Risk Assessment Toolbox

Introduction

ToolboxThe University of California has developed a selection of risk assessment tools for various purposes for both internal use and for use by everyone. This website provides information on all tools we have developed, and identifies which tools are available to the public at no charge. All tools are available to UC employees and available for purchase to outside entities. Contact the ERM Service Desk for information.

The UCOP Office of Risk Services (OPRS) offers several Excel-based tools intended to support the risk assessment process at each of the UC locations. Each of these tools has been constructed to provide insight from multiple perspectives. The results of any risk management decision will only be as effective as the accuracy of the data provided by the user. Inaccurate data or other information not provided by the user will naturally affect any results, decisions, or recommendations. These tools are simply a way to assist users in making informed decisions. Final decisions should be made independently by each organization using these tools. Since any final decision must be made by the user, the University of California and Bickmore Risk Services cannot be responsible for the results or consequences of these decisions.To find out more about our tools or for ordering information, please contact ERM@ucop.edu

Tools for Everyone
Description

Higher Education Risk Assessment Tool

Higher Education Risk Assessment Tool Webinar
This tool is a detailed risk assessment that helps the user to identify estimated impact and likelihood for each item on a pre-determined list of risks an institution of higher education may face from a strategic, financial, operational, compliance, reputational, and reporting risk perspective. The tool also helps the user estimate the effectiveness of current controls and suggests whether each risk is poorly controlled, potentially poorly controlled, adequately controlled, or potentially over-controlled.

Risk Ranking Tool

Risk Ranking Tool Webinar

This tool will help you consider the factors affecting the risks faced by your organization, including the likelihood of an adverse event, time to impact, injury severity, financial severity, and control effectiveness for a list of risks you create.

Control Structure Assessment Tool

Control Structure Assessment Tool Webinar
This tool builds upon other risk assessment tools and will help you consider not only the impact and likelihood for a selected list of risks, but also help you evaluate the effectiveness of current controls and whether any changes may be required to bring the list of risks within your risk appetite. The purpose of this tool is not to ensure all risks are rated as "Adequately Controlled" but rather to help departments assess their control structure for sufficiency given their environment, resources, and bandwidth.
Tools for UC Users
Description

Program Risk Review Tool

Program Risk Review Tool Webinar

This tool will help you consider the strategic, financial, operational, compliance, reporting and reputational risks associated with an initiative or project. It will also suggest whether each risk is poorly controlled, potentially poorly controlled, adequately controlled, or potentially over-controlled based on assumptions of risk frequency, risk severity, and control effectiveness.
Protected Health Information Value Estimator (PHIve) The purpose of this tool is to help protected health information (PHI) protectors understand the financial impact of a PHI breach so they can evaluate and recommend the appropriate investments necessary to mitigate the risk of a data breach. This helps reduce potential financial exposure while strengthening the organizations reputation as a protector of the PHI entrusted to its care.
Protected Information and Intellectual Property Value Estimator (PIIPve) The purpose of this tool is to help organizations responsible for protected information and intellectual property understand the financial impact of an information security breach so they can evaluate and recommend the appropriate investments necessary to mitigate the risk of a breach. This helps reduce potential financial exposure while strengthening the organizations reputation as a reliable protector of protected information and intellectual property.

Budget Changes Tool

Budget Changes Tool Webinar
This tool will help you consider budget related risks and understand potential benefits of each budget reduction option to help make more informed decisions.
UC Risk Appetite Definition and Assessment of Risks (UC RADAR) The UC Risk Appetite Definition and Assessment of Risks (UC RADAR) workbook is an advanced-level ERM tool. It will help your campus/location determine how much potential risk you are willing to accept in the pursuit of achieving objectives (risk appetite).