best to address your risks and/or connect you with other risk management leaders at the University.


Read more about Who manages risk at the University?

What types of risk is the University concerned about?

The University broadly defines risk as any issue that could impact Harvard's ability to meet its objectives. We categorize risks under the following areas:

  • Academic risks
  • Compliance risks
  • Financial risks
  • Operational risks
  • Reputational risks
  • Strategic risks