Enterprise Risk Management
Risk Assessment Tools FAQs
Which tool is the best fit for my needs?
The right tool for you varies based on the ERM goals of your organization, the types of risk you are considering, and your specific needs. The flowchart below may assist in helping you determine the best tool for your needs:
What are the minimum system requirements to use these tools?
These tools are built in Microsoft Excel 2010. They are Macro-Enabled Excel Workbooks (.xlsm format), and work best in Microsoft Excel 2010. Their graphics and charts have limited functionality or lower fidelity in Microsoft Excel 2007 and previous versions, but the basic calculations will still operate properly. If you require an earlier version of this tool, or have questions about using an earlier file format, please contact the ERM Service Desk at firstname.lastname@example.org.
In addition, the files themselves are not especially large (200K-500K), but it is recommended that you only use one of these tools open at a time and save your progress frequently. Machines with lower performance specifications may experience lag when using the most complex tools in the suite.
All I see here are samples. How do I get the complete version of the tool I want? Do I need to register or pay a fee to use these tools?
Some tools are available free of charge as a public service and outreach effort of the UCOP Office of Risk Services. However, we do ask that you provide us with some basic information to assist us in understanding how these tools are being used. This helps us ensure we are continuously evolving the tools in our toolkit to meet the needs of our users. Please first determine which of the tool(s) you would like to use. Then contact us at email@example.com with the following information:
- Your name and title
- Your organization
- Your phone number
- Your e-mail address
- The name(s) of the tool(s) you would like to use
- A brief description of how you intend to use the tool(s)
Can I use the tools by myself or are they better in a facilitated or group setting?
Both methods can be effective, depending on your specific goals. In general, including an interdisciplinary group in the risk assessment process generates a more complete and better rounded result, but the tools can be used either individually or in a group setting. If you would like assistance with your risk assessment facilitation, please feel free to contact the ERM Service Desk at firstname.lastname@example.org, and we would be happy to assist you.
What is ERMIS and how do I know if I need to use it?
ERMIS is the Enterprise Risk Management Information System used by the UC to provide Dashboard Reports and periodic management reports across the system. View more detailed information about ERMIS.
My computer said there was a security issue with the file when I opened it. Help!
The most common security alert upon opening one of the tools is related to each tool’s macro. The only macro included in the tool is the one that allows you to export the data entered into the tool to a comma-separated value (.csv) format file. If you do not need to export the data to a csv format, then you do not need to enable the macros. All other functionality will not be impacted.
Another common security alert is that your computer’s security settings are set too high to allow macros. To modify your computer’s security settings, you will likely need to contact your system administrator or local IT support to modify this setting. We strongly recommend complying with your local IT security policies in these matters. For alternate instructions to export this data, contact the ERM Service Desk at email@example.com.
I’m experiencing a technical problem with one of the tools. Help!
Technical difficulties should be reported to the UCOP ERM Help Desk at firstname.lastname@example.org at your earliest convenience and we’ll be happy to help. Please include the name of the tool you are using and a description of the difficulties you are encountering.
How do the calculations behind each tool work?
The specific calculations vary from tool to tool, but the same basic principles are followed throughout:
- Start by defining scales for factors such as the impact and likelihood of risk-related events, and decide how each aspect should be weighted. For each factor, there are five points on the scale, ranging from Very High to Very Low. Some factors use specific words to help describe them better.
- Identify potential risk-related events or use the list of risks provided in the tool.
- Assess each risk by choosing scales to describe how likely it is and how severe it might be, among other factors. Each scale you select corresponds to a value. Those values are combined to generate a score and plot a risk rating based on a discretely defined chart.
- Each risk’s rating is shown as “Adequately Controlled”, “Potentially Over-Controlled”, “Potentially Poorly Controlled”, or “Poorly Controlled”.
I have an idea for a tool, who can I talk to about creating it? These seem specifically tailored to serve the University of California. Can I get a version to modify on my own or suit to my organization?
There are always new ways to configure your understanding of the risks your organization faces, and we would be happy to work with you to create other tools to add to this ERM toolbox. Please contact the ERM Service Desk at email@example.com with a brief description of your idea and a way to get in touch with you.