Risk Management

Goal: Support the various risk owner in managing risks in the University’s risk portfolio with a diversity, equity, or inclusion aspect.

Future State

  • All previously identified risks are adequately managed (to a residual risk of “green” as determined by the IRM Committee, JHU Leadership, and Trustees) 
    • Note 1: A “green” residual risk level is based on the tolerance for that risk, which depends on a number of considerations, including the benefits of the risk-producing activity and the cost of further risk reduction. 
    • Note 2: Each risk is explicitly “owned” by a Principal Business Owner and a Process Owner. 
  • The Chief Diversity Officer is a standing member of the IRM Committee and helps identify and monitor the DEI aspects of each risk 


The goal is always to reduce the residual risk to a level signified by “green.” Of note, that level in absolute terms can vary from risk-to-risk, because of risk-to-risk differences in (1) the University’s risk tolerance for the particular risk, (2) the risk in relation to the benefits of the risk-producing activity, and (3) the costs of further risk reduction. Some risks remain at a high level for many years, because they are so intrinsic to the “business” of higher education, whereas others are progressively managed to green over several years. Particular focus/priority is given to those issues that are deemed to have the highest inherent and residual risk, with an expectation of consistent progress, reviewed annually, towards green. Having said that, progress in managing the DEI aspects of a particular risk should keep pace with the management of other aspects of that risk. Specific timeline goals include: 

  • Y1, q1 – CDO will be added to the IRM Committee 
  • Y1, q3 – specific DEI risks from risk owners are identified and the owners are informed of the need to attend to the risk 
  • Y2, q1 – owners will share mitigation efforts to help reduce the DEI portion of the risk down one state (from red to yellow or yellow to green) and offer a timeframe (not to exceed 2 years) to accomplish the goal 
  • Y2, q3 – progress updates are received and the IRM Committee offers feedback and insight to leaders