University audits are selected through a risk assessment process. RMAS communicates with schools, departments and University management to identify and prioritize operational, financial and compliance risks to the University. The specific audit projects for the year are chosen based on these assessed risk factors. The final plan is also evaluated to ensure adequate representation of schools, departments and affiliates.
Risk financing requires planning and arranging for the sources of funds before loss events occur and then directing the funds offered by these sources, post loss, to assure the desired business recovery objectives as met.
While still in early stages of development, our risk financing scheme has emerged over time from constantly trying to interpret University priorities against these questions:
Is the University taking the right amount of risk?
Is the University taking the right types of risk to achieve its priorities?
At its core, risk financing exists to address one vexing problem: how to align a company’s willingness to take risks with its ability to do so, an exercise best done within the context of one’s organizational objectives. Risk management, of which financing is an integral part, is the set of measurable and sustainable actions for reducing the effect of uncertainty on those objectives. The establishment of measurable metrics is a key step in an organization’s growth toward a fully mature enterprise-wide risk management program.
Yes, the Foreign Corrupt Practices Act applies to individuals or corporations who conduct business in a foreign country. The Foreign Corrupt Practices Act is often referred to as the anti-bribery law. Under the Act, an individual or corporation is prohibited from either directly or indirectly bribing a foreign official or foreign political office.
Yes, the Federal Civil False Claims Act applies to individuals and corporations that do business with the federal government. The Federal Civil False Claims Act is an anti-fraud law. Under the Act, an individual or corporation is liable if they knew or should have known that they submitted a false claim to the federal government.
The Harvard Risk Management Committee (RMC) provides a forum for identification, discussion and resolution of major risks facing the University. The RMC is charged by the President and Provost to provide advice on:
How the University may assure that faculty and staff are aware of their legal and ethical responsibilities as members of the Harvard community
What steps should be taken to establish and codify University-wide standards of conduct
You have two roles in managing risk. The first role is to be aware of and understand what areas of risk are present in your current position. For example, if you manage people you need to consider employment laws, discrimination laws and union contracts. You also need to consider the University's policies and practices around hiring, firing and creating a safe work environment.
Once you know your risk areas, you need to consider the implications of these risks on yourself, your department and the University. This second role in managing risk requires that you to assess each situation Read more about What is my role in managing risk
Some departments are responsible for managing specific risk areas. For example, the Office of Human Resources manages employment risks. Similarly, Environmental, Health & Safety consults on environmental risks.
However, as employees or agents of the University, we are all risk managers. What does that mean? Whether "risk manager" is in our job title or job description is irrelevant. We all are presented with risk in the workplace. For example, we all have resources at our discretion, such as staff, finances, property and information. What we do or do not do with those resources Read more about Who manages risk at the University?
While we often associate risk with financial matters, e.g. investments, insurance, loss prevention, there are many types of risk. The University broadly defines risk as any issue that could impact the University's ability to meet its business objectives. In other words, risk applies to many different aspects of our work.
Specifically, the University is concerned with five risk areas.
Compliance - Compliance risks involves violation of either federal or state laws and regulations. For example, not adhering to the Fair Labor Standards Act requirements.