Everything from minor purchases, software license renewals, and research projects are being required to complete a risk assessment. But, what does that mean and why are we doing this?
What is a Risk Assessment?
The first step in answering that question is to define what a risk assessment is and what it should achieve. Many of you are likely familiar with a cost benefit analysis.A simple definition would be “The process of determining if the gain from a project or action exceeds the cost needed to complete the project or action.” Logically, a project is not economically wise if the costs exceed the benefits. Risk analysis is the other side of the same coin. Rather than being focused on benefits, risk analysis attempts to determine what negative consequences might be encountered in a project and trying to eliminate the risk as much as possible before the project begins. Also, to plan for contingencies in the event a negative consequence arises.
Proactive Approach to Protecting Information
The university is in the business of information and knowledge exchange. Our faculty and staff manage the environment and they are the gatekeepers of that knowledge and information. It is reasonable for certain types of information to be protected and we are required by law to do so. Not only are we responsible as an institution, we can be held individually liable in certain circumstances. No one wants that! Some risks that are associated with the University of Florida as an institution may include lost revenue, fines for non-compliance to laws and regulations (FERPA and HIPAA), and damaged reputation to name a few, with the latter as the most difficult to quantify.
By examining our projects and their goals with scrutiny to how we will handle information, the risk assessment process is an opportunity to avoid pitfalls that we might not otherwise see. It may seem unnecessary, but I’m certain that most projects encounter something that wasn’t anticipated. Risk assessments are proactive. It is better that we should find our own faults, rather than having them featured in the media!