Risk Assessment Introduction
Effective risk management is becomingly increasingly important in today's regulatory environment. Federal and state agencies expect that grantees have a good understanding of their risk profiles and have implemented the appropriate governance structure to mitigate their risks.
Conducting an annual risk assessment can allow an organization to obtain a holistic view of the risks it faces, allowing management to identify these risks and capitalize on opportunities. As the recipient of a federal grant, Utah State University GEAR UP Administrative Team (USU GEAR UP) conducts annual risk assessments of its GEAR UP sub-awardees and vendors. Below is the process for how USU GEAR UP conducts the annual risk assessments.
Identify a Sub-awardee's Risks
Consider what you define risk to be. A common definition of risk is any event that negatively influences an organization's ability to achieve GEAR UP goals. Risks affect an organization's ability to survive, successfully meet federal and state regulations, and maintain its financial strength and positive public image as well as the overall quality of GEAR UP products, services and people.
USU GEAR UP evaluates the following components in the Annual Risk Assessment.
- Program Activities as outlined in the Annual Workplan
- Finance/Budget
- Data Submission/Data Quality
Identify Risk Owners
For each of the risks categories listed above, USU GEAR UP identifies the most appropriate person to monitor and manage those risks - in other words, the risk owner(s). The risk owner is responsible for assessing risks and identifying associated controls. This role is also responsible for implementing and maintaining appropriate controls within its associated area of responsibility, and for reporting breaches of controls or risk appetite. This person is most often the GEAR UP Site Coordinator.
Identify the Controls to Mitigate & Reduce Risks
Working with the risk owners, USU GEAR UP will identify current controls that are in place to mitigate and/or reduce risk. Each control should also be assigned an owner or responsible party. This can be a functional responsibility, instead of an individual or specific person.
Assess Risk Potential and Impact
An organization's risk appetite is based on its own evaluation of the tradeoff between risk and return. Assessing the overall impact and likelihood of risk can aid USU GEAR UP in determining whether the sub awardee/vendor is operating within its stated risk appetite and should accept, reject or reduce risk. Working with the risk owners, USU GEAR UP evaluates each of the risks in the risk library, based on:
- Overall Impact or Significance - How big of an impact would this risk have if it were to occur? This impact should be considered, taking into account the mitigating impact of the risk controls and monitoring of risk controls.
- Likelihood - Consider how likely it is that this risk would actually occur after the mitigating effects of the risk controls. The evaluation of each risk can be on either a quantitative or qualitative basis, dependent on the availability of information or the confidence in approach.
Administrative Follow-up
USU GEAR UP will develop a unique follow-up plan for each sub-awardee/vendor based on risk rankings. If necessary, USU GEAR UP will devote resources where needed.
Assessments will be Revisited Annually
Assessments will be completed on an annual basis for each subawardee/vendor. The risk assessment is a living process and should be conducted on at least an annual basis, and certainly more frequently if there has been a substantial change in the sub-grantees/vendors risk profile. Additionally, it is a valuable exercise to re-visit the sub-grantees/vendors risk library annually, as risks and definitions may develop and change from year to year.
Risk assessment allows USU GEAR UP A-Team to assess the sub-grantees/vendors risks and controls and devote resources where needed. Evaluating the financial impact and likelihood of each risk can be helpful when prioritizing the sub-grantees/vendors risks. Identifying risk and control owners helps to clarify roles and responsibilities in the company and promotes accountability.
The risk assessment process is ongoing and should be revised over time. It can take several iterations before you have a complete picture of the sub-grantees/vendors risks and truly understand the controls and processes that mitigate them. The outcome of the process gives USU A-Team and grant collaborators a better understanding of the sub-awardees/vendors risk profile and the importance of the control environment in mitigating risk.
Risk Management Plans
Detailed plans should be developed, shared, and agreed upon for any sub-recipient who receives a medium or high-risk score. These should provide specific guidance as to how the school or district can return to compliance and improve their processes in the fields of programming, finance, and data. While each workplan can be customized to address specific issue areas, developing overarching expectations and follow ups for each risk area can help to add structure and ensure all sub-awardees are given the same opportunity in improving.
Below are general guidance points for each of the risk areas in the workplan and finance sections, as well as an example of a full Risk Assessment and Management plan for a USU STAR! School.
Workplan Management Plan
Student Services Activities: Score 10 points - Highest possible risk
- Student services are the major focus of the workplan. Required activities are an extension of the GEAR UP definitions of services and activities. As such, they should be completed at the appropriate times.
- Failure to complete activities will be noted in the monthly SCRIBE data check. A written response will be required to explain the reason the service did not occur.
- Frequent postponing or cancellation of activities will result in a discussion with the Site Coordinator and administrator to determine the best method for implementing the services in the future.
Professional Development Activities: Score 6 points - Highest possible risk
- Teachers receiving professional development indirectly impacts students. Site Coordinators are required to attend monthly meetings and weekly conference calls. Failure to do wo will result in correspondence to the Site Coordinator asking for an explanation. A second missed meeting without prior notification will result in correspondence to the school Administrator informing them of the second absence.
- Professional development for Teachers is critical to their success as a teacher. USTA is a required professional development for cohort teachers. Every attempt will be made to recruit teachers to attend this conference. Should there be a difficulty enlisting a teacher to attend, the administrator will be contacted to ask for a referral.
Grant Implementation Activities: Score 8 points - Highest possible risk
- The Site Coordinator is the liaison between the school and the Program Coordinator. It is imperative that each program hire a qualified Site Coordinator in a timely fashion. Should this not occur, the administration will be contacted and asked to assist.
- It is important for all parties at the school to understand the purpose and functions of GEAR UP. Therefore, an implementation meeting is required to occur minimally at the beginning of each school year. Each Site Coordinator is encouraged to have quarterly meetings with their administration.
- GEAR UP is part of a national organization. Therefore, participation in the National GEAR UP week is required. Some activity during, or close to that week is expected. Should it not occur, it will be required to be rescheduled.
- Requirements to collect and report data are an integral part of this project. Parent and student surveys are the method used to collect information. Completion rate for Student surveys is 80% and parent surveys is 50%. Once the deadline has past, each site will be given a report of their survey status. The Site Coordinator will submit in writing their plan for survey completion. After the second deadline occurs, the administration will be contacted for ideas to facilitate survey completion.
Activity Completion timeline: Score 6 point - Highest possible risk
- The workplan is a document that is included in the subaward documentation. Therefore it is a binding document that schools must adhere to. However, extenuating circumstances and unforeseen situations arise. When a service on the work plan is rescheduled, justification must be provided in writing.
- The monthly SCRIBE data report will indicate scheduled, yet not completed activities. These reports will be monitored.
- After three rescheduled or cancelled activities, the administrator will be notified and asked for suggestions for timely activity implementation.
Finance Management Plan
Risk Factor |
Response for Medium Risk |
Response for High Risk |
Timeliness of Invoice Submission |
- Invoices are due and submitted monthly. No reconsideration of a different timeline.
- Invoices are due prior to the general deadline, i.e., not later than the 13th of each month. Reconsider after 6 months of on time performance.
|
- Invoices are due and submitted monthly. No reconsideration of a different timeline.
- Invoices are due prior to the general deadline, i.e., not later than the 10th of each month. Reconsider after 6 months of on time performance.
|
Invoice Adjustments/Response Rate |
- Bring responses to inquiries or questions to within 1 week of first notice.
- Bring invoices to a rate of zero missing or unallowable items.
- Invoices will include documentation of all expenditures including receipts, number of students served, workplan area met, budget line item that is being expensed. Reconsider reducing documentation requirements after 6 months acceptable performance.
|
- Bring responses to inquiries or questions to within 1 week of first notice.
- Bring invoices to a rate of zero missing or unallowable items.
- Invoices will include documentation of all expenditures including receipts, number of students served, workplan area met, budget line item being expensed. Reconsider after 6 months acceptable performance.
- The Principal will review and sign Invoiced receipts prior to submission for invoicing. Reconsider after 6 months acceptable performance.
|
Expenditures are Part of Approved Budget |
- Any exspense over $1,000 whether for a single item or in aggregate must have preapproval of the GEAR UP office. Reconsider raising the threshold to $2,000 after six months acceptable performance.
- Any total expense variance greater than 5% for any budget line item must have approval of the GEAR UP office. Reconsider raising the threshold to 10% per line item after six months acceptable performance.
|
- Any expense over $500 whether for a single item or in aggregate must have preapproval of the GEAR UP office. Reconsider raising the threshold to $1,000 after six months acceptable performance.
- Any total expense variance greater than 5% for any budget line item must have approval of the GEAR UP office. Reconsider raising the threshold to $1,000 after six months acceptable performance.
- No GEAR UP funded out of state student travel, either entirely or in part, for at least one year.
- As much as possible, the budget must detail every salary, benefit, expense, trip, and professional development cost as a separate line item.
|
Rate of Spending and Match |
- Bring quarterly rate of spending and match closer to 25% (+ or - 7%) of allocated subaward. Reconsider expanding leeway to + or - 10% after one year's acceptable performance.
- Quarterly conference calls with GEAR UP Partner School, and District Finance to review and track spending and match. Reconsider to quarterly conference calls after six months of meeting performance goal.
- Semi-annual desk audits, or on site audits, of GEAR UP financial and business officers. Reconsider reducing frequency to annual audits after one year's acceptable performance.
|
- Bring quarterly rate of spending and match to 25% (+ or - 5%) of allocated sub-award. Reconsider expanding leeway to + or - 10% after one year's acceptable performance.
- Monthly conference calls with GEAR UP Partner School, and District Finance to review and track spending and match. Reconsider to quarterly conference calls after six months of meeting performance goal.
- Immediate GEAR UP funds and match audit by Utah State University personnel. Follow up audit at one year after the initial audit. Reconsider no annual audits after the 1-year follow up audit, if the 1-year follow up audit demonstrates acceptable progress.
- Quarterly desk audits, or on site audits of GEAR UP funds and match by GEAR UP financial and business officers. Reconsider reducing frequency to semi-annual audits after one year's acceptable performance.
|
Revising Budgets More Than Once Per Year |
Single budget revision was submitted after December 31 deadline. |
Multiple budget revisions were submitted and revisions were submitted after December 31 deadline. |