Risk (Enterprise)

Maximizing opportunities to achieve the OSU strategic plan is a responsibility for the entire Oregon State University community.

The Office of Audit, Risk, and Compliance (OARC) is charged with overseeing and facilitating the university’s enterprise risk management (ERM) program.  The goal of ERM is to ensure appropriate mitigation strategies are in place over top risks that may impact the university’s ability to meet objectives.  ERM evaluates how we deploy our people, services, tools, and infrastructure to address strategic, operational/safety, compliance, legal, reputational, and financial risks and opportunities present in our environment.

OARC facilitates a coordinated approach to gathering data necessary for evaluation and overseeing the mitigation and monitoring of risks.  The compliance function of OARC informs the ERM process by providing information related to the current compliance risks facing the university.  The audit function of OARC provides the campus executive team, president, and the Executive, Audit and Governance Committee (EAGC) with assurances that controls identified to mitigate risks are functioning as designed and progress toward risk mitigation strategies is taking place.

The Office of General Counsel provides advice to the board, executive leaders, functional leaders, and the Compliance Executive Committee, as well as the audit, risk and compliance offices to help inform the analysis of priorities and university exposures. For information on insurance and risk tools developed by the Department of Finance and Administration, contact the Office of Risk Services.

The OARC engages the board, senior leaders, and unit management annually in a three-phase process to identify areas that may impact the achievement of OSU mission and goals:

1. Information Gathering – We refresh our understanding of the OSU strategic plans and goals; scan the higher education landscape, examine federal and state agency activity; evaluate current university risk topics and plans
2. Risk Identification –We reexamine  information and our current university environment to identify the operational, operational/safety, legal, compliance, financial, reputational, and strategic risks that may impede OSU from meeting objectives if not addressed
3. Remediation and Monitoring – We identify our high-risk areas and create remediation and monitoring programs for the risks that have been identified, assessed, and evaluated

The Executive, Audit and Governance Committee of the Board of Trustees approves OSU’s enterprise risk priorities. The current enterprise risk priorities are listed below.

Topic: Information Technology Ecosystem and Security
Risk Owner: Provost and Executive Vice President
Risk Mitigation Objective: Safeguard IT resources against loss of research, operational and student data; safeguard network services to prevent disruptions of service, financial loss, or negative perceptions of operational controls; maintain compliance with applicable security laws; effectively implement strategic IT infrastructure plans and initiatives, including establishment of a new research computing office; and maintain effective data governance.

Topic: University Safety
Risk Owner: Vice President for Finance and Administration
Risk Mitigation Objective: Support a safe and welcoming environment at OSU through efforts of the Department of Public Safety and partner units and programs – including via preparation and recovery plans for hazards such as an active shooter, severe illness, earthquake or inclement weather events.

Topic: Athletics
Risk Owner: President; Vice President and Director of Athletics; and Provost and Executive Vice President
Risk Mitigation Objective: Track and address university-wide financial, academic and compliance implications of the changing collegiate sports model (including name, image and likeness; implementation of the House settlement; and changes to the National Collegiate Athletic Association (NCAA) and other conferences).

Topic: Artificial Intelligence
Risk Owner: Provost and Executive Vice President
Risk Mitigation Objective: Support efforts to implement OSU’s enterprisewide strategy for addressing the innovative, legal and thoughtful application of AI in the core domains of research, education, public engagement and administration.

Topic: Higher Education Changing Landscape
Risk Owner: Provost and Executive Vice President
Risk Mitigation Objective: Support efforts to meet shifting learner/consumer demands for varied learning models, including, but not limited to: continuing education, online learning, hybrid learning and alternative credentials; to address the changing public perception of the value of higher education; and to address sector-wide financial challenges.

Topic: Student Success
Risk Owner: Provost and Executive Vice President and Vice President for Student Affairs
Risk Mitigation Objective: Support efforts to increase retention and graduation rates, including through effective enrollment management, curricular innovation, improvement of transfer pathways, renovations of gateway courses, expanded financial aid, improved advising and provision of mental health resources for students.

Topic: Future Revenue and Cost Escalation Pressures
Risk Owner: Provost and Executive Vice President and Vice President for Finance and Administration
Risk Mitigation Objective: See that budget forecasts and plans are adequately evaluated as pressures on net tuition revenue and government funding persist and the need to balance increasing costs with efficiency and effectiveness of operations is required.

Topic: Research Administration
Risk Owner: Provost and Executive Vice President and Vice President for Research and Innovation
Risk Mitigation Objective: Guide administrative changes needed across the enterprise (both academic and administrative units) to support long-term growth in research, including the provision of support for large, complex projects; pre- and post-award support; proper accounting of indirect costs; and compliance controls.

Topic: Administrative Modernization Project
Risk Owner: Provost and Executive Vice President and Vice President for Finance and Administration
Risk Mitigation Objective: Support successful achievement of the AMP project designed to modernize and simplify dayto-day administrative work, streamline processes and policies, and introduce a new cloud-based Enterprise Resource Planning (ERP) system, Workday.

Topic: Enrollment Management
Risk Owner: Provost and Executive Vice President
Risk Mitigation Objective: Support ongoing management efforts to create strategies that ensure the university’s educational access mission is achieved and plan for demographic shifts that may challenge enrollment goals.