Enterprise Risk and Resilience
UC Risk Appetite Definition and Assessment of Risks (UC RADAR)
The UC Risk Appetite Definition and Assessment of Risks (UC RADAR) workbook is an advanced-level ERM tool. It will help your campus/location determine how much potential risk you are willing to accept in the pursuit of achieving objectives (risk appetite). UC RADAR includes your choice of either the Higher Education Risk Assessment tool or the Control Structures Assessment Tool. These enable you to assess risks relative to your campus/location risk appetite and give you a choice of methods for performing risk assessments. Step-by-step instructions for getting the most benefit from UC RADAR are available in a User Guide which will be provided with the tool when it’s provided by the ERM Help Desk.
Risk appetite is the amount of risk, on a broad level, an entity is willing to accept in pursuit of value. Risk tolerance is the acceptable level of variation relative to achievement of a specific objective, and often is best measured in the same units as those used to measure the related objective.
Determining your risk appetite and tolerances is different than performing a risk assessment. Rather than assessing the impact and likelihood of potential risks, you will consider the possible consequences of risks and set thresholds for the maximum impacts and likelihoods you are willing to accept in pursuit of objectives and new opportunities. When setting the maximum impact acceptable, think about the worst consequences that could realistically occur. For example, loss of life is a consequence we are all never willing to accept. Yet, when you drive a vehicle loss of life is a possibility. If you are not willing to accept even the remote possibility of loss of life then you will never drive anywhere. In setting your risk appetite, you could acknowledge loss of life on the Life Safety impact scale as a possibility but then set the likelihood as Very Low indicating that your mitigation actions need to reduce the possibility to a rare occurrence.
UC RADAR provides a practical and structured approach to defining both risk appetite and tolerance at the campus/location. We encourage the ERM coordinator at the campus/location to use UC RADAR to facilitate and document discussions of risk appetite and tolerance with the ERM work group. Engaging the expertise of the work group will result in a clear definition and broader understanding of risk appetite.
Risks can create a variety of consequences, so UC RADAR is organized into consequence categories rather than categories of risk. Risk appetite is recorded within each category by indicating the acceptable levels of impact and likelihood of occurrence.
Risk appetite should be assessed based on the consequences of the inherent or raw risk without consideration of controls existing to mitigate impacts and likelihoods. The risk appetite tool within UC RADAR creates the scales against which risks are later assessed using the included risk assessment tool.
UC RADAR is easy to use. In each category, the user defines risk appetite by adjusting the weight of impact to likelihood, and setting the levels of acceptable impact and likelihood. Risk tolerances are defined by defining levels of control effectiveness. The rest is automatic. UC RADAR uses the information entered to generate graphical representations of risk appetite, tolerances and control effectiveness.
If you would like to know more about this tool or for purchasing information, please contact us at erm@ucop.edu.