Mo. ° / °
Ariz. ° / °
Calif. ° / °
Request info Apply
Enterprise Risk Management
Image of ATSU Students on Campus sharing homework

Enterprise Risk Management

​The Enterprise Risk Management (ERM) process consists of the steps below and is repeated every two years. In addition to the formal ERM process, the Risk Management & Compliance Committee continually monitors emerging risks.

Further details are contained in ATSU’s Risk Management Plan, a copy of which is available upon request to the Office of Vice President & General Counsel.

  • Enterprise risk management steps +

      1. Risk Identification. Risk Management & Compliance Committee members (consisting of President’s Cabinet, deans or his/her designee from each school/college, and other senior administrators) individually identify risks related to their departments/areas. A comprehensive, categorized list of risks is developed.
      2. Risk Assessment. Using a survey tool, the Committee rates the identified risks in two areas: likelihood and impact. A heat diagram is used to identify several priority risks.
      3. Risk Mitigation and Response Plans. Responsible administrators for each priority risk work with their departments to develop risk mitigation and response plans, with the assistance and approval of the vice president and general counsel.
      4. Risk Reporting. The President provides an annual report to the Board of Trustees detailing priority risks, the nature of each risk, the senior administrator assigned to each risk, and the risk mitigation and response plan for each priority risk.
      5. Risk Monitoring. The senior administrator assigned to each risk is responsible for monitoring the risk mitigation and response plan, and provide reports and updates to the vice president and general counsel and the Risk Management & Compliance Committee.

  • Priority risks from 2016-2018 ERM cycle +

    • The priority risks identified in the 2016-2018 ERM cycle were as follows. It should be noted these were addressed as “potential” risks, not necessarily risks that had actually occurred.

      1. Prolonged loss of access to information technology services and/or critical University data;
      2. Inappropriate access or accessibility to confidential University data;
      3. Shortfall in the number and type of rotations needed by health professional programs which require structured clinical experiences;
      4. Malpractice claims related to services provided in ATSU clinics.

      Risk management and response plans were developed to prevent, mitigate, and/or respond to the potential risks named above.

  • Priority Risks from 2018-20 ERM cycle +

    • The priority risks identified in the 2018-2020 ERM cycle were as follows. It should be noted these were addressed as “potential” risks, not necessarily risks that had actually occurred.

      1. HIPAA compliance

      2. Safety of minors on campus or receiving care at ATSU clinical sites or participating in ATSU sponsored events

      3. Availability of mental health wellness resources for students

  • Priority Risks from 2020-22 ERM cycle +

    • The priority risks identified in the 2018-2020 ERM cycle were as follows. It should be noted these were addressed as “potential” risks, not necessarily risks that had actually occurred.

      1. Compliance with new and disparate federal and state laws and regulations
      2. Sufficient number of clinical rotation sites
      3. Planning and allocation for future IT challenges and opportunities
      4. Consistent best practices across all ATSU patient care centers