To review details of risk ratings, please see the complete FY2025 Systemwide Risk Registry here.
| FY24 Risk Rank | Risk Name | Risk Definition |
|---|---|---|
| 1 | Enrollment | Inability to sustain, increase and/or retain enrollment of in-state, out-of-state, international, residential, commuter, transfer, undergraduate and/or graduate students. |
| 2 | Information Security | Inability to safeguard data and/or information systems to prevent unauthorized access - whether intentional or unintentional - by foreign or domestic actors or vendors with whom the University conducts business. |
| 3 | Facilities and Deferred Maintenance | Inability to maintain facilities, including the prioritization of ongoing and deferred maintenance, and/or develop facilities and infrastructure to attract and retain students, staff and faculty, and to support critical research. |
| 4 | Financial Sustainability | Inability to adapt the University's business model to ensure financial sustainability, mitigate risk, and adjust to changing circumstances that influence funding or revenue. |
| 5 | Student Health and Mental Health Support | Inability to maintain capabilities and resources to support the physical and mental health, development and well-being of students. |
| 6 | Artificial Intelligence | Inability to set effective protocols regarding acceptable use and optimization of artificial intelligence in academics, research and the workplace. |
| 7 | International Activities | Inability to effectively implement a consistent approach across to the University's international activities across the system, including travel, devices and data, students, employment, trade and sanctions, and business engagements. |
| 8 | Research | Inability to develop and/or maintain transparent and consistent research protocols across University System to ensure safety, accountability and compliance with applicable rules and regulations. |
| 9 | Diversity, Equity, Inclusion and Accessibility | Inability to sustain and/or enhance diversity, equity, inclusion and accessibility across the University, including employment, students, and campus and workplace culture. |
| 10 | Attract, Recruit, Retain Faculty and Staff | Inability to attract, recruit, retain and appropriately vet qualified, skilled and reputable faculty and staff. |
| 11 | Information Privacy | Inability to maintain compliance with state and federal information privacy standards, regulations and laws, including Health Insurance Portability and Accountability Act (HIPAA), Payment Card Industry (PCI) standards, Personally Identifiable Information (PII) requirements, Family Educational Rights and Privacy Act (FERPA) and General Data Protection Regulations (GDPR). |
| 12 | Sustainability | The inability to implement University and state sustainability standards including energy resiliency, meeting carbon reduction goals, climate resiliency, green building design, sustainable transportation, procurement, food services, water systems, and waste reduction and recycling, and related academic and research programming. |
| 13 | All Hazards Planning and Response Capabilities | Inability to maintain all-hazards preparedness, response and mitigation plans and capabilities as part of an integrated emergency management program both at the system level, as well as on each campus. Hazards include but are not limited to hazardous weather, chemical/biological/radiological/ nuclear/explosives (CBRNE) incidents, active shooter threats and incidents, infectious disease outbreaks, acts of civil disobedience, acts of bias and hate, and any additional threats that could impact the health and safety of the campus community or require the evacuation of a facility, a portion of a campus, or an entire campus. |
| 14 | Labor Relations | Inability to maintain productive labor and employee relations. |
| 15 | Data Management | Inability to provide consistency in data across the system to support critical information sharing and strategic analytical analysis. |
| 16 | Vendor Risk Management | Inability to screen vendors, ensure vendors meet contractual requirements, and vendor deliver acceptable services or deliverables. |
| 17 | Sexual Assault Policies and Response Procedures | Inability to implement consistent protocols across the University to prevent, detect, prepare for, and respond to sexual assault, harassment and other interpersonal violent acts (stalking, domestic violence, etc.) and maintain compliance with state and federal regulations. |
| 18 | NCAA Regulations | Inability to comply with NCAA regulations, including recruiting guidelines. |
| 19 | IT Disaster Recovery | Inability to ensure access to systems and/or data in the event of a disruption in technology services. |
| 20 | Continuity Planning | Inability to develop, maintain and/or implement capabilities to maintain continued operations during incidents causing sustained disruption to key services or functions; capabilities include developing, maintaining, exercising and implementing continuity plans as part of an integrated emergency management program. |
| 21 | Environmental and Public Health and Safety Regulations | Inability to comply with local, state and federal environmental, health, public health, and safety regulations and requirements. |
| 22 | Alcohol and Substance Abuse | Inability to maintain capabilities and resources to prevent, detect and respond to, and support students impacted by alcohol and substance abuse on campuses, and maintain compliance with local, state and federal regulations. |
| 23 | Fraud, Waste, Abuse | Inability to maintain capabilities to prevent, detect and respond to fraud, waste, and abuse. |
| 24 | Crisis Communications Coordination | Inability to develop, maintain and/or implement systemwide protocols to ensure awareness and coordination of timely communication's when an urgent matter or incident impacts the University. |
| 25 | Uninsured Loss | Inability to obtain legislative authority to obtain property insurance on state-owned facilities. |
| 26 | Multi-state Payroll Taxation | Inability to appropriately comply with other states' payroll tax withholding requirements. |
| 27 | Multi-state Business Taxation | Inability to comply with other states' sales, excise and franchise tax requirements as the University expands its business model. |
| 28 | Employment Laws and Regulations | Inability to comply with local, state and federal employment laws and regulations. |
| 29 | Policies/Procedures Regarding Minors on Campus | Inability to develop, maintain, and implement procedures to safeguard minors on campus. |
| 30 | Academic Quality and Standards | Inability to maintain academic quality and standards, including those required for accreditation. |
| 31 | Oversight of Student Organizations | Inability to maintain oversight of registered student organizations. (finances, insurance, etc.) |