Risk Management Policy

For interpretation of this policy, please contact the responsible department: Office of the President; responsibility has been delegated to the Department of Risk Management.  (909) 537-3939. 

Policy:

California State University, San Bernardino (CSUSB) recognizes risk management as a function that encourages the participation, cooperation, and involvement of the entire campus community. Several administrative areas collaborate directly with Risk Management to provide comprehensive risk oversight through the adoption of this policy. The following functional areas must maintain policies, procedures or guidelines that outline their respective responsibilities for minimizing institutional risks. Environmental Health and Safety; Emergency Management; Business Continuity; Procurement; Contracts; Human Resources; Cyber Security; Data Protection; and University Police.

The purpose of this policy is to address institutional risks and mitigate unanticipated losses to CSUSB’s human resources, financial assets, and property without unnecessarily limiting the activities that advance the University’s mission, core values and goals outlined in the Strategic Plan. This policy is issued pursuant to California State University (CSU) Risk Management Policy, Technical Letters RM 2011-05 and 2012-01, and other risk-related guidance issued by the CSU.

Overview:

The campus Risk Manager, as designated by the campus President, facilitates the campus risk management approach by maintaining risk management policies, program guidance, education and tools. The Risk Manager must consult with University Counsel, the Office of Systemwide Risk Management, the California State University Risk Management Authority (CSURMA), and the State Office of Insurance and Risk Management (ORIM) to carry out this policy.

Departments are designated as risk owners and are the first line of responsibility for staying informed of risk management policies. They are responsible for managing the full life cycle of risks within their operations. The Risk Manager provides technical consultation and support to assist departments in meeting these obligations

Systemwide Guidelines:

Guideline documents issued by the Office of Systemwide Risk Management and CSURMA should be followed by the campus. The Risk Manager will assist in disseminating documents, requirements, and guidelines to appropriate campus administrators and in monitoring and implementing risk management policies and activities. Business decisions that deviate from established guidelines should be formally assessed, justified in writing by the divisional leadership and retained for production when requested.

Risk Management Programs:

The Department of Risk Management ensures that processes and control measures are in place to minimize exposure to risk, including:  transferring risk through third party waivers, hold harmless agreements, insurance requirements and programs, and contract indemnification language.  workers’ compensation,  youth protection, legal custodian, domestic and international travel, student placements and internships, Clery Act compliance and Environmental Heath and Safety programs, guidelines and/or assessments are also maintained.   In addition, the Risk Manager serves as a campus resource by collaborating with stakeholders to streamline processes, build partnerships, and develop risk mitigation procedures and guidance to support informed decision-making.

Departmental Risk Management Processes:

Department administrators will conduct ongoing risk assessments and implement mitigation procedures to ensure their operation adhere to systemwide policy and guidance. These assessments will include on-campus and off campus activities, including, but not limited to, continuity planning, cyber security and data protection, and hazards and injuries in the workplace or learning environment. 

Department administrators are responsible for incorporating lessons learned into their programs, processes and procedures  to minimize institutional risks through effective documentation and internal controls.

The Risk Manager will assist administrators in identifying risks, assessing the frequency and severity, selecting appropriate treatment strategies, and implementing controls that are monitored,  evaluated, and documented. Administrators are responsible for addressing resource needs related to the participation of their college and department. 

Multi-disciplinary Risk  Working Group:

The campus should maintain an advisory, multi-disciplinary risk working group composed of decision-making administrative personnel to coordinate an institutional risk assessment each fiscal year.

The Risk Manager may consult with Internal Audit, as appropriate, to inform the working group’s understanding of areas of concern.  This group  will meet periodically to facilitate an assessment, prioritization and/or review of campus-wide risks.  This coordinated approach will be proactive, reduce redundancy and improve awareness of risks that may affect campus priorities. 

Risk Management Report: