In 2013, the Board of Directors created a new risk management process. Through this process, the risk management committee developed a list of risks, categorized, assessed, and ranked risk. The Board selected the top 12 risks. These included risks involving financial controls, brand image, IT, compliance, revenue, privacy, staffing. Management/mitigation plans were developed, shared with the Board, and are operationalized, with a schedule to review and re-visit periodically.
In 2018, the Risk Management Committee looked at separating Operational Risks from Strategic Risks. The 12 Operational Risks are now managed and monitored by the management team. The top 3 Strategic Risks will be managed by Board of Directors.
A risk evaluation was completed in 2022 by management, and the risks were re-assessed by consequence and likelihood based on the implementation of mitigation plans. This resulted in an adjustment/ re-ordering of the risks.
Risk Management Process