To review details of risk ratings, please see the complete FY2026 Systemwide Risk Registry here.
| FY26 Risk Rank | Risk Name | Risk Definition |
|---|---|---|
| 1 | Financial Sustainability | Inability to adapt the University's business model to ensure financial sustainability, mitigate risk, and adjust to changing circumstances that influence funding, revenue, or expenditures. |
| 2 | Enrollment | Inability to sustain or increase enrollment of in-state, out-of-state, regional, international, residential, commuter, transfer, undergraduate, and/or graduate students related to demographic decline, federal activity impacts, or other causes. |
| 3 | Research | Inability to comply with research grant requirements or manage impacts associated with federal activities to the University’s research enterprise. |
| 4 | Facilities & Deferred Maintenance | Inability to maintain facilities, including the prioritization of ongoing and deferred maintenance, and/or develop facilities and infrastructure to attract and retain students, staff and faculty, and to support critical research. |
| 5 | Diversity, Equity, Inclusion, & Accessibility | Inability to embed and/or sustain diversity, equity, inclusion, and accessibility principles into employment practices and policies; foster and/or sustain a diverse, inclusive, and welcoming environment on campuses for all students, faculty, and staff; promote and/or sustain a diverse, inclusive, and accessible organizational culture in the workplace; and/or attract, support, and equitably serve a diverse student body and/or provide students equitable access to programs, services and support. |
| 6 | Information Security | Inability to safeguard data and/or information systems to prevent unauthorized access - whether intentional or unintentional - by foreign or domestic actors or vendors with whom the University conducts business. |
| 7 | Student Health & Mental Health Support | Inability to maintain capabilities and resources to support the physical and mental health, development, and well-being of students. |
| 8 | Artificial Intelligence | Inability to set effective protocols for and leverage the opportunities provided by the acceptable use and optimization of artificial intelligence in academics, research, and the workplace. |
| 9 | Attract, Recruit, Retain, Faculty & Staff | Inability to attract, recruit, retain, and appropriately qualified, skilled, and reputable faculty and staff. |
| 10 | All Hazards Planning & Response Capabilities | Inability to maintain all-hazards preparedness, response, and mitigation plans and capabilities as part of an integrated emergency management program both at the system level, as well as on each campus. Hazards include but are not limited to hazardous weather, chemical/biological/radiological/ nuclear/explosives (CBRNE) incidents, active shooter threats or incidents, infectious disease outbreaks, acts of civil disobedience, acts of bias and hate, and any additional threats that could impact the health and safety of the campus community or require the evacuation of a facility, a portion of a campus, or an entire campus. |
| 11 | International Activities | Inability to effectively implement a consistent approach across the University system to manage and support international activities, including University travel, University devices, data and intellectual property, students, employment, trade and sanctions, and business engagements. |
| 12 | Data Privacy | Inability to comply with state and federal data privacy standards, regulations, and laws, including Health Insurance Portability and Accountability Act (HIPAA), Payment Card Industry (PCI), Personally Identifiable Information (PII), Family Educational Rights and Privacy Act (FERPA), and General Data Protection Regulations (GDPR). |
| 13 | Labor Relations | Inability to maintain productive labor and employee relations. |
| 14 | Athletic Regulations | Inability to comply with NCAA and other pertinent athletic association regulations or requirements, including but not limited to recruiting guidelines and name/image/likeness. |
| 15 | Data Management | Inability to provide consistency in data across the system to support critical information sharing and strategic analytical analysis. |
| 16 | It Disaster Recovery | Inability to ensure access to systems and/or data in the event of a disruption in technology services. |
| 17 | Academic Quality & Standards | Inability to maintain academic quality and standards, including those required for accreditation. |
| 18 | Vendor Risk Management | Inability to adequately screen vendors, establish and manage vendor contracts, and manage vendor performance. |
| 19 | Title IX | Inability to maintain and implement consistent protocols across the University to comply with Title IX and related state and federal requirements, including discrimination based on sex; prevention, detection, and response to sexual assault, harassment, and other interpersonal violent acts (stalking, domestic violence, etc.); and appointment of Title IX coordinators. |
| 20 | Crisis Communication Coordination | Inability to maintain and/or implement systemwide protocols to ensure awareness and coordination of timely communications when an urgent matter or incident impacts the University. |
| 21 | Minors on Campus | Inability to maintain and implement procedures to safeguard minors on campus. |
| 22 | Environmental, Public, Health & Safety Regulations | Inability to comply with local, state, and federal environmental, health, public health, and safety regulations and requirements. |
| 23 | Sustainability | Inability to implement University and state sustainability standards, including energy resiliency, meeting carbon reduction goals, climate resiliency, green building design, sustainable transportation, procurement, food services, water systems, waste reduction and recycling, and related academic and research programming.. |
| 24 | Fraud, Waste, Abuse | Inability to maintain capabilities to prevent, detect and respond to fraud, waste, and abuse. |
| 25 | Continuity Planning | Inability to develop, maintain and/or implement capabilities to maintain continued operations during incidents causing sustained disruption to key services or functions; capabilities include developing, maintaining, exercising and implementing continuity plans as part of an integrated emergency management program. |
| 26 | Multi-State Taxation | Inability to appropriately comply with other states' payroll or business tax requirements. |
| 27 | Employment Laws & Regulations | Inability to comply with local, state, and federal employment laws and regulations. |
| 28 | Alcohol & Substance Disorder | Inability to maintain capabilities and resources to prevent, detect, and respond to, and support students impacted by alcohol and substance use disorder on campuses, and maintain compliance with local, state, and federal regulations. |
| 29 | Oversight of Student Organizations | Inability to maintain oversight of registered student organizations (finances, insurance, etc.) |
Archived Systemwide Risk Registries
FY2024 Systemwide Risk Registry (Updated - Sustainability added in FY25)