Skip to main content

What is Risk?

We hear it in a variety of contexts in our daily work lives, risk assessment, risk management, inherent risk, residual risk, external risks, etc.  Yet, most of us rarely stop and think about what all those things mean to the actual work we do.

Simply defined, RISK is any issue or event which may adversely impact the achievement of one or more of an organization’s objectives.  

Risks may originate internally due to things such as inadequate controls, poor management, or individuals perpetrating a fraud. They may also originate externally to the University, such as a change in law, downswing in the economy, or a natural disaster.

With respect to the University, we have classified risks into the following types/categories:

  • Strategic – an event that affects the high-level goals and vision of the University 
  • Operational - an event that affects ongoing management processes 
  • Financial - an event that affects the financial well-being of the institution
  • Compliance - an event that affects the University’s adherence to applicable laws and regulations or internal policies and guidelines
  • Reputational - an event that affects the image, standing or character of the organization.

How University management plans for and manages these potential risks is all part of risk management. At Vanderbilt, we look at risk management from a University-wide perspective called ERM.