FY2022 Systemwide Risk Registry

To review details of risk ratings, please see the complete FY 2022 Systemwide Risk Registry here.

Risk Rank

Risk Name

Risk Definition



Inability to sustain and/or increase enrollment of in-state, out-of-state, international, residential, commuter, undergraduate and/or graduate students.


Information Security

Inability to safeguard data and/or information systems to prevent unauthorized access - whether intentional or unintentional - by foreign or domestic actors or vendors with whom the University conducts business.


Financial Sustainability

Inability to adapt the University's business model to ensure financial sustainability, mitigate risk, and adjust to changing circumstances that influence funding or revenue.


Facilities and Deferred Maintenance

Inability to maintain facilities, including the prioritization of ongoing and deferred maintenance, and/or develop facilities and infrastructure to attract and retain students, staff and faculty, and to support critical research.


Student Health and Mental Health Support

Inability to maintain capabilities and resources to support the physical and mental health, development and well-being of students.


Vendor Risk Management

Inability to verify that vendors, including subcontractors, comply with University requirements including but not limited to undergoing appropriate screening such as restricted party lists, background and CORI checks, etc.; completing required training such as Title IX, harassment, etc., maintaining obligatory insurance coverage, and/or producing acceptable deliverables or providing acceptable services in accordance with the contract.


Attract, Recruit, Retain Faculty and Staff

Inability to attract, recruit, and retain qualified, skilled and reputable faculty and staff.


International Activities

Inability to effectively implement a consistent approach across to the University's international activities across the system, including but not limited to: management of student, faculty and staff travel; implementation of and compliance with export controls; research activities; protection of intellectual property; protection of data and data systems; and international tax compliance.


Information Privacy

Inability to maintain compliance with state and federal information privacy standards, regulations and laws, including Health Insurance Portability and Accountability Act (HIPAA), Payment Card Industry (PCI) standards, Personally Identifiable Information (PII) requirements, Family Educational Rights and Privacy Act (FERPA) and General Data Protection Regulations (GDPR).


Diversity, Equity, Inclusion and Accessibility

Inability to sustain and/or enhance diversity, equity, inclusion and accessibility across all levels of the University, including leadership, faculty, staff, and students.


All-hazards Planning and Response Capabilities

Inability to maintain all-hazards preparedness, response and mitigation plans and capabilities as part of an integrated emergency management program both at the system level, as well as on each campus. Hazards include but are not limited to hazardous weather, chemical/biological/radiological/nuclear/explosives (CBRNE) incidents, active shooter threats and incidents, infectious disease outbreaks, acts of civil disobedience, acts of bias and hate, and any additional threats that could impact the health and safety of the campus community or require the evacuation of a facility, a portion of a campus, or an entire campus.


Multi-state Payroll Taxation

Inability to appropriately comply with other states' payroll tax withholding requirements.


Labor Relations

Inability to maintain productive labor and employee relations.


Data Management

Inability to provide consistency in data across the system to support critical information sharing and strategic analytical analysis.



Inability to develop and/or maintain transparent and consistent research protocols  across University System to ensure safety, accountability and compliance with applicable rules and regulations.


Multi-state Business Taxation

Inability to comply with other states' sales, excise and franchise tax requirements as the University expands its business model.


Sexual Assault Policies and Response Procedures

Inability to implement consistent protocols across the University to prevent, detect, prepare for, and respond to sexual assault, harassment and other interpersonal violent acts (stalking, domestic violence, etc.) and maintain compliance with state and federal regulations.


IT Disaster Recovery

Inability to ensure access to systems and/or data in the event of a disruption in technology services.


Continuity Planning

Inability to develop, maintain and/or implement capabilities to maintain continued operations during incidents causing sustained disruption to key services or functions; capabilities include developing, maintaining, exercising and implementing continuity plans as part of an integrated emergency management program.


Environmental, Health, Public Health and Safety Regulations

Inability to comply with local, state and federal environmental, health, public health, and safety regulations and requirements.


Alcohol and Substance Abuse

Inability to maintain capabilities and resources to prevent, detect and respond to, and support students impacted by alcohol and substance abuse on campuses, and maintain compliance with local, state and federal regulations.


Crisis Communications Coordination

Inability to develop, maintain and/or implement university-wide crisis communication coordination protocols and processes that address information-sharing and provide situational awareness among impacted campuses and the President's Office during an emergency and/or other impactful incident to support the University's response to an emergency.


Immigration Rules and Regulations

Inability to comply with federal immigration rules and regulations.


Fraud, Waste, Abuse

Inability to maintain capabilities to prevent, detect and respond to fraud, waste, and abuse.


Uninsured Loss

Inability to obtain legislative authority to obtain property insurance on state-owned facilities.


Employment Law/Regulations

Inability to comply with local, state and federal employment laws and regulations.


NCAA Regulations

Inability to comply with NCAA regulations, including recruiting guidelines.


Policies/Procedures Regarding Minors on Campus

Inability to develop, maintain, and implement procedures to safeguard minors on campus.


Academic Quality and Standards

Inability to maintain academic quality and standards, including those required for accreditation.


Oversight of Student Organizations

Inability to maintain oversight of registered student organizations. (finances, insurance, etc.)


© 2022 University of Massachusetts.