Mo. ° / °
Ariz. ° / °
Calif. ° / °
Request info Apply
Enterprise Risk Management
Image of ATSU Students on Campus sharing homework

Enterprise Risk Management

​The Enterprise Risk Management (ERM) process consists of the steps below and is repeated every two years. In addition to the formal ERM process, the Risk Management & Compliance Committee continually monitors emerging risks.

Further details are contained in ATSU’s Risk Management Plan, a copy of which is available upon request to the Office of Vice President & General Counsel.

  • Enterprise risk management steps +

      1. Risk Identification. Risk Management & Compliance Committee members (consisting of President’s Cabinet, deans or his/her designee from each school/college, and other senior administrators) individually identify risks related to their departments/areas. A comprehensive, categorized list of risks is developed.
      2. Risk Assessment. Using a survey tool, the Committee rates the identified risks in two areas: likelihood and impact. A heat diagram is used to identify several priority risks.
      3. Risk Mitigation and Response Plans. Responsible administrators for each priority risk work with their departments to develop risk mitigation and response plans, with the assistance and approval of the vice president and general counsel.
      4. Risk Reporting. The President provides an annual report to the Board of Trustees detailing priority risks, the nature of each risk, the senior administrator assigned to each risk, and the risk mitigation and response plan for each priority risk.
      5. Risk Monitoring. The senior administrator assigned to each risk is responsible for monitoring the risk mitigation and response plan, and provide reports and updates to the vice president and general counsel and the Risk Management & Compliance Committee.

  • Priority Risks from 2018-20 ERM cycle +

    • The priority risks identified in the 2018-2020 ERM cycle were as follows. It should be noted these were addressed as “potential” risks, not necessarily risks that had actually occurred.

      1. HIPAA compliance

      2. Safety of minors on campus or receiving care at ATSU clinical sites or participating in ATSU sponsored events

      3. Availability of mental health wellness resources for students

  • Priority Risks from 2020-22 ERM cycle +

    • The priority risks identified in the 2018-2020 ERM cycle were as follows. It should be noted these were addressed as “potential” risks, not necessarily risks that had actually occurred.

      1. Compliance with new and disparate federal and state laws and regulations
      2. Sufficient number of clinical rotation sites
      3. Planning and allocation for future IT challenges and opportunities
      4. Consistent best practices across all ATSU patient care centers

  • Priority risks from 2023-25 ERM cycle +

    • The priority risks identified in the 2023-20225 ERM cycle were as follows. It should be noted these were addressed as “potential” risks, not necessarily risks that had actually occurred.

      1. Patient Care Centers: Failure to maximize the operational effectiveness of ATSU patient care centers in support of our ATSU mission in clinical education, research, and service.
      2. Student Recruitment and Retention: Failure to maintain a large enough and diverse applicant pool to fill all programs with students who can progress academically through ATSU programs.
      3. Workforce: Disruption of operations due to the loss of key employees with institutional knowledge and/or the inability to fill positions with diverse and qualified applicants.