Field Operational Planner - Risk Inventory

Type of Risk
Hazard Risks
Catastrophic natural event (earthquake, fire, flood, explosion, etc.) and
Property Hazard RIsks for Building, Contents, Business Interruption,
Extra Expense, Leasehold Interest, Accounts Receivable, Valuable
Papers, Fine Arts (if any), Computer breakdown, including loss of data,
arising from first party accidental or malicious incidents.

Pandemic

Vehicle Ownership and Non-owned and Hired Auto -

Third Party Liability - Contact your Campus Risk Manager

Employees - Contact your Campus Risk Manager

Financial Risks
Conflicts of Interest in financial transactions and agreements.

Reputational Risk
Policy not set annually
Partners go bankrupt
Breach resulting in lack of confidence and lose customer base.
Budget impairment
Non-compliant cost transfers
Insufficient oversight over third-party vendors
Improper governmental activities including bribes
Improper use of funds

Contract Review

Information Technology Risks

Hacking/Unauthorized/Inappropriate data modification/Lack of
Penetration Reporting & Analysis/Unauthorized modification of data

Decentralization of systems leading to data inconsistencies and

fragmentation
Breach/Disclosure of confidential information (personally identifying
information (PII) or health care info)

Obsolescence of systems/technology

Lack of Common Data Definitions

Inability to recover from system loss or extended downtime

Lack of Comfort with third-party vendor system security

Human Resources Risks

Personnel Issues or workplace violence

Liability for Electronic Health Records/Personal Information

Identifiers(PII)
Employing someone other than UC personnel
Reporting Serious Injuries

Workers Compensation and Employers Liability Claims

Employee Mental Health
Employee recruitment and retention

Research Risks
Research misconduct, such as falsification of data or results, or non-
disclosure of research dangers

Inadequate lab processes and practices for the promotion of

Environmental Health and Safety (EH&S)
Non-compliance with National Research Foundation, the Government of
Singapore

Intellectual Property & Patent Infringement

Contract & Grant Risks

Regulatory fines or penalties
Non-compliance with sponsoring agency regulations and agreement
terms and conditions
Cost sharing procedures are not compliant with the Government of
Singapore, National Research Foundation
Effort reports inaccurate, insufficient, or incomplete

Agreement terms and conditions not met, but funds used

Failure to maintain equipment inventories in accordance with grant
requirements
Sub-recipients not managed appropriately
Political Risk
Internet Access and cell phones filtered or blocked, safety concerns,
arrest, civil unrest, muggings /robbery, kidnap, customs, culture,
religion, dress, language, communication with emergency service, legal
differences, lack of family support, etc.

Legal & Other Considerations

Travel Insurance
Health travel information

Compliance Risks
Regulatory Fines or Penalties
Non-compliance with National Research Foundation, the Government of
Singapore

Inconsistent application of compliance policies and investigation

techniques

Insufficient response to new regulation

Cost sharing procedures are not compliant with National Research

Foundation requirements
Effort Reports inaccurate, insufficient, or incomplete
Agreement terms and conditions not met, but funds used
Failure to maintain equipment inventories in accordance with grant
requirements
Sub-receipients not managed appropriately
Assumption of inappropriate liability exposure

Facilities and Maintenance Risks

Deferred Maintenance

Laboratory safety
Facilities and Grounds Safety
Property Damage/Loss from fire
 Management and Mitigation

(1) Transfer the risk to insurance,(2) Business Continuity Planning, (3) Crisis
Management, (4) Communication and response protocals.

Pandemic Plans part of Business Continuity Planning, Crisis Management, and

Communication & response protocals.
Transfer the risk to insurance - If this vehicle is a rental, purchase liability and
physical damage insurance through the rental company. For long term leased
vehicle(s), please purchase local auto liability and physical damage insurance.
For borrowed vehicle(s), please ask the owner of the vehicle for the name of
their insurance company and policy number and confirm their policy will cover
you while driving.

Transfer risk to Insurance Policies, (1) General Liability, including Blanket

Contractual, Broadform Property Damage Liability, Products & Completed
Operations, Personal Injury, Media Liability, Employee Benefit Liability, (2)
Excess Liability, (3) Professional Liability/Professional Indemnity, (4) Intellectual
Property & Patent Infringement Liability, (5) Cyber Liability, including Privacy
and Security Liability & Crisis Management Costs, (6) Environmental Liability (if
any exposure)(7) Fiduciary Liability, (8) Employment Practices Liability, (9)
Directors & Officers Liability

Transfer risk to Insurance Policies, (1) Workers Compensation, (2) Employer's

Liability, (2) Commercial Blanket Bond,including Cyber Fraud, (3) Kidnap &
Ransom, including Cyber Extortion, (4) Group Employee Benefits, such as health,
dental, vision, short term disability, long term disability, and life insurance as
may be required

(1) Annual Conflict of Interest Reporting Systemwide by Designated Officials, (2)

Business Contract Policies, (3) Whistle Blower System, (4) Administrative
Responsibilities Handbook, (5) Internal Audit
(1) Separation of duties, (2) Commercial Blanket Crime Bond, (3) Internal Audit

(1) Review contracts for Vendors, Contractors & SubContractors to be sure that
there is a clause requiring that they furnish a certificate of insurance before the
start of work. (2) Request Certificates of Insurance in advance of starting work.

(1) Cyber Safety Programs, (2) Regular Penetration Reporting & Analysis

(1) Electronic Infomration Security, (2) Encryption of sensitive information, (3)

Ethics Compliance & Audit Program, (4) Timely Reporting to avoid fines,
penalties under Singapore Law

(1) System performance monitoring, (2) Systems life cycle management, (3) Help
desk reports
(1) Systems Development reviews and approvals, development and
maintenance standards, (2) Electronic Information Security and Change
Management

(1) Disaster Recovery Plans, (2) Business Continuity Plan, (3) Systemwide and
local backup and recovery policies and procedures, (4) Incident Response
Planning and Notification Procedures, (5) Emergency Plan testing

(1) Contract language, (2) Indemnity Requirements, (3) Certificate of Insurance,

(4) Monitoring to ensure systems meet requirements and are appropriately
secure

(1) Policies and Training, (2) Employee Assistance Programs, (3) Mediation
Services, (4) Workplace Violence Prevention
(1) Intellectual property management policies and programs, (2) Innovative
Access Programs
http://irc.nacubo.org/legal/Pages/default.aspx
(1) To Report Serious Injuries, please report by Internet for both domestic and
foreign injuries at website ops@eruopassistance-usa.com or call 1-866-451-
7606 (inside USA) or 1-202-828-5896 (outside USA call collect).

(1) Claims Management, (2) Claim reviews

(1) Statement of Ethical values and Standards of Ethical Conduct, (2) Work-Life
Balance, Wellness, and Training & Development
(1) Research Compliance Policies, (2) Ethics Compliance and Audit Program, (3)
Internal Control Program, (4) Whistle Blower Program, (5) Mandatory Ethics
Training

(1) Routings of transaction for approval before payment, (2) Certification of

payment in ledgers, (3) Whistle Blower System, (4) Ethics Compliance and Audit
Program, (5) General and Payroll Ledger Reviews, (6) PI Ledger Review

(1) Industry collaboration guides, (2) Web-based Resources, (3) Administrative

Responsibilities Handbook - Research Affairs: Intellectual Property

FY2009/10 Systemwide Compliance Risk Priorities, per the Systemwide

Compliance Plan and any updates thereto

FY2009/10 Systemwide Compliance Risk Priorities, per the Systemwide

Compliance Plan and any updates thereto

(1) Register with US State Department's Smart Traveler Enrollment Program

before Departure and keep the information up-to-date, sign up for their email
travel warnings, and review other services they offer, website @
http://www.state.gov/travel/ (2) Register with UC Trips, website @
http://www.ucop.edu/riskmgt/uctrips/ (3) Complete a UC Field Operational
Planner on line https://www.uctrips-insurance.org/ucop/

http://irc.nacubo.org/reportingcompliance/Pages/CompensatingHumanSubjectsforResearchStudiesConductedAbroad.aspx an

see UC website @ http://www.ucop.edu/riskmgt/uctrips/

Health Travel Information - see Centers for Disease Control & Prevention
website @ http://wwwnc.cdc.gov/travel/page/vaccinations.htm or the World
Health Organizations website @ http://www.who.int/ith/en/

(1) Ethics Compliance and Audit Program, (2) Internal Control Program, (3)
Whistle Blower System, (4) Administrative Responsibilities Handbook - Principles
of Regulatory Compliance
(1) Routings of transaction for approval before payment, (2) Certification of
payment in ledgers, (3) Whistle Blower System, (4) Ethics Compliance and Audit
Program, (5) General and Payroll Ledger Reviews, (6) PI Ledger Review

(1) Whistle Blower System, (2) Ethics Compliance and Audit Program, (3) Internal
Control Program, (4) Administrative Responsibilities Handbook - Principles of
Regulatory Compliance, (5) General and Payroll Ledger Reviews, (6) PI Ledger
Review

(1) Regular review of links to regulations on the internet, (2) Sign-up to be

notified of policy changes.

(1) Procedures to expend funds prior to receipt of award, (2) Appropriateness of

expenditures monitored General Ledger, Payroll Ledger, and PI Ledger Reviews

(1) Equipment and System maintenance plans, (2) equipment inventory

database

(1) Fire Prevention Plans and Policies, (2) Fire Drills, (3) Duplicate Records
Backup