FY2022 Systemwide Risk Registry

To review details of risk ratings, please see the complete FY 2022 Systemwide Risk Registry here.

Risk RankRisk NameRisk Definition
1EnrollmentInability to sustain and/or increase enrollment of in-state, out-of-state, international, residential, commuter, undergraduate and/or graduate students.
2Information SecurityInability to safeguard data and/or information systems to prevent unauthorized access - whether intentional or unintentional - by foreign or domestic actors or vendors with whom the University conducts business.
3Financial SustainabilityInability to adapt the University's business model to ensure financial sustainability, mitigate risk, and adjust to changing circumstances that influence funding or revenue.
4Facilities and Deferred MaintenanceInability to maintain facilities, including the prioritization of ongoing and deferred maintenance, and/or develop facilities and infrastructure to attract and retain students, staff and faculty, and to support critical research.
5Student Health and Mental Health SupportInability to maintain capabilities and resources to support the physical and mental health, development and well-being of students.
6Vendor Risk ManagementInability to verify that vendors, including subcontractors, comply with University requirements including but not limited to undergoing appropriate screening such as restricted party lists, background and CORI checks, etc.; completing required training such as Title IX, harassment, etc., maintaining obligatory insurance coverage, and/or producing acceptable deliverables or providing acceptable services in accordance with the contract.
7Attract, Recruit, Retain Faculty and StaffInability to attract, recruit, and retain qualified, skilled and reputable faculty and staff.
7International ActivitiesInability to effectively implement a consistent approach across to the University's international activities across the system, including but not limited to: management of student, faculty and staff travel; implementation of and compliance with export controls; research activities; protection of intellectual property; protection of data and data systems; and international tax compliance.
9Information PrivacyInability to maintain compliance with state and federal information privacy standards, regulations and laws, including Health Insurance Portability and Accountability Act (HIPAA), Payment Card Industry (PCI) standards, Personally Identifiable Information (PII) requirements, Family Educational Rights and Privacy Act (FERPA) and General Data Protection Regulations (GDPR).
10Diversity, Equity, Inclusion and AccessibilityInability to sustain and/or enhance diversity, equity, inclusion and accessibility across all levels of the University, including leadership, faculty, staff, and students.
11All-hazards Planning and Response CapabilitiesInability to maintain all-hazards preparedness, response and mitigation plans and capabilities as part of an integrated emergency management program both at the system level, as well as on each campus. Hazards include but are not limited to hazardous weather, chemical/biological/radiological/nuclear/explosives (CBRNE) incidents, active shooter threats and incidents, infectious disease outbreaks, acts of civil disobedience, acts of bias and hate, and any additional threats that could impact the health and safety of the campus community or require the evacuation of a facility, a portion of a campus, or an entire campus.
12Multi-state Payroll TaxationInability to appropriately comply with other states' payroll tax withholding requirements.
12Labor RelationsInability to maintain productive labor and employee relations.
14Data ManagementInability to provide consistency in data across the system to support critical information sharing and strategic analytical analysis.
15ResearchInability to develop and/or maintain transparent and consistent research protocols across University System to ensure safety, accountability and compliance with applicable rules and regulations.
16Multi-state Business TaxationInability to comply with other states' sales, excise and franchise tax requirements as the University expands its business model.
17Sexual Assault Policies and Response ProceduresInability to implement consistent protocols across the University to prevent, detect, prepare for, and respond to sexual assault, harassment and other interpersonal violent acts (stalking, domestic violence, etc.) and maintain compliance with state and federal regulations.
18IT Disaster RecoveryInability to ensure access to systems and/or data in the event of a disruption in technology services.
18Continuity PlanningInability to develop, maintain and/or implement capabilities to maintain continued operations during incidents causing sustained disruption to key services or functions; capabilities include developing, maintaining, exercising and implementing continuity plans as part of an integrated emergency management program.
18Environmental, Health, Public Health and Safety RegulationsInability to comply with local, state and federal environmental, health, public health, and safety regulations and requirements.
18Alcohol and Substance AbuseInability to maintain capabilities and resources to prevent, detect and respond to, and support students impacted by alcohol and substance abuse on campuses, and maintain compliance with local, state and federal regulations.
22Crisis Communications CoordinationInability to develop, maintain and/or implement university-wide crisis communication coordination protocols and processes that address information-sharing and provide situational awareness among impacted campuses and the President's Office during an emergency and/or other impactful incident to support the University's response to an emergency.
23Immigration Rules and RegulationsInability to comply with federal immigration rules and regulations.
24Fraud, Waste, AbuseInability to maintain capabilities to prevent, detect and respond to fraud, waste, and abuse.
25Uninsured LossInability to obtain legislative authority to obtain property insurance on state-owned facilities.
26Employment Law/RegulationsInability to comply with local, state and federal employment laws and regulations.
26NCAA RegulationsInability to comply with NCAA regulations, including recruiting guidelines.
28Policies/Procedures Regarding Minors on CampusInability to develop, maintain, and implement procedures to safeguard minors on campus.
28Academic Quality and StandardsInability to maintain academic quality and standards, including those required for accreditation.
30Oversight of Student OrganizationsInability to maintain oversight of registered student organizations. (finances, insurance, etc.)

© 2022 University of Massachusetts.