Executive Policy Manual

EP06 – Policy on Risk Management

Revision Approved August 17, 2020

Policy

The University’s Risk Management Program identifies, assesses, and addresses risks that could cause injury or property damage, or that could interfere with the University’s ability to fulfill its or achieve its goals. All University employees and students must strive to reduce the risk of injury and accidental loss to the greatest extent possible, consistent with carrying out the University’s mission and goals.

Risk Management Executive Committee (RMEC)

Purpose

The RMEC implements the Enterprise Risk Management (ERM) process at WSU. ERM provides the governance, framework, and guidance for assessing and addressing “enterprise risks.” Enterprise risks are not the traditional operating risks managed on a day-to-day basis, but rather are potential obstacles or occurrences that could threaten the University’s ability to meet its mission and goals. RMEC also provides support to the Risk Management Advisory Group (RMAG) and Risk Management Services (RMS).

Composition

RMEC is chaired by the Vice President for Finance and Administration. Core members include the Vice President for Research, the Vice President for Student Affairs, the Vice President for Information Technology Services and Chief Information Officer, the President’s Chief of Staff, the Provost, and a chancellor from a non-Pullman campus (on a two-year rotating basis). Other individuals, including those participating on an advisory basis, are asked to participate at the discretion of the chair.

Responsibilities and Authority of RMEC

The RMEC has responsibility and authority for the following:

  • With the assistance of RMS and RMAG, coordinating the ERM process by:
    • Identifying, assessing, and prioritizing enterprise risks;
    • Developing timetables and plans for mitigation; and
    • Planning oversight, monitoring, and appropriate follow-up.
  • Considering and recommending to the President and Board of Regents, as applicable, risk management proposals that require additional funding or proposed policy changes.
  • Communicating with University leadership about risk management policy and strategy and providing annual updates to the University’s Board of Regents.
  • Sending requests to the RMAG for research and development of options or recommendations on risk management issues.
  • In collaboration with unit leadership and RMAG, issuing cease and desist notices to WSU employees, students, or units when it determines that an activity presents an unreasonable threat to health, safety, security, or property.

In addition to the above, RMEC has authority to halt any operation or activity occurring on WSU property that presents an unreasonable threat to health, safety, security, or property. The following guidelines apply:

  • This authority is exercised in collaboration with RMAG and unit and campus leadership when possible.
  • Prior to ordering the cessation of an activity or operation, RMEC may issue a cease and desist notice to the WSU employees, students, or units, or non-WSU individuals or operations, involved.
  • Except for situations involving a likelihood of imminent harm, RMEC issues an order mandating cessation of activities or operations only after the party subject to the action has received a cease and desist notice or has otherwise been warned in writing and given an opportunity to correct the situation.
  • If there is an emergency need for immediate action, the Vice President for Finance and Administration, the campus Chancellor, or the Vice President for Research for research related activities, has authority to order a temporary halt to any activity or operation not to exceed fourteen (14) days.
  • Individuals subject to action under this paragraph are provided with an opportunity to meet with the appropriate risk management body as quickly as feasible to provide information and/or evidence of remedial measures they believe warrant resumption of the operation or activity.

Risk Management Advisory Group (RMAG)

The RMAG is appointed by the President and provides recommendations to the RMEC and RMS on the structure, policies, and operation of the University’s risk management program. The RMAG also provides risk management guidance, support, and advice to WSU units, students, and employees.

Risk Management Services (RMS)

RMS, a part of Finance and Administration, coordinates and evaluates the risk management program for the University and has responsibility and authority for the following:

  • Coordinating and supporting the RMAG;
  • Providing support for the RMEC;
  • Coordinating and collaborating with the Attorney General’s Office to solicit and receive legal advice as needed;
  • Assessing risk through identifying, measuring, and evaluating risk exposures;
  • Determining the potential impact of University actions on liability exposures;
  • Providing recommendations and options to decision-makers on risks to be retained and risk and loss control options, including types, limits, and costs of insurance coverage options to protect the University’s resources;
  • Purchasing and administering all University liability, property, and other insurance coverages;
  • Administering or contracting self-insurance program claims and recommending adjustments or settlements of insured or self-insured losses;
  • Leading and coordinating the selection of insurance-related services, such as brokerage and/or claims administration services;
  • Collaborating with the workers’ compensation program;
  • Maintaining close liaison with the Department of Environmental Health and Safety (EH&S) and other University departments having responsibility for health, public safety, safety, security, or insurance issues;
  • Maintaining close liaison with the state Department of Enterprise Services’ Office of Risk Management and other state and federal agencies;
  • Providing or coordinating training, websites, tools, information, and other resources to the WSU community to increase risk awareness and reduce risks and losses;
  • Developing and implementing a strategic plan for RMS;
  • Reporting to departments about the frequency and severity of accidents, injuries, liabilities, and other risk management activities; and
  • Acting as a resource for WSU regarding risk management issues.

Individual and Unit Responsibilities

All University employees and students are responsible for taking steps to reduce the risk of injury and accidental loss to the greatest extent possible, consistent with carrying out the University’s mission and goals. Individuals must identify and implement:

  • Risk controls to prevent and reduce the frequency and severity of injury to persons, and damage to WSU’s finances, property, and reputation; and
  • Loss controls to prevent and reduce the frequency and severity of losses and to recover from losses as quickly as possible.

RMS is available to assist individuals and units with this process. (See Assistance.) Individuals and units are strongly encouraged to consult with RMS on issues, situations, or events that pose high or unusual risks.

Risk Controls

Risk controls prevent injury to persons and damage to WSU’s finances, properties, and reputation. Risk controls include:

  • Avoidance (eliminate activity or product);
  • Purchase (purchase activity or product with a written contract);
  • Prevention (training, personal protective equipment);
  • Reduction (fire detectors and sprinklers, fume hoods);
  • Separation (flammable storage room or cabinet);
  • Duplication (cross training staff, same process in two locations); and
  • Combination of controls.

Loss Controls

Loss controls reduce the frequency and severity of losses and recover from losses as quickly as possible. Loss controls include:

  • Loss Recovery Planning and Implementation (establishing a business continuity plan using WSU Ready on the Office of Emergency Management website);
  • Insurance (purchasing insurance to recover losses when they occur);
  • Transfer by contract (establishing contracts to transfer responsibility for payment of losses to activity or product contractor);
  • Self-Fund/Self Insure (establishing a dedicated cash reserve for loss).

Risk and Loss Management Process

The risk and loss management process includes:

  • Identification (identification of risks and losses specific to operations and locations);
  • Analysis (analysis and development of the following):
    • Risk controls to reduce the frequency and severity of risks for injury to persons and damage to WSU’s finances, properties, and the reputation of operations and locations;
    • Best loss controls to reduce the frequency and severity of losses for operations and locations; and
    • Emergency response and business continuity plans for loss events for operations and their locations;
  • Financing and Implementation determination of methods to finance and implement risk and loss controls for operations and locations);
  • Monitoring (monitoring risks and potential losses on an ongoing basis to determine whether measures taken are still appropriate).
Assistance

Contact WSU Risk Management Services (RMS) for assistance; telephone 509-335-3041; e-mail riskmanagement@wsu.edu.