Risk Identification and Assessment Worksheet

The Office of Audit, Compliance & Ethics (OACE) conducts annual risk assessments for the
Universitys Storrs, Regional, and UConn Health campuses. This formal process is intended to
identify and assess risks to the University on an ongoing basis. Integral to the risk assessment
process is the identification of mitigating strategies, internal controls, and monitoring processes
that are necessary to reduce/eliminate unwanted outcomes, ensure compliance with requirements
imposed by state and federal regulations and other accrediting organizations, and enhance the
achievement of long-term University goals.
OACE initiates the risk assessment process by asking senior administration, and academic and
administrative management to identify the risk areas with the highest potential impact on the
mission, goals and objectives of his/her respective area, as well as the existing or planned
internal controls employed to mitigate the risks identified.
Following is a Risk Identification and Assessment Worksheet which will provide you with a
vehicle to organize and document the risk assessment for your department / unit. Please include
the highest 5 to 10 risks on the worksheet in the risk area that seems appropriate, as well as the
actions or processes, used or planned, to manage and monitor each of the risks identified.
Common risk factors include decentralized operations, personnel changes, budgetary constraints,
new systems, regulatory requirements, industry issues and federal and state legislative
environment.
The information gathered will be integrated into a confidential summary document that will be
provided to senior administration and the Joint Audit & Compliance Committee of the Board of
Trustees. In addition, the results of this process will be used as the basis for future audit and
compliance work plans.

University of Connecticut / UConn Health

Risk Identification and Assessment
Department / Unit: ____________________________

Prepared by: _____________________________

Date: ____________________________________
Instructions:
In the context of the mission, goals and objectives of the department / unit that you manage or support
and the University as a whole, describe the following where applicable:
A. Operational Risks including Information Technology related to ongoing departmental / unit processes
and procedures, information systems and equipment
Risks

March April 2014

Internal Controls / Mitigating Strategies

Page 2

University of Connecticut / UConn Health

Risk Identification and Assessment
B. Compliance Risks related to internal policies and state and federal regulations, safety and
environmental issues
Risks

March April 2014

Internal Controls / Mitigating Strategies

Page 3

University of Connecticut / UConn Health

Risk Identification and Assessment
C. Financial Risks related to funds, resources, equipment and potential fraud
Risks

March April 2014

Internal Controls / Mitigating Strategies

Page 4

University of Connecticut / UConn Health

Risk Identification and Assessment
D. Strategic Risks related to the achievement of the Universitys mission and long term goals
Risks

March April 2014

Internal Controls / Mitigating Strategies

Page 5

University of Connecticut / UConn Health

Risk Identification and Assessment
E. Reputational Risks related to public perception, political issues or brand
Risks

March April 2014

Internal Controls / Mitigating Strategies

Page 6