Scribd Logo
Upload

Welcome to Scribd!

  • Contractriskassessment5 15 19

    Uploaded by

    Sa
    4 views4 pages
    The document provides guidance on completing a Contract Risk Assessment for UIC contracts. A Contract Risk Assessment is required for contracts valued at $250,000 or greater to analyze risks and determine if additional oversight is needed. It should also be completed for lower value contracts if high risk factors exist, such as contracts involving personal data, healthcare services, or intellectual property. The Risk Assessment involves assigning risk scores of 1 to 3 for various risk factors to determine the level of monitoring and oversight required.

    Original Description:

    Original Title

    contractriskassessment5-15-19 (1)

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document provides guidance on completing a Contract Risk Assessment for UIC contracts. A Contract Risk Assessment is required for contracts valued at $250,000 or greater to analyze risks and determine if additional oversight is needed. It should also be completed for lower value contracts if high risk factors exist, such as contracts involving personal data, healthcare services, or intellectual property. The Risk Assessment involves assigning risk scores of 1 to 3 for various risk factors to determine the level of monitoring and oversight required.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    4 views4 pages

    Contractriskassessment5 15 19

    Uploaded by

    Sa
    The document provides guidance on completing a Contract Risk Assessment for UIC contracts. A Contract Risk Assessment is required for contracts valued at $250,000 or greater to analyze risks and determine if additional oversight is needed. It should also be completed for lower value contracts if high risk factors exist, such as contracts involving personal data, healthcare services, or intellectual property. The Risk Assessment involves assigning risk scores of 1 to 3 for various risk factors to determine the level of monitoring and oversight required.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 4

    Contract Risk Assessment

    In accordance with UIC’s Contract Monitoring Policy & Procedures, for certain contracts, a Contract Risk Assessment should be
    completed to analyze the risks of the contract and whether additional Central Office involvement may be required. This tool also
    assists the User Department and Central Office in identifying specific areas that may require heightened monitoring.

    A Contract Risk Assessment should be completed for all contracts with a value of $250,000 or greater.

    For contracts below $250,000, a Contract Risk Assessment should be completed only if other "High Risk" factors are known to
    exist. These include:
    A. Contracts defined as “High Risk” in the Risk Management Insurance Matrix: https://www.obfs.uillinois.edu/bfpp/section-6-
    insurance/determine-minimum-insurance-requirements-vendors;
    B. Contracts for services that involve the sharing or transfer of personal data or sensitive data with outside entities (including
    data subject to European Union General Data Protection Regulation (EU GDPR), HIPAA, FERPA, export controls, etc.);
    C. Contracts for the provision of healthcare or administrative services (e.g., coding, claims processing, transcription) or any
    service/activity that requires receipt, transmission, use or disclosure of Protected Health Information (PHI);
    D. Contracts that involve intellectual property licensing; and
    E. Contracts that involve non-disclosure agreements (NDA’s).

    How do I use the Contract Risk Assessment?


    You will assess a Risk Score for each Risk Factor listed in the Contract Risk Assessment Matrix of 1 (Low Risk), 2 (Medium Risk), or 3
    (High Risk).

    What is the impact of the Risk Scores?


    If the Risk Score for any single Risk Factor is 3 (High Risk), please contact the Central Office to discuss whether additional Central
    Office involvement is required.
    For any Risk Factor(s) that are scored as 2 (Medium Risk) or 3 (High Risk), the Contract Monitor should ensure that heightened
    monitoring occurs to mitigate the associated risk(s).

    Contract Risk Assessment 3/20/19


    Contract Risk Assessment Matrix

    1 (Low Risk) 2 (Medium Risk) 3 (High Risk) Risk Comments


    Risk Factor Score
    (1-3)
    1 Contract Less than $10,000 to $250,000 or Greater
    $ $10,000 $249,999
    Amount
    2 Risk Tier 3 – Low Risk Tier 2 – Medium Tier 1 – High Risk
    Management Risk
    Insurance Matrix
    Tier Level, see
    https://www.obf
    s.uillinois.edu/bf
    pp/section-6-
    insurance/deter
    mine-minimum-
    insurance-
    requirements-
    vendors
    3 Sharing or No personal data or N/A Personal data or
    transfer of sensitive data is sensitive data is being
    personal data or being shared with shared with outside
    sensitive data outside entities entities
    with outside
    entities
    (including data
    subject to
    European Union
    General Data
    Protection
    Regulation (EU
    GDPR), HIPAA,
    FERPA, export
    controls, etc.)

    Contract Risk Assessment 3/20/19


    1 (Low Risk) 2 (Medium Risk) 3 (High Risk) Risk Comments
    Risk Factor Score
    (1-3)
    4 Intellectual Contract does NOT Contract involves Contract involves
    Property involve intellectual intellectual intellectual property
    Licensing property licensing property licensing licensing and has
    specific requirements,
    such as number of user
    seats or instances;
    term limitations; or
    impact to other
    University systems
    5 Provision of Contract is NOT for N/A Contract is for
    healthcare or provision of provision of healthcare
    administrative healthcare or or administrative
    services (e.g., administrative services or any
    coding, claims services or any service/activity that
    processing, service/activity that requires receipt,
    transcription) or requires receipt, transmission, use or
    any disclosure of Protected
    transmission, use or
    service/activity Health Information
    that requires disclosure of (PHI)
    receipt, Protected Health
    transmission, Information (PHI)
    use or disclosure
    of Protected
    Health
    Information
    (PHI)
    6 Non-Disclosure Contract does not N/A Contract involves one
    Agreements involve an NDA or more NDA’s
    (NDA’s)

    Contract Risk Assessment 3/20/19


    1 (Low Risk) 2 (Medium Risk) 3 (High Risk) Risk Comments
    Risk Factor Score
    (1-3)
    7 Impact of Contracted Contracted Contracted Supplies or
    Supplies or Supplies or Supplies or Services are Critical to
    Services to Services are not Services are User Department’s
    User essential to User moderately Operations
    Department Department’s essential to User
    Operations Operations Department’s
    Operations
    8 Past Past performance User Department Past performance by
    Performance by Contractor met has not previously Contractor did not
    or exceeded User worked with meet User Department
    Department Contractor. expectations.
    expectations
    9 Number of More than 5 years 1-5 years Less than 1 year
    years in or
    business Intergovernmental
    Agreement
    10 User User Department User Department User Department
    Department Contract Monitor Contract Monitor Contract Monitor has
    Contract has extensive has limited no experience with
    Monitor experience with experience with contract type/subject
    experience contract contract matter
    with contract type/subject type/subject
    type/subject matter matter
    matter

    Contract Risk Assessment 3/20/19

    You might also like