URMIA Journal

Highlighting innovative and eﬀective higher education risk management solutions.

2016

UNIVERSITY

RISK MANAGEMENT

AND INSURANCE

ASSOCIATION

Wise men say, and not without reason, that whoever wished to

foresee the future might consult the past.

— Niccolò Machiavelli,

taliaN ReNaissaNce histoRiaN, PoliticiaN, aNd PhilosoPheR

Table of Contents

9 Greeks and Risk: Lessons from Claims

Melanie Bennett, United Educators

19 “Yes Means Yes”: The Modern Movement for Colleges and Universities to Adopt Afﬁrmative

Consent as a Way to Mitigate the Risk of Sexual Assault on Campus

Allison Ayer, Esq., Vrountas, Ayer & Chandler, P.C.

29 Legionella in the Bronx: Lessons Learned in Minimizing Complex Risk

Howard N. Apsan, PhD, e City University of New York

37 Mission Possible: Mission Continuity Planning at the University of Pennsylvania

Benjamin Evans, ARM, Dr. Anita Gelburd, and Janet Plantan, University of Pennsylvania

51 Episodes of Violence During Ethnographic Fieldwork in the ‘Hood’: A Case Study Exploring a

University’s Response to Increased Risks

Marta-Marika Urbanik, Philip G. Stack, and Linda Hui, University of Alberta

61 Identifying and Assessing Risks in Campus Recreation Programs and Facilities

Ian McGregor, SportRisk, and Zachary Giﬀord, California State University - Oﬃce of the Chancellor

69 Using Analytics as Part of Institutional Risk Management

Mya Almassalha, JD, MBA, Encampus

77 An Alternative University Enterprise Risk Management Framework

Francisco Figueroa, Texas Tech University

A Professional Non-Proﬁt Forum for the Exchange of Information, Concepts,

Practices, and Developments Among Higher Education Risk Managers

URMIA National Ofﬁce

PO Box 1027

Bloomington, Indiana 47402

Tel. (812) 727-7130 FAX (812) 727-7129

E-mail: [email protected]

Web: www.urmia.org

OFFICERS

President

Donna McMahon, MBA, MS

University of Maryland, College Park

President-Elect

Kathy E. Hargis, MBA

Lipscomb University

Secretary

Cheryl Lloyd

University of California, Ofﬁce of the

President

Treasurer

Tish Gade-Jones

Nebraska Wesleyan University

Parliamentarian

Michael J. Gansor, DRM, CPCU, ARM, AAI,

AU, AFSB, LUTCF

West Virginia University

Immediate Past President

Marjorie F.B. Lemmon, ARM, CPCU

Yale University

DIRECTORS

Sally Alexander, BA, LLB, MEPM, ARM (’16)

Colorado State University

Allan Brooks, CPCU, ARM, ARe, AU (’18)

Chapman University

Steve Bryant, CRM, ARM, DRM (’16)

Texas Tech University System

Luke Figora (’17)

Northwestern University

Keswic Joiner (’17)

Minnesota State Colleges and Universities

John McLaughlin (’18)

Arthur J. Gallagher Risk Management

Services

Kimberly Miller (’18)

Ball State University

Jordana Ross, ARM, CRM (’17)

Seattle Paciﬁc University

Barbara Schatzer, MBA, ARM, DRM (’16)

University of San Diego

Lisa Zimmaro, Esq. (’19)

Temple University

University Risk Management and Insurance Association

The host city of URMIA’s 47

Annual Conference - San Diego, CA

Photo courtesy of Flickr user William Garrett, https://ﬂic.kr/p/kpTPzR

URMIA Journal

2016

It is with great pleasure that I welcome you, our readers, to enjoy with me the wonderful

articles that you will ﬁnd in the 2016 edition of the URMIA Journal. If you’ve been in

higher education long enough, the list one can come up with of possible risks in higher

education institutions is quite long. e list will likely begin with hot topics of new or

emerging risks to our institutions and may or may not include long standing issues that

made the list long ago that are often viewed as “managed” risks – as in past risks.

As you look at this year’s table of contents, you will ﬁnd that many of these articles

are not addressing new risks but perhaps variations on a long ago identiﬁed risk. is

year’s articles also oﬀer novel, unique ways of assessing and mitigating these risks. And

many oﬀer us a glimpse inside risk management at other institutions of higher education,

providing the reader with valuable and immediately applicable lessons and ideas. In higher

education risk management, what was once old is new again; really new might be learning

to use analytics as part of risk management – how to demonstrate the value of risk

management to administration!

When the recession of 2008 hit, it proved to be one of the greatest shakeups in higher

education history and illustrated that temporary changes designed to get through the

rough patch allow problems that already exist to resurface. However, the recession proved

to be a signiﬁcant catalyst for establishing change that eventually moved to system-wide

reviews, analysis, and reorganizations. ese changes brought challenges that forced

institutions to rethink strategies and operations that would allow them to achieve their

missions in sustainable ways.

While enterprise risk management (ERM) is not a cure all, robust engagement in

enterprise risk oversight can strengthen an organization’s resilience to signiﬁcant risk

exposures. e easy part is identifying the risks. e more diﬃcult parts are maintaining

the structure, establishing enterprise-wide risk mitigation plans, and monitoring the status

of each risk periodically. Risk managers understand these challenges better than anyone.

Colleges and universities have many stakeholders who invest their time, talents,

and resources to further the objectives of educating students, studying the unknown,

and attacking ethical and moral dilemmas. eir investment implies a desire to see the

institution ﬁnd innovative and more eﬀective ways to achieve these objectives—that is,

take risks. Risk management should be mission-centered, strategic, and broad enough

to capture those issues that are of fundamental importance to the ongoing success and

mission of the institution.

Many thanks to the sponsors who help provide this wonderful publication to all the

higher education risk management professionals and to the talented and thoughtful

writers of these ﬁne articles that show us they are on top of things and helping us stay on

top of them, too.

Donna McMahon, MBA, MS

Assistant Director and Risk Manager

University of Maryland, College Park

URMIA President, 2015-2016

From the President

2016 URMIA Journal Sponsors

CHIMERA is a comprehensive safety software

system, which incorporates various modules and

consolidates the collection and reporting of safety

information. Through a diverse selection of tools,

CHIMERA is very user friendly and has ﬂexibility that

enables its users to manage their safety programs

efﬁciently and effectively.

CHIMERA provides clients with a:

• Chemical inventory management and reporting application that

incorporates SDS and hazard information

• Fume hood, kitchen hood, ﬁre extinguisher, AED, and eye wash /

shower inspection reporting application

• Fire and life safety, occupational safety and health, environmental

management, and radiation safety inspection reporting application

• SDS application only

CHIMERA

Johnny Centineo:

johnny.centineo@unlv.edu

Robert Deaver:

robert.deaver@unlv.edu

702-895-4226

rms.unlv.edu/chimerasales

URMIA thanks each of the ﬁnancial contributors who supported the publication of the 2016 edition of the

URMIA Journal:

Terra Dotta software mitigates risk by tracking

student and faculty travel anywhere in the world.

You can track study abroad travel, side trips,

and incident reports; send emergency SMS text

messages; and locate students, staff, and faculty

instantly with Terra Dotta software. Our software

manages the life cycle of enrollment management

and allows your ofﬁces to be paperless and more efﬁcient—while keeping your

travelers safe. For more information, visit www.TerraDotta.com.

Terra Dotta

P.O. Box 2308

Chapel Hill, NC 27515

877-368-8277

[email protected]

www.TerraDotta.com

2016 URMIA Journal Sponsors

Zurich Insurance Group (Zurich) is a leading multi-

line insurer that serves its customers in global and

local markets. With about 55,000 employees, it

provides a wide range of general insurance and life

insurance products and services. Zurich’s customers

include individuals, small businesses, and mid-sized

and large companies, including multinational

corporations, in more than 170 countries. The Group is headquartered in Zurich,

Switzerland, where it was founded in 1872. The holding company, Zurich Insurance

Group Ltd (ZURN), is listed on the SIX Swiss Exchange and has a level I American

Depositary Receipt (ZURVY) program, which is traded over-the-counter on OTCQX.

Further information about Zurich is available at www.zurich.com.

In North America, Zurich is a leading commercial property-casualty insurance

provider serving the global corporate, large corporate, middle market, specialties,

and programs sectors through the individual member companies of Zurich in

North America, including Zurich American Insurance Company. Life insurance

and disability coverage issued in the United States in all states except New York

is issued by Zurich American Life Insurance Company, an Illinois domestic life

insurance company. In New York, life insurance and disability coverage is issued

by Zurich American Life Insurance Company of New York, a New York domestic

life insurance company. For more information about the products and services

it offers and people Zurich employs around the world, go to www.zurichna.com.

2012 marked Zurich’s 100-year anniversary of insuring America and the success

of its customers, shareholders, and employees.

Zurich

15303 Dallas Parkway

Addison, TX 75301

www.zurich.com

Upcoming URMIA Events

Join us September 17-21,

2016, in San Diego, California,

for URMIA’s 47th Annual

Conference. Visit

www.urmia.org/ac2016 for

more information, and use

the hashtag #URMIA2016 to

connect with URMIA on social

media!

URMIA’s 5th Annual Risk Management Week is

coming to your campus November 7-11, 2016!

Gather your colleagues to spread the word about

good risk management practices on campus,

and help make everyone a risk manager!

Visit www.urmia.org/rmweek for tips on setting

up your own RM Week events, resources to share with your campus, and daily

webinars explaining risk management topics relevant to everyone at your

institution.

I am more afraid of alcohol than of

all the bullets of the enemy.

—stoNewall JacksoN,

oNfedeRate GeNeRal duRiNG the aMeRicaN civil waR

URMIA Journal 2016

Introduction

Greek organizations provide students with strong social

ties and philanthropic opportunities. Yet, despite these

advantages, a number of colleges and universities are re-

evaluating their relationships with Greek organizations,

particularly fraternities. In Spring 2015, 133 Greek chap-

ters were shut down, suspended, or otherwise punished

after alleged oﬀenses.

For colleges and universities that

seek to retain the tradition of Greek

life, a sound risk management program

is essential to protect students from

harm and to safeguard the institution,

its oﬃcers, and its assets. A study of 162

United Educators (UE) Greek claims

received from 2010-2014 highlights the

risks presented—these claims resulted

in many serious injuries and generated

more than $9 million in losses—and the

steps institutions can take to reduce in-

juries arising from fraternity and sorority

activities.

Claims Analysis

A Fraternity Problem?

Claims arising from fraternity activities comprised 90

percent of the study and accounted for 83 percent of its

losses. In contrast, only 10 percent of the claims arose

from sorority activities. e average claim arising from so-

rority activities cost $41,626, while the average fraternity

claim cost $371,968.

Because fraternities generated the

overwhelming majority of the study’s

claims and losses, many of the risk man-

agement issues and strategies presented

in this resource focus on fraternities.

Melanie Bennett, Associate Risk Management Counsel, United Educators

Greeks and Risk:

Lessons from Claims

Claims arising from

fraternity activities

comprised 90

percent of the study

and accounted for

83 percent of its

losses. In contrast,

only 10 percent of

the claims arose

from sorority

activities.

URMIA Journal 2016

Claims Categories

Each claim was separated into one of six categories: sexual

assault, falls, assault, hazing, vehicular accident, or other.

e “other” category was composed of claims including

discrimination, challenges to a fraternity’s recognition

status, and accidental injuries. Sexual assault claims were

the most frequent, while vehicular accident claims were

the most severe. For example, a $5 million loss from a ve-

hicular accident was the study’s largest and a clear outlier

compared to other losses.

ese claims examples illustrate the diﬀerent categories:

Sexual Assault

Nearly three quarters of the study’s sexual assaults

occurred at a Greek house; 48 percent occurred in

connection with a fraternity party. Overwhelmingly, the

claims featured male perpetrators and female victims;

only one claim alleged a female perpetrator, and four

involved male victims.

• A student claimed that a fraternity member sexu-

ally assaulted her in his fraternity house. After she

reported the assault, fraternity brothers harassed

the student through social media postings.

• A fraternity’s recruitment coordinator forced a

pledge to perform sexual favors in return for ad-

mittance to the fraternity.

Falls

Similar to sexual assaults, most of the falls—nearly

80 percent—occurred at Greek houses. A common

pattern involved an intoxicated student falling from a

staircase, balcony, or ﬁre escape. Many claimants al-

leged their fall was caused by the institution’s negligent

maintenance of a Greek house.

• A student fell over a staircase railing at his frater-

nity house after drinking alcohol and taking drugs.

e fall caused a traumatic brain injury and left

the student comatose.

• While visiting a fraternity house, a drunken

student fell 10 feet while climbing the house’s ﬁre

escape to access the roof.

• A participant in a college and sorority sponsored

ﬂag football game received a serious head injury

when he struck his head on a cement retaining

wall.

Assault

Most (80 percent) of the assaults occurred at Greek-

sponsored parties and in connection with alcohol

consumption.

• A fraternity that had recently lost its recognition

from the college hosted a party. During the party,

a student was injured when a partygoer threw a

hard object at her mouth.

• At an on-campus fraternity party, two students

were ﬁghting over a girl when one pulled out a

knife and fatally stabbed the other.

Hazing

Sororities and fraternities hazed pledges and mem-

bers. Fraternity hazing was directed mostly at pledges,

but 75 percent of the sorority hazing incidents were

perpetrated against members. Most hazing occurred at

a pledging or initiation event.

URMIA Journal 2016

• As part of a fraternity scavenger hunt, a pledge

was required to break into a house. When the

tenant of the house brandished a gun, the pledge

took the weapon and later attempted to ﬁre it at

the police.

• Several pledges were hospitalized after they were

zip-tied to each other and required to drink hard

alcohol in a fraternity initiation event.

Vehicular Accident

More than half of the vehicular accidents resulted in

fatalities and occurred in connection with parties. Vic-

tims in vehicular claims included drivers, passengers,

and pedestrians.

• Two underage fraternity brothers on an alcohol

run for a party struck a 15-year-old pedestrian.

• A fraternity brother died after falling out of a

pickup truck returning from an oﬀ-campus frater-

nity event. e fraternity brother driving the truck

was intoxicated.

• Following several days of sleep deprivation from

pledging activities, a student fell asleep at the

wheel, crashed into a light pole, and died.

Claims with Fatalities

Claims with fatalities accounted for $6 million, or two-

thirds, of the study’s losses. Most resulted from suicides,

vehicular accidents, or falls.

Alcohol was involved in over half of the deaths, par-

ticularly those resulting from falls and vehicular accidents.

Some examples of alcohol-related fatalities include:

• A heavily intoxicated student fell in the yard of his

fraternity house and hit his head on the cement.

Fraternity members found him the next day and

called 911. e student never regained conscious-

ness.

• An underage visitor driving home from a fraterni-

ty party died in a car accident. e fraternity had

served the teenager alcohol at the party.

Common Factors:

Greek Houses, Fraternity Parties, and Alcohol

Nearly three quarters of claims took place in a Greek

house. Fraternity parties gave rise to most of the study’s

claims (54 percent) and losses (86 percent). Alcohol was

frequently a factor in incidents that injured the claimant.

Pledging and initiation ceremonies were the next most

common activity, spurring claims (20 percent) and losses

(6 percent).

Lessons Learned

e following seven lessons from the claims can help

institutions reduce student injuries and potential liability

in connection with Greek activities.

Lesson #1: Carefully Evaluate Greek House Leases

Institutions were frequently held responsible for injuries

occurring at Greek houses, especially when the college

owned the house. Consider this example:

Several students stood on the porch of a fraternity

house when it collapsed, causing extensive leg injuries to

one of the students. e language in the house’s lease held

the institution responsible for repairs. In the months be-

fore the incident, the house mother for the fraternity had

placed work orders for needed repairs to the porch, but

the institution made none.

As the property owner, the college has a responsibility

to correct or warn about hazards it should know about.

To prevent maintenance-related injuries at Greek housing

owned by the college, consider the following actions:

• Be clear about maintenance responsibilities.

Leases should specify which party is responsible

for repairs. If the institution is responsible, enable

the tenants to report problems to the institution.

Caution: e institution may still be liable for

damages if it performs maintenance improperly.

URMIA Journal 2016

• Include a risk allocation provision. An indem-

niﬁcation or risk allocation provision in a lease

between a college and its fraternity articulates

how losses and claims will be distributed—either

transferred or shared—between the two parties.

Depending upon the language in this provision,

an institution might: assume responsibility for

all liability losses arising out of the lease, transfer

responsibility to the fraternity for the losses it

causes, or share equally in the losses. Since this

language can directly aﬀect the college’s responsi-

bility for claims—even those caused solely by the

fraternity—it is extremely important. An institu-

tion should have its attorney

review the provision. No single

type of clause is appropriate in

all situations, and the validity of

such clauses varies among juris-

dictions.

Sample Claim:

• An institution cleared the snow

on a Greek house’s driveway, but

not the ice. Someone slipped on

the ice and broke an ankle. e

indemnity clause in the lease that

would otherwise direct the claim

toward the Greek organization

did not apply because the claim

arose out of the institution’s sole

negligence. e institution settled

for nearly $100,000.

Lesson #2: Tie a Greek Chapter’s

Recognition Status to the Lease

Leases for Greek houses should include a right to ter-

minate if the fraternity loses its campus recognition. If

recognition is revoked, the institution should not continue

entrusting its property to the organization. Without this

provision, an institution will have to wait until the lease

expires or break the lease, which could spur legal action

from the organization.

Sample Claim:

• An institution removed a fraternity’s recognition

as a result of members dealing drugs. e institu-

tion sent notice the same day that the lease would

be terminated, and the house vacated 20 days later.

e fraternity ﬁled a lawsuit alleging that the early

termination breached the lease agreement and

resulted in a wrongful eviction. e lease did not

include a recognition status provision. As a result,

the institution spent over $200,000 to resolve the

fraternity’s lawsuit.

Lesson #3: Provide Effective Oversight of

Greek Parties and Events

Institutions were frequently deemed

sponsors of Greek activities when they

provided staﬀ to facilitate or required the

fraternity to register the event by submit-

ting a form agreeing to the institution’s

event policies. As a sponsor, an institu-

tion may assume some or all responsibil-

ity for claims arising out of the activity.

Sample Claims:

• A fraternity hosted an institu-

tion-sponsored talent show. Although

the institution knew some acts included

props, it did not require staﬀ review of

the props beforehand. One fraternity

member used a homemade confetti air

cannon with a carbon dioxide tank as

the propellant. e cannon burst during

the performance, injuring a student’s

face.

• A student was leaving a sanctioned fraternity

party in the institution’s gymnasium when he was

attacked by a group of men who beat and stabbed

him. Although the institution’s rules did not al-

low alcohol at the party, staﬀ at the party did not

stop the open consumption of alcohol, which, it

was argued, contributed to the attack.

• An institution sanctioned a fraternity event

that included a water balloon ﬁght. e institu-

tion did not know that the fraternity planned

to use a water balloon launcher, which violated

Institutions were

frequently deemed

sponsors of Greek

activities. ... As

a sponsor, an

institution may

assume some or all

responsibility for

claims arising out of

the activity.

URMIA Journal 2016

the school’s weapon policy. One of the balloons

struck a fraternity member in the back of the

head, causing spinal cord injuries.

In the courts, colleges that required fraternities to

complete event forms were commonly deemed sponsors of

fraternity activities. When an injury occurred at the event,

courts often found that the completed registration form

was evidence that the institution assumed responsibility

for supervision, even when the fraternity lied on the form

or violated the institution’s rules. Colleges should be clear

about the purpose of any requirement to register parties

and consider not approving events if they cannot provide

adequate oversight. Work with your institution’s legal

counsel to determine the appropriate registration process

and oversight for Greek events.

Lesson #4: Monitor Greek Recruitment, Pledging, and

Initiation Practices to Prevent Hazing

Although most institutions and fraternal organizations

ban hazing, the practice sometimes continues under cloak

of secrecy. In many of the claims without losses, a stu-

dent reported injuries that were rumored to be a result of

hazing, but the student retracted his complaint before an

investigation could take place.

Nearly three-quarters of the hazing incidents occurred

in connection with the recruitment, pledging, and initia-

tion of fraternity members. Consider these examples:

• A male student was found tied up and covered in

eggs and dirt under a bridge by university police

but refused to tell them what happened. e insti-

tution’s investigation determined hazing, as part of

a fraternity pledging event, was the cause.

• During an initiation event, fraternity pledges

were locked in the bathroom for several hours

and struck with paddles. As a result of injuries

received from the paddling, one of the pledges was

hospitalized, dropped out of school, and sued the

institution.

To prevent hazing, consider the following actions:

• End, reduce, or delay pledging. Dartmouth Col-

lege

and Baruch College

banned Greek pledging

in 2015. California State University, Northridge

and the national fraternity Sigma Alpha Epsilon

have also enacted new member pledging prohibi-

tions. In the past, new recruits were made to prove

themselves as pledges, or non-initiated mem-

bers, for weeks or months. Institutions that have

banned pledging shorten the period between bid

acceptance by new members and initiation to two

or three days, eliminating the time where pledging

could have occurred.

Consider delaying recruitment until the sec-

ond semester of freshman year. First-year students

need time to complete orientation and learn about

campus culture before integrating into fraternities.

By the second semester, freshmen will have a bet-

ter idea of how they ﬁt into the campus commu-

nity and which fraternities may be right for them.

• Install institution advisors in fraternity houses.

Graduate students, faculty, and other staﬀ mem-

bers can be eﬀective advisors, especially when they

reside at the fraternity house. As a representative

of the institution, an advisor should not be per-

ceived as a peer of the brothers but as an impor-

tant communication bridge between the institu-

tion and the fraternity. Advisors can also serve as

a resource for pledges who may have questions or

be concerned about fraternity behavior. If hazing

does occur, the advisor can quickly report the of-

fending acts to the institution.

Train the advisor on all applicable policies, the

recognition agreement, leases, and other agree-

ments. Advisors need to know when and where to

report any violations, and the ramiﬁcations for not

reporting incidents to the institution.

Caution: As a representative of the institu-

tion, the advisor’s knowledge of any problems in

the house will likely be imputed to the institution,

placing the college on notice and triggering its duty

to respond. Advisors must understand their duty

to report incidents of concern.

• Implement a hazing hotline. Provide students,

alumni, and faculty with a method to anony-

mously report suspicions about Greek organiza-

tion misconduct by phone or email. is creates

an obligation for the institution to investigate and

respond to reports to the extent possible.

URMIA Journal 2016

Lesson #5: Watch for Exclusions in the Fraternity’s

General Liability Policy

General liability (GL) policies typically have exclusions,

and it is important to review the fraternity’s policy and

pay attention to what is excluded. UE’s largest Greek loss

resulted from a vehicle rental exclusion:

• A fraternity hosted an institution-approved

tailgate party before a football game. Fraternity

brothers drove rental trucks of beer kegs through

the thick crowds. One driver acci-

dentally hit the gas instead of the

brake and ran over several people,

killing one person and injuring

two others. e fraternity’s insur-

ance excluded actions arising out

of vehicle rentals.

Other excluded activities may include

sexual misconduct, hazing, and assault.

In addition to individual exclusions, the

policy may tie the Greek organization’s

coverage to following requirements in a

risk management manual. If that is the

case, request a copy of the manual.

Lesson #6: Manage the Risks Posed by

Unrecognized Fraternities

If a fraternity operates without recog-

nition, or the institution removes its

recognition, the institution is unable to

discipline the entity. e study’s claims

included many examples of unrecognized

fraternities recruiting students, hosting

parties, and even owning houses.

Sample Claims:

• One institution allowed an unrecognized fraterni-

ty to host a party on campus. e fraternity served

alcohol at the party, and attendees noticed an

intoxicated student having trouble standing up. A

resident advisor at the party helped two students

remove the intoxicated student from the party and

instructed them to take him back to his room and

let him sleep it oﬀ. e intoxicated student died

in his sleep, and his parents sued the institution,

alleging the college’s negligent handling of the

unrecognized fraternity caused their child’s death.

• An unrecognized fraternity hosted a party across

the street from campus. e institution warned

students against attending parties at that fraternity

the prior year, but a freshman raped at the party

was not a student when the warning was issued.

e freshman sued the institution alleging that

the institution should have informed new students

that this prominent fraternity, visible

from campus, was not recognized.

Institutions can take several impor-

tant steps to limit the presence of and

potential liability from unrecognized

fraternities.

Establish a policy on unrecognized

fraternities that:

• Discourages student participa-

tion by clearly stating the institution

does not sanction the group’s activities or

provide any support, oversight, or advice.

• Identiﬁes the consequences of

participating in these groups, includ-

ing disciplinary action for activities on

campus, legal action from the national

chapter—if one exists—for violating

the organization’s policies, and personal

liability for the injuries or claims arising

out of the organization’s activities.

• Lists the unsanctioned groups

the institution is aware of, the date the

list was created, and, where appropriate,

the date the institution removed a group’s recogni-

tion and why.

• Warns of the safety risks posed by unrecognized

groups, such as sexual assaults, alcohol violations,

or hazing.

• Encourages students to report suspected unsanc-

tioned fraternity activities, such as recruiting, and

provides contact information for the person or

department to receive such reports.

Require chapters

to keep a log of

injuries, deaths,

property damage,

policy violations,

and other incidents

and regularly report

them. Self-tracking

encourages the

chapter to directly

address ongoing

issues.

URMIA Journal 2016

Widely publicize and make available the institution’s

policy on unrecognized fraternities by:

• Posting the policy on the institution’s website.

• Referring to the policy at relevant student training

programs, such as freshman orientation.

• Training Greek life staﬀ, student aﬀairs staﬀ, and

campus safety on the policy.

• Including the policy, with lists of recognized and

unrecognized chapters, in any handouts about

campus Greek opportunities.

• Encouraging Greek life staﬀ and recognized frater-

nities to disseminate the policy to new members.

Lesson #7: Monitor and Respond to Problematic

Greek Organizations

Institutions have a duty to respond to risks they should

reasonably know about.

Sample Claim:

• A college was sued when a fraternity member’s

death from hazing-related alcohol poisoning had

several alleged predictors. For example, years

before the incident, the institution suspended

the chapter for hazing violations. After returning

from the suspension, it received several alcohol

violations. An Internet search of the fraternity

showed that many of its chapters faced discipline

for hazing.

When granting recognition of a Greek organization,

institutions should review these factors:

• Chapter incident reports. Require chapters to

keep a log of injuries, deaths, property damage,

policy violations, and other incidents and regularly

report them to the institution. Self-tracking this

information encourages the chapter to directly ad-

dress ongoing issues. Chapters can also use this in-

formation to make annual reports to the national

fraternity organization. Ensure the institution’s

risk manager reviews these reports regularly and

takes corrective actions. Also, use the reports to

evaluate ongoing recognition of the chapter.

• e “online footprint” of the Greek organiza-

tion. Use the Internet to collect information on

court cases and incidents involving other local

chapters of the Greek organization. Search the

organization’s name with keywords such as “death,”

“injury,” “assault,” “hazing,” “alcohol,” and “lawsuit.”

Injuries, deaths, or signiﬁcant incidents occur-

ring at any local chapters aﬃliated with a national

organization warrant a thorough review. Consider

this information when deciding whether to recog-

nize a proposed campus chapter.

• Repeated ﬁndings of rule violations. When

multiple Greek members violate the institution’s

code of conduct, it is important to investigate their

individual actions and those of the organization.

In addition to disciplining any members charged

with violating the institution’s code, it may be

appropriate to discipline the entire chapter. If the

chapter has violated its recognition agreement,

punishments may include probation, suspension,

and loss of recognition. From a liability perspec-

tive, repeated rule violations can put an institution

on notice that prior sanctions were inadequate and

revoking recognition may be necessary.

Conclusion

While Greek life oﬀers many advantages to a campus

culture, it also poses substantial risks. By using the claims

data and risk management lessons presented, institutions

can better anticipate and manage losses arising out of

campus Greek activities.

URMIA Journal 2016

About the Author

Melanie Bennett joined United Edu-

cators (UE) in 2014. She currently

serves as associate risk management

counsel.

In her role, Ms. Bennett has con-

ducted studies on UE’s educator sexual

misconduct and Greek organization

claims. She also wrote several publica-

tions for UE’s Title IX and Beyond

Series including Investigations; Interim, Measures, Rem-

edies, and Sanctions; and e Adjudicatory Process.

Prior to joining UE, Ms. Bennett coordinated the Ex-

cellence in State Public Health Law program at the Aspen

Institute. She also served as a law clerk for a special educa-

tion law oﬃce. During law school, Ms. Bennett interned

multiple times with the US Department of Education

Oﬃce for Civil Rights. Before attending law school, she

worked on Title IX issues in the Advocacy Department of

the Women’s Sports Foundation.

Ms. Bennett received her law degree from American

University Washington College of Law and a bachelor’s

degree in political science from Washington University in

St. Louis.

is article is also available to UE members at

www.edurisksolutions.org.

Endnotes

Akane Otani and Jeremy Scott Diamond, “Every Time a Fraternity or

Sorority Got in Trouble This Year,” Bloomberg Business, June 4, 2015,

accessed June 20, 2016, http://www.bloomberg.com/graphics/2015-frat-

sorority-offenses/.

Matt Rocheleau, “Dartmouth Bans Hard Alcohol, Forbids Greek Life

Pledging,” Boston Globe, January 29, 2015, accessed June 20, 2016,

https://www.bostonglobe.com/metro/2015/01/29/dartmouth-college-

ban-hard-alcohol-forbid-greek-life-pledging-among-slew-policy-changes/

WCxS4OHSLK5hZ5Z7u5E8iN/story.html.

T. Rees Shapiro, “New York College Announces Three-Year Ban on Greek

Rushing and Pledging,” Washington Post, May 8, 2015, accessed June 20,

2016, https://www.washingtonpost.com/news/grade-point/wp/2015/05/08/

new-york-college-announces-three-year-ban-on-greek-rushing-and-

pledging/.

Larry Gordon and Adolfo Flores, “After Hazing Allegations, CSUN Bans

Fraternity Pledging,” Los Angeles Times, October 25, 2014, accessed June

20, 2016, http://www.latimes.com/local/lanow/la-me-ln-after-hazing-

allegations-csun-bans-fraternity-pledging-20141025-story.html.

Sigma Alpha Epsilon, “Sigma Alpha Epsilon Announces Historic Change

for Membership Experience,” last modiﬁed March 9, 2014, https://www.

sae.net/home/pages/news/news---news-from-hq---historic-change-on-

founders-day.

Hazing is an extraordinary activity that, when it occurs often

enough, becomes perversely ordinary as those who engage in it

grow desensitized to its inhumanity.

—haNk NuweR,

uthoR aNd associate PRofessoR of JouRNalisM at fRaNkliN colleGe

Over 13 percent of women in college have reported being a

victim of stalking during the school year,

and one out of every ﬁve college women has reported being

sexually assaulted. It is simple to talk about statistics.

It is more difﬁcult to remember that each number is a victim

and represents a daughter, a sister or a friend.

—GweN MooRe,

iscoNsiN coNGResswoMaN

URMIA Journal 2016

Introduction

e issue of how to ﬁx what many perceive as a crisis in

the number of sexual assaults on college campuses has

made its way into the mainstream, and the topic has

gained signiﬁcant public exposure. For example, one

major media outlet recently showed in primetime e

Hunting Ground, a controversial documentary about col-

lege sexual assaults, and the ﬁlm’s theme song just won

an Oscar after being introduced by Vice

President Biden and performed by pop

star Lady Gaga at the Academy Awards.

e federal government, as well, has

inserted itself into the conversation. Re-

cently, President Barack Obama mount-

ed the “It’s On Us” campaign to combat

sexual assaults, and a bipartisan group in

Congress introduced federal legislation

called the Campus Accountability and

Safety Act (CASA), which, if passed,

would establish new requirements and

penalties for colleges and universities

dealing with sexual assaults.

Public discourse on sexual assaults

began signiﬁcantly trending several years

ago when the Oﬃce of Civil Rights

issued its 2011 Dear Colleague Letter

interpreting colleges and universities’

Title IX obligations in the sexual assault

context. At the time, attention seemed

to center mostly on how colleges and universities should

respond after a sexual assault happens. But increasingly,

public discourse has shifted its focus to changing the

fundamental culture of sex on college campuses as a way

to prevent sexual assaults. Importantly, the aﬃrmative

consent movement has gained signiﬁcant traction as the

catalyst to achieve such cultural change. is movement

calls for colleges and universities to adopt policies where

students must not just refrain from sexual activity when

it has been refused; they must obtain knowing, volun-

tary, and conscious agreement in order for sexual activ-

ity to be consensual, and not assault. A few states have

already passed legislation that actually requires colleges

and universities to incorporate aﬃrmative consent into

their student conduct policies. Additionally, a signiﬁcant

number of colleges and universities have on their own

amended their sexual assault policies to deﬁne consent in

the aﬃrmative, i.e. as an unequivocal “yes,” rather than the

absence of a “no.” In the face of what appears to be a shift

in what constitutes consent for sex at in-

stitutions of higher learning, colleges and

universities are well advised to become

familiar with the concept of aﬃrmative

consent and to assess whether it makes

sense for their institutions to adopt aﬃr-

mative consent policies to help mitigate

the risk of sexual assaults on campus.

Sexual Assault Statistics

Statistics concerning the incidents of

sexual assaults on college campuses vary.

e numbers are skewed depending on

sample size, methodology, and the deﬁ-

nition of sexual assault used to conduct

the study. With that said, according to

many publicized studies on the topic,

the incidents of sexual assaults on college

campuses are alarmingly high.

According to the U.S. Department of

Justice, rape is the most common violent

crime at college campuses in the United States.

It is

estimated that between 20 to 25 percent of college women

are the victim of a completed or attempted sexual assault

during their college careers.

According to one study, 1

in 5 women (or 20 percent) and 1 in 16 men (or 6.25

percent) are sexually assaulted while in college.

Other

sources claim that the number of college women that will

be victims of sexual assault during college is as high as 1 in

4 (25 percent).

One study concluded that sexual assaults are most

likely to occur in September, October, and November, on

Allison Ayer, Esq., Founding Partner, Vrountas, Ayer & Chandler, P.C.

“Yes Means Yes”: The Modern Movement for Colleges and Universities to Adopt

Afﬁrmative Consent as a Way to Mitigate the Risk of Sexual Assault on Campus

A signiﬁcant number of

colleges and universities

have on their own

amended their sexual

assault policies to

deﬁne consent in the

afﬁrmative, i.e. as an

unequivocal “yes,”

rather than the absence

of a “no.”

URMIA Journal 2016

Friday or Saturday nights, and between the hours of mid-

night and 6:00 a.m.

According to another source, college

women are most likely to be a victim of a sexual assault

during the early weeks of their freshman and sophomore

years of college.

Most sexual assaults also tend to be

perpetrated by an acquaintance, as opposed to being com-

mitted by a complete stranger. It is estimated that 9 of 10

women who are victims of sexual assault knew the person

who committed the alleged assault.

Notably, the majority of sexual assaults on college

campuses go unreported, according to statistics. Indeed,

by some estimates, more than 90 percent of sexual assault

victims on college campuses do not of-

ﬁcially report the assault.

Interestingly,

statistics reﬂect that two-thirds of the

time victims tell someone of the sexual

assault, usually a friend, family mem-

ber, or school oﬃcial, but fewer than 5

percent of rapes of college women are

reported to law enforcement.

Now many claim that these sexual

assault statistics are exaggerated, over

simpliﬁed, and/or misleading.

But

even if that is the case, the widespread

publication of sexual assault statistics

has turned the focus on campus sexual

assault. Furthermore, the pervasive dis-

semination of these statistics has sparked

widespread outcry by a diverse cross sec-

tion of society that there exists an urgent

need to address what is at least a per-

ceived problem of sexual assaults on col-

lege campuses. In response, a movement

has developed to try to prevent sexual

assaults on campus by actually shifting

college students’ fundamental views about sex and the

accepted norms of sexual behavior on college campuses.

As Vice President Biden put it at the Academy Awards,

many now believe now that combatting the problem of

sexual assaults on campus requires that, “We must and we

can change the culture.”

What Is Afﬁrmative Consent?

Aﬃrmative consent, in the sexual assault context, can be

generally deﬁned as a knowing, voluntary, and conscious

agreement by all participants to engage in sexual activ-

ity.

In essence, aﬃrmative consent requires that all

participants receive a “yes” from the other participant(s)

before continuing with any sexual activity.

Generally,

aﬃrmative consent is given by actually stating in words an

aﬃrmative desire to engage in sexual activity. Under most

deﬁnitions, aﬃrmative consent can also be given through

actions or conduct. Either way, the critical point of aﬃr-

mative consent is that silence or the absence of a rejection

is not enough to deﬁne a sexual encounter as consensual.

Whether the method of consent is word or conduct, there

must be “clear permission regarding the willingness to

engage in the sexual activity” if the sexual

activity is to be deemed consensual.

aﬃrmative consent is not obtained, then

the encounter may constitute a sexual

assault.

is deﬁnition of aﬃrmative consent

constitutes a shift in the very concept of

consent for sex. Historically, an aﬃrma-

tive declaration of a willingness to engage

in sexual activity has not been required

for sex to be consensual. A person has

been presumed to have agreed (i.e.

consented) to sex so long as there was

no expressed refusal for sexual activ-

ity. For example, criminal statutes and

college sexual assault policies often have

deﬁned sexual assault as involving the

use of force or the threat of force for sex

or as sexual activity which occurs after

a person implicitly or expressly rejects

sexual contact. Either way, in order to

meet the deﬁnition of sexual assault, one

must somehow have expressed that he

or she does not wish to engage in a particular activity or

otherwise lacks the ability to give consent for the sexual

activity, by virtue of intoxication, for example.

In this way, consent in the context of sexual assault has

long been deﬁned in the negative. Indeed, the phrase “no

means no” has long been used to explain this paradigm of

sexual consent and to educate individuals about how to

avoid sexual assault on college campuses and elsewhere.

e recent movement to deﬁne consent for sex in the

aﬃrmative, by contrast, requires an actual, knowing as-

Notably, the majority

of sexual assaults on

college campuses go

unreported, according

to statistics. Indeed, by

some estimates, more

than 90 percent of

sexual assault victims

on college campuses do

not ofﬁcially report

the assault.

URMIA Journal 2016

sertion that one wishes to engage in sexual activity, rather

than simply permitting sex in the absence of a rejection.

In short, the concept of aﬃrmative consent transforms

traditional views of consent from “no means no” to “yes

means yes.”

Proponents of aﬃrmative consent believe that sexual

assaults at institutions of higher learning can be stopped

by ingraining in college students the idea that appropri-

ate sexual behavior requires them to do more than avoid

sexual intercourse when someone has said no; it requires

them to obtain unequivocal, voluntary aﬃrmation for sex

from all participants and for all sexual acts. By redeﬁn-

ing consensual sex, the aﬃrmative consent movement

therefore seeks to alter the very consciousness of college

students about sexual relationships and change how they

think about consent and, in turn, sexual assaults.

The Shifting Paradigm to Afﬁrmative Consent

Importantly, requiring aﬃrmative consent for sex, i.e.

shifting to a “yes means yes” standard for consent, is

gaining signiﬁcant momentum as an eﬀective way to shift

cultural norms about sex on college campuses and prevent

sexual assaults. State legislators and institutions of higher

learning alike seem to be more and more accepting that

aﬃrmative consent may well provide a resolution to the

issue of sexual assaults on campus.

State Legislation Requiring Colleges to Deﬁne Consent

in the Afﬁrmative

Two states have already passed legislation requiring

colleges and universities to deﬁne consent for sex in the

aﬃrmative. California became the ﬁrst state to do so, in

2014. en, in 2015, New York passed a similar law.

e California law deﬁnes “aﬃrmative consent” as “af-

ﬁrmative, conscious, and voluntary agreement to engage

in sexual activity.”

In contrast to historical deﬁnitions

of consent, the law explicitly states that “lack of protest

or resistance does not mean consent, nor does silence

mean consent.”

According to California law, consent

to one sexual act also does not automatically constitute

consent for another act. Instead, aﬃrmative consent

must be ongoing throughout a sexual encounter. at is,

there must be conscious, voluntary agreement for each

and every sexual act during a sexual encounter.

e law

also provides that consent can be revoked at any time.

Furthermore, it speciﬁcally contemplates aﬃrmative

consent under circumstances when people are dating or

have had sex in the past. e law states, “e existence

of a dating relationship between the persons involved,

or the fact of past sexual relations between them, should

never by itself be assumed to be an indicator of consent.”

California’s legislation also places the onus of obtain-

ing aﬃrmative consent on everyone engaged in a sexual

encounter. As a result, each and every person engaging in

sexual activity must obtain aﬃrmative consent from all

other participants in order for the sex to be consensual at

colleges subject to the California law.

Importantly, the

penalty for institutions who fail to adopt policies which

comply with the law is signiﬁcant. Colleges who fail to

adopt the concept of aﬃrmative consent and deﬁne it in a

way which complies with the state’s deﬁnition of aﬃrma-

tive consent face the risk of losing state funds for student

ﬁnancial assistance.

Last year, New York passed aﬃrmative consent legis-

lation similar to California’s. e New York law deﬁnes

“aﬃrmative consent” as “a knowing, voluntary, and mu-

tual decision among all participants to engage in sexual ac-

tivity.”

e law allows for consent to be given by words

or action so long as clear permission to engage in sexual

activity is given.

And like California, the New York law

also expressly provides that silence or lack of resistance is

not enough to demonstrate consent for sex.

As in Cali-

fornia, the aﬃrmative consent law in New York requires

knowing, voluntary consent for each and every activity of

a sexual encounter, and prior consensual sexual activity

does not automatically equate to consent for future sexual

activity.

e statute provides that “consent to any sexual

act or prior consensual sexual activity between or with any

party does not necessarily constitute consent to any other

sexual act.”

e New York law also expressly addresses

that “consent cannot be given when a person is inca-

pacitated.”

Incapacitation occurs, according to the law,

when an individual “lacks the ability to knowingly choose

to participate in sexual activity,” such as when he or she

is asleep, is involuntarily restrained, or is so intoxicated

by virtue of being under the inﬂuence of alcohol, drugs,

or other intoxicant, such that the person is unable to

consent.

e New York law also explicitly provides that

consent must be obtained even when participants have

been drinking or taking drugs, and it further provides

URMIA Journal 2016

for that consent may be withdrawn at any time.

Col-

leges and universities subject to the law face unannounced

compliance audits under the recently passed legislation.

In New York, colleges and universities also must ﬁle a cer-

tiﬁcate conﬁrming that they have adopted an aﬃrmative

consent deﬁnition in compliance with the law.

Similar to

California, a college or university in New York who fails

to timely ﬁle such a certiﬁcate of compliance risks losing

its state funding.

Importantly, New York and California are unlikely to

be the only states where colleges and universities will be

forced to adopt policies requiring aﬃrmative consent for

sexual activity. Several other states, including New Jersey,

New Hampshire, and Connecticut, have introduced bills

that would require colleges and universities operating in

the states to deﬁne consent in the aﬃrmative if they wish

to continue to receive state funding.

College Sexual Assault Policies Incorporating

Afﬁrmative Consent

Considering this trend in legislation, it is not surprising

that the aﬃrmative consent concept has made its way

to colleges and universities. Many colleges and universi-

ties have already adopted policies that incorporate the

concept of aﬃrmative consent. Indeed, the shift to deﬁne

consensual sex not as a lack of rejection for sex, but rather

a knowing, voluntary expression of agreement for sex, is

happening rapidly in higher education institutions.

e State University of New York (SUNY) adopted

and published its revised sexual assault policy deﬁning af-

ﬁrmative consent exactly as deﬁned in New York’s recent

legislation.

SUNY is not the only institution to do so.

In 2014, the National Center for Higher Education Risk

Management (NCHERM) estimated that more than 800

colleges and universities used some type of aﬃrmative

consent deﬁnition in their sexual assault policies.

Just

one year later, NCHERM estimated that the sexual as-

sault policies of 1,400 institutions of higher learning used

some type of aﬃrmative consent deﬁnition.

If these es-

timates are accurate, the number of institutions requiring

aﬃrmative consent in sexual encounters nearly doubled in

just one year.

If this trend continues, it is not diﬃcult to

imagine that at some point soon, aﬃrmative consent, i.e.

“yes means yes,” will replace the rejection for sex, i.e. “no

means no,” as the prevailing standard for consent and for

determining if a sexual assault has occurred in the univer-

sity setting.

Criticisms of Afﬁrmative Consent

While the aﬃrmative consent campaign is strong and

rapidly growing, it certainty is not without its critics.

Many stridently disagree with redeﬁning consent in the

aﬃrmative in the sexual assault context. Below are certain

themes commonly presented in opposition to requiring

aﬃrmative consent for sex on college campuses.

It Is Unnatural and Kills the Mood

Dissenters claim that the concept of aﬃrmative consent

ignores conventional sexual behavior. ey argue that it

is unnatural for individuals engaged in a sexual encounter

to ask for and/or give explicit, verbal conﬁrmation that

they wish to engage in every sexual activity that occurs.

Critics say that to ignore this reality and label as a sexual

assault any sexual activity which lacks an actual, aﬃrma-

tive expression of consent turns people who otherwise

would be considered to have engaged in consensual sex

into “unwitting rapists every time they have sex without

obtaining an explicit ‘yes.’”

Some critics also claim that it

is awkward and “kills the mood” to have to continuously

seek permission for each and every sexual act as part of a

sexual encounter.

Advocates of aﬃrmative consent rebut these claims

on the grounds that preventing unwanted sexual activity

outweighs the risk of any embarrassment that might come

from obtaining aﬃrmative consent.

Notably, the preva-

lence of social media in the everyday lives of college-aged

students may mitigate this particular concern by embed-

ding the concept of aﬃrmative consent, i.e. “yes means

yes,” into college students’ lives.

Interestingly, there are “apps” already available in-

tended to “teach young people ‘the language of aﬃrmative

consent’” and to combat the perceived prevalence of sexual

assaults on college campuses.

For example, Good2Go is

a “smartphone application that encourages users to give

consent before engaging in any sexual acts.”

e app

launches a pre-set series of questions that are intended to

ensure all parties are willing and able to consent to sexual

activity.

When a user logs in, the application initiates

the aﬃrmative consent discussion by asking “Are we

Good2Go?”

If the person responds in the negative, a

URMIA Journal 2016

screen appears on the initiating party’s screen informing

him or her of the lack of consent and reminding the per-

son that aﬃrmative consent is the ONLY circumstance

in which sexual activity is appropriate.

e Good2Go

app also contemplates the problem of intoxication. Once

a person answers that he or she wishes to engage in sexual

activity, the app prompts the responder to characterize his

or her level of intoxication. If the responder indicates that

he or she is of a certain level of intoxication, the app sends

a message to the initiating party that the other person is

unable to give consent notwithstanding his or her initial

aﬃrmative response.

As college students more and more

manage their social (and sexual) lives

through mobile devices and social media,

it is not diﬃcult to imagine that these

types of apps may make it acceptable and

perhaps even normal for college students

to seek aﬃrmative consent for sexual

activity. Importantly, because these apps

create an actual record of consent, in

theory they protect not only potential

victims, but also those concerned about

false accusations of sexual assault. With

that said, users must understand that

consent can be withdrawn at any time,

including after agreeing to sex through

an aﬃrmative consent app.

It Unfairly Applies Higher

Expectations to the Sexual Behavior

of College Students

Another common criticism for aﬃrma-

tive consent is that current legislation

and college policies that require it apply

only to college students. Critics argue that this creates a

higher standard for college attendees than for those not

living in a university setting.

e theory seems to be that

having diﬀerent expectations for sexual behavior ignores

that the conduct which does or does not constitute

sexual assault should be universal and should not change

depending on the setting.

In other words, if certain con-

duct is so egregious that it transforms a sexual encounter

into an assault, the conduct should be disavowed in any

setting, not just college.

Defenders of aﬃrmative consent respond that hav-

ing a diﬀerent standard in the college setting makes

sense because diﬀerent burdens of proof and diﬀerent

penalties apply. at is, when a 21-year-old is accused

of sexual assault outside the college setting, criminal

statutes call for a beyond a reasonable doubt standard.

Furthermore, outside of a university, one accused of

sexual assault faces jail time and the loss of freedom. In

a college setting, by contrast, the more relaxed prepon-

derance of the evidence/more likely than not standard

is utilized to adjudicate student sexual assaults, and the

punishment generally restricts access to higher educa-

tion.

While certainly dire for those

who face it, having restricted access to

a college degree is not equivalent to go-

ing to jail. In that way, there arguably

exists a rational basis for utilizing a

diﬀerent standard of consent for col-

lege students. Furthermore, while the

legal relationship arguably has evolved

beyond in loco parentis, the fact that

colleges historically have held some

kind of special relationship with their

students also may justify applying a

heightened standard of consent in the

campus setting.

It Erodes the Rights of the Accused

Critics of aﬃrmative consent have

concerns that requiring aﬃrmative

consent for sex will make it easier for

people to accuse others of sexual as-

sault and will artiﬁcially increase the

number of sexual encounters on col-

lege campuses that meet the deﬁnition

of sexual assault.

ese critics also argue that aﬃrma-

tive consent makes it more diﬃcult for those accused of

sexual assault to defend themselves. ey claim that the

use of aﬃrmative consent shifts the burden of proof to

the student accused of sexual assault.

ey also opine

that the wording used to deﬁne aﬃrmative consent is

vague, ambiguous, and lacking in clarity, which makes

it more diﬃcult for colleges and universities to adjudi-

cate sexual assault cases.

In essence, they claim that

it is more diﬃcult to ascertain whether there has been

While the legal

relationship arguably

has evolved beyond in

loco parentis, the fact

that colleges historically

have held some kind of

special relationship with

their students may justify

applying a heightened

standard of consent in

the campus setting.

URMIA Journal 2016

an aﬃrmative “yes” given to sex than it is to determine

whether sex has been rejected with a verbal or non-verbal

“no” under the traditional “no means no” theory for sexual

assault.

In all of these ways, critics fear that the due

process rights of those accused of sexual assault will be

eroded even further than some perceive they already have

been under traditional deﬁnitions of consent.

is argument seems to ignore that policies deﬁning

sexual assault as an absence of consent already use vague

and imprecise terms. It also discounts that sexual assault

is by nature a gray area embedded with ambiguity and

innuendo. In that way, no matter how consent is deﬁned,

colleges and universities face the diﬃcult task of assess-

ing whether a sexual assault has or has

not occurred based on the particular-

ized facts and circumstances of each

and every case. In other words, whether

consent is deﬁned in the aﬃrmative or as

an absence of consent, to determine if a

sexual encounter is converted to a sexual

assault college disciplinary boards also

have to interpret nonverbal cues to de-

cide whether consent has or has not been

given. ey also have to assess subjective

human behavior to evaluate whether

there has been an instance of sexual as-

sault. Indeed, colleges and universities

which currently deﬁne sexual assault in

terms of the use of force/sex after refusal

already perform these very analyses to

determine whether a sexual assault has or

has not occurred. If aﬃrmative consent

becomes the standard, they will continue

to do so, by evaluating whether students’

conduct during a sexual encounter constitutes a knowing,

voluntary agreement for sex, instead of whether it con-

stitutes a rejection of sex. In fact, requiring unequivocal

word or action to indicate mutual agreement for sexual

activity through aﬃrmative consent, at least in theory,

serves to eliminate some of the subjectivity in identify-

ing a sexual assault. In that way, aﬃrmative consent may

well reduce the ambiguity latent in consent concepts for

both students and college disciplinary boards facing sexual

assault accusations. Furthermore, deﬁning consent af-

ﬁrmatively need not change the burden of proof, but only

the method of proof. Institutions may continue to require

the accused to prove the sexual assault by presenting facts

which establish that he or she never said “yes” as opposed

to establishing that he or she said “no.”

Importantly, all of these criticisms ignore that the

principal objective of the aﬃrmative consent movement is

not to make the student disciplinary process less com-

plicated. It is not to deﬁne sexual assault in a way that

comports with traditional views of sexual behavior or that

avoids uncomfortable interactions between sexual part-

ners. It is not to protect the rights of the accused. e pri-

mary goal of the movement is to prevent sexual assaults by

shifting the very nature of sex on college campuses. With

that said, the criticisms of aﬃrmative

consent are certainly valid and should

not be discounted. erefore, to the

extent colleges and universities consider

changing their sexual assault policies to

deﬁne consent in the aﬃrmative, they

should try to draft the policies which

seek to tackle these common criticisms.

Guidance to Adopting

Afﬁrmative Consent

In light of the growing trend for colleges

and universities to adopt aﬃrmative

consent deﬁnitions as part of their stu-

dent conduct policies, higher education

institutions are well advised to review

how they deﬁne the concept of consent

and whether it makes sense to redeﬁne

it in the aﬃrmative as part of an anti-

sexual assault agenda. It is important to

remember that the precise deﬁnition of

consent in any student conduct policy will diﬀer for each

institution, depending on its speciﬁc sexual assault risk

assessment and the law of the state in which the institu-

tion operates, as well as the individualized educational,

philosophical, and social missions of the institution. With

that said, the following list is intended to provide some

general guidance to help colleges and universities decide

whether and how to deﬁne aﬃrmative consent as a way to

manage the risk of sexual assault on campus:

• Deﬁne aﬃrmative consent in a manner consistent

with the law of the state in which the institution

Requiring unequivocal

word or action to

indicate mutual

agreement for sexual

activity through

afﬁrmative consent, at

least in theory, serves to

eliminate some of the

subjectivity in identifying

a sexual assault.

URMIA Journal 2016

operates, especially if that state has passed legisla-

tion requiring aﬃrmative consent.

• Carefully consider and address the rights of the

accused.

• Use a gender neutral deﬁnition of aﬃrmative

consent, and require all participants to obtain af-

ﬁrmative consent. is way, no matter the gender

of the participants, all participants in a sexual

encounter have an obligation to achieve mutual

agreement for any sexual activity to avoid an ac-

cusation of sexual assault.

• Assess whether to explicitly discuss the impact of

alcohol, drugs, or other intoxicants and incapaci-

tation.

• Analyze how to incorporate a dating relationship

and/or prior instances of consensual sex between

partners.

• Incorporate the ability of a participant to with-

draw consent at any time.

• Evaluate whether to include language that

discourages reliance on nonverbal communica-

tion in sexual encounters and emphasizes that an

actual verbal “yes” to sexual activity is required,

or whether to omit this type of language because

it may be too permissive in converting consensual

sexual encounters to assaults.

• Continue to include language that addresses the

use of force, coercion, intimidation, or threat

of harm. Just because it does not constitute the

only example of a sexual assault in a policy using

aﬃrmative consent does not meet that a sexual

encounter involving force should not be explicitly

addressed.

• Address the need for continuing consent, i.e.

should the policy specify one way or the other

whether consent for each separate and distinct

sexual act that occurs during an encounter is

required.

• Train college personnel to understand the institu-

tion’s deﬁnition of consent so that whether they

are adjudicating a complaint or dealing with a re-

port in another context, they recognize a potential

sexual assault. is will be particularly important

if a college is changing its policy to require aﬃrma-

tive consent rather than a rejection in the sexual

assault context, i.e. it is shifting from consent

deﬁned as “no means no” to “yes means yes.”

• Educate ALL students, preferably starting early

on in the academic year, about the concept of

aﬃrmative consent, or any other deﬁnition

of consent that the institution adopts. is is

especially important because many students may

be prone to operate under the “no means no”

concept that has been ingrained in our culture

unless and until they are informed that this is

not the standard.

• Assess whether certain populations thought to

be at higher risk, i.e. freshmen and sophomores

or newly matriculating students, should receive

more training and education.

• Be prepared to enforce the deﬁnition of consent

used in any sexual assault policy that the institu-

tion adopts.

• Continue to follow Title IX obligations any time

a sexual assault report is launched, such as, for

example, adopting grievance procedures which

provide prompt and fair resolution of sexual as-

sault (and other sex discrimination) complaints;

adopting policies where conﬂicts of interest are

disclosed; establishing equitable processes for

all parties, i.e. if the respondent has the right

to question witnesses, have a lawyer, or review

statements, so must the complainant; providing

notice of grievance procedures; adjudicating the

complaint on the preponderance of the evidence

standard; providing written notice of the out-

come, etc.

• Incorporate the mission, goals, and resources

of the college or university in deciding whether

or not to deﬁne consent in the aﬃrmative in its

sexual assault policies.

• Deﬁne consent in a way that best serves the stu-

dents, staﬀ, and administrators and considers the

actual and desired campus culture.

• Seek advice of general counsel, outside counsel,

and/or risk managers as necessary to adopt a fair

and equitable deﬁnition of consent consistent

with the institution’s objectives and mission and

the applicable law.

URMIA Journal 2016

Conclusion

e concept of how to address and prevent sexual assault

on college campuses is swiftly evolving. Whether accurate

or not, the popular perception is that sexual assaults on

college campuses are unacceptably prevalent. Outrage

has grown signiﬁcantly in recent years in part because of

widely publicized data on college sexual assaults. e fed-

eral government and many states have taken on the cause,

passing or attempting to pass legislation addressing sexual

assaults on campus. While many institutions of higher

learning might appropriately argue that campus sexual

assaults are not as proliﬁc as publicized and/or that the

government is not the proper agent to regulate the issue,

they should also be aware that there is momentum to fun-

damentally change the sexual behavior of college students

by redeﬁning consensual sex as aﬃrmative agreement for

sex, rather than merely an absence thereof.

As discussed above, more and more states are passing

legislation to require colleges to adopt aﬃrmative consent

for sexual activity, and a growing number of colleges and

universities are voluntarily adopting aﬃrmative consent

language in their sexual assault policies. As this happens

more and more, it creates at least the perception, if not

the reality, that “yes means yes” is the new and prevailing

standard that colleges should apply in the sexual assault

arena. Prospective students and parents alike may well

expect that their college of choice has adopted a strong

sexual assault policy that includes aﬃrmative consent.

Indeed, if the trend to pass legislation in this regard con-

tinues, it may well be the law. In this environment, col-

leges and universities should review the deﬁnition of sex

used in their sexual assault policies and carefully consider

whether adopting aﬃrmative consent should be among

the methods it uses to manage the risk of sexual assaults

on campus.

About the Author

Allison C. Ayer is a founding partner of

Vrountas, Ayer & Chandler, P.C. Her

practice concentrates on providing legal

advice and counseling to businesses and

other organizational entities, including

colleges and universities, about how

to prepare institutional policies and

comply with applicable law. Allison has

signiﬁcant experience defending clients in state and federal

court, and she has defended numerous discrimination and

sexual harassment claims at both administrative agencies

and in court, including those for sexual assault. Allison also

assists her clients with developing and implementing internal

policies and procedures to help prevent litigation. She has

reviewed and drafted handbooks and policy manuals, and

she has performed sensitivity and other legal training to

employers and educational institutions in the region. Allison

also has successfully defended colleges and universities in

cases involving claims of negligent hiring and retention,

invasion of privacy, false arrest, federal civil rights violations,

sexual abuse, disability discrimination, and personal injury

matters.

Endnotes

“Resources – Sexual Violence on College Campuses Page,” Cleveland Rape

Crisis Center, accessed May 22, 2016, https://www.clevelandrapecrisis.

org/resources/statistics/sexual-violence-on-college-campuses (citing US

Department of Justice, Center for Problem-Oriented Policing, Acquaintance

Rape of College Students, http://www.cops.usdoj.gov/pdf/e03021472.pdf).

“Campus Sexual Violence Resource List,” National Sexual Violence Resource

Center, accessed May 22, 2016, http://www.nsvrc.org/saam/campus-

resource-list#Stats (citing B.S. Fisher, F.T. Cullen, and M.G. Turner, The

Sexual Victimization of College Women, National Criminal Justice Reference

Service, Bureau of Justice Statistics (2000), https://www.ncjrs.gov/pdfﬁles1/

nij/182369.pdf).

National Sexual Violence Resource Center, Info & Stats for Journalists,

Campus Sexual Assault (2015), accessed May 22, 2016, http://www.nsvrc.

org/sites/default/ﬁles/publications_nsvrc_factsheet_media-packet_

campus-sexual-assault.pdf (citing C.P. Krebs, C. Lindquist, T. Warner, B.

Fisher, and S. Martin, The Campus Sexual Assault (CSA) Study: Final Report,

National Criminal Justice Reference Service (2007), http://www.ncjrs.gov/

pdfﬁles1/nij/grants/221153.pdf).

“Resources – Sexual Violence on College Campuses Page,” Cleveland Rape

Crisis Center (citing “Sexual Assault Statistics,” One in Four USA, http://

www.oneinfourusa.org/statistics.php).

National Sexual Violence Resource Center, Campus Sexual Assault.

URMIA Journal 2016

“Resources – Sexual Violence on College Campuses Page,” Cleveland

Rape Crisis Center (citing Crisis Connection, National College Health Risk

Behavior Survey, http://www.crisisconnectioninc.org/sexualassault/college_

campuses_and_rape.htm).

Fisher

, Cullen, and Turner, The Sexual Victimization of College Women.

National Sexual Violence Resource Center, Campus Sexual Assault (citing

Fisher, Cullen, and Turner, The Sexual Victimization of College Women).

Ibid.

Brian D. Earp, “1 in 4 Women: How the Latest Sexual Assault Statistics Were

Turned into Click Bait by the New York Times,” Huff Post College, accessed

May 22, 2016, http://www.hufﬁngtonpost.com/brian-earp/1-in-4-women-

how-the-late_b_8191448.html (citing D. Cantor, B. Fisher, S. Chibnall, et

al., Report on the AAU Campus Climate Survey on Sexual Assault and Sexual

Misconduct, The Association of American Universities (2015), http://www.

aau.edu/uploadedFiles/AAU_Publications/AAU_Reports/Sexual_Assault_

Campus_Survey/Report%20on%20the%20AAU%20Campus%20Climate%20

Survey%20on%20Sexual%20Assault%20and%20Sexual%20Misconduct.pdf).

Karen Mizoguchi, “Joe Biden Gets Standing Ovation at Oscars as He Delivers

Powerful Speech Advocating for Survivors of Sexual Assault,” People

(February 29, 2016), accessed May 22, 2016, http://www.people.com/

people/package/article/0,,20985752_20990603,00.html.

California Education Code §67386(a)(1), http://leginfo.legislature.ca.gov/

faces/billNavClient.xhtml?bill_id=201320140SB967.

The State University of New York (SUNY), “Deﬁnition of Afﬁrmative

Consent,” accessed May 22, 2016, http://system.suny.edu/sexual-violence-

prevention-workgroup/policies/afﬁrmative-consent/.

ﬁrmative Consent, “What is Afﬁrmative Consent?,” accessed May 22,

2016, http://afﬁrmativeconsent.com/whatisafﬁramtiveconsent/.

Afﬁrmative Consent, “What is Afﬁrmative Consent?”

SUNY, “Deﬁnition of Afﬁrmative Consent.”

ﬁrmative Consent, “What is Afﬁrmative Consent?”

Jake New, “Colleges Across Country Adopting Afﬁrmative Consent Sexual

Assault Policies,” Inside Higher Ed (October 17, 2014), https://www.

insiderhighered.com/news/2014/10/17/colleges-across-coutnry-adopting

-afﬁrmative-consent-sexual-assault-policies.

Afﬁrmative Consent, “What is Afﬁrmative Consent?”

California Education Code §67386(a)(1).

Ibid.

New York State Senate Bill S5965, Article 129-B §6441(1), https://www.

nysenate.gov/legislation/bills/2015/s5965.

Sandy K

eenan, “Afﬁrmative Consent: Are Students Really Asking?,” The

New York Times (July 28, 2015), http://www.nytimes.com/2015/08/02/

education/edlife/afﬁrmative-consent-are-students-really-asking.html?_r=0.

New York State Senate Bill S5965, Article 129-B §6441(1).

Ibid.

New York State Senate Bill S5965, Article 129-B §6441(2)(A).

Ibid.

New York State Senate Bill S5965, Article 129-B §6441(2)(D). .

Ibid.

New York State Senate Bill S5965, Article 129-B §6441(2)(B) & (C).

New York State Senate Bill S5965, Article 129-B §6440(3).

New York State Senate Bill S5965, Article 129-B §6440(1)(B).

New York State Senate Bill S5965, Article 129-B §6440(3).

New, “Colleges Across Country Adopting Afﬁrmative Consent.”

eenan, “Afﬁrmative Consent: Are Students Really Asking?”

SUNY, “Deﬁnition of Afﬁrmative Consent.”

New, “Colleges Across Country Adopting Afﬁrmative Consent.”

Keenan, “Afﬁrmative Consent: Are Students Really Asking?”

SUNY, “Deﬁnition of Afﬁrmative Consent.”

ﬁrmative Consent, “What is Afﬁrmative Consent?”

Cathy Young, “Opinion Feminism - Campus Rape: The Problem with ‘Yes

Means Yes’,” Time (August 29, 2014), http://time.com/3222176/campus-

rape-the-problem-with-yes-means-yes/.

Ibid.

Alana Vagianos, “Good2Go Is an App for Consenting to Sex,” The Hufﬁngton

Post (June 25, 2014), http://www.hufﬁngtonpost.com/2014/09/30/

consensual-sex-app-good2go_n_5903036.html.

Ibid.

When a person clicks, “No, thanks,” a screen appears on the other party’s

phone that reads, “Remember! No means No! Only Yes means Yes BUT can

be changed to NO at any time!” See Vagianos, “Good2Go.”

Ibid.

Diamond Naga Siu, “Consent Law Wording Confuses,” Washington Square

News (November 9, 2015), http://www.nyunews.com/2015/11/09/consent-

law-wording-confuses/.

Ibid.

New, “Colleges Across Country Adopting Afﬁrmative Consent.”

Philip Lee, “The Curious Life of In Loco Parentis at American Universities,”

Higher Education in Review (2011), http://scholar.harvard.edu/ﬁles/

philip_lee/ﬁles/vol8lee.pdf; see also Nick Sweeton and Jeremy Davis, “The

Evolution of In Loco Parentis,” http://www.sahe.colostate.edu/data/sites/1/

documents/journal/journal2003_2004vol13/loco_parentis.pdf.

Siu, “Consent Law Wording Confuses.”

Ibid.

Young, “Opinion Feminism - Campus Rape.”

Ibid.

Ibid. (Noting that many colleges and universities with afﬁrmative consent

sexual assault policies, such as Occidental College, Duke University of

Houston, and Swarthmore, have incorporated such language).

United States Department of Education, Ofﬁce of Civil Rights, “Dear

Colleague Letter” (April 4, 2011), http://www2.ed.gov/about/ofﬁces/list/ocr/

letters/colleague-201104.pdf.

Circumstances can force your hand. So think ahead!

—RobeRt a. heiNleiN,

aMeRicaN scieNce fictioN wRiteR

URMIA Journal 2016

Introduction

It was a typical summer evening in the Bronx. As the

local weather broadcasters like to say, it was Triple-H:

hot, humid, and hazy. But that didn’t stop hundreds of

people from lining up around the block so they could

have a chance to squeeze into the basement auditorium of

the Bronx Museum and hear Dr. Mary Bassett, the New

York City Health Commissioner, reassure them that the

city was doing everything that it could to

keep them safe. is was not a gather-

ing of doctors or politicians, mind you,

although there were certainly enough of

both in the room. No, this was a crowd

of neighbors in the South Bronx, the

perceived epicenter of what was be-

ing referred to as a Legionella outbreak.

Many shared a familiarity with poverty;

many were not native English speakers;

and few if any understood the concepts

of toxicology and epidemiology that were

being discussed. What they did know is

that 12 of their neighbors got sick and

died from some mysterious droplets

of cooling tower water that seem to be

sprinkling oﬀ every rooftop.

e auditorium was packed to capac-

ity. News crews squeezed their cameras

into every vacant space; politicians ﬁnally

gave up trying to work the room; and

frightened residents of the South Bronx struggled to sit,

stand, or lean wherever they could to hear the commis-

sioner’s reassuring words. And that is exactly what they

heard. Yes, they heard from the commissioner of the

Department of Health and Mental Hygiene (DOHMH),

the agency responsible for preventing the spread infec-

tious diseases throughout New York City, but they were

really listening to Mary Bassett, a physician born and

raised in the same city that she was sworn to protect.

She seemed to be one with her audience, and the people

responded in kind. She told them what she knew and

what the city planned to do, and then she opened the

ﬂoor to questions and proceeded to answer every one with

patience and empathy—even though she was responding

more or less to the same questions over and over—and

she never looked at her watch.

What she told them was that she was issuing a Health

Commissioner’s Order requiring every building with

water recirculating cooling towers within the City of New

York to do the following:

(1) Obtain the services of an environ-

mental consultant with demonstrated

experience performing disinfection in ac-

cordance with current standard industry

protocols including, but not limited to,

American Society of Heating, Refrigera-

tion and Air-Conditioning Engineers

(ASHRAE) Standard 188P and Cool-

ing Technology Institute Guidelines

WTB-148;

(2) Under supervision of the environ-

mental consultant, evaluate the cooling

tower and associated equipment for the

presence of organic material, bioﬁlm, al-

gae, and other visible contaminants; and

regardless of the outcome of the evalu-

ation required by item (2) above, direct

the environmental consultant to carry

out a disinfection/treatment suﬃcient to

remove organic material, bioﬁlm, algae,

and other contaminants and disinfect in a manner

suﬃcient to control for the presence of Legionella

organisms within 14 days of receipt of this letter;

and

(3) Maintain records on-site of the consultant’s

inspection and remediation, and make them

available upon request to the City of New York in

person, or by fax or email as requested.

(4) If an identical assessment and any disinfection

procedure has been conducted at this build-

ing within the past 30 days, in lieu of the items

Howard N. Apsan, PhD, University Director of Environmental, Health, Safety, and Risk Management, The City University of New York

Legionella in the Bronx:

Lessons Learned in Minimizing Complex Risk

This was not a

gathering of doctors

or politicians. ... No,

this was a crowd

of neighbors in the

South Bronx, the

perceived epicenter

of what was being

referred to as a

Legionella outbreak.

URMIA Journal 2016

“About the Disease

Legionellosis is a respiratory disease caused by Legionella

bacteria. Sometimes the bacteria cause a serious type of

pneumonia (lung infection) called Legionnaires’ disease.

e bacteria can also cause a less serious infection called

Pontiac fever that has symptoms similar to a mild case of

the ﬂu.

“Causes and Common Sources of Infection

Legionella is a type of bacterium found naturally in fresh-

water environments, like lakes and streams. It can become

a health concern when it grows and spreads in human-

made water systems like hot tubs that aren’t drained after

each use, hot water tanks and heaters, large plumbing

systems, cooling towers, and decorative fountains.

is bacterium grows best in warm water.

“How It Spreads

People are exposed to Legionella when they breathe in mist

(small droplets of water in the air) containing the bacteria.

One example might be from breathing in droplets sprayed

from a hot tub that has not been properly cleaned and dis-

infected. … In general, Legionnaires’ disease and Pontiac

fever are not spread from one person to another.

“Treatment

Legionnaires’ disease requires treatment with antibiotics

...and most cases of Legionnaires’ disease can be treated

successfully. Healthy people usually get better after being

sick with Legionnaires’ disease, but they often need care in

the hospital. Possible complications of Legionnaires’ dis-

ease include lung failure and death. About 1 out of every

10 people who get sick with Legionnaires’ disease will die

due to complications from their illness.

“Signs and Symptoms

Legionnaires’ disease is very similar to other types of

pneumonia, with symptoms that include cough, shortness

of breath, high fever, muscle aches, and headaches. Legion-

naires’ disease can also be associated with other symptoms

such as diarrhea, nausea, and confusion. Symptoms usu-

ally begin 2 to 10 days after being exposed to the bacteria,

but it can take longer so people should watch for symptoms

for about 2 weeks after exposure.

ordered in numbers 1-3, above, maintain records

on-site of the consultant’s inspection and remedia-

tion, and make them available upon request to the

City of New York in person, or by fax, or email as

requested.

If this seems complicated, time consuming, and ex-

pensive, it is. Nevertheless, when the city faces a potential

health crisis of this nature—or any of the other recent

health crises, such as H1N1 Pandemic Flu and Ebola,

or this year’s concern for Zika—simple solutions are not

likely to be found. What the commissioner failed to say,

probably because the crisis was continuing to evolve, is

that the Health Commissioner’s Order would become one

of many requirements and guidelines issued by a range

of federal, state, and city agencies with responsibility for

public health and safety. e challenge for New York City

landlords, including e City University of New York

(CUNY), was to ﬁgure out which buildings were covered

and how they could be brought into full compliance.

is article will focus on how the Legionella crisis

emerged into a full-ﬂedged health crisis, how the various

government agencies responded, how CUNY played the

dual role of regulated cooling tower manager, as well as

host to what was eﬀectively the Emergency Operations

Center in the South Bronx, and how we can apply the

lessons learned from this crisis to our ongoing eﬀort to

minimize complex risks.

Legionnaires’ Disease:

From Legionella to Legionellosis

Legionnaires’ disease got its name from a deadly outbreak

of pneumonia among attendees at an American Legion

convention at the Belleview Stratford Hotel in Philadel-

phia in July 1976.

e strain of bacteria that infected

hundreds of convention attendees, and is believed to have

caused the death of dozens, became known as Legionella,

and the disease became known as Legionellosis. Much

has been written about the origins of Legionnaires ’

disease, but epidemiologists, such as those at the Centers

for Disease Control (CDC), have compiled and updated

information on the disease, its causes, and methods of

prevention.

URMIA Journal 2016

“Prevention

ere are no vaccines that can prevent legionellosis.

Instead, the key to preventing legionellosis is making sure

that the water systems in buildings are maintained in

order to reduce the risk of growing and spreading Legio-

nella.

“People at Risk

Most healthy people do not become infected with Legionel-

la after exposure. People at higher risk

of getting sick are older people (usually

50 years or older), current or former

smokers, people with a chronic lung dis-

ease (like chronic obstructive pulmonary

disease or emphysema), people with a

weak immune system from diseases like

cancer, diabetes, or kidney failure, and

people who take drugs that suppress the

immune system.”

Because Legionnaires’ disease has

been so well studied, state and local

health departments have been relatively

successful in controlling its spread. Nev-

ertheless, when an outbreak does occur,

epidemiologists and other public health

oﬃcials really earn their keep.

Keeping the Disease Detectives Busy

e New York City DOHMH has a

storied history as a leader in protecting

public health. In a comprehensive study

by John M. Barry on the Spanish ﬂu of

1918, we see some of the epidemiological

work of last century’s health detectives

under extraordinary circumstances.

e contemporary health detectives are

just as diligent. When 12 people were di-

agnosed with Legionella in 2014, the Health Department

discovered the source to be the cooling towers of a Bronx

housing project.

When the 2015 outbreak occurred, the

Health Department suspected the cooling towers again.

ere are numerous descriptions of the 2015 outbreak

in the Bronx, from dramatic to clinical. e CDC, which

served as a spectator as well as a player, posted the fol-

lowing epidemiological summary of the outbreak on its

website:

“When cooling towers are not properly maintained, they

can become a home for Legionella bacteria, which thrive

in untreated warm water. If people with certain health

risks breathe in water droplets contaminated with these

bacteria, they may develop Legionnaires’ disease. If people

are getting sick with Legionnaires’ disease, how can health

oﬃcials ﬁnd out the source of the bacteria?

A team of city, state, and CDC epidemi-

ologists (disease detectives), laboratory

scientists, and environmental health experts

was able to do just that with an outbreak

this summer in New York City.

“Recognizing the Outbreak

Legionella bacteria are found naturally in

fresh water and can live in most any warm

water that isn’t properly treated with chemi-

cals. Most people exposed to Legionella bac-

teria don’t get sick, but those who are older

or already have health problems are at risk

for developing Legionnaires’ disease. It’s not

surprising for large cities to report several

cases of the disease every year. However,

epidemiologists are always on the lookout

for an increase in cases that might suggest

an outbreak of the disease. is past July,

after noticing a spike in reports from clinics

and hospitals in the Bronx, New York City

investigators sprang into action.

“Identifying the Source

After mapping the places of work and resi-

dence of all the patients identiﬁed, the inves-

tigators noticed a pattern that indicated the

source was likely a cooling tower. en, using

state-of-the-art computer modeling programs, the geographic

area most likely to contain the contaminated cooling tower

was identiﬁed. A team of environmental health experts from

New York and the CDC then collected samples from every

cooling tower in that area and sent those samples to public

health laboratories. Legionella are very challenging bacte-

ria to work with, but after weeks of testing, city, state, and

When 12 people

were diagnosed

with Legionella in

2014, the Health

Department

discovered the

source to be the

cooling towers of

a Bronx housing

project. When the

2015 outbreak

occurred, the

Health Department

suspected the cooling

towers again

URMIA Journal 2016

CDC laboratories were able to solve the mystery. e DNA

“ﬁngerprint” from the bacteria found in each of the patients

was identical to that of the bacteria found in one of the

cooling towers, conﬁrming that it was the speciﬁc Legionella

bacteria from that cooling tower that infected each of those

patients.

“Containing the Outbreak

Even before the source was conﬁrmed, the suspected cooling

tower and those in the surrounding area were cleaned and

treated. en oﬃcials worked with the building owners to

ensure that industry standards for treatment of their cooling

tower were met. After weeks of a collaborative epidemio-

logic, environmental health, and laboratory investigation by

the city, state, and CDC, the outbreak

was declared over by New York City

oﬃcials.

“Keeping an Eye on Cooling Towers

With 128 people infected and 12 deaths

attributable to the outbreak as of August

20, 2015, this was the largest outbreak

of Legionnaires’ disease ever recorded in

New York City. In response, the City

passed new legislation that requires reg-

istration of all cooling towers and deﬁnes

maintenance standards. e collaborative

eﬀorts of public health professionals from

city, state, and federal agencies made it

possible for this outbreak to be identi-

ﬁed, solved, and contained as quickly as

possible. Investigators like these stationed

all over the United States, at CDC, and

across the globe are working every day to detect, respond to,

and prevent public health threats.”

e New York City health detectives and their federal

and state colleagues worked well together and made

quick and signiﬁcant inroads to identifying the disease

and its source. Of course, in this case, the health issue

was not just an epidemiological exercise; it had become a

full-ﬂedged health crisis, with the attendant political and

media attention.

How Did The City University of New York

Get Involved?

e City University of New York (CUNY) is the

country’s largest urban university system and the third

largest university system in the United States. In 2015,

it had 24 colleges, graduate schools, and professional

schools; served approximately 520,000 matriculated and

non-matriculated students;

had almost 44,000 full- and

part-time faculty and staﬀ;

and had more than 26 mil-

lion square feet of space in approximately 300 buildings

located throughout New York City’s ﬁve boroughs.

CUNY has many students that live in the South

Bronx, and one of it campuses, Hostos Community

College, is located in the epicenter of the outbreak. As a

result, Hostos simultaneously became a

suspected source—because it has cooling

towers—and a valuable resource because

it is an ideal staging area for the many

agencies that would soon be involved.

To help address the Legionella out-

break, New York State marshalled its

Health Department and its Division of

Homeland Security and Emergency Ser-

vices and sent signiﬁcant resources from

Albany and elsewhere around the state

to the South Bronx. e Governor’s

Oﬃce asked if Hostos could serve as the

Emergency Operations Center for the

Legionella response, and CUNY happily

acquiesced.

As was noted in a 2008 URMIA

Journal article,

and referenced in a

follow-up 2015 article:

“CUNY’s risk management and business continu-

ity eﬀorts are designed to be collaborative and to foster

consultation. Day to day coordination, however, falls to

CUNY’s Oﬃce of Environmental, Health, Safety and

Risk Management. is includes leadership of the CUNY

Risk Management and Business Continuity Council and

coordination of its monthly meetings; chairing the monthly

Emergency Preparedness Task Force meetings; conducting

annual risk surveys, developing updated risk maps, and

periodically revising the CUNY Risk Management Plan;

preparing emergency-speciﬁc continuity of operations

The New York City

health detectives

and their federal

and state colleagues

made quick and

signiﬁcant inroads

to identifying the

disease and its

source.

URMIA Journal 2016

plans; and maintaining the university’s risk management,

business continuity, and emergency preparedness website.

It also involves coordinating all of these activities with

stakeholders throughout the university and with external

agencies and organizations.”

Because the challenge required the protection of the

health and safety of the CUNY community, as well as

coordination with a wide range of outside agencies, this

team was given leadership responsibility.

Sharing Success

Once the source of the outbreak was determined, several

things had to happen to minimize the ongoing and future

risk of any additional exposure to Legionella from cool-

ing towers. Many agencies were involved directly, and

many others played a supporting role. As noted above, the

ultimate health and safety responsibility rested with the

Health Department, and Commissioner Bassett issued

the Commissioner’s Order. Cooling towers and other

building structures are the responsibility of the Build-

ings Department, and Commissioner Chandler played a

critical role in making sure that his department’s concerns

were addressed. Finally, as is true of any city emergency,

the Department of Emergency Management played a key

coordinating role. is included support through regular

conference calls, as well as gentle reminders from Com-

missioner Esposito that deadlines were approaching.

New York State also played a signiﬁcant role, much

of it centered at Hostos Community College. e college

was happy to provide a large conference space for New

York State Health Department oﬃcials, Division of

Homeland Security and Emergency Services staﬀ, repre-

sentatives of the Governor’s Oﬃce, and a range of local

oﬃcials. In addition, the Hostos parking lot became the

staging area for the state’s mobile Emergency Operations

Center trailer and other vehicles. Teams of inspectors and

samplers were dispatched throughout the South Bronx

from this central base.

At CUNY, we learned to be good hosts under adverse

circumstances from our service as evacuation centers, hur-

ricane shelters, and special medical needs facilities during

Hurricane Irene and Superstorm Sandy.

In fact, Hostos

was experienced enough to understand when to be

involved actively—food, sanitation, security—and when

to provide background support. Of course, most of our

guests were professionals, not evacuees, and we knew that

our hosting obligations would be modest and short lived.

On the other hand, making sure that all of CUNY’s

24 campuses were complying with Health, Buildings, and

Emergency Management requirements was a bit more

complex. First, CUNY had to take inventory of its cooling

towers, which is a bit more involved than one might think.

As noted, we have more than 300 buildings, some with

multiple cooling towers and others with none; some owned

by CUNY and others leased from private landlords; some

sampled and tested by CUNY staﬀ, others by independent

contractors; some with state of the art water treatment sys-

tems and others without.

Once a complete inventory was established, the compli-

ance process began. Again, at face value, this would seem like

a simple process. However, because of the many diﬀerent

agencies involved and the sometimes inconsistent require-

ments, the compliance process had some challenges as well.

Finally, procedures had to be put into place to ensure that

the measures taken under emergency conditions would be

revisited so that standard operating procedures (SOP) could

be developed. ese SOPs would help routinize the manage-

ment of complex risks and reduce the need for emergency

response going forward.

Conclusion

Several weeks after the crisis had abated, Governor Cuomo’s

staﬀ set up a conference at the Empire State Plaza in Albany

to evaluate how the Legionella outbreak in the Bronx was

handled and to share lessons learned.

Many of the orga-

nizations that were enmeshed in the response were able to

reﬂect on what went well and where there was room for

improvement.

In general, the response to the crisis was extraordinary.

So many agencies and organizations committed all the re-

sources at their disposal to address the outbreak. Person-

nel, equipment, and ﬁnancial resources were made avail-

able, and bureaucratic and jurisdictional challenges were

overcome. In sum, while the deaths of 12 people—and

the fear and anxiety of an entire city—muted the sense of

accomplishment, everyone recognized that without this

eﬀort, the results could have been much worse.

Nonetheless, professional risk managers are always

committed to continuous improvement. We acknowl-

URMIA Journal 2016

edge a successful outcome, but we always try to uncover

what we could have done better. In this case, as in many

other large scale, complex emergencies, there are typically

three areas that are often tested: command, control, and

coordination.

Health crises do not respect political, jurisdictional,

or organizational boundaries. at is why the ﬁrst rule

of incident management is to establish a clear chain of

command. e fact that so many state and local agencies

committed resources to address the Legionella outbreak

can be vitiated if they are not all working toward the same

objectives. When the lines of authority are unclear, coor-

dination becomes much more diﬃcult.

During a crisis, and especially in setting up recurrence

prevention, control systems are critical to ensure that

instructions are clear and consistent and that outcomes

are measured and assessed. Inconsistencies among federal,

state, and local regulations are not uncommon; most of

us have a favorite example or two. But when new require-

ments are being established, there is a better chance of

avoiding inconsistency and confusion. Similarly, when

expectations are clear, outcomes are easier to evaluate.

Naturally, command and control require eﬀective

coordination. It is hard to say that there wasn’t enough

communication during the Bronx Legionella outbreak. At

the height of the crisis, there were several regular confer-

ence calls every day. But eﬀective coordination often re-

quires smaller scale meetings, calls, and written exchanges,

where there are opportunities to ask questions and clarify

any potential confusion. Emergency operations are always

stressful; all the more reason to ensure that coordination

is eﬀective.

We started with a story that happened in a basement,

so I will end with another underground story—this one

at the New York State Emergency Operations Center in

a Cold War era bunker in Albany. As you would expect,

the technology was state of the art, and it was clear that

New York State takes preparedness and emergency

response very seriously. But when we got a tour of some

of the technology at work, it was the people who oper-

ate and apply the emergency technology—the ones who

run toward the crisis, not away from it—that were most

inspiring. As we implement the Legionella prevention

program, and all other risk management initiatives, the

technology is important, but it is the human touch, from

Commissioner Bassett’s patience to the fearlessness of the

rooftop cooling tower inspectors, that really makes the

diﬀerence.

About the Author

Howard Apsan is the university direc-

tor of environmental, health, safety,

and risk management for e City

University of New York (CUNY), the

largest urban university system in the

United States. CUNY has 24 colleges,

graduate schools, and professional

schools; approximately 520,000 ma-

triculated and non-matriculated stu-

dents; 43,000 full- and part-time faculty and staﬀ; and 26

million square feet of space in approximately 300 build-

ings located throughout New York City’s ﬁve boroughs.

e university director is responsible for environmental

health and safety management and compliance through-

out the university. He also serves as the university’s risk

manager, tasked with assessing liabilities and designing

systems for minimizing CUNY’s operational and repu-

tational risks and promoting resiliency and continuity

of operations. He chairs the university’s Environmental

Health and Safety Council; the Risk Management and

Business Continuity Council; and the Emergency Pre-

paredness Task Force.

Earlier in his career, he served for several years in New

York City government at the Mayor’s Oﬃce, the Board

of Education, and the Sanitation Department. He left

municipal government to pursue a career in environmen-

tal and risk management consulting, which included eight

years as a principal, and ultimately national director, of

a nationwide consulting ﬁrm, and led to the founding of

Apsan Consulting. He has served industrial, commer-

cial, real estate, government, and not-for-proﬁt clients

throughout the United States and has extensive interna-

tional experience.

In addition to his management and consulting activi-

ties, he has been a member of the faculty at Columbia

University’s School of International and Public Aﬀairs

since 1986 and also teaches in Columbia’s Sustainability

Management program. He is a LEED Accredited Pro-

fessional and has served on the United States Technical

Advisory Group (US TAG) for ISO 14000, the Ameri-

URMIA Journal 2016

can Society for Testing and Materials (ASTM) Environ-

mental Committee (E-50), and the Environmental Com-

mission in Springﬁeld (New Jersey), where he is also a

lieutenant in the police reserve. He chaired the New York

Chamber of Commerce Environment and Energy Com-

mittee and the New York Chapter of the Environmental

Auditing Roundtable and was the president of a commu-

nity-based non-proﬁt corporation. He is a member of the

editorial board of Environmental Quality Management and

writes and lectures regularly.

He earned his BA and MA from Brooklyn College

and his MPhil and PhD from Columbia University.

Endnotes

The author serves as the university director of environmental, health,

safety, and risk management for The City University of New York, the

largest urban university system in the United States. In addition, he has

been an adjunct professor at Columbia University’s School of International

and Public Affairs since 1986 and also teaches in Columbia’s Sustainability

Management program.

Mary T. Bassett, “Order of the Commissioner,” New York City Department of

Health and Mental Hygiene, August 6, 2015, https://www1.nyc.gov/assets/

doh/downloads/pdf/cd/citywide-blanket-order.pdf.

Lawrence K. Altman, “In Philadelphia 30 Years Ago, an Eruption of Illness

and Fear,” New York Times, August 1, 2006, accessed May 22, 2016, http://

www.nytimes.com/2006/08/01/health/01docs.html?pagewanted=all&_r=0.

“Legionella (Legionnaires’ Disease and Pontiac Fever) – About the Disease,”

Centers for Disease Control and Prevention, last modiﬁed January 26,

2016, http://www.cdc.gov/Legionella/about/.

Ibid.

“Legionella (Legionnaires’ Disease and Pontiac Fever) – Causes and

Transmission,” Centers for Disease Control and Prevention, last modiﬁed

March 9, 2016, http://www.cdc.gov/Legionella/about/causes-transmission.

html.

Ibid.

“Legionella (Legionnaires’ Disease and Pontiac Fever) – Treatment and

Complications,” Centers for Disease Control and Prevention, last modiﬁed

January 26, 2016, http://www.cdc.gov/Legionella/about/treatment-

complications.html.

“Legionella (Legionnaires’ Disease and Pontiac Fever) – Signs and

Symptoms,” Centers for Disease Control and Prevention, last modiﬁed

January 26, 2016, http://www.cdc.gov/legionella/about/signs-symptoms.

html.

“Legionella (Legionnaires’ Disease and Pontiac Fever) – Prevention,”

Centers for Disease Control and Prevention, last modiﬁed January 26,

2016, http://www.cdc.gov/Legionella/about/prevention.html.

“Legionella (Legionnaires’ Disease and Pontiac Fever) – People at Risk,”

Centers for Disease Control and Prevention, last modiﬁed January 26,

2016, http://www.cdc.gov/Legionella/about/people-risk.html.

John M. Barry, The Great Inﬂuenza: The Story of the Deadliest Pandemic in

History (New York: Penguin Books, 2004).

“Legionnaires’ Disease Kills Two, Sickens 31 in New York City,” Reuters, July

29, 2015, accessed May 22, 2016, http://www.reuters.com/article/us-usa-

health-legionnaires-idUSKCN0Q328420150729.

Benjamin Mueller, “Legionnaires’ Bacteria Regrew in Bronx Cooling Towers

That Were Disinfected,” New York Times, October 1, 2015, accessed May 22,

2016, http://www.nytimes.com/2015/10/02/nyregion/legionnaires-bacteria-

regrew-in-bronx-cooling-towers-that-were-disinfected.html.

Public Health Matters Blog, “Keeping Cool Under Pressure: NYC

Legionnaires’ Disease Outbreak, Summer 2015,” Centers for Disease

Control and Prevention, September 29, 2015, accessed May 22, 2016,

http://blogs.cdc.gov/publichealthmatters/2015/09/keeping-cool-under-

pressure-nyc-Legionnaires-disease-outbreak-summer-2015/.

Ibid.

“About,” The City University of New York, http://www.cuny.edu/about.

html.

“Staff Facts: Fall 2014 Ofﬁce of Human Resources Management,” The City

University of New York, http://www1.cuny.edu/sites/onboard/wp-content/

uploads/sites/4/Fall-2014-Staff-Facts.pdf.

“Critical Maintenance: Caring for Our Campuses,” The City University

of New York, http://www.cuny.edu/about/administration/ofﬁces/fpcm/

critical-maintenance.html.

Howard N. Apsan, “Understanding Risk Management through an

Environmental Health and Safety Template,” URMIA Journal (2008).

Howard N. Apsan, “Choosing the Right Tools for Managing Environmental

and Enterprise Risk,” URMIA Journal (2015).

Howard N. Apsan, “Resiliency and Continuity: Hurricane Sandy and the

City University of New York,” Environmental Quality Management (Winter

2013).

New York State Emergency Planning Summit, Albany Convention Center,

August 17, 2015.

For speciﬁc deﬁnitions of these terms in the Incident Command System

(ICS) context, see: Federal Emergency Management Agency (FEMA) ICS

Resource Center, “Glossary of Related Terms,” accessed May 22, 2016,

https://training.fema.gov/emiweb/is/icsresource/glossary.htm.

Howard N. Apsan, “What Gets Measured Gets Done: Two Years into the

CUNY-EPA Audit Agreement,” Environmental Quality Management (Autumn

2005).

If you fail to plan,

you are planning to fail!

—beNJaMiN fRaNkliN,

MeRicaN fouNdiNG fatheR aNd

fouNdeR of the uNiveRsity of PeNNsylvaNia

URMIA Journal 2016

their preparedness for those unplanned interruptions and

fractured unions that will undoubtedly occur. is article

outlines the University’s process, how it started, and where

it is now. It will highlight University-wide tabletop exer-

cises and other planning resources. It will take what seemed

impossible to what is now Mission Possible.

The University of Pennsylvania

e University of Pennsylvania (Penn) is a major research

institution located in Philadelphia, Penn-

sylvania. A total of over 24,000 full- and

part-time students attend classes in 12

Schools, four of which oﬀer undergradu-

ate degrees and all of which oﬀer graduate

and/or professional degrees. Penn is a

highly selective institution; for the Class

of 2019, just over 10 percent of applicants

were oﬀered admission. ese students

are taught by a total of over 4,500 stand-

ing and associated faculty members.

e main campus resides on ap-

proximately 300 acres with a total of 215

buildings, including two major sports

stadiums/arenas, a museum of archaeol-

ogy and anthropology, and two hotels.

addition, Penn has several oﬀ-campus fa-

cilities, including the Morris Arboretum,

the New Bolton Center for the study and

treatment of large animals, and facilities associated with the

Wharton School in San Francisco and in China.

e University’s annual operating budget for Fiscal

Year 2016 is $7.74 billion. Penn receives over $900 million

annually in sponsored research funds, and the endowment

is just over $10 billion.

Background on the Mission Continuity Program (MCP)

Penn’s Mission Continuity Program (MCP) is designed

to ensure that the University is prepared to resume and/or

continue operations as eﬃciently as possible in the event of

an outage or emergency. As part of Penn’s MCP, Schools,

Introduction

e University of Pennsylvania’s roots are in Philadelphia,

the birthplace of American democracy. But Penn’s reach

spans the globe. Faithful to the vision of the University’s

founder, Benjamin Franklin, Penn’s faculty generate

knowledge that is unconstrained by traditional disciplinary

boundaries and spans the continuum from fundamental

to applied. rough this new knowledge, the University

enhances its teaching of both theory and practice, as well as

the linkages between them. Penn excels

in instruction and research in the arts and

sciences and in a wide range of profes-

sional disciplines. Penn produces future

leaders through excellent programs at

the undergraduate, graduate, and profes-

sional levels. Penn inspires, demands, and

thrives on excellence and will measure

itself against the best in every ﬁeld or

endeavor in which it participates. Penn

is proudly entrepreneurial, dynamically

forging new connections and inspiring

learning through problem-solving, discov-

ery-oriented approaches. Penn research

and teaching encourage lifelong learning

relevant to a changing global society. All

of this and more speaks to the mission of

the University of Pennsylvania.

e Merriam Webster deﬁnition of

continuity is “uninterrupted connection, succession, or

union.” is is what people strive for in their lives. How-

ever, it is a fact that there will be unplanned interruptions,

breaks in succession, and fractures in the union that keeps

it all together. In business, these same unplanned inter-

ruptions occur, just at a magniﬁed level. So in business the

term “business continuity” is recognized, or in the case of

the University of Pennsylvania the term “mission conti-

nuity” is recognized. e University of Pennsylvania has

established a Mission Continuity Program that allows for

all Schools, Centers, and departments of the University

to develop their own mission continuity plans and to test

Benjamin Evans, ARM, Executive Director of Risk Management and Insurance, Division of Finance; Dr. Anita Gelburd, Program and Portfolio

Manager, Information Systems and Computing; and Janet Plantan, Executive Director of Special Projects & Owner Mission Continuity Program,

Ofﬁce of the Executive Vice President, University of Pennsylvania

Mission Possible: Mission Continuity Planning at the University of Pennsylvania

The Merriam

Webster deﬁnition

of continuity is

“uninterrupted

connection,

succession, or

union.” This is what

people strive for in

their lives.

URMIA Journal 2016

the database, so they are widely accessible. Sample plans for

continuity of teaching, continuity of research activities, and

dealing with loss of human resources are all available in the

database library.

Beginning in the summer of 2008, the Executive Vice

President’s Oﬃce conducted a survey in the form of gather-

ing information into criticality ﬁlters. Each school and cen-

ter was asked to identify their critical assets, functions, and

processes and to determine if plans existed to restore those

assets, functions, and processes in the event of an outage or

emergency. As Figure 1 shows, over 2,000 assets, functions,

and processes were identiﬁed across the institution. How-

ever, the majority of units determined that they did not, in

fact, have recorded plans for continuing operations in the

event of an emergency or disruption to normal operations.

FIGURE 1: Criticality Filter Results

Planning Process

To assist staﬀ members from around the campus in the

mission continuity planning process, the central MCP lead-

ership has established a framework for planning, as follows:

• All plans are stored in a specially conﬁgured data-

base that is web-accessible on all browsers.

• All users are required to take three online training

modules before being granted access to the data-

base. is ensures that they understand how the

MCP is structured and how the database works be-

fore they start the planning process. As of Decem-

ber 2015, over 260 University staﬀ members have

been trained and have participated in the program.

• All Schools and Centers are expected to create

what are called Foundation Plans, containing

certain elements speciﬁed by the Provost and

Centers, departments, and oﬃces are responsible for devel-

oping mission continuity plans and storing them online in

a database that has been specially conﬁgured for Penn. e

University beneﬁts from having consistent and accessible

mission continuity plans for all organizations and facilities,

so Penn can respond quickly and eﬀectively to a disruption

or crisis and continue operations. ese plans provide the

information necessary to help Schools and Centers resume

critical operations as quickly as possible.

MCP representatives have been identiﬁed for all

Schools and Centers. ese representatives are responsible

for the strategic-level decisions about continuity planning.

ey have designated liaisons who create and maintain

the actual plans. In keeping with Penn’s decentralized

ﬁnancial and management model, over 200 MCP liaisons

have been trained to use the database to develop and enter

plans into the system. is distributed model is consistent

with Penn’s Responsibility Center Management (RCM)

ﬁnancial system, reﬂecting an operational philosophy that

those closest to their business know their needs and critical

processes best.

e mandate to develop and maintain mission conti-

nuity plans comes from University leadership, speciﬁcally

from the Provost and the Executive Vice President. Sup-

port from the top levels of the University has proven to be

extremely valuable in obtaining buy-in from users around

campus. In addition, a central steering group composed of

subject matter experts from around the university provides

support to the program in many ways (see Appendix 1 for

a list of units represented on the steering group). Repre-

sentative members of this group have been involved in the

strategic direction for the program; software selection and

conﬁguration; creation and delivery of training; and piloting

and eventual planning for full deployment of the program.

Members also conducted individual and group meetings

with staﬀ members across the institution to help them

develop plans; contributed to the planning of the annual

tabletop exercises; and continue to conduct monthly user

group meetings on topics of interest. Obtaining input from

this group, which represents many diverse organizations

from across the institution, has contributed to the success

of the program.

Members of the steering group have also been involved

in developing sample plans that can be used by all liaisons.

ese sample plans are stored in a common library within

URMIA Journal 2016

Executive Vice President. Plans are expected to be

organized into ﬁve categories: Buildings, Equip-

ment, Technology, Human Resources, and

ird-Party Vendors or Partners. is is called

the BETH3 model for organizing plans. For each

category within this model, each school, center, de-

partment, or oﬃce is expected to determine critical

items within that category that would allow them

to continue operations in the event of an outage or

disruption. ey are then expected to construct at

least ﬁve plans, one in each category (unless they

have determined that a plan is not needed; for

example, if they have no crucial equipment, they

may decide to omit an equipment plan). e value

of using this model is that most of the activities and

functions of the University can be subsumed into

one category or another.

For example, in order to continue the research mis-

sion of the institution, planners would probably need to

be concerned about the facilities where the research takes

place (buildings); the apparatus used for research, such as

freezers to store specimens (equipment); the computing

equipment where data about the research is stored and

analyzed (technology); the faculty and staﬀ who participate

in the research (human resources); and the companies

who provide necessary supplies (third-party vendors/

partners). Likewise, to continue the instructional mission

of the institution, planners would need to be

concerned about the facilities where classes take

place (buildings); apparatus used during instruc-

tion, such as cadavers for medical school classes

(equipment); computers used in scheduling

classes or used in classrooms to facilitate instruc-

tion (technology); the faculty who teach and the

staﬀ members who support the instructional

mission (human resources); and suppliers who

support the equipment and technology men-

tioned above (third-party vendors/partners).

us, providing planners with these catego-

ries allows them to take a large issue – how to

continue the instructional and research mis-

sion of the University – and break it down into

manageable pieces for planning purposes. As

one of our organizations wrote in a post- exercise report

following a tabletop exercise: “Utilizing the recommended

BETH3 model, preparation for this exercise helped us

to create a plan which is comprehensive, but at the same

time simple and ﬂexible enough to address a wide range of

scenarios which could potentially disrupt normal business

operations.”

Our Perelman School of Medicine has expanded this

model for their own use to what they call the PASIFEC-3

model. is stands for: People, Animals, Specimens, In-

formation Systems, Facilities, Equipment, Communication

Infrastructure, and ird-Party Vendors. is expanded

version of the model allows them to account for the com-

plexity of the work the school is engaged in.

• e focus of the plans is continuity of operations,

rather than emergency response, which is overseen

by Penn’s Division of Public Safety. Users are

expected to include information about how they

plan to continue their critical operations in the

event of an outage or disruption that may last any-

where from a few hours to several months. Figure

2 shows the relationships among crisis manage-

ment (managing the initial response to an outage

or disruption), disaster recovery (restoring technol-

ogy systems), and mission continuity (continuing

operations in the long term following an outage or

disruption).

FIGURE 2: Continuum of Planning

URMIA Journal 2016

• Each individual plan (called an action plan) is orga-

nized into four columns of information: a Trigger

(when something happens), an Action (what do we

do), at least one Responsible Person (who does it),

and a Procedure (how does it get done). ere may

be multiple triggers within a given plan, multiple

actions within a given trigger, and multiple respon-

sible persons and procedures for a given action.

• To help users obtain the information needed for a

plan, the MCP leadership provides a pre-planning

questionnaire (PPQ), which can be used as an

interview tool or a survey, or can simply be com-

pleted by the planner. is tool (see Appendix

2), especially when used in conjunction with the

sample plans in the library mentioned above, allows

planners to ensure they have all the information

they need even before they start to

enter plans into the database.

• Since the planning process is

distributed across the entire

University, communicating

regularly and comprehensively

with the plan developers/liaisons

is of paramount importance to the

success of the program. Monthly

user group meetings, structured

around topics of common inter-

est, are provided for users on a

voluntary basis. An unexpected

beneﬁt of the program has been

the community of liaisons and

end users that has been created. e sharing of in-

formation and ideas is commonplace among them.

In addition, there is a website (http://www.upenn.

edu/missioncontinuity) that includes a wide variety

of information and tools for use in the planning

process. ese include:

• e pre-planning questionnaire (PPQ), which

can be used either as an interview tool or a sur-

vey. It is structured to allow users to obtain the

information they need to include in their action

plans (see Appendix 2).

• A glossary of terms relating to mission continu-

ity planning.

• Guidelines for constructing and reviewing plans.

• Screenshots of the online training modules,

so users can review individual features and

functions without accessing the entire online

training module.

• A tool for recording best practices and lessons

learned, to be used when analyzing response to

an outage or disruption.

Tabletop Exercises

It is essential that plans be kept up-to-date and main-

tained so they can be activated any time an outage or

emergency occurs. To assist organizations in maintaining

their plans, the MCP requires organizations to conduct

annual tabletop exercises. In a tabletop exercise, an imagi-

nary scenario is followed that, if it were real, would neces-

sitate that mission continuity plans be activated. e exer-

cise is conducted within a short period of

time – usually about 90 minutes – and

the relevant plans are checked to ensure

that they contain correct and up-to-date

information, to help participants identify

gaps in the plans, and to allow them to

discuss how best to address these gaps.

Beginning in the Fall of 2013,

Penn’s Provost and the Executive Vice

President required that annual tabletop

exercises be conducted University-wide.

One goal is to make sure that all plans

are being maintained and are up-to-date.

It has also been an opportunity to check

plan consistency across the institution.

In 2013, Schools and Centers were asked to formulate

their own scenarios to test components of their plans dur-

ing a tabletop exercise.

For the Fall of 2014, however, a single scenario was de-

veloped by the steering group for all organizations to use

in their tabletop exercise. All organizations were asked to

schedule and conduct the exercise sometime during the

fall semester. e scenario involved the derailment of a

train car containing toxic chemicals from the tracks at the

east end of campus. is necessitated that organizations

in the University activate several of their plans, includ-

ing such emergency procedures as shelter-in-place and

eventual evacuation of campus, as well as continuity of

operations beyond the immediate crisis.

An unexpected

beneﬁt of the

program has been

the community of

liaisons and end

users that has been

created.

URMIA Journal 2016

e following year, the Fall of 2015, the scenario

chosen involved ﬂooding from torrential rains. Each unit

conducting an exercise had to identify two of their build-

ings that would be impacted by the storm and ﬂooding.

Rather than a campus-wide disruption as in the train

derailment, organizers and participants were to assume

that only those two buildings were impacted and the rest

of campus weathered the storm. Once again, Schools and

Centers were asked to complete the exercise at a time of

their choosing during the fall semester.

Penn’s Oﬃce of Risk Management has partnered with

the MCP central leadership on this initiative. e Oﬃce

of Risk Management approached several of our corporate

partners from the insurance and risk industry to assist in

this eﬀort; the companies and ﬁrms selected staﬀ members

to come to campus and facilitate each of these exercises on a

volunteer basis. e MCP leadership designed and provid-

ed an orientation program for all the volunteer facilitators,

so they could fully understand the Penn environment, how

the tabletop exercises ﬁt into that environment, and what

their job as a facilitator of an exercise would entail. It is su-

perb facilitation that allows for open and focused dialogue

and ultimately a smooth running exercise.

In the Fall of 2014, 60 units within the Schools and

Centers of the University conducted tabletops using the

common scenario, and a total of 16 professionals from six

companies facilitated the exercises. In the Fall of 2015, a

total of 58 exercises took place throughout the Schools and

Centers, and a total of 12 professionals from ﬁve companies

facilitated the exercises. In this latter year, a total of over

450 University leaders, faculty, and staﬀ participated in the

exercises around campus.

In the Fall of 2014, the nature of the scenario was kept

conﬁdential, so that users learned about the disruption

caused by the train derailment at the time of exercise to

simulate a real emergency event and the need to determine

if plans to continue operations were suﬃcient. In the Fall

of 2015, users were told in advance that the scenario would

involve ﬂooding and roof leaks to their buildings, and sev-

eral of the slides the facilitators used to conduct the exercise

were shared with users in advance to allow them to prepare

as they normally would for a predicted weather emergency.

As one of the external facilitators and president of a

full-service specialty insurance company wrote: “To wit-

ness such a high level of preparedness, collaboration, and

responsiveness throughout a university is, in my experi-

ence, rather unique. is is precisely why the University of

Pennsylvania is a leader in higher education….” Another

wrote: “As an insurance professional who helps large,

sophisticated organizations manage and mitigate risk every

day, I have been immensely impressed with the scale, scope,

and thoroughness of the mission continuity program. In

the vast majority of my client engagements, risk manage-

ment is something that is approached reactively —after

something negative has occurred. As a Penn alumnus,

it is both refreshing and reassuring to see the University

proactively addressing potential risk exposures and dedicat-

ing the resources necessary to prepare Penn for a worst case

scenario.”

A new feature for the Fall 2015 exercises was the inclu-

sion of fact sheets from Penn’s Facilities and Real Estate

Services Division (FRES) for each individual building iden-

tiﬁed as being aﬀected by the imaginary rainstorm. ese

fact sheets (see Appendix 3 for a sample) provided informa-

tion to those participating in the exercises concerning the

diﬃculties and issues in their speciﬁc facilities.

e MCP prepared several documents to help organi-

zations conduct their tabletop exercises, all of which are

available on the MCP website: http://www.upenn.edu/

missioncontinuity/table_top_exercise.html.

ese included:

• Guidelines: Organizations are provided with

guidelines on conducting a tabletop exercise. ese

guidelines stress that the purpose of the exercise

is to improve the plans, not as a test of the partici-

pants. e MCP leadership are not trying to catch

planners in doing something supposedly wrong;

the exercise is so we can all work together to make

the University’s plans as strong as they can be. Each

exercise becomes its own gap analysis.

• Instructions for reporting: Organizations are

provided with instructions for how to turn the

plans stored in the database into PDF documents

which can be moved to a LAN or to Box, saved on

a ﬂash drive, or printed in hard copy and shared

with their senior management and/or participants

in the tabletop. e goal is to provide management

and other appropriate parties with copies of the

plans without having to go through training on the

database.

URMIA Journal 2016

• Guidelines for communication planning (added

for the 2015 tabletop exercises): Organizations

are advised to include a crisis communications plan

in their mission continuity plans. ese guidelines

help users to construct one.

• Observer Information Form: Organizations are

encouraged to have an observer at the tabletop

exercise. is form allows the observer to provide

feedback about the organization’s plans. Observer

Information Forms are not shared with the central

MCP staﬀ; they are strictly for the use of the orga-

nization conducting the tabletop.

• Post-exercise report template: All organizations

conducting a tabletop exercise are required to com-

plete a short post-exercise report

and return it to the MCP within

10 days of their exercise. e

MCP leadership and the steering

group use these reports to compile

information about Penn’s overall

experience and provides updates

to University leadership and other

key groups and individuals about

the results. e contents of these

reports also help to shape plans

for the following year’s tabletop

exercises. Sample post-exercise

report responses are provided as

Appendix 4.

• Central oﬃce fact sheets (added

for the Fall 2015 tabletop exer-

cises): ese fact sheets provide

information concerning how cen-

tral University divisions and oﬃces, such as public

safety and environmental health and radiation

safety, respond to disruptions and emergencies.

• Timeline (added for the Fall 2015 tabletop

exercises): e timeline details how to prepare

for a tabletop, starting six weeks in advance of the

scheduled date of the exercise.

Outcomes of the Tabletop Exercises

In response to the tabletop exercises, the sponsors of the

Program wrote:

• “e tabletop exercises are impacting both continu-

ity planning and participation across campus. e

Mission Continuity Program contributes to the

protection of assets and preservation of resources.

As a direct result of continuity planning, we have a

growing number of examples where this program

is making a positive diﬀerence in our ability to

respond and avoid interruptions to normal opera-

tions.” - Executive Vice President

• “I appreciate not only the successful tabletop ex-

ercises undertaken this past fall, but also the years

of careful coordination and planning that have

brought us to this point. While there is certainly

more work to be done, we can feel rightly proud of

the distance already traveled.” - University Provost

As mentioned above, all units con-

ducting tabletop exercises were required

to complete a post-exercise report both in

Fall 2014 and Fall 2015 (see Appendix 4

for sample responses from post-exercise

reports). e reports presented MCP

leadership with both best practices and

lessons learned.

Fall 2014 Post-Exercise Reports: Best

Practices and Lessons Learned

Units that conducted the tabletop exer-

cise in 2014 reported the following best

practices:

• Many users reported that they

found the exercise to be “very useful.”

• ey were aﬀorded the op-

portunity to include faculty and staﬀ

members from many levels of their organization.

• ey liked the use of a University-wide scenario.

• ey found it helpful to have multiple guidance

documents and training modules, as well as the

information posted on the website.

• ey found it helpful to have outside facilitators.

• is year’s scenario resulted in a “3-for-1” test of

plans and procedures (shelter-in-place, evacua-

tion, and continuity of operations).

• ey reported that the exercise highlighted mul-

tiple planning areas not previously considered or

requiring deeper evaluation.

“I appreciate not

only the successful

tabletop exercises,

but also the years of

careful coordination

and planning that

have brought us to

this point.”

- University Provost

URMIA Journal 2016

Units that conducted the tabletop exercise in Fall 2014

reported the following lessons learned:

• Many felt that the scenario for future years

needed to focus less on the immediate emergency

and more on ongoing continuity of operations

(too many, when doing this year’s exercise, could

not get past the emergency/disaster itself).

• Many pointed out gaps in their knowledge about

communications and command structures, both in

their own units (which they would need to address

for themselves for future years) and from the Uni-

versity’s leadership in the event that something like

this occurred (which the central MCP leadership

would need to address for future years).

• While they appreciated the guidance documents

that were provided, they wanted more such docu-

ments, especially about crisis communications.

• ey requested additional guidance in preparing

for the tabletop exercise, in the form of a timeline

of activities to be completed prior to the scheduled

exercise.

In response to the post-exercise reports, MCP leader-

ship made several changes for the Fall 2015 exercise:

• An additional guidance document, concerning how

to construct a crisis communications plan, was

provided to users.

• e scenario slides for the Fall 2015 exercise were

designed to move users past the immediate emer-

gency and into the issues that revolve around how

to continue operations over the longer term in the

face of the disruption.

• Additional fact sheets from other central service

providers were developed and posted on the web-

site, providing information concerning how central

University divisions, such as public safety and

environmental health and radiation safety, would

respond to emergencies.

• A timeline of activities to complete in order to pre-

pare for a tabletop, starting at six weeks prior to the

scheduled exercise, was provided to users.

Fall 2015 Post-Exercise Reports:

Best Practices and Lessons Learned

Units that conducted the tabletop exercise in Fall 2015

reported the following best practices:

• Sharing slides concerning a portion of the event in

advance was helpful as it allowed participants to

move directly to planning for continuity of opera-

tions.

• Outside facilitators continued to be widely appreci-

ated.

• e fact sheets from the facilities division were very

helpful.

• e scenario reﬂected a common occurrence in

University buildings (i.e., water damage), which

allowed participants to discuss a real world issue.

e majority of the lessons learned in Fall 2015 were

ones that individual Schools and Centers plan to address

for themselves, rather than requiring action from MCP

leadership:

• Some recognized that they needed to determine in

advance speciﬁc roles and responsibilities people

in their units will fulﬁll in the event of an outage or

disruption. For example, in some units an inci-

dent management team needs to be structured in

advance so it can be activated when needed.

• Some units expressed a desire to bring together

organizations with similar concerns (e.g., the Perel-

man School of Medicine with other Schools and

units that deal with research animal health and

safety).

• Since crisis communications often follow similar

patterns regardless of the organization, many units

wished to share the content of communications

among themselves.

Quick Tips

For those at other institutions interested in starting a simi-

lar initiative, it is helpful to be mindful of the following:

• is does not have to be a costly program to run.

At Penn, members of the steering group contribute

their time, as do the outside facilitators.

• It is crucial to have an excellent staﬀ member

scheduling the tabletop exercises each year. It can

be complex to coordinate schedules for the orga-

URMIA Journal 2016

• Check: Monitor and update, tweak for changes,

“dust it oﬀ”

• Act: Implement improved plans, have plans ready

and accessible by all

And start all over again.

FIGURE 3: Cycle of Ongoing Work

As it happens, while writing this article, the University

experienced a ﬂood in one of its high rise undergraduate

residences during ﬁnals week. e following note was re-

ceived from the Director of Residential Living: “e table-

top was very helpful. At ours, we were joined by College

House and Academic Services. Our units are interdepen-

dent on one another in an incident. During the…incident it

was evident that we have learned how to work together and

understand one another’s roles. at was a direct outcome

of the pre-work and the tabletop. anks!”

APPENDIX 1: Steering Group Member Organizations

• Business Services Division (BSD)

• Executive Vice President’s Oﬃce (EVP)

• Facilities and Real Estate Services (FRES)

• Division of Finance (DOF)

• Human Resources

• Information Systems and Computing (ISC)

• Perelman School of Medicine (PSOM)

• President’s Oﬃce

• Provost’s Oﬃce

• Public Safety Division (DPS)

• Risk Management and Insurance

Other school representatives join on a rotating basis.

nizers who are arranging the tabletop exercises

and the facilitators who come from oﬀ campus.

Penn does not have a dedicated oﬃce in charge of

the MCP.

• Corporate partners, such as insurance companies

and brokerage ﬁrms, are often eager to volunteer

their help with this type of exercise. Not only does

it allow them to learn more about the University,

it is also in their best interests for the institution to

have good mission continuity plans, and they are

happy to contribute to this process. One additional

advantage to the institution is that the profes-

sionals from these corporate partners often have a

great deal of experience with this kind of planning

and with tabletop exercises in general, so they are

prepared to do a good job in this role.

Conclusion

Now that organizers and participants from across campus

have largely completed their foundation plans and stored

them in the database, it is important to ensure that plans

are updated on a regular basis and continue to evolve.

Running annual tabletop exercises ensures that school and

center representatives and liaisons check and maintain their

plans regularly. Also, using diﬀerent scenarios provides the

opportunity to test the plans in a variety of circumstances.

An external facilitator and industry expert wrote: “I did an

informal poll at the end of each session to see what they

would like to see diﬀerent in the tabletops and if they saw

the value in doing these types of training/exercises….Each

group was very positive in their response and recognized

the need for these types of training sessions.”

As Figure 3 shows, Penn’s Mission Continuity planners

are engaged in a continuing cycle of creating, maintaining

and improving plans.

• Plan: Create plans, educate staﬀ, engage in discus-

sion

• Do: Conduct exercises, generate feedback

Many of the documents cited in this article are

publicly available on Penn’s mission continuity

website: www.upenn.edu/missioncontinuity. Click

on the yellow banner at the top for information

speciﬁcally about the tabletop exercises.

URMIA Journal 2016

APPENDIX 2: Pre-Planning Questionnaire (PPQ)

Please note: Individuals completing this questionnaire

should have already ﬁnished the online Knowledge Building

module designed to acquaint them with mission continuity,

its purpose, its beneﬁts to their school or center, and some

of the roles and processes related to the program and terms

within this questionnaire.

is PPQ is intended to capture key data elements that al-

low planners to construct their foundation mission conti-

nuity plans in Shadow-Planner.

In some Schools and Centers, multiple PPQs will be

necessary – especially in larger organizations where critical

processes, functions, and resources are too disparate to be

captured on a single questionnaire. Plan liaisons and plan

contributors are encouraged to review the PPQ(s) with

their local management (e.g., senior business oﬃcer, depart-

ment chair, unit/department head, business administrator,

mission continuity program representative) to ensure that

the list of critical processes, functions, and resources are

comprehensive and prioritized appropriately.

1. What are your unit’s most critical processes and

functions?

All critical activities executed by an organization in conducting

business as usual are deﬁned as processes or functions. For an

academic unit, this may be major advising, laboratory research,

or undergraduate instruction. For an administrative area,

this may be paying employees, balancing ﬁnancial accounts at

month-end, or providing 24/7 access to e-mail.

1. Xxxx

2. Xxxx

3. Xxxx

2. How should those processes and functions be

prioritized?

Prioritize the processes and functions identiﬁed in question #1,

from most critical to least critical.

1. Xxxx

2. Xxxx

3. Xxxx

3. What BETH-3-related resources are needed to support

the top priority items? Please refer to the next page for

BETH-3 resource deﬁnitions.

e BETH-3 methodology governs the way mission continu-

ity plan components are organized and recorded in Shadow-

Planner. Please limit your response to no more than ﬁve (5)

resources for each of the BETH-3 categories.

Building: Basic information about buildings/facilities

that is essential to the resumption/continuation of your

unit’s most critical processes and functions. Examples

include a research laboratory or classroom in a school

(such as the Biochemistry Laboratory in the School of

Medicine’s John Morgan building) or a computer room

in a speciﬁc building that houses critical computing

equipment (such as the Data Center in 3401 Walnut

Street).

1. Xxxx

2. Xxxx

3. Xxxx

4. Xxxx

5. Xxxx

Equipment: Necessary equipment and supplies that are

essential to the resumption/continuation of your unit’s

most critical processes and functions. Examples include

an electron microscope in a speciﬁc research laboratory

or back-up power generator requirements for important

computer systems.

1. Xxxx

2. Xxxx

3. Xxxx

4. Xxxx

5. Xxxx

URMIA Journal 2016

Technology: Key technology and systems that are es-

sential to the resumption/continuation of your unit’s

most critical processes and functions. Examples include

a Blackboard site for a class or enterprise-wide tech-

nology like the University’s payroll/personnel system,

PennNet, or e-mail.

1. Xxxx

2. Xxxx

3. Xxxx

4. Xxxx

5. Xxxx

Human Resources (People): Key personnel or job

functions that are essential to the resumption/continua-

tion of your unit’s most critical processes and functions.

Examples include a certain lab assistant with critical

knowledge of a speciﬁc experiment, or a computer

technician skilled in the recovery processes necessary to

bring back-up servers online and make them accessible

to users.

1. Xxxx

2. Xxxx

3. Xxxx

4. Xxxx

5. Xxxx

3rd Party Vendor/Partner: Key third-party partners

or suppliers that are essential to the resumption/con-

tinuation of your unit’s most critical processes and func-

tions. Examples include an external vendor that supplies

speciﬁc laboratory animals with a special food diet or

an internal administrative center such as Information

Systems and Computing (ISC) that supplies an organi-

zation’s primary e-mail system.

1. Xxxx

2. Xxxx

3. Xxxx

4. Xxxx

5. Xxxx

4. How would your answers to the other questions change

if there was an interruption in service that lasted one hour,

one day, one week, 2-4 weeks, 5 weeks, or longer? Is time

important in restoring your critical processes and func-

tions?

Consider both elapsed downtime (e.g., a laboratory monitoring

process cannot be unavailable more than one hour -or- this is

the consequence if we are without e-mail for a week) and time

of year issues (e.g., an accounting function must be available on

the ﬁrst of each month for reconciliation purposes -or- admis-

sions decisions must be released on a certain date).

5. Knowing what your critical functions and processes are,

what do you plan to do in the event of a crisis concerning

each of the BETH-3 items (buildings, equipment, technol-

ogy, human resources, and third-parties)? For example,

what alternate facilities will you need should your critical

facilities become unavailable?

6. Who are the responsible people for carrying out these

plans?

7. What can you do now to prepare for a crisis, even before

you start to use your action plans?

APPENDIX 3: Sample Building Fact Sheet from

Facilities and Real Estate Services (FRES) for 2015

Exercise

• Building X’s main electric is fed from substation

#3. is substation would not be impacted by the

water level.

• e switchgear for this building itself is located

in the penthouse of the building, but the 15kv

switches feeding it are located in the basement of

the building. Building power would be shut down

after 4-6” of water in the basement.

• e elevator machine room is located in the pent-

house, but the elevator would be shutdown with

the switchgear.

• e main ﬁre panel is located on the 1st ﬂoor

lobby.

• e building has a very small generator in the pent-

house. It serves life safety and lighting.

• e mechanicals are in the penthouse and would

not be damaged by the water.

• Toilets would likely stop operating after the water

reaches about 4” of water as it will start ﬂooding the

street drains.

URMIA Journal 2016

APPENDIX 4: Sample Responses from Post-Exercise

Reports

“is is fantastic – especially since it is a consultative expe-

rience which encourages us to be open and have meaningful

discussions about how to make our plans better. I contrast

this with other experiences where it was more of a ‘test’ –

which tends to create a more closed/protected experience

and probably does not result in desired outcomes (espe-

cially where mission continuity is concerned).”

“ere is an educational adage that says: ‘Tell me and I

forget. Teach me, and I may remember. Involve me, and I

learn.’ ese exercises creates a scenario where respondents

can take what’s on paper or online and put practices into

working practice. is exercise also permits us to make

adjustments and changes to what may look great in theory

but may not work as well in practice.”

“e exercise was most helpful in bringing the entire team

to the discussion table”

A lesson learned: “Since our oﬃce space is leased, the

tabletop also promoted a discussion of our oﬃce status in

an emergency and what services we might have to purchase

if our landlord did not prioritize our oﬃce needs.”

Feedback with regard to the external facilitators: “Our con-

sultants asked a lot of questions and helped us to think of

things that we really didn’t think about. Our feedback from

them will be really useful in overhauling the plan this year. I

think the key to making sure the MCP tabletop exercise is

useful to departments is making sure the consultants aren’t

afraid to really get in there.”

“e Mission Continuity Program is a great way for

departments across the University to be made aware that

disasters can happen. e regular meetings are helpful and

promote networking with diﬀerent areas which is impor-

tant. It gives us another tool to plan ahead and be prepared

to be able to continue with our mission in the event a

disaster does occur.”

From one of our smaller Schools: “I can’t say that I like the

exercise, but it does prove useful in illuminating potential

risk.”

From one of our large Schools: “Our facilitator this year re-

ally challenged us on the amount of detail in our plans and

frankly we needed that. Instead of applauding us for what

we did well, he encouraged us to provide more speciﬁc de-

tails on things like research equipment processes, external

media protocols, supply chain lead times, etc., and that was

welcomed.”

From one of our large health Schools: “Using the BETH3

concept as our base, we have identiﬁed a list of resources

called PASIFEC-3 (People, Animals, Specimens, Infor-

mation Systems, Facilities, Equipment, Communication

Infrastructure, ird-Party Vendors), in order to account

for all aspects of our missions. is expanded list allows us

to plan at a ﬁner level of granularity and recognizes unique

aspects of our scientiﬁc and educational endeavors.”

“e involvement of faculty members both on the mission

continuity team and for the tabletop speciﬁc facilities is

invaluable to our process.”

Another large health school: “It allowed us to think about

additional details that can be incorporated into the plan

by talking through cause and eﬀect or ‘what if’ scenarios

intended to pressure test speciﬁc aspects of the plan during

diﬀerent phases of a given disaster scenario….ese types

of exercises help improve the actions we take before, during

and after a real emergency, giving us the opportunity to

plan both in advance and completely in terms of addressing

a total and complete response.”

“e exercise helped us to address gaps which we have

either addressed in whole or in part.”

Most common words/phrases from the Post-Exercise

Reports:

• “Very useful”

• “Extremely Useful”

• “Important”

• “Impactful”

URMIA Journal 2016

About the Authors

Benjamin Evans, ARM, is the execu-

tive director of risk management and

insurance at the University of Penn-

sylvania, where he has served in this

position since November of 2008. His

responsibilities include oversight of

the insurance and risk management

programs for the University and the

University of Pennsylvania Health

System. Prior to joining Penn, Ben served as director of

risk management and insurance at Temple University.

In that role, Ben was responsible for management of the

University and Health System insurance programs, lead-

ership in development of a University-wide risk manage-

ment initiative, and participation in various risk manage-

ment and insurance associations. Prior to Temple, Ben

spent a number of years at omas Jeﬀerson University

and at Marsh & McLennan, serving in various roles. Ben

currently serves on the boards of three Vermont-based

Risk Retention Groups, two Bermuda-based Captives,

and one Cayman-based Captive. Ben holds a Bachelor of

Science degree in business administration from LaSalle

University and also has his ARM designation.

Anita Gelburd holds three master’s

degrees and a PhD from the University

of Pennsylvania. Currently, she is pro-

gram and portfolio Manager in Infor-

mation Systems and Computing (ISC)

at Penn. In that role, she oversees ISC’s

portfolio of projects and services and

manages the University-wide Mission

Continuity Program.

In addition, she has held a lecturer appointment in

the History Department, where she taught a freshman

seminar in the history of American education. Prior to

her current position, she worked in oﬃce of the Provost at

Penn, as well as in the Wharton School, where she was the

director of academic aﬀairs in the Undergraduate Divi-

sion. She also has extensive experience with Penn’s College

House system, having lived as a senior fellow in residence

in Hill College House for six years (1998-2004).

Dr. Gelburd’s hobbies include travel and reading. She

also teaches yoga on the Penn campus.

Janet Plantan is the executive direc-

tor of special projects in the Oﬃce of

the Executive Vice President at the

University of Pennsylvania.

Among Janet’s responsibilities, she

is the program owner and functional

leader of the University’s Mission

Continuity Program, which is an

institution-wide program sponsored by the Oﬃce of the

Executive Vice President and the Oﬃce of the Provost.

e program is designed to ensure that the University

is better prepared to resume operations as eﬃciently as

possible in the event of a crisis or interruption to normal

operations.

Janet has over 30 years of experience in School budget

and ﬁnancial management. At the request of the execu-

tive vice president and dean, Janet served as the interim

CFO of Penn’s School of Veterinary Medicine with a total

operating budget of $125M. Prior to joining the Executive

Vice President’s Oﬃce, Janet was the CFO and executive

director of administration of Penn’s Graduate School of

Education for more than 20 years.

Endnotes

This number excludes buildings afﬁliated with the University of

Pennsylvania Health System.

If you don’t invest in risk management, it doesn’t matter what

business you’re in, it’s a risky business.

—GaRy cohN,

MeRicaN iNvestMeNt baNkeR

I want to understand the world from your point of view.

I want to know what you know in the way you know it.

I want to understand the meaning of your experience, to walk

in your shoes, to feel things as you feel them,

to explain things as you explain them.

Will you become my teacher and help me understand?

—JaMes sPRadley,

RofessoR of aNthRoPoloGy, MacalesteR colleGe

URMIA Journal 2016

Marta-Marika Urbanik, PhD Candidate; Philip G. Stack, Associate Vice President (Risk Management Services); and

Linda Hui, Coordinator, Emergency Management, University of Alberta

Introduction

e University of Alberta (U of A) is one of Canada’s top

research-intensive universities. With a student popula-

tion of 39,000 FTEs, annual research expenditures of

approximately $450 million, and a fully consolidated

budget of $1.8 billion, the U of A is increasingly becom-

ing a leader in world scholarship. As with

most institutions this size, the university

has a robust risk management program,

which falls under the portfolio of Risk

Management Services (RMS). Recogniz-

ing that research and innovation can only

be advanced by taking on certain levels of

risk, the philosophy and risk policy of the

university states that risk is a good thing

and that the university must be willing to

take on risk. However, it must do so in a

managed way.

In fulﬁlling its research mandate,

researchers, including graduate students,

are involved in all forms of oﬀ-campus

research activities. One such research

project is Revitalizing the ‘Hood’: e

Changing Nature of Crime in Regent

Park,

led by Marta-Marika Urbanik, a

PhD candidate in the Faculty of Arts.

As an ethnographer, Marta is undertak-

ing graduate work on the eﬀects of the

Regent Park revitalization on neighbour-

hood crime. Regent Park, located in To-

ronto, Canada, is one of Canada’s most

socioeconomically disadvantaged neighbourhoods and

was subject to deeply stigmatizing media coverage, with

popular representations marking it as a crime-ﬁlled, pub-

licly funded gang haven. e aim of the study is to provide

a greater understanding of how a revitalization initiative

within the neighbourhood has aﬀected crime, violence,

gang structures, and safety within the neighbourhood and

the impacts of this initiative on local residents. e re-

search involves conducting formal and informal interviews

with criminally and non-criminally involved residents, as

well as several months of participant-observation—essen-

tially, “deep hanging out” with some of Regent Park’s ma-

jor criminal players, to gain a more holistic understanding

of their lived realities.

U of A Processes for Preparing

Researchers for the Field

In their commissioned inquiry into

the risk and well-being of researchers

in qualitative research, Bloor et al.

highlight the risks to researchers in

undertaking ﬁeldwork. ey note that,

although there has been a concentration

of eﬀorts in ensuring research subjects

are protected from potential harmful

consequences of research, there has been

much less thought about protection of

researchers from potential harm.

is

has certainly changed as universities

have reinforced that safety is a dual

responsibility of both the employer

and the employee and, in this case, the

graduate student. All universities work

within environments where it is either a

legislative requirement or a contractual

obligation for employers to ensure that

researchers are, as reasonably possible,

protected from harm through eﬀective

risk management programs.

In the case of the U of A, this is

achieved through a variety of diﬀerent policies, includ-

ing its Environment, Health and Safety Policy, Oﬀ Campus

Activity and Travel Policy, as well as programs and services

including those oﬀered through the university’s Field Re-

search Oﬃce (FRO).

5,6,7

e FRO provides an extensive

range of ﬁeld research supports, including a ﬁeld activities

plan template.

e ﬁeld activities plan is designed to help

ﬁeld researchers identify and document such things as the

type of research to be undertaken, who is involved, hazard

Episodes of Violence During Ethnographic Fieldwork in the

‘Hood’: A Case Study Exploring a University’s Response to Increased Risks

Although there has

been a concentration

of efforts in ensuring

research subjects

are protected from

potential harmful

consequences of

research, there

has been much

less thought about

protection of

researchers from

potential harm.

URMIA Journal 2016

assessments and control, training requirements, and emer-

gency response plans. Notwithstanding an institution’s

best eﬀorts, the nature of research is such that unforeseen

and problematic incidents occur and the level of risk can

quickly escalate, thus the importance of tools such as the

ﬁeld activities plan.

As with many large research-intensive universities, one

of the many challenges of risk management is striking the

critical balance between providing researchers with the

necessary tools to undertake their research safely while

not overburdening the researcher or presenting barriers

for the research to be undertaken. Universities are also

faced with the challenge of eﬀectively communicating to

the research community the existence of various tools

and services and how and when these tools and services

should be utilized by the researchers. ese challenges are

certainly present at the U of A.

Description of the Field Research Project and the

Escalating Risks

Marta-Marika Urbanik is a PhD candidate in the Depart-

ment of Sociology in the Faculty of Arts. Her research

takes place in Toronto’s Regent Park neighbourhood. As

previously noted, Regent Park is one of Canada’s most

socioeconomically disadvantaged neighbourhoods and

was subject to deeply stigmatizing media coverage. ese

popular representations masked the many positive aspects

of the neighbourhood. Given this notorious reputation

and its prime real-estate location, Regent Park was se-

lected to be Canada’s ﬁrst neighbourhood redevelopment

project. e Regent Park “revitalization” was initiated in

2005 and spans the course of 15 years. It is employing the

“social mix” model,

which essentially involves the raz-

ing of the neighbourhood’s existing deteriorated housing

stock and replacing it with new townhouses and condo-

miniums. e second aspect of the revitalization involves

transforming the neighbourhood from its previous 100

percent social housing population into a “mixed-use,

mixed-income community,” with a large proportion of the

neighbourhood slated for sale in the private market (To-

ronto Community Housing 2014).

One of the primary

motivations for employing this model is the assumption

that the de-concentration of poverty via social mix will

result in a decrease in local levels in crime and violence.

As such, neighbourhood redevelopment has been cham-

pioned as a crime reduction and prevention strategy for

Canada’s most disadvantaged neighbourhoods.

Despite the ﬂurry with which neighbourhood rede-

velopment projects such as this one are being undertaken

across North America and Europe, surprisingly little is

known about the eﬀects of neighbourhood redevelopment

on crime, criminal structures, and victimization within

selected neighbourhoods. Marta’s doctoral research

provides an ethnographic exploration of how and why

revitalization eﬀorts aﬀect criminal processes and structures

within the neighbourhood and explore the consequences

of these changes. In particular, her work seeks to identify

and explore: i) changes to existing criminal networks

in the area as a result of neighbourhood change; ii) the

relationship between the emergence of new criminal

groups and the neighbourhood change - namely looking

at neighbourhood change as a precursor to the emergence

of new groups; and iii) how neighbourhood change has

aﬀected violence in the area because of changing criminal

group dynamics. us, from a criminological standpoint,

the dissertation project explores whether and how the

“design intentions” of the revitalization meet the “design

outcomes.”

Pursuant to the university’s Research Ethics Board’s

(REB) requirements,

prior to being granted ethics

board approval to begin the research, several potential

risks to the research participants were acknowledged in

the application. ese included psychological/emotional

stress (related to discussions surrounding the revitaliza-

tion and past trauma, including traumas associated with

crime, violence, and victimization); cultural/social risks

(interviewing could lead to a potential loss of status for

some residents, particularly those involved in the illicit

economy); and legal risks (the possibility that the po-

lice could subpoena research data, possibly placing the

research subjects, and potentially the researcher, at risk of

legal repercussions).

Undeniably, there was also the potential risk to the

researcher’s own physical safety. Neighbourhoods that

are classiﬁed as “high crime” areas can pose a variety of

risks to researcher safety, particularly when the research

undertaken is ethnographic. is is because “deep hanging

out”

with criminally-involved residents and gang mem-

bers means that the researcher is often present during

various potentially dangerous activities, such as drug use

URMIA Journal 2016

and drug dealing, drinking, and crime, that often occur in

more isolated neighbourhood areas. is form of research

also means that criminally-involved participants are likely

to have weapons on their person and may be potential

targets of violence from individuals coming from within,

or from outside, the neighbourhood. Further exacerbating

the potential dangers associated with this research is the

fact that as an ethnographer, Marta was working alone,

spending many hours a day in potentially unsafe places,

with potentially dangerous individuals,

in potentially unsafe circumstances.

Although the risks to the research

participants were clearly articulated

in the REB application, the potential

risks to researcher safety were not

outlined in the application, nor did

the REB request such an outline. Ac-

cordingly, these risks were not docu-

mented in the application. In addition,

the risks to the researcher were not

documented through the completion of

a field activities plan. Such disclosure

was not requested given Marta’s vast

experience conducting research in the

neighbourhood prior to beginning her

own doctoral work. By the time Marta

had applied for REB approval, she had

already spent two summers in Regent

Park and had conducted over 100

interviews with residents while work-

ing as a research assistant for another

project.

As such, Marta was relatively

familiar with the neighbourhood’s

inner workings and had demonstrated

her ability to navigate the area safely.

Moreover, Marta had demonstrated

that her connections with crime and

gang involved residents had already

been established and that various individuals had

already expressed their willingness to participate in the

research, therefore highlighting her relatively secure

standing with those who may otherwise take issue with

her presence in the community. Given this experience,

Marta was able to meet the REB’s requirements, and

the research project was approved.

Despite being relatively comfortable returning to Re-

gent Park to conduct much more intimate research with

the neighbourhood’s major criminal players, Marta still

took multiple steps to ensure she was well prepared to re-

turn to the ﬁeld. Most notably, there were extensive con-

versations with her supervisor, Dr. Sandra M. Bucerius,

about mitigation strategies while in the neighbourhood.

ese included how much time would be spent each day

in the neighbourhood, how late Marta would stay, and in

what circumstances would it be best to

leave. Additionally, these conversations

explored speciﬁc situations that could

put Marta at heightened risk. For ex-

ample, one of the greatest dangers would

be allegations that Marta was a police

informant. Accordingly, Marta refrained

from acknowledging police oﬃcers

while in the ﬁeld and would not conduct

interviews with police oﬃcers since even

being seen entering the local police sta-

tion could arouse suspicion and invite

violence. It was also agreed that regular

check-ins would be required while in the

ﬁeld, including research updates as well

as updates on location and the over-

all “mood” of the neighbourhood (i.e.

whether things were “hot” and episodes

of violence are likely and/or expected).

Given Marta’s vast experiences within

Regent Park and her pre-ﬁeldwork

considerations, she felt that she was well

prepared to re-enter the ﬁeld and begin

her own doctoral work.

While it is not a formal part of its

responsibilities, the REB may raise

concerns about the safety of student

researchers as part of its communication

to the student researchers and to their

supervisor. Based on the level of risk, the REB may con-

sider referring these concerns for review by an appropriate

body within the university. In this particular case, the

REB did not refer any concerns to any other unit within

the university.

In late June of 2015, Marta returned to Regent Park to

begin her ﬁeldwork and quickly regained access to many

Despite the ﬂurry with

which neighbourhood

redevelopment

projects are being

undertaken,

surprisingly little

is known about

the effects of

neighbourhood

redevelopment on

crime, criminal

structures, and

victimization

within selected

neighbourhoods.

URMIA Journal 2016

of her key participants. Fieldwork and interviews were un-

dertaken where she was spending approximately 25 hours

a week in the neighbourhood, conducting interviews and

participant observation. Apart from Regent Park’s usual

“dangers,” nothing was out of the ordinary, and Marta felt

relatively safe and comfortable navigating the area, even in

the most dangerous location: a basketball court referred

to as River Court, where many of the neighbourhood’s

major criminal players—her key participants—would

spend much of their day either playing basketball, drink-

ing, gambling, smoking marijuana, or just catching up

with criminal and non-criminal residents alike.

After approximately seven weeks in the field, the

neighbourhood’s dynamics began to change. Over the

course of two weeks, there had been five shootings

either within, or related to, Regent Park. The last

shooting was a homicide. Marta had

narrowly missed two of the shootings

by mere minutes. One of the shoot-

ings involved a masked man approach-

ing some of Marta’s participants who

were just hanging out at River Court

and indiscriminately shooting at the

group. One of the other shootings was

particularly brazen and uncharacter-

istic of the neighbourhood; it was a

drive-by shooting on a busy boardwalk

bordering River Court that occurred

on a Friday afternoon, when many of

the neighbourhood’s children were

outside playing. While shootings in

Regent Park are not necessarily uncommon, they gen-

erally take a different form. The shootings are usually

targeted at a specific person and are somewhat predict-

able—many residents may be aware of the motive and

that violence is likely. Further, shootings in Regent

Park usually occur in specific places and at specific

times, particularly in the late evening or at night, and

typically away from innocent bystanders. Thus, this

particular drive-by shooting was rather uncharacter-

istic of the neighbourhood’s usual violence, and the

concentrated number of shootings in such a short time

frame put neighbourhood residents at extreme unease.

Residents expressed that the neighbourhood was “very

hot” and future violence was expected.

As an experienced urban ethnographer, Marta under-

stood that the risks to her participants, as well as to her-

self, had drastically increased. Consequently, Marta was

in constant communication with her supervisor, who was

then in touch with other members of her PhD committee.

One committee member decided that the situation was

so volatile in Regent Park that it was necessary to inform

and seek guidance from the university’s Risk Management

Services (RMS). As with any dedicated researcher, there

were also concerns surrounding whether Marta would be

willing to leave the neighbourhood given the impact that

this could have on her research.

Upon notifying RMS of Marta’s circumstances, a re-

sponse team was pulled together to reassess the risks and

determine whether or not she should be removed from

the ﬁeld. When a signiﬁcant incident like this occurs, it

is the university’s practice under its Inte-

grated Emergency Master Plan to strike

an incident response team. When struck,

the incident response team follows the

fundamental elements of the Incident

Command System. At this point, the

primary concern of Marta’s PhD com-

mittee and that of the university was her

health and safety. e team involved

her supervisor and members of her PhD

committee and representatives from

the Provost’s oﬃce, General Counsel,

Protective Services, the Oﬃce of Emer-

gency Management, and Insurance and

Risk Assessment. Upon reviewing the

information, the following risks were identiﬁed:

• Marta’s personal safety was at high risk due to

the location of the research and the association of

research subjects with current violent behaviour,

including the August 18th homicide.

• Exposing Marta and her family, who lives in To-

ronto, to immediate personal risk if the university

acted too quickly pulling her out of the neigh-

bourhood.

• Legal risk if the student`s research became part of

the police homicide investigation.

• e university’s ability to intervene quickly on

Marta’s behalf. ere was the risk of a delayed

response due to geographical distance and the uni-

After approximately

seven weeks in

the ﬁeld, the

neighbourhood’s

dynamics began to

change.

URMIA Journal 2016

versity’s lack of an established relationship with

local authorities (i.e. police).

• Negatively impacting an investigator’s research

and putting the entire research project in jeop-

ardy.

• Harming the reputation of the student as a

scholar.

• Legal liability, if determined the university failed

to inform the student of the risks and did not take

appropriate action.

• e university’s reputation if it did not act and

Marta was injured or killed.

During discussions surrounding these risks, several

diﬀerent perspectives emerged as to the level of risk to

which Marta was exposed. While there were indications

from Marta that she felt the situation was under control,

her PhD committee was concerned about Marta’s safety.

At the same time, the assessment from several members of

the risk management team was that Marta was in immi-

nent danger if she remained in Regent Park. e response

team relied heavily on the advice and assessment of Dr.

Sandra M. Bucerius, Marta’s supervisor, and Dr. Kevin

D. Haggerty,

another professor in the Department of

Sociology, about the risks to which Marta was exposed

versus the types of risks originally identiﬁed with the asso-

ciated research. Additionally, their expertise and familiar-

ity with Marta, as well as her research project, was relied

upon to assess Marta’s involvement with the “criminal”

elements of the community.

Over several meetings and notwithstanding the

elevated risk level, the university did not remove Marta

from the neighbourhood immediately. e university

agreed to two actions. First, Dr. Bucerius was to contact

Marta, share the university’s concerns, and determine

what immediate steps Marta had taken to enhance her

personal safety. Additionally, Marta was to prepare a

detailed safety plan, including what areas of Regent Park

she would frequent, with whom she would associate,

and what times she would and would not be present in

the neighbourhood. Second, the university’s Protective

Services Unit would establish contact with the Toronto

Police Service and obtain ongoing monitoring of the

police activity within the neighbourhood and assessment

of risk. In the event that Marta did not prepare a detailed

safety plan, if the university did not consider the safety

plan adequate, or if the threat level within Regent Park

further escalated, the university would consider suspend-

ing Marta’s research ethics approval, which would prevent

her from continuing her research. Although this was an

option, it is not one that the university pursued. However,

under the university’s Oﬀ-Campus Activity Risk Assess-

ment, it was possible that the provost could intervene and

require Marta to leave the ﬁeld.

In response to the situation, Marta submitted a

detailed safety plan, to be reviewed by the response

team. e safety plan emphasized that Regent Park is a

neighbourhood that covers 69 acres of land and that the

violence was largely restricted to the River Court area

of the neighbourhood. Additionally, Marta acknowl-

edged the increased risk to her safety and the speciﬁc risk

mitigation measures. ese measures included limiting

the amount of time spent in Regent Park, the hours of

the day spent in the neighbourhood, the individuals with

whom she would have contact, and the neighbourhood ar-

eas she would avoid. Below is a selection of rules that were

included in the safety report:

• For the next three days, no residents would be

interviewed.

• For the next three days, Marta would not frequent

River Court.

• For the next seven days, Marta would not be pres-

ent in Regent Park past 5:00 pm.

• For the next seven days, apart from any ﬂeet-

ing greeting, Marta would have no contact with

individuals that were believed to be involved in

the current neighbourhood tensions. Marta would

not “hang out” with these individuals during this

time.

• For the remaining duration of the research, Marta

would be in constant contact with her supervisor,

letting her know when she entered and left Regent

Park.

Upon the response team reviewing the plan, the

university agreed that Marta could continue her research

in Regent Park. However, the plan was approved on the

strict condition that the situation be closely monitored

and that the response team remain on standby in the

event tensions escalated further or more shootings oc-

URMIA Journal 2016

curred. As neither of these conditions arose, Marta was able

to complete the remaining six weeks of her ﬁeld research.

Analysis

Apart from preparing the safety plan, Marta used this

opportunity to convey to the response team the nature of

violence in Regent Park more broadly and, more speciﬁ-

cally, the dangers of pulling Marta out of the ﬁeld im-

mediately. Marta knew that members of the response

team were neither criminologists nor ethnographers and

understood that they had limited knowledge of marginal-

ized neighbourhoods like Regent Park. In fact, Marta

assumed that much of the committee’s knowledge of such

areas stemmed from sensationalized media coverage and

popular representations of life in the “ghetto,” portraying

indiscriminate violence as always imminent. Marta utilised

the safety plan to explain to the response team that, while

violence in Regent Park may have been on the rise, the

violence was generally not indiscriminate and the threat

was certainly not constant. She expressed that violence in

Regent Park played out in certain corners, at certain times,

where certain individuals congregated, and that increased

tensions generally meant that those who were criminally

involved were at an increased risk of experiencing victim-

ization. e challenge faced by the university was that,

although the violence was occurring in a speciﬁc location,

the most recent violence was indiscriminate and occurring

during daytime hours.

Regent Park is a very large neighbourhood, and Marta

conﬁrmed that the violence was limited to River Court,

a small section of Regent Park. Marta emphasized that,

even when tensions rose, it certainly did not place the

entire neighbourhood at risk, and most residents remained

relatively safe from victimization. Marta also shared that

violence in Regent Park comes in waves, where it will

increase for a week or two and will then return to its usual

level. Marta expressed that, although neighbourhood ten-

sions were high at the time, this was temporary and would

dissipate soon. Marta explained to the response team that

her extensive familiarity with the neighbourhood placed

her in the best position to be able to judge the potential of

future violence, as well as to judge the threat to her own

safety. Marta stressed that she drew on her knowledge of

the intimate workings of the neighbourhood to formulate

her safety plan, whereby the rules she designed would

signiﬁcantly reduce the amount of risk to which she was

exposed.

Marta’s petition to the response team to allow her to

remain in the neighbourhood was certainly propelled by

her desire to continue her dissertation research. How-

ever, it was also strongly driven by concerns for her own

safety, since she recognized that the discontinuation of her

research and her departure from the neighbourhood could

have unintended consequences subjecting her, and poten-

tially her family, to greater danger than the continuation of

her ﬁeldwork.

Marta’s participants all knew that she had many inter-

views to complete and that she planned to be in Regent

Park for at least another six weeks. Prior to these episodes

of violence, Marta was in Regent Park almost every day,

for many hours at a time, so her continued presence in the

neighbourhood was expected. If, during the course of the

police investigations stemming from the shootings, the

researcher engaging with drug dealers and gang mem-

bers suddenly disappeared, this would arouse immediate

suspicions that she was a police informant. ese accusa-

tions would be further exacerbated by the fact that a few of

her participants were under investigation for some of the

shooting incidents. In a disadvantaged neighbourhood that

adheres to the “street code,”

being branded as a “snitch” or

a police informant is one of the most dangerous positions,

since the neighbourhood’s “street code” deems violence

against “snitches” as acceptable and even necessary. Marta

explained to the response team that if they forced her to

return to Edmonton, while that might limit her immediate

risk of danger, this could place her in much greater danger

in the long term. Since Marta was originally from Toronto

and returned there frequently, the potential consequences

of being pulled from the ﬁeld could materialize months or

years later if her participants had ever spotted her in the

city and chose to take retribution. Apart from risk to her-

self, she was also extremely worried about the safety of her

family who resides in Toronto, since violence is sometimes

enacted against a “snitch’s” loved ones in retaliation for

the (perceived or actual) betrayal and (perceived or actual)

police cooperation. Further, even if Marta’s participants did

not think she was a police informant, disappearing from the

neighbourhood during a time of crises would be a marker

of her privilege. is could suggest to her participants that

she was scared of them or could have been perceived as a

URMIA Journal 2016

form of disrespect toward her participants,

particularly

those who became close to her and would talk to her about

their fears of violence. So even on a “friendship” level,

Marta’s sudden disappearance would be problematic and

could subject her to risk in the future.

e creation of the safety plan was beneﬁcial for a

number of reasons. First, it forced Marta to sit down and

actually map out the spaces and times that the threat of

danger in Regent Park was most imminent. is allowed

her to preemptively devise a strategy to limit her presence

in such areas and at potentially risky times. Further, it also

improved her research, as it pushed her to increase her

reﬂexivity. As an ethnographer, you are always encouraged

to look inward to be able to better understand the outside

world, by checking how your biases and

experiences aﬀect your research and per-

ceptions of your participants and ﬁeld site.

Marta understood that the risk of danger

was causing her great stress; apart from

concerns about her own physical safety,

she was primarily concerned for the safety

of her participants who were being tar-

geted by, and potentially participating in,

these shootings. is also sensitized her

to the extreme researcher guilt that she

was experiencing. Indeed, Marta had the

university, a multi-billion dollar institu-

tion, extremely concerned for her safety.

e institution was both willing and able

to pull her out of the ﬁeld at a moment’s

notice. And yet, her participants, the most

likely targets of the violence, did not have

the privilege of being pulled to safety. is

was their lived reality, and, put very frankly, no one was

coming to “save” them. Having to act to the response team’s

requirements served as a reminder of Marta’s privilege

and positionality, an understanding which can sometimes

get lost when an ethnographer becomes immersed in the

ﬁeld site and increasingly begins to identity with the lives

of participants. Having to write her safety report was an

extremely sobering moment, which reminded Marta of her

position and identity as a researcher, and her equal respon-

sibilities to not only her broader research project, but also

to the university and the Research Ethics Board.

Rather quickly, however, it became apparent that the

rules in the “safety plan” were, in many respects, potentially

more problematic than Marta exercising her regular street

smarts while in Regent Park. Apart from hindering her

data collection by limiting the amount of time she could

spend in the ﬁeld and with whom, she realized that the

rules she promised to abide by in order to be allowed to

remain in the ﬁeld may have actually endangered her. For

example, one of the rules was that she would not commu-

nicate with any “criminally involved individuals” for a few

days. However, “criminally involved individuals” comprised

her core sample, so disappearing from their lives, albeit even

just for a short period, could potentially be interpreted as

disrespect and could signiﬁcantly weaken her relationship

with them. Marta’s relationship with

those individuals, in many ways, actually

protected her from violent victimiza-

tion. ey had told her that they had

“approved” her and that she was free to

wander the neighbourhood as she wished,

and if anyone ever took issue with her

presence or tried to hurt her, they would

“handle it.” Compromising relationships

that served to protect Marta in a neigh-

bourhood like Regent Park could weaken

some of the safeguards that she had spent

several years securing.

Further, although Marta designed the

rules with the belief that following them

would increase her safety, this was not

necessarily always the case. For example,

one of the rules was that she would not

stay in Regent Park past 5:00 pm. On one

occasion, she had every intention of leaving the neighbour-

hood before her imposed curfew, yet, as is common with

ethnography, an unexpected event occurred that following

the rules could have placed her in greater danger. Marta

had spent the previous hours hanging out at a makeshift

rap studio with some of her participants, when another

rapper and his friends entered the studio. Although she

was on decent terms with this individual, her relationship

had signiﬁcantly weakened from the previous summer, and

she was sensing some hostility. Marta believed that if she

had left the studio at that moment, it would either signal

that the hostility was mutual and, therefore, could invite

It became apparent

that the rules in the

“safety plan” were,

in many respects,

potentially more

problematic than

Marta exercising her

regular street smarts

while in Regent Park.

URMIA Journal 2016

violence or intimidation, or it may signal that she feared for

her safety being the only female in a room of nine of Regent

Park’s major criminal players. Since Marta had developed

trust with these individuals over the course of her research

and since they had never previously given her reason to

believe that they would harm her, potentially sending the

message that she did not fully trust them could be extreme-

ly damaging to her relationship with them. In this situation,

Marta believed it was necessary that she broke her curfew,

extending her stay at the rap studio so as to convey to her

participants that she was comfortable remaining there,

despite the arrival of the other group. us, although the

imposed rules may have helped her to remain safe in some

instances, in other instances, the adherence to the rules may

have placed her in greater risk.

e escalating level of violence in the neighbour-

hood and the risk to Marta’s safety presented numerous

problems for the university. Although a detailed plan was

prepared in order to mitigate the risks, the implications to

the university had Marta been injured or, even worse, killed

were profound. ere is no question that several of the

members of the response team felt that Marta should be

removed immediately. However, upon review of her safety

plan, acknowledging the potential risks to her safety and

her family’s safety had she been removed quickly, her deep

understanding of the community and its underlying dy-

namics, the critically important input and assessment of her

PhD committee, as well as the possibility that she would be

unable to complete her research and her dissertation, the

university allowed Marta to stay. Upon a detailed assess-

ment, it was agreed that the university and the researcher

had taken reasonable steps to manage the risk.

What this incident did point out was a gap in the uni-

versity’s risk management processes. RMS has recognized

that the ethics board application process can be improved

in various respects. Although the risks to the research

participants have to be documented and mitigated, there

is no requirement to document and mitigate the risks to

the researcher. Furthermore, although the Field Research

Oﬃce (FRO) has extensive resources available to research-

ers, there is a misconception that the FRO is only available

to support researchers who are undertaking research in

an isolated, rural, or international location, not a ﬁeld site

such as Regent Park. As a result, in this particular incident

a ﬁeld activities plan was not completed. Although risks

to Marta were clearly discussed with her supervisor and

mitigation strategies identiﬁed, nothing was documented.

As a result of these learnings, RMS is currently implement-

ing ways to improve the risk identiﬁcation process. Namely,

in consultation with ethnographers such as Marta and her

supervisor, Dr. Bucerius, RMS is developing a new system

for identifying and responding to risks to researcher safety

in urban ethnography. Furthermore, RMS will implement

strategies to better inform the research community regard-

ing the purpose and scope of services available through the

FRO and will ensure that a ﬁeld activities plan is prepared

when appropriate.

Conclusion

Undeniably, these types of incidents are extremely diﬃcult

for any university to deal with, given the range of competing

issues and risks. However, as research-intensive universi-

ties, we must be willing to accept a manageable level of risk

if meaningful research is to be conducted and innovations

that ultimately beneﬁt society are to be discovered. ese

types of incidents certainly speak to the essential need for

an oﬀ campus ﬁeld activities plan that clearly documents

a hazard assessment, mitigation strategies, and ﬂexible

emergency plans if risks to the researcher signiﬁcantly esca-

late. is also speaks to the need to have an appropriately

structured response team that comes together quickly to as-

sess the changing circumstances in order to make informed

decisions. is type of incident also reinforces the critical

nature of the ﬁeld researcher’s expertise. If the researcher

has extensive and in-depth knowledge of the region,

culture, dynamics, behaviours, etc., of the ﬁeld site, it is

essential that risk committees place appropriate weight on

this expertise. It is also equally important that universities

draw on advice from other related experts to ensure that

the ﬁeld researcher does not inaccurately assess or underes-

timate the true level of risk. Ultimately, the decisions that

are made must be based on open discussions between the

needs and expertise of the ﬁeld researcher and the safety/

security expertise of the university’s risk management team.

rough these types of structures and processes, it is hoped

that universities can continue to ﬁnd that delicate and very

diﬃcult to maintain balance between allowing the re-

searcher and institution to fulﬁll its research mission, while

appropriately managing not only the risks to individual

researchers but the overall risks to the institution.

URMIA Journal 2016

About the Authors

Linda Hui is the coordinator of emer-

gency management at the University

of Alberta and is a certiﬁed trainer in

the Incident Command System. As

member of the Oﬃce of Emergency

Management, Linda manages the train-

ing and development of the University’s

Crisis Management Teams and the

Emergency Operations Centres and supports the manage-

ment of incidents and events that may occur on any of the

ﬁve university campuses and abroad through the study and

research abroad programs.

Marta Urbanik is a PhD candidate in

the Department of Sociology at the

University of Alberta. She completed

her Bachelor’s and Master’s degrees in

criminology at the University of To-

ronto and currently teaches criminolo-

gy at the U of A. Her research interests

are racialized gangs, neighbourhood

redevelopment, violence within disadvantaged neighbour-

hoods, race and crime, and violent extremism.

Philip Stack is the associate vice-

president (risk management services)

and the chief environment and safety

oﬃcer for the University of Alberta.

He is responsible for the university’s

enterprise risk management framework

and ensuring that the university has

the necessary systems and processes

in place to manage risk and respond

eﬀectively to incidents when they occur.

Endnotes

“University of Alberta’s Risk Management Policy,” University of Alberta, last

modiﬁed April 23, 2013, https://policiesonline.ualberta.ca/PoliciesProcedures/

Policies/Risk-Management-Policy.pdf.

The project is funded by the Social Sciences and Humanities Research Council

(SSHRC).

Clifford Geertz, “Deep Hanging Out: Review of James Clifford’s Routes: Travel and

Translation in the Late 20th Century and Pierre Clastres’ Chronicle of the Guyaki

Indians,” The New York Review of Books 45(16) (1998).

M. Bllor, B. Fincham, and H. Sampson, “Qualiti (NCRM) Commissioned Inquiry Into

the Risk to Well-Being of Researchers in Qualitative Research,” Qualiti, Cardiff

University, June 2007: 1-74.

“University of Alberta’s Environment, Health and Safety Policy,” University

of Alberta, last modiﬁed May 28, 2014, https://policiesonline.ualberta.ca/

PoliciesProcedures/Policies/Environment-Health-and-Safety-Policy.pdf.

“University of Alberta’s Off Campus Activity and Travel Policy,” University of Alberta,

last modiﬁed June 17, 2011, https://policiesonline.ualberta.ca/PoliciesProcedures/

Policies/Off-Campus-Activity-and-Travel-Policy.pdf.

“University of Alberta’s Ofﬁce of the Vice President (Research) Field Research

Ofﬁce,” University of Alberta, last modiﬁed March 30, 2016, http://www.ﬁeldofﬁce.

ualberta.ca/.

“University of Alberta’s Field Activities Plan,” University of Alberta, last modiﬁed

July 10, 2015, http://www.ﬁeldofﬁce.ualberta.ca/Planning/Field%20Activities%20

Plan.aspx.

William J. Wilson, The Truly Disadvantaged: The Inner City, the Underclass, and

Public Policy (Chicago: University of Chicago Press, 1987).

“Toronto Opens a New Park in Regent Park Community,” Toronto Community

Housing Corporation (2014), http://www.torontohousing.ca/news/toronto_opens_

new_park_regent_park_community.

Wilson, The Truly Disadvantaged.

“University of Alberta’s Human Ethics Research Forms and Templates,” University

of Alberta, last modiﬁed September 17, 2014, http://www.reo.ualberta.ca/Forms-

Cabinet/Forms-Human.aspx.

Geertz, “Deep Hanging Out.”

For Dr. Sandra M. Bucerius, University of Alberta, and Dr. Sara K. Thompson,

Ryerson University, whose SSHRC funded research explores the experiences of

young Regent Park residents of the revitalization process.

Marta would like to express extreme gratitude to her supervisor, Dr. Sandra M.

Bucerius, for her training and guidance in terms of ethnographic research, her

immense support during this volatile period in ﬁeldwork, and her continued

mentorship.

Signiﬁcant thanks to Dr. Kevin D. Haggerty for his assistance and mentorship

during this process and ongoing support with the research project.

For those who abide by the “street code,” perceived or actual disrespect often

mandates the use of violence for retaliation for such disrespect. See Elijah

Anderson, Code of the Street: Decency, Violence, and the Moral Life of the Inner City

(New York: WW Norton & Company, 2000).

For those who abide by the “street code,” perceived or actual disrespect often

mandates the use of violence for retaliation for such disrespect (Anderson, Code of

the Street).

Leave all the afternoon for exercise and recreation, which

are as necessary as reading. I will rather say more necessary

because health is worth more than learning.

—thoMas JeffeRsoN,

MeRicaN fouNdiNG fatheR aNd 3Rd us PResideNt

URMIA Journal 2016

Introduction

Recreation directors and risk managers frequently ask

the question: are we currently running programs and/or

facilities that are just too risky? In other words, even after

risk controls are implemented to minimize the risks, is the

residual risk still too high, and you simply don’t have the

capability or resources to eﬀectively manage that risk? e

same question can also be asked about new programs be-

ing considered: can you eﬀectively manage the program’s

risks?

is article will explore three risk assessment tools

which can help you determine how “risky” your programs

and facilities are and whether the risk controls you have in

place are suﬃcient.

Measuring the Risks

e starting point in assessing or measuring the risks is

establishing a risk proﬁle for all your programs, facilities,

and people by separating them into high-risk, moderate-

risk and low-risk categories. You then can prioritize to

focus on the identiﬁed high-risk programs/facilities/

people and worry less about the lower risk areas, i.e. don’t

sweat the small stuﬀ.

ere are two simple ways of looking at risk proﬁle:

qualitatively (risk matrix) or quantitatively (risk rating).

In the qualitative approach, you adopt a more intuitive

or gut reaction approach to measuring risk. e quantita-

tive approach attempts to put a number on the level of

risk by calculating a risk rating.

e following questions will assist with the assessment

and measurements:

1. What activities will take place and how many

participants will be present?

2. Who could be harmed?

3. What property could be damaged and how

severely?

4. What is the maximum likely loss for each activity?

5. Are crowds or bystanders/passersby likely to be

involved?

6. Will inherently dangerous activities be involved?

7. Is there a reputational risk to your organization?

8. How likely is it that your organization will be a

defendant in the event of a loss?

9. Is the activity consistent and in support of your

organization’s mission?

Risk Matrix Approach

e risk matrix, or probability vs. severity grid, is a tool

that can help you determine high and low risk. While this

risk classiﬁcation system can be quite subjective, it is the

simplest approach, and you often end up with an assess-

ment of risk level that is quite suﬃcient for your needs.

• Red Zone Activity: Probability is high that some-

thing will go wrong, or someone will get injured. If

something goes wrong, severity of outcome (dam-

age, injury) is high.

• Amber Zone Activity: ere is a low/medium

probability that something will go wrong. If some-

thing goes wrong, severity of outcome (damage,

injury) is high.

• Gray Zone Activity: Probability is medium/high

that something will go wrong. If something goes

wrong, severity of outcome (damage, injury) is

low.

• Green Zone Activity: Probability is low that

something will go wrong. If something goes wrong,

severity of outcome (damage, injury) is low.

FIGURE 1: Risk Matrix (Probability vs. Severity Grid)

Ian McGregor, President, SportRisk, and Zachary Gifford, Director, Systemwide Risk Management, California State University – Ofﬁce of the Chancellor

Identifying and Assessing Risks in

Campus Recreation Programs and Facilities

URMIA Journal 2016

Examples:

Red Zone: Tackle Football

• High probability that someone will be injured

• High severity of injury is likely

Amber Zone: Sky Diving Class

• Low probability of something bad happening

• High severity is guaranteed if something bad does

happen

Gray Zone: Pick-up or Intramural Basketball

• High probability of injury happening

• Low severity – e.g. twisted ankle

Green Zone: Chess Tournament

• Low probability/Low severity

e next step is to place each of these programs in

one of the four quadrants of the risk grid. e quadrants

you are really interested in are the Red Zone and Amber

Zone. Programs, facilities, or people falling in either of

these two quadrants require special attention.

FIGURE 2: Risk Grid

Risk Rating Approach

In this more quantitative approach, numerical values are

assigned to probability (P) and severity (S). is can often

be a challenging exercise as assignment of values can be

subjective. It is a good idea to have small groups working

on this, giving instructions to everyone to use their best

judgment and not to over analyze.

Probability (P): On a scale of 1–5, what are the chanc-

es of someone getting hurt or property getting damaged?

1. Unlikely to occur

2. Unlikely but some chance

3. Could occur occasionally

4. Good chance it will occur

5. High probability it will occur

Severity (S): On a scale of 1-5, how serious could the

injury or damage be?

1. Minor injury; no property damage

2. First aid; minor property damage

3. Injury requires medical help; signiﬁcant property

damage

4. Injury may result in serious medical problems;

serious property damage

5. Major injury; serious property damage

e risk rating is calculated by multiplying PxS, and

the risk level is determined using Figure 3. Note that a

risk level of “Extreme” corresponds to a “Red Zone” activ-

ity in the risk grid approach.

FIGURE 3: Risk Rating

Applying the risk rating approach to the previous

examples results in the following:

FIGURE 4: Examples of Various Activities and

Their Risk Ratings

URMIA Journal 2016

Programs/facilities are then placed on a risk map. Ad-

ditional programs have been added to this map to demon-

strate what a department map might look like. Irrespec-

tive of whether you use the risk matrix or risk rating, you

will end up with a risk grid or a risk map which contains

all your programs, facilities, and people.

is exercise establishes which programs/facilities/

people are high risk (red/amber zone or extreme/high risk

rating) and which are low risk (gray/green zone or moder-

ate/low risk rating). From a risk management perspec-

tive, it is always important to look at programs/facilities/

people through a “high risk” lens. is does not mean that

you completely ignore the gray and green programs, but

realistically you should regard them as small stuﬀ unless

parameters change or there are unique circumstances (e.g.

if the chess tournament involves a liquor license, then this

program immediately jumps to red zone!).

Figure 5: Example of a Risk Map for Campus Programs

and Activities

Auditing Your Risk Controls

Implementing control strategies helps you lower your risk

rating, hence minimizing the chance of a serious injury or

property damage. But how do you know if these controls

are suﬃcient? And how do your controls compare with

other campus recreation departments?

A new best practices audit tool has recently been

developed to answer these questions. e tool takes a

radically new approach to the audit process by focusing

on best practices instead of standards. Since there are not

many documented standards in the campus recreation

setting (aquatics being the exception), a more realistic ap-

proach is to develop and agree on a series of best practices

and then determine how well a department is performing

relative to these best practices.

e following brieﬂy summarizes the methodology

used in developing this best practices audit tool, and

discusses the results of its implementation at a signiﬁcant

number of institutions in Canada and the United States.

Methodology

Best practices surveys were developed by a group of US

and Canadian campus recreation experts, then vetted by

staﬀ at various schools across North America. Surveys

were piloted at eight schools (four in the United States

and four in Canada) before ﬁnal implementation.

ere are 16 best practices areas in total:

• Programs: Sport Clubs; Intramurals; Youth

Camps; Outdoor Program; Instruction

• Facilities: Weight Room; Fitness Center; Aquat-

ics; Ice Arena; Fields; Climbing Wall; Facilities

(general)

• General: Risk Management Committee; Travel;

Emergency Response; Waivers

For programs and facilities, best practice surveys are

generally divided into six categories:

• Staﬃng

• Supervision and Instruction

• Training

• Facilities and Equipment

• Documentation

• Emergency Response Plan

General surveys are all diﬀerent and have unique

categories. A demographics survey is used to obtain key

information on each school (e.g. size, state/province, %

male: female etc.), allowing comparisons to be made.

For each best practice area, surveys were developed (by

the experts) in the form of a series of statements, e.g. “e

Weight Room is supervised at all times.”

• Response Value: Staﬀ members completing the

surveys (on SurveyMonkey) have three response

options for all best practice statements, and a

response value is assigned to each response:

2: Currently doing this

1: Plan to do this

0: Not planning to do this

URMIA Journal 2016

• Weight Factor: Each best practice is assigned a

weight factor using a 3, 2, 1 scale to reﬂect their

relative importance.

3: Critical

2: Very important

1: Important

A score for each best practice statement is determined

by multiplying the response value and the weight fac-

tor. For example, a response of “currently doing this” (2)

coupled with a “critical” weight factor (3) would score a

total of 2x3 = 6.

• A category score is calculated for each category

(staﬃng, supervision, etc.) within each survey.

• A total score for each best practice area is ob-

tained by adding the scores of all categories.

Audit Implementation

e best practices audit tool was administered to a num-

ber of post-secondary institutions across North America.

At the time of writing this article, over 100 schools had

participated, including several from the California State

University system and all schools from the “BIG 10”

athletic conference. All schools received a report which

included:

• Benchmark graphs showing each institution’s

overall scores compared to the average of all

schools participating.

• A series of recommendations, speciﬁc to each

school, based on the institution’s survey respons-

es. is gap analysis focused on the “don’t plan to

do” statements weighted at 2 or 3, i.e. the more

critical best practices.

It was also recommended to all schools that the results

be shared and discussed with the institutional risk man-

ager. Doing this provides an opportunity for the depart-

ment to explain or justify certain responses, such as why a

speciﬁc best practice is not being followed. In many cases,

there may be a reasonable explanation, or the lack of a

best practice is essentially benign in terms of risk. Going

through this process would also help the department an-

swer the question, “Should we be doing this?” by seeking

the risk manager’s input based on the survey results.

Using the best practices audit tool, it is possible to

conduct additional comparisons, such as between schools

of the same size, in the same state/province, or within the

same system. e large (and growing) database will also

allow speciﬁc queries to be made, e.g. what is the per-

centage of schools in California which have a concussion

protocol for their sport clubs program?

Figure 6: Sample Institutional Scores Compared to Other Institutions of Higher Education

URMIA Journal 2016

Conclusion: A Final Word on Residual Risk

e use of the risk rating and best practices audit tools

will help an institution determine answers to the initial

risk management questions posed:

• How risky are your programs and facilities?

• Do you have suﬃcient risk controls in place?

Given the fact that you cannot eliminate all risks, and

also the fact that some people participate in recreational

activities because of the risks involved, an institution will

generally have to accept some of the “residual” risks – oth-

erwise no programs and activities would be oﬀered.

But there is a ﬁne line between safe and the point at

which the residual risk is just too much to be reasonably

managed by an individual or department. is is why

there needs to be a broader discussion to ensure that an

institution is not taking on too much risk.

For more information and access to the best practices

risk assessment tool, go to http://www.sportrisk.com/

best-practices/. At the department level, a review of the

best practices audit can be performed by a risk manage-

ment committee or senior management team if this

committee does not exist. At the institutional level, the

risk manager can play a key role in helping to determine

if some activities are just too risky and have the potential

to cause damage, including injury, property, and uninsur-

able losses, such as damage to the institution’s reputation

or a chill on promoting further activities that, were it not

for a loss, would still occur and advance the organization’s

mission.

Figure 7: Sample Breakdown of Scoring and Recommendations

URMIA Journal 2016

About the Authors

Ian McGregor, PhD, is an internation-

ally recognized expert on risk man-

agement in the sport and recreation

ﬁelds. He is a renowned speaker at

conferences and workshops through-

out the United States and Canada.

He was previously director of athlet-

ics and recreation at the University of

Toronto and Saint Mary’s University in Canada and at

Dominican University of California.

Dr. McGregor is president of SportRisk, providing

risk management consulting services to campus recreation

departments at universities and colleges across North

America. He also does extensive work in the area of

student event risk management, where he works with uni-

versities and their various student groups to cooperatively

establish eﬀective event risk assessment and management

processes.

Dr. McGregor’s virtual training programs include on-

line webinars and courses, and his online “Risk Manage-

ment Newsletter” is entering its 11th year of publication.

He recently launched a comprehensive best practices risk

assessment project targeting university campus recreation

programs and facilities.

Zachary Giﬀord is director of sys-

temwide risk management with the

California State University (CSU)

– Oﬃce of the Chancellor and has

worked for the CSU since 2008. Mr.

Giﬀord provides direct assistance to

the assistant vice chancellor, ﬁnancing,

treasury, and risk management and

campuses by providing the day-to-day oversight of the

CSU’s property and casualty, workers’ compensation, en-

vironmental health and safety, and emergency prepared-

ness/business continuity programs.

Mr. Giﬀord has put his 26 years of claims handling

and risk management experience to work as he tackles

the responsibility of supporting the various and at times

complex issues of addressing risk management challenges

for the country’s largest public university system.

Previous to the CSU, Mr. Giﬀord was the liability

claims manager for the city of Santa Ana. At the city of

Santa Ana, Mr. Giﬀord handled the liability and property

programs for this distinctive city that represents the only

true urban environment in Orange County, Ca. is city

of nearly 400,000 residents is faced with a wide variety of

liability exposures, from civil rights to road design.

After graduating from CSU, Long Beach, Mr. Gif-

ford got his start in the ﬁeld with SAFECO Insurance.

Following his experience with SAFECO, Mr. Giﬀord

worked with many diverse governmental entities while

handling claims and providing risk management consulta-

tion for third party administrator Carl Warren & Co.

In addition to his work experience, Mr. Giﬀord has

been a very active public speaker and has participated in

various capacities with risk management organizations

such as the Public Agency Risk Management Association

(PARMA), California Public Risk Management Associa-

tion (PRIMA), National PRIMA, and RIMS – e Risk

Management Society.

Among the illusions which have invested our civilization is

an absolute belief that the solutions to our problems must

be a more determined application of rationally organized

expertise… The reality is that our problems are largely the

product of that application.

—JohN RalstoN saul,

oltaire’s Bastards: the dictatorship of reason in the West

The people who have done big things are those

who were not afraid to attempt big things,

who were not afraid to risk failure in order to gain success.

—b.c. foRbes,

iNaNcial JouRNalist aNd fouNdeR of forBes MaGaziNe

URMIA Journal 2016

Introduction

Risk management in a higher education setting is excit-

ing and exposes risk management and administrative

personnel to unique challenges and opportunities that are

not present in other business arenas. It is not inconceiv-

able that somewhere on a college campus today is the

young mind who will discover the cure for cancer or who

will make the next great computer discovery. College

administrators struggle to ﬁnd the bal-

ance between providing an educational

environment that fosters and cultivates

the potential for innovative thought and

also maintains the safety and direction of

the institution as whole.

Risk managers and organizational

leaders need to be strategic in balancing

the desire to provide opportunities for

students and faculty to explore diﬀerent

areas of interest while ensuring that the

institution is not exposed to unnecessary

risk. Saying “yes” to a new project can

sometimes enlist a gut feeling approach

to risk management that does not always

fully quantify or identify all potential

risks. e “gut feeling” approach to risk

management does not always yield the

best possible outcomes; this instinctual

response may overlook risk or may at-

tribute more risk to a situation than is

warranted.

is article examines how to implement elements of

strategic analysis used by top business administrators as a

methodology for evaluating and quantifying risk.

Quantiﬁed SWOT Analysis

SWOT analysis is used by business professionals to assess

the potential beneﬁts and drawbacks associated with

business transactions.

SWOT analysis, which stands

for Strengths, Weaknesses, Opportunities, and reats,

can provide signiﬁcant beneﬁts to organizational risk

managers and can assist in evaluating and identifying risks

associated with various types of activities and projects.

SWOT analysis involves the identiﬁcation and evaluation

of four components:

1. Strengths

2. Weaknesses

3. Opportunities

4. reats

Originally developed in the 1960s

as part of a research project at Stanford

University to evaluate why business

planning failed, SWOT is now used as a

platform for strategic decision making.

e purpose of SWOT analysis is to

provide a connection between objectives

and business decision making.

SWOT

provides a concrete methodology

for assessing potential business

opportunities. From an institutional

perspective, colleges and universities

are subject to similar variables as a

traditional for-proﬁt business; however,

the underpinning aim of institutions

of higher education is not proﬁt.

Rather, the primary goal of educational

institutions is to provide higher

education opportunities to students

and to contribute to the scientiﬁc,

cultural, and technological development of the human

race. ough not traditionally used in a higher education

setting, SWOT analysis techniques can be very beneﬁcial

in evaluating organizational risk and developing strategies

for addressing identiﬁed risk exposures.

Because not all SWOT elements have the same

potential impact on the outcome of the decision, adding

a quantitative element to the SWOT analysis provides

further depth to the analytical process by ascribing more

weight to elements that are likely to have more impact on

organizational decision making.

Weighted scores assist in

Mya Almassalha, JD, MBA, Director of Higher Education Programs - Professional Solutions Insurance Services, Encampus

Using Analytics as Part of

Institutional Risk Management

Originally developed

in the 1960s as part

of a research project

at Stanford University

to evaluate why

business planning

failed, SWOT is now

used as a platform

for strategic decision

making.

URMIA Journal 2016

quantifying the overall measure of risk to beneﬁts outlined

within the SWOT analysis itself.

SWOT Process

e identiﬁcation and evaluation process is used to assist

in critical decision making and to help business leaders

make decisions about the direction and future of their

businesses. e aim of these analytic processes is to assist

in the decision making process by allowing business

leaders to evaluate and quantify competing business

opportunities.

e same type of decision making process

is also useful to risk management professionals when

called on to evaluate and quantify risk.

Identiﬁcation: Identify the potential

institutional strengths/weaknesses of

a proposed activity/project. Identify

the potential third-party or external

opportunities/threats posed by the

proposed activity/project.

Evaluation: Prioritize the identiﬁed

strengths/weaknesses and opportunities/

threats.

Strengths/Weaknesses:

• Importance: How important a

strength/weakness is for the

institution within its ﬁeld. Some

strengths/weaknesses may be

more important than others. A

number from .01 to 1.0 should be

assigned to each S/W identiﬁed;

the grand total for all S/W should equal no more

than 1.0.

• Rating: Assign a rating of 1-3 to each factor to

determine whether it is a major or minor strength/

weakness. A rating of 1 signiﬁes the strength/

weakness is least likely to have an impact on the

organization; a rating of 3 indicates the strength/

weakness is mostly likely to have an impact on the

organization.

• Score: Determined by multiplying importance by

rating. e score allows for the prioritization of

strengths/weaknesses by determining how much

impact internal strengths may have to oﬀset any

identiﬁed weaknesses.

Opportunities/Threats:

• Importance: Identiﬁes the extent to which an

opportunity/threat has the potential to impact the

institution. A number from .01 to 1.0 should be

assigned to each O/T identiﬁed; the grand total

for all O/T should equal no more than 1.0.

• Probability: Probability of an occurrence having

an impact on the institution (positive or negative).

Assign a rating of 1-3 to indicate how probable

or improbable an occurrence might be. A rating

of 1 signiﬁes the lowest degree of probability; a

rating of 3 indicates a high degree of

probability.

• Score: Determined by

multiplying importance by probability.

is allows for the prioritization of

opportunities/weaknesses by how

likely they are to occur and impact the

institution.

Quadrants of Risk: Multiple-

Attribute Decision Making (MADM)

Undertaking a full SWOT analysis

or critical issue analysis can be a fairly

involved process and can be somewhat

cumbersome when faced with a question

or situation that requires a quick

response.

Adding a second level of

analysis in addition to SWOT allows the

organization to hone in on key risk areas.

ere are several additional types of analysis that can

be used to assist in evaluating and prioritizing identiﬁed

areas of risk. For the purposes of higher education risk

management processes, Multiple-Attribute Decision

Making (MADM) allows the risk manager to evaluate

competing areas of importance—in this case, coming

to a balance between supporting institutional goals and

reducing risk.

MADM uses SWOT analysis as a threshold for

identifying key organizational objectives and loss potential

and then developing a quantiﬁcation process that allows

for quick repeat analysis of similar situations.

In this

The aim of these

analytic processes

is to assist in the

decision making

process by allowing

business leaders to

evaluate and quantify

competing business

opportunities.

URMIA Journal 2016

process, the SWOT analysis is divided into four zones,

or quadrants, which are assigned speciﬁc internal and

external evaluation criteria (see Figure 1: Evaluation

Matrix).

MADM is used to evaluate decisions in the presence

of multiple competing criteria. From an organizational

risk management perspective this refers to the balancing

act between the potential for a loss versus institutional

objectives.

In SWOT analysis, internal capabilities

are evaluated by identifying strengths and weaknesses,

while external inﬂuences are evaluated by identifying

opportunities and threats.

is bifurcation of evaluation

works well in the MADM quadrant analysis for

organizational risk.

In its simplest form, the quadrant analysis outlined in

this article attempts to classify risk management events

into three diﬀerent categories: Low Risk, Moderate Risk,

and High Risk.

• Low risk activities are those unlikely to pose

a liability risk OR those risks that ﬁt within

established risk transfer mechanisms. Example: A

student organization seeks use of campus facilities

to host a social event for its members.

• Moderate risk activities are those that may pose

a liability risk without proper preparation OR

those risks that do not quite ﬁt within established

risk transfer mechanisms. Example: A student

organization seeks to hire a belly dancing troupe

to perform at a social event on campus.

• High risk activities are those activities which are

inherently dangerous and may pose a signiﬁcant

liability risk OR those risks that cannot be

transferred through the use of established risk

transfer mechanisms. Example: A student

organization seeks to hire a ﬁre poi belly dancing

troupe to perform at a social event on campus.

Establishing Evaluation Criteria (Getting to “Yes”)

Just as no two businesses will have identical SWOT

results, no two colleges or universities will have the same

SWOT result. SWOT results will vary as a result of

institutional goals, risk tolerance, access to particular

resources, and overall organizational size.

For example, a

university with a strong life sciences program may already

have risk transfer mechanisms in place to respond to a

potential research opportunity involving human trials,

whereas an institution with a liberal arts focus may not

have a similar program in place.

Using SWOT analysis at the outset of the evaluation

allows the institution to establish categorical thresholds

for each of the four quadrants.

• Low Risk: Evaluation emphasis should be placed

on those activities that strengthen/drive forward

the goals of the institution and which pose little

risk outside of existing risk transfer mechanisms.

• Moderate Risk: Evaluation emphasis should be

placed on activities that strengthen/drive forward

the goals of the institution but for which adequate

risk transfer is not in place.

• High Risk: Evaluation emphasis should be placed

on activities that do not necessarily ﬁt within the

goals of the institution and which may pose a

signiﬁcant risk, even within existing risk transfer

mechanisms.

1. High Risk/High Support (threats outweigh

opportunities, strengths outweigh weaknesses)

2. Low Risk/High Support (opportunities outweigh

threats, strengths outweigh weaknesses)

3. Low Risk/Low Support (opportunities outweigh

threats, weaknesses outweigh strengths)

4. High Risk/Low Support (threats outweigh

opportunities, weaknesses outweigh strengths)

Figure 1: Evaluation Matrix

URMIA Journal 2016

• Strengths/Opportunities: Represent activities or

projects that strongly support the mission or

institutional goals of the college, while representing

a low risk for potential loss.

(Low Risk/High

Support)

• Weaknesses/reats: Represent activities or

projects that do not necessarily support the

mission or institutional goals of the college, while

representing a strong risk for potential loss.

(High Risk/Low Support)

e most desirable activities/projects are those that

fall ﬁrmly within the Low Risk, High Support quadrant,

while the least desirable activities are

those that fall ﬁrmly within the High

Risk, Low Support quadrant.

Here are a few examples:

• High Risk/High Support (HR/

HS): A graduate student in

the Department of Psychology

receives a research grant to study

the eﬀects of certain counseling

techniques on post traumatic

stress disorder (PTSD) patients.

e department does not

typically provide counseling

services to patients in an

experimental setting.

• Low Risk/High Support (LR/

HS): e School of Engineering

would like to purchase new

computers that allow students

to participate in an on campus

robotics simulation lab.

• Low Risk/Low Support (LR/LS): An engaged

couple request use of the campus chapel for a

wedding ceremony.

• High Risk/Low Support (HR/LS): Several

undergraduate students request approval to start a

ﬁreworks club on campus with the goal of putting

on a ﬁreworks displays for the student body.

e critical role of the eﬀective risk manager comes in

identifying and developing a risk management mechanism

for addressing those highly desirable, but risky projects

and activities. In such cases, it is important to examine

three diﬀerent factors:

1. Can the risk be transferred by shifting the risk of

loss to another party?

a. Contractual risk transfer

b. Insurance

2. Can the risk be reduced by modifying the

proposed activity?

a. Change of Location

b. Engage an expert

c. Eliminate a component of the activity/project

3. Can the risk be retained?

a. Does the institution have the ability to absorb

the identiﬁed risks within its current

operations?

b. Is the beneﬁt such that any potential

risk of loss is signiﬁcantly outweighed

by the immediate beneﬁt of the activity/

project?

SWOT in Action: Analytical Example

(High Risk/High Support)

A graduate student in the Department

of Psychology receives a research grant

to study the eﬀects of certain counseling

techniques on PTSD patients. e

department does not typically provide

counseling services to patients in an

experimental setting.

Step 1: Identiﬁcation

Strengths:

1. Prestigious grant that can

provide key visibility for the college

within the ﬁeld of psychology

2. Fully utilizes potential of highly talented students

3. Allows for further development and growth of the

psychology department

Weaknesses:

1. No prior on-campus clinical activities

2. Lack of supervisory counseling staﬀ

3. Lack of adequate controls to ensure eﬀective

counseling techniques

4. No on-campus counseling facilities

The critical role of the

effective risk manager

comes in identifying

and developing a

risk management

mechanism for

addressing those

highly desirable, but

risky projects and

activities.

URMIA Journal 2016

Opportunities:

1. Desire of patients suﬀering from PTSD to have

access to innovative treatment

2. Contribution to the science and study of PTSD

3. Potential availability of future research

opportunities/funding from external sources

reats:

1. Lack of clinical experience may discourage

participation

2. Potential for malpractice suit in the event of

misdiagnoses or ineﬀective treatment

3. Potential for increased exposure to bodily injury/

property damage to third parties coming on

campus

4. Potential for loss of institutional reputation in the

event of project failure

Step 2: Evaluation

Strengths:

Item Importance Probability Score

1. 0.5 3 (0.5 x 3) = 1.5

2. 0.2 1 (0.2 x 1) = 0.2

3. 0.3 3 (0.3 x 3) = 0.9

TOTAL 1.0 2.6

Weaknesses:

Item Importance Probability Score

1. 0.3 3 (0.3 x 3) = 0.9

2. 0.3 1 (0.3 x 1) = 0.3

3. 0.3 1 (0.3 x 1) = 0.3

4. 0.1 1 (0.1 x 1) = 0.1

TOTAL 1.0 1.6

Opportunities:

Item Importance Probability Score

1. 0.2 2 (0.2 x 2) = 0.4

2. 0.3 2 (0.3 x 2) = 0.6

3. 0.5 2 (0.5 x 2) = 1.0

TOTAL 1.0 2.0

reats:

Item Importance Probability Score

1. 0.2 2 (0.2 x 2) = 0.4

2. 0.3 3 (0.3 x 3) = 0.9

3. 0.1 3 (0.1 x 3) = 0.3

4. 0.4 2 (0.4 x 2) = 0.8

TOTAL 1.0 2.4

Outcome

To assess in which quadrant in the evaluation matrix

the project or activity falls, subtract Weaknesses from

Strengths and reats from Opportunities.

Strengths - Weaknesses:. 2.6 - 1.6 = 1.0

Opportunities - Threats: 2.0 - 2.4 = -0.4

Figure 2: SWOT in Action: Mapping Risk in the

Evaluation Matrix

In this example, the activity falls into the upper

left quadrant, indicating it would be a High Risk/

High Support activity. e college has the potential to

signiﬁcantly beneﬁt from pursuing the research grant

opportunity provided to the graduate student since

Strengths outweigh Weaknesses. However, the identiﬁed

reats present a risk to the organization as they

outweigh Opportunities.

A review of the identiﬁed weaknesses/threats appears

to demonstrate that the main identiﬁed risks center

URMIA Journal 2016

around the institution’s lack of prior experience in this

area. Lack of experience in a particular area or ﬁeld

can prompt an institution to hesitate to undertake new

projects, especially when faced with the potential for

signiﬁcant organizational liability.

In this case, there is high support for institutional aims,

but also high risk of potential liability. It is important

to weigh the implications of the potential negative

consequences against the potential beneﬁts. ere are

several methods that can be utilized in this particular

example to mitigate the risks associated with accepting the

grant and undertaking the clinical research project.

1. Professional liability insurance would provide

coverage for the institution, faculty, and student

for rending or failure to render professional

services in a clinical setting.

2. e institution can capitalize on a prior

relationship with a local mental health facility

that specializes in treating/counseling patients

suﬀering from PTSD. e college had placed

counseling students in practicums at the facility in

the past. is relationship will allow the college to:

a. Transfer the premises liability hazard to the

mental health facility.

b. Capitalize on clinical expertise in PTSD to

minimize potential liability associated with a

malpractice suit.

c. Provide access to an already established patient

base in the target treatment area.

Simpliﬁcation

Engaging in a full SWOT/MADM analysis each time

a new project or activity presents itself is not always

practical or desirable. e analytical process can be

time consuming and labor intensive and may not lend

itself well to the need for quick decision making. ere

are numerous similar activities/projects that may

occur on a regular basis on campus. Grouping these

types of activities/projects together and engaging in a

threshold SWOT analysis of categorical activities is one

way to engage in a more comprehensive risk review of

organizational risks. Based on the outcome of the SWOT

analysis for diﬀerent categories of activities, activities/

projects can be identiﬁed as low, medium, or high risk.

• Low Risk: Activities that fall within the LR/HS

and LR/LS categories. ese are areas where

the institution has established strengths and an

existing framework for addressing risk transfer

objectives.

• Moderate Risk: Activities that fall within or close

to the HR/HS category. ese are areas where

the institution has an organizational objective

in engaging in the project/activity but where

additional risk management mechanisms may

be needed in order to fully address identiﬁed

exposures.

• High Risk: Activities that fall within or close to

HR/LS. ese are activities that pose signiﬁcant

organizational risks to the institution without

any real accompanying beneﬁts to the institution.

Activities falling into this category are ones that

should generally be avoided.

Periodic review of assigned risk categories is essential;

institutional objectives change over time as does

organizational risk tolerance.

Conclusion

ere are many diﬀerent analytical tools available to

institutional risk managers. One such available tool is

the use of SWOT analysis as a method to identify and

prioritize risk. ough SWOT analysis has been widely

used in business activities for decades, it is less popular

with risk management professionals because of its time

consuming and labor intensive processes. Using SWOT

and MADM zones analysis to create quadrants of risk

provides a valuable shortcut which can be used to quickly

evaluate the most common types of risks which may arise

on a college campus.

URMIA Journal 2016

About the Author

Mya Almassalha is the director

of higher education programs at

Professional Solutions Insurance

Services – Encampus, a full service

insurance brokerage. She has over

a decade of general insurance and

risk management expertise with a

strong focus on higher education,

not-for-proﬁt, and organizational risk management.

Prior to joining the brokerage world, Mya worked for

national A.M. Best rated insurance carriers in both

underwriting and claims roles and as a risk manager for a

global transportation ﬁrm with over $2 billion in annual

revenues. Mya holds a Juris Doctor from Wayne State

University and an MBA in business administration and

ﬁnance from Baker College.

Endnotes

John Thompson and Frank Martin, Strategic Management: Awareness &

Change, 6th ed. (New York: Cengage Learning EMEA), 140, 817.

Ibid., 140.

Fred David, Strategic Management: Concepts and Cases, 12th ed. (Upper

Saddle River: Prentice Hall), 125-126.

Thompson and Martin, Strategic Management: Awareness & Change, 140.

David, Strategic Management: Concepts and Cases, 215.

Thompson and Martin, Strategic Management: Awareness & Change, 140.

Ibid., 90.

Ibid., 284-308.

Hsu-Hsi Chang and Wen-Chih Huang, “Application of a Quantiﬁcation SWOT

Analytical Method,” Mathematical and Computer Modeling, 43 no. 1&2

(January 2006), 158.

Ibid., 158.

Ibid., 160.

Ibid., 158-169.

K. Paul Yoon and Ching-Lai Huang, Multiple Attribute Decision Making: An

Introduction, 1st ed. (Los Angeles: Sage Publications, Inc.), 27-41.

Chang and Huang, “Application of a Quantiﬁcation SWOT Analytical

Method,” 158-159.

David, Strategic Management: Concepts and Cases, 28-32.

Chang and Huang, “Application of a Quantiﬁcation SWOT Analytical

Method,” 160-161.

Ibid., 160-161.

Ibid., 160-169.

If you look up the synonyms for the word “risk,” you will

likely receive results such as: danger, hazard, threat, peril,

and gamble. So why do people, companies, governments, and

countries expose themselves to risk? The answer is simple:

without risk there is no reward.

—kseNiya (kate) stRachNyi,

isk MaNaGeR

URMIA Journal 2016

Introduction

Concerns about risks hang like a heavy cloud over all

manner of industries and institutions these days. While

this heightened concern may seem rather recent, a study

of history informs us that this cloud has been in existence

since time immemorial. Truly, since the beginning of hu-

mankind, there have been numerous eﬀorts to manage the

risks that are prevalent in everyday life. One of the prin-

cipal risk management eﬀorts over the last two decades

has come in the form of enterprise risk

management (ERM). e Committee of

Sponsoring Organizations (COSO) and

the ISO 31000 ERM frameworks are

the most recognized. Yet there has been

reticence to adopt, much less embrace,

the use of ERM frameworks, especially in

university settings. is article intro-

duces an alternative ERM framework

that could be better suited to institutions

of higher education where deliberations

and options are valued and leveraged to

arrive at consensus and more sustainable

decisions.

Background

Risk management began with the ﬁrst

steps on the planet. Creatures of prey

had to balance risks against rewards to

survive. Evolution has carried us forward

to modern times where we have imple-

mented a variety of tools to help us better understand

and manage complex risks. It is instructive to study the

ancient Chinese symbol for risk, which actually consists

of two ﬁgures.

e ﬁrst ﬁgure represents danger and the

second ﬁgure opportunity. ese symbols translate per-

fectly to our current vernacular of risk and opportunity

management. From the times of the ancient Greeks, there

was great concern about feast and famine with weather

and crop variations, necessitating resultant action to pro-

tect and hedge those risks.

In the latter part of the last century, a number of

economists and ﬁnancial analysts developed theories,

models, and approaches to understand ﬁnancial risk and

seize opportunities to take advantage of discontinui-

ties in the market place. Harry Markowitz focused on a

portfolio selection framework through the development

of his mean-variance theory.

William Sharpe and John

Lintner carried the concept further with their capital

asset pricing model, which was developed to measure the

risk of a security.

Subsequently, Myron

Scholes collaborated ﬁrst with Fisher

Black and then with Robert Merton to

develop methods for pricing options and

derivatives, for which the latter duo were

awarded the Nobel Prize in Econom-

ics.

Clearly, these models culminated

in a highly reﬁned set of tools that made

quantiﬁcation of risk more accessible

than ever before.

Yet with all this precision, it has

not been suﬃcient to avoid a myriad of

ﬁnancial disasters and costly catastro-

phes.

Ivan Boesky and Michael Milken

used insider information in 1986 to

invest in companies that were being

acquired, amassing illegal gains of hun-

dreds of millions of dollars. Charles Ke-

ating and several other savings and loan

oﬃcials enriched themselves and caused

hundreds of millions of investor losses

in 1989. Enron, under the leadership of Ken Lay, went

from being regarded as the most innovative company in

the world to the dustbin of history with its fraudulent oﬀ-

book entries in 2001. e very next year, Bernie Ebbers

and Worldcom were found guilty of improperly valuing

assets by as much as $11 billion, causing 30,000 lost jobs

and costing investors $180 billion in losses.

In response and in recognition of the frailties of hu-

man nature, the federal government promulgated a series

of regulations to tighten oversight of public companies. In

The ancient Chinese

symbol for risk

actually consists

of two ﬁgures.

The ﬁrst ﬁgure

represents danger

and the second ﬁgure

opportunity.

Francisco A. Figueroa, PhD Candidate, Texas Tech University

An Alternative University

Enterprise Risk Management Framework

URMIA Journal 2016

addition, it was recognized that company internal controls

were at the center of preventing fraud and manipulative

practices. It is useful to know that independent auditors

were issuing reports that reassured investors, even as some

of the books were being manipulated. To their credit,

the premier accounting associations acknowledged these

inconsistencies and determined to strengthen internal

controls through self-regulation.

Origin and Issues with the COSO ERM Framework

Model

In one of their ﬁrst decisive acts, the American Account-

ing Association, the American Institute of Certiﬁed

Public Accountants, the Financial Executives Interna-

tional, the Institute of Management Accountants, and

the Institute of Internal Auditors formed the Com-

mittee of Sponsoring Organizations (COSO) to study

causal factors that lead to fraudulent ﬁnancial reporting.

In 1992, they published Internal Controls—Integrated

Framework as a compliance tool for public companies.

Going further and in the face of continuing ﬁnancial

improprieties, COSO published Enterprise Risk Man-

agement—Integrated Framework to enhance internal

controls and to explicitly address risk in internal aﬀairs

of public companies.

is enterprise risk management

(ERM) instrument has been adopted by 60 percent of

US public companies, and it has served as a useful in-

strument for compliance and rigor in internal controls.

Like many accounting-based frameworks, it is ex-

ceedingly complex, with a 16-page executive summary.

FIGURE 1: COSO ERM Framework

Referred to as the COSO ERM Cube, it has three

dimensions. e front facing dimension provides eight

risk management actions ranging from a survey of the

internal environment to a monitoring function. e top

facing dimension has four categories of risk from strate-

gic to compliance. e right facing dimension has four

organizational levels from entity-level to subsidiary. As

noted in the 2004 Executive Summary, COSO stipu-

lates that enterprise risk management encompasses the

following:

• Aligning risk appetite and strategy

• Enhancing risk response decisions

• Reducing operational surprises and losses

• Identifying and managing multiple and cross-

enterprise risks

• Seizing opportunities

• Improving deployment of capital

Just as the maturity of ERM continues to advance,

so, too, must COSO continue to evolve. In fact, COSO

is in the process of updating the framework to mod-

ernize the committee’s enterprise risk guidance.

e

Exposure Draft was recently released for public com-

ment.

e update is entitled, Enterprise Risk Manage-

ment—Aligning Risk with Strategy and Performance. As it

is in the development and coordination phase, the new

framework will not be evaluated in detail here. However,

it is instructive to note that the update is intended to

“address the evolution of enterprise risk management

and the need for organizations to improve their ap-

proach to managing risk in today’s business environ-

ment.”

Origin and Issues with the ISO 31000 ERM

Framework Model

Another enterprise framework was introduced by the

primary risk management organizations in the United

Kingdom and is entitled ISO 31000 Risk Manage-

ment—Principles and Guidelines.

It was spurred by

the 2008 global ﬁnancial crisis and is modeled after the

COSO framework in that it is principle-based and not

prescriptive. It diﬀers from the COSO model in that

it abandons the familiar cubic shape and substitutes a

two dimensional representation of the principles, the

ﬂow, the mechanisms, and the attributes of a typical and

hopefully successful risk management system.

URMIA Journal 2016

FIGURE 2: ISO Framework

ere has been some criticism of the

ISO 31000 model, ranging from it being

unclear, can lead to illogical decisions

if followed, is not possible to comply

with, and is not mathematically based.

However, it does provide more ﬂexibility

to the user, has the prestige of being an

international standard, and provides an

alternative framework for tailoring to a

speciﬁc institution.

A Perspective on ERM at Institutions

of Higher Education

Experts believe that an integrated ap-

proach to risk management provides

beneﬁts by “connecting the dots” for any

company and institution. ere seems

to be little doubt that managing risks in isolation from

the larger whole creates vulnerabilities that have, can, and

will be exposed at some point in the life of an institutional

entity. While it is important for the individual elements

of an entity to manage risks at their level because they

understand the situation best, risks in one area can create

risks or impact operations in another part of a company

or entity. Additionally, a mitigation eﬀort in one element

of a company might actually cause unforeseen and unin-

tended consequences in another element, resulting in the

cure being worse than the disease.

ERM is seen as the gold standard of risk management

systems, whether they be in private industry, government,

or academia. Yet the adoption of ERM in an institution

does not guarantee a successful or sustainable outcome.

In fact, many institutions who claim to have imple-

mented ERM have really only automated their manual

processes and already existing risk culture.

In most surveys of colleges and universities, the data

indicate that attitudes among administrators and boards

of trustees are shifting to be more involved in risk man-

agement matters and to consider industrial practices.

Yet there is still a tentativeness to embrace risk manage-

ment as a strategic imperative or to explicitly state it as a

strategic competency.

ere is a robust structure of supporting professional

associations and consultant companies that provide

networking opportunities, education, development, and

certiﬁcates of competence for university

risk management oﬃcials. Conferences,

publications, and online collaborations

provide healthy forums for sharing of

best practices.

Key thought leaders are active in

promoting the beneﬁts of risk manage-

ment in university settings, often con-

vening disparate groups for the purpose

of creating momentum and enthusiasm

for ERM implementation or simply

to gain consensus for improved risk

management systems. Sometimes these

forums are advanced to highlight prod-

ucts or to grow revenue, but nonethe-

less they serve to improve interactions

in the profession.

ere are highly diverse approaches to risk man-

agement across the university spectrum. Some have

implemented ERM in accordance with COSO, some

have used the ISO 31000 framework, and some have

created their own frameworks. Some have moved swiftly

to centralize their risk management systems, and some

have chosen to move deliberately and cautiously. Some

universities include risk management as a strategic ob-

jective, though most have not. Some boards of trustees

include risk management oversight in their charters;

again, though, most do not. Some university presidents

have assigned risk management accountability to a chief

risk oﬃcer, some to their chief ﬁnancial oﬃcer, some to

Experts believe

that an integrated

approach to risk

management

provides beneﬁts by

“connecting the dots”

for any company and

institution.

URMIA Journal 2016

their internal audit departments, and some have dis-

persed the accountability to their individual colleges or

departments.

Scholarly research is rather thin and is generally

qualitative in nature. Most articles have been written by

consulting ﬁrms and those university centers of excellence

that seek to advance their ﬁnancial prospects. Many uni-

versities have utilized consulting ﬁrms to understand their

vulnerabilities, improve their risk management systems,

and decide upon courses of action. Unfortunately, most

of these consulting engagements are proprietary in nature,

and quantitative data is diﬃcult to obtain and share.

Professional associations, university

centers of excellence, and consulting

ﬁrms conduct periodic surveys that give

insight into the progress being made

among universities. However, only gen-

eral conclusions can be drawn from these

surveys, and no quantitative comparative

analyses have been performed. Maturity

models fashioned after the software

capability and competence models are

being utilized by many universities, but

they are also heavily qualitative and not

particularly valuable for comparative

analyses.

ere have been no comparative

evaluations of the various risk manage-

ment frameworks, such as the COSO

model, the ISO 31000 model, and other

alternatives. is prevents institutions

from examining the pros and cons before

they decide upon a framework for their

institution.

Comparative Analysis of Current ERM Frameworks

A comparison of three ERM models is conducted here in

terms of their consistency with selected critical character-

istics. ese characteristics have been deemed desirable in

the context of articles found in the literature review.

e

ﬁrst characteristic is the general acceptance and use of the

model. Second is the availability of operational deﬁnitions

for the terms of the model. e third characteristic is the

independence of the terms, such as risk categories and

organizational levels. Fourth is the linkage to measurable

eﬀect. e ﬁnal characteristic is consistency of results.

Each of these will be applied to three models under con-

sideration and then summarized.

COSO ERM Framework Model

e COSO ERM framework model is a generally ac-

cepted framework and has been adopted in its original

and adapted form by a large number of corporations and

government agencies. Operational deﬁnitions, however,

are vague due to the framework being more principle-

based than prescriptive in nature. As currently structured,

the model components are not independent and overlap

in some risk categories. e model is

not linked to performance measures

that have been consistently applied since

there is wide discretion for entities to

tailor the model extensively to ﬁt unique

organization structures and cultures.

Finally, there have not been any robust

empirical studies conducted to assess

repeatability of results under similar

circumstances.

ISO 31000 Model

e ISO 31000 model is very similar to

the COSO model since it was patterned

after it. e ISO 31000 pictorial is

unique in that it attempts to display the

process interactions versus the structure

of COSO. It is a generally accepted

framework and is prevalently used in

Europe and other countries outside the

United States. Operational deﬁnitions,

as with COSO, are lacking and not

intended to be speciﬁc due to the desire

to provide maximum ﬂexibility to implementing entities.

Here again, the model components are not independent,

and there is no link to measurable results. ere has been

no rigorous attempt to assess consistency of results.

University of Washington (UW) Model

In its 10-year journey since incorporating ERM into its

operations, the University of Washington (UW) has

continued to mature and improve its ERM implemen-

tation.

UW has approached the implementation in a

A comparison of three

ERM models - COSO

ERM Framework,

ISO 31000 Model,

and University of

Washington Model

- is conducted here

in terms of their

consistency with

selected critical

characteristics.

URMIA Journal 2016

systematic and methodical way, remaining committed

to the journey and gaining acceptance by stakeholders

slowly but surely. is implementation provides rare

insight into the detailed steps and obstacles provided by

an academic culture. UW’s ERM framework cannot be

considered generally accepted except in the sense that it

is adapted from the COSO framework model. However,

the changes they have made are unique to the university

and its speciﬁc objectives. Operational deﬁnitions suﬀer

from the same deﬁciencies as the COSO model in that

the framework is meant to be broad and non-speciﬁc

for implementation purposes. For the same reasons, the

components are not independent. As to links to measures,

UW’s ERM implementation has focused to date more on

increasing awareness and acceptance than making opera-

tional measurements. us, there has been no attempt to

conduct empirical studies to assess repeatability of results.

A summary comparative analysis table of the three

ERM framework models is shown in Figure 3. e three

models are compared against the ﬁve critical characteris-

tics.

ere are obvious gaps with each of the prevalent

ERM framework models that are in practice today. e

comparative analysis table points out that additional

research and development of alternative models would be

helpful to close the gaps in the areas of component inde-

pendence, links to measures, and empirical tests to ensure

consistency of results.

e lack of empirical examinations in the literature

corroborates the gaps in Figure 3. No longitudinal studies

have been conducted that address the long-term implica-

tions of implementing an ERM framework model. Deﬁni-

tive studies comparing the eﬀects of diﬀerent models or

standards do not exist. Furthermore, no articles have been

published on the deﬁnition of standard or comparable

measures of results from ERM implementations. As a

result, empirical studies that address these gaps would

contribute signiﬁcantly to the expansion of the risk man-

agement body of knowledge.

An Alternative Model for Universities

e COSO framework is the most extensively used in the

United States with the ISO-31000 international standard

closely parroting similar elements.

In both cases, the

intent of the framework is to be as broad and inclusive

as possible without being overly prescriptive. As a result,

they are primarily principle-centered and do not attempt

to be speciﬁc. As discussed above, this is an understand-

able approach since so much of risk management depends

upon the speciﬁc goals and objectives of a particular

entity.

e best way for a university to be prepared for both

highly unusual sets of conditions and more routine, every-

day risks is to adopt a risk management framework that

is broad, like the COSO and ISO 31000 frameworks,

but then to follow up with signiﬁcant speciﬁcity tailored

to the institution’s strategic goals and objectives. In this

manner, the framework will be consistent with generally

accepted risk management standards while also being

focused on the institution’s dearest and most meaningful

concerns.

Most of the risk management models in vogue today

depict three dimensions. e COSO three dimensions

are noted in Figure 4. e top face of the cube represents

the categories of risk, from compliance to reporting to

operations to strategic risk. e categories are intended

to be hierarchies of risk components, such that lower level

risks would ﬁt into one of the four categories. For exam-

ple, the operational risk category could include health and

ERM

Framework

Model

Generally

Accepted

Operational

Deﬁnitions

Component

Independence

Link to

Measures

Consistency of

Results

COSO Yes Some No No No

ISO 31000 Yes Some No No No

UW No Some No No No

FIGURE 3: Comparative Analysis of Model Critical Characteristics

URMIA Journal 2016

safety risk, facilities risk, and traﬃc risk. e compliance

risk category could include legal risk and regulatory risk.

e right face of the cube represents the organizational

levels of a corporation, from entity-level to division to

business unit to subsidiary. ey are generic in this form

and would be diﬀerent for every corporation and industry.

e front face of the cube represents risk management ac-

tivities from internal environment objective setting to risk

monitoring. e working concept of the COSO ERM

model is that each organizational unit would be involved

in applying the risk management activities to every risk

category in its speciﬁc area of responsibility.

FIGURE 4: Three Dimensions of the COSO Model

Case Study:

The University of Washington (UW) ERM Model

A recent study of the University of Washington (UW)

ERM deployment discusses its initial impetus, journey,

and current status.

e UW model also has three

dimensions as noted in Figure 5. It essentially embraces

the COSO framework. e UW adaptation maintains

the categories of risk on the top of the cube, with a change

in the order, the replacement of reporting with ﬁnancial,

and the addition of a “mega” category. is latter category

encompasses risks that are of the utmost importance and

consequence to the university. e right face of the cube

represents the UW organization structure and modiﬁes

the COSO structure by adding a non-organizational level

to evaluate alternatives.

e front face of the UW cube

makes adjustments to the COSO framework by begin-

ning with leadership, culture, and values and proceeding

down the list of traditional risk management activities

through risk monitoring and measuring.

FIGURE 5: UW ERM Model

e primary concern with the COSO framework has

to do with the top face of the cube. e listed categories

are not independent. For example, one could envision

an operational risk that is strategic along with the other

categories. e COSO model mixes up categories by

trying to combine diﬀerences in types of risks, severity of

risks, and risk time horizons. As a result, the categories

are confusing.

ere are similar concerns with the UW model. As

with the COSO top face of the cube, UW’s categories of

risk are unclear and not independent. UW’s model intro-

duces a mega category, which exacerbates the confusion

of the COSO model. In addition, the UW model adds

a non-organization level to the right side of their ERM

cube, called “Alternatives.” e model was developed by

many diﬀerent academic committees, which may have

added to this increased level of model complexity.

is case study simply reinforces the diﬃculty of

implementing an institution-wide initiative in a university

environment that is characterized by autonomy and inde-

pendence. ere has to be a compelling case for change,

and it must ﬁt within the university culture. In the case of

UW, the driving force for launching the ERM initiative

was a $35 million settlement for overbilling of Medicare

and Medicaid claims.

Even with this signiﬁcant event

and accompanying case for change, UW is still proceeding

cautiously in their journey to reach its ERM objective.

Guiding Principles for an Alternative ERM Model

e following principles guide the creation of an alterna-

tive enterprise risk management model for an institution

URMIA Journal 2016

of higher learning:

• Promote integrity and ethical conduct

• Emanate from the core purposes and strategic

objectives of the institution

• Establish holistic and integrated consideration of

risks

• Encourage vertical and horizontal communication

and collaboration

• Provide clarity in the operational deﬁnitions of

terms of reference

From these principles, the following model design

considerations are developed:

• Strive for independence and logic in the risk

model framework

• Do not be constrained by three

dimensions as popularized by the

COSO ERM Model

• Leverage existing risk frame-

works and operational deﬁnitions

Alternative ERM Model:

Five Dimensions

As a result of the above considerations,

the alternative ERM model consists of

ﬁve dimensions. ese ﬁve dimensions

would be integrated together as a system.

e ﬁrst dimension addresses in-

stitutional accountability levels. is is

similar to the right face of the COSO

and UW ERM cubes but with distinct

diﬀerences. For one, the alternative

model recognizes the two unique chains of command in

a university: the administrative chain and the academic

chain. e two unique chains are displayed in Figure 7.

FIGURE 7: Two Chains of University Accountability

Note that the term “accountabil-

ity” has been used because it is more

meaningful than just an organizational

structure. It connotes that each cascad-

ing entity is accountable to the entity

above for a particular task or action and

reﬂects the overall structure (i.e. “Person

X is accountable to Person Y for ing

Z”). In this dimension, each account-

ability level would be engaged in risk

management activities by considering

and coordinating with each of the other

four dimensions.

e second dimension addresses risk

categories:

It is akin to the top face of the COSO and UW ERM

cubes, but it strives to keep each category independent

from the other categories. us, there is no mention of

a “strategic” category, which could be considered as part

of each of the other categories. As with the COSO and

other frameworks, there is a need to avoid a proliferation

As a result of these

considerations, the

alternative ERM

model consists of ﬁve

dimensions. These

ﬁve dimensions

would be integrated

together as a system.

FIGURE 6: Institutional Accountability Levels

Board of Trustees

President

Executive Staff/College Deans

Staff Directorates/Academic Departments

Staff Personnel/Faculty

FIGURE 8: Risk Categories

Institutional Viability

Academic Credentials

Safety and Health

Finance and Budget

Compliance, Legal, and Regulatory

Program and Project

URMIA Journal 2016

of categories; each listed category represents a grouping

of risks in each category. As with the other dimensions,

there is coordination and collaboration among the ﬁve

dimensions. An example would be that the college dean

would be concerned with health and safety, just as would

other employees. However, they would identify and be

concerned with unique sets of health and safety risks com-

mensurate with their speciﬁc responsibilities. Neverthe-

less, the implementation of the model would encourage

every level of accountability to spend time considering

institutional cross-cutting risks and opportunities.

e third dimension deals with risk response process-

es, similar to the front face of the COSO and UW ERM

cubes. For this alternative ERM framework model, A Risk

Analysis Standard for Natural and Manmade Hazards to

Higher Education Institutions, produced by the ASME

Innovative Technologies Institute, LLC, was utilized.

is standard deﬁnes seven well-developed risk manage-

ment processes, but it does not include the step of setting

a strategic objective from which to base the subsequent

steps. us, “strategic goals” were added as a ﬁrst pro-

cess step in the alternative ERM framework model for

this dimension, which is shown below. Typically, as part

of their strategic planning cycles, university boards of

regents establish annual or multi-year objectives for the

administrative leaders of the university to implement in

their management systems. For example, the Texas Tech

University System establishes ﬁve strategic priorities

for each of their campuses and measures their progress

accordingly. is provides the necessary context for the

administrative leaders to develop implementation plans

and to frame their most critical risks and opportunities in

the alternative ERM framework.

e risk response process dimension would work

in the following way, consistent with traditional risk

response methodologies. Strategic goals for a particular

accountability level and a particular risk category would

be identiﬁed. Assets such as facilities, people, or sys-

tems would be identiﬁed in the asset characterization

step. reats associated with these assets would then be

characterized. Consequences would be identiﬁed, such as

the worst or best possible outcomes of the threat in ques-

tion. A vulnerability analysis would then be conducted

to ascertain the probability that a particular incident

would adversely aﬀect the asset. A threat analysis would

then be used to assess the probability that an incident

would occur. e risk analysis would estimate the risk of

each incident for each asset. Finally, the risk resolution

step would include evaluating options, making decisions,

implementing the decision, and monitoring and follow up.

e fourth dimension addresses an appropriate time

horizon, providing a measurable perspective for leaders to

consider in their risk identiﬁcation and management ac-

tivities. For example, facilities managers need to consider

and deal with risks that not only impact their day-to-day

operations, but also those that could impact the viabil-

ity of their areas of responsibility some number of years

hence in order to ensure a complete risk identiﬁcation.

e ﬁfth dimension focuses on level of severity. While

the consequence analysis step of the risk response pro-

cess dimension deals with the severity of a speciﬁc asset

exposure, this dimension ensures that risk leaders give full

consideration to all risks from relatively minor items to

those that can be categorized as extreme events.

FIGURE 9: Risk Response Processes

Strategic Goals

Asset Characterization

Threat Characterization

Consequence Analysis

Vulnerability Analysis

Threat Assessment

Risk Analysis

Risk Resolution

FIGURE 10: Time Horizon

20-50 Year

10-20 Year

5-10 Year

1-5 Year

Current Year

FIGURE 11: Severity Level

Catastrophic

Severe

Serious

Moderate

Minor

URMIA Journal 2016

For example, it is important for college deans, as well

as the Board of Trustees, to consider one-oﬀ events from

their speciﬁc perspective. Consider, for instance, the

tragic shootings at Virginia Polytechnic Institute and

State University. Perhaps if Virginia Tech oﬃcials had

incorporated the concerns of the teacher who reported

the shooter’s disturbed writings into their risk discussions

more fully, the risk of such an event occurring might have

been mitigated. Likewise, when considering the sex abuse

scandal at the Pennsylvania State University, perhaps the

Penn State Board of Trustees could have played an active

role in asking tougher questions, demanding explanations,

and stopping Jerry Sandusky’s egregious actions earlier

than they were.

Tying these ﬁve dimensions together in a university-

focused ERM system allows for more robust risk delibera-

tions and enhanced opportunities for improved outcomes

consistent with institutional strategic objectives. Consider

a university team exercising its risk management duties

for the institution. e team would use the alternative

framework with a substantial training eﬀort that em-

phasized ﬂexibility and choices to tailor individual team

member involvement to his or her speciﬁc role. It would

be stressed that not every element in the ﬁve dimensions

would have to be considered or used. Rather each team

member would select elements in the ﬁve dimensions that

make the most sense to his or her area of operation and/

or expertise. A university dean would utilize very diﬀerent

elements than would a facility operations manager. A vice

president’s time horizons and severity levels would diﬀer

greatly from a department chair.

e key issue would be the frequency and robustness

of the discussions once risks are identiﬁed by the various

team members and considered by the team.

Summary

Currently, there are no empirical studies to assess repeat-

ability of results, nor are there comparable quantitative

measures of eﬀectiveness for risk management systems or

ERM frameworks. Unlike hardware systems with speciﬁc

quantitative performance speciﬁcations that can be mea-

sured, a risk management system is one whose measure

of success is often determined by the absence of adverse

conditions. Consequently, many institutions use risk

maturity model instruments to assess the robustness of

their policies and procedures in the hopes that these latter

conditions equate to ultimate success. However, ongoing

research is in the process of collecting and analyzing data

from sets of universities to enable them to compare their

risk management systems to their peer institutions and to

assess their states of preparation to deal with ongoing and

emerging risks and opportunities.

As noted, there is no single ERM framework that will

work for every institution of higher education. ere are

beneﬁts and drawbacks for every model in existence, and

a university must consider its strategic objectives and pre-

dominant culture when establishing an ERM framework.

Institutions of higher education have the freedom to tailor

an existing or emerging approach to ensure compatibility

with what has made the institution a success.

Given the nature of our universities, the structure

and legacy of each must be respected when setting out to

improve risk management systems. A balance must be

struck. It is important neither to be overly intrusive nor to

be too timid. No matter what actions are taken, universi-

ties will face criticism and opposition. While frustrating

in the tactical sense, universities must encourage dialogue

from all spectrums of the institution. An ERM imple-

mentation may take longer, but it will be much more

sustainable and successful.

e alternative ERM framework model presented here

provides the beneﬁt of increased degrees of freedom for

a university in considering the many dimensions of risk.

e dimensions operate independently and allow leaders

to identify risks from a variety of perspectives, time hori-

zons, and severity levels. Perhaps its use will spur further

consideration and reﬁnement of additional models for use

in university settings. After all, as in all active learning,

providing additional pathways to common objectives gen-

erally serves to enrich the discussion and generate more

eﬀective solutions to complex problems.

URMIA Journal 2016

About the Author

Francisco (Frank) A. Figueroa is

president and owner of e Figueroa

Group LLC, which provides general,

scientiﬁc, and technical consulting

services to corporations. He is also

president and owner of Francisco A.

Figueroa CPA CFP LLC, which pro-

vides ﬁnancial and business services to

individual and corporate clients. Previously, he served as

the ﬁrst president and general manager for the Mission

Support Alliance, a joint venture comprised of Lockheed

Martin, Jacobs Engineering, and Wackenhut Services,

Inc. to provide mission support services at the Depart-

ment of Energy Hanford Site in Washington State.

He also served as the vice president and chief ﬁnancial

oﬃcer at Sandia National Laboratories in Albuquerque,

New Mexico. He also held the position of vice president

and chief ﬁnancial oﬃcer for Lockheed Martin Energy

Systems in Oak Ridge, Tennessee. Figueroa began his

industrial career with Martin Marietta in Denver, Colo-

rado. e company ultimately merged with Lockheed to

become Lockheed Martin Corporation. Prior to joining

Martin Marietta, Figueroa completed a 20-year career

with the United States Air Force Space program.

Figueroa is a Certiﬁed Project Management Profes-

sional, a Certiﬁed Public Accountant, a Chartered Global

Management Accountant, and a Certiﬁed Financial Plan-

ner. He was a member of the 1997–98 class of Leadership

New Mexico and was chairman of the National Hispanic

Cultural Foundation Board of Trustees. Figueroa is a

member of the Board of Directors of the Presbyterian

Healthcare System of New Mexico and serves on the Fi-

nance and Compliance and Audit Committees. Figueroa

teaches Junior Achievement classes at the elementary,

middle school, and high school levels. He was selected as

the East Tennessee Junior Achievement volunteer of the

year in 2014. Figueroa’s professional recognitions include

being inducted into the Texas Tech University Electri-

cal Engineering Academy in 2004 and being selected as a

Texas Tech University Distinguished Engineer in 2005.

He received a Master of Science in systems management

from the University of Southern California, a Master of

Science in astronautics (orbital mechanics) from the Air

Force Institute of Technology, and a Bachelor of Science

in electrical engineering from Texas Tech University.

While an undergraduate student at Texas Tech, Figueroa

was the wing commander of all cadets in the Air Force

Reserve Oﬃcer Training Corps and was elected to Tau

Beta Pi Engineering Honorary Fraternity, Eta Kappa

Nu Electrical Engineering Honorary Fraternity, and the

Arnold Air Society. He is currently a PhD candidate in

systems engineering management at Texas Tech Uni-

versity with a dissertation focus on risk management in

institutions of higher learning and has been selected as a

member of Phi Kappa Phi Honor Society and the Golden

Key International Honor Society. Figueroa has been mar-

ried for 47 years to Sharon and they have two sons and

four grandchildren.

Endnotes

Betty J. Simkins and Steven A. Ramirez, “Enterprise-wide Risk Management

and Corporate Governance,” Loyola University Chicago Law Journal 39

(2008).

Peter L. Bernstein and Jesse Boggs, Against the Gods: The Remarkable Story

of Risk (Simon & Schuster Audio, 1997).

Simkins and Ramirez, “Enterprise-wide Risk Management.”

Harr

y Markowitz, “Portfolio Selection,” The Journal of Finance 7(1) (1952):

77-91.

Simkins and Ramirez, “Enterprise-wide Risk Management.”

Fischer Black and Myr

on Scholes, “The Pricing of Options and Corporate

Liabilities,” The Journal of Political Economy (1973): 637-654.

Robert C. Merton, Myron S. Scholes, and Mathew L. Gladstein, “The Returns

and Risk of Alternative Call Option Portfolio Investment Strategies,” Journal

of Business (1978): 183-242.

David E.Y. Sarna, History of Greed: Financial Fraud from Tulip Mania to

Bernie Madoff (John Wiley & Sons, 2010).

Richard E. Cascarino, Corporate Fraud and Internal Control: A Framework for

Prevention (John Wiley & Sons, 2012).

The Committee of Sponsoring Organizations of the Treadway Commission

(COSO), Internal Control—Integrated Framework (1992).

COSO, Enterprise Risk Management--Integrated Framework: Application

Techniques, 2004.

Susan Gurevitz, “Manageable Risk,” University Business 12(5) (2009): 39-42.

COSO, Enterprise Risk Management.

D. Salierno, “COSO to Update ERM Framework: Plans Are Underway to

Modernize the Committee’s Enterprise Risk Guidance,” Internal Auditor

71(6) (2014): 17-18.

COSO, Enterprise Risk Management—Aligning Risk with Strategy and

Performance, June 2016.

Grant Purdy, “ISO 31000: 2009—Setting a New Standard for Risk

Management,” Risk Analysis 30(6) (2010): 881-886.

URMIA Journal 2016

Matthew Leitch, “ISO 31000: 2009—The New International Standard on

Risk Management,” Risk Analysis 30(6) (2010): 887-892.

COSO, Enterprise Risk Management.

Gur

evitz, “Manageable Risk.”

John Mattie, Meeting the Challenges of Enterprise Risk Management in

Higher Education, National Association of College and University Business

Ofﬁcers (NACUBO) (2007).

. McDonald, “RIMS Offers ERM ‘Maturity Model’ Tool: Enterprise Risk

Management Guidelines, Best Practices Available over the Web,” National

Underwriter Property & Casualty Magazine 28(3) (2007).

Salierno, “COSO to Update ERM Framework.”

Frank Schiller and George Pr

pich, “Learning to Organise Risk Management

in Organisations: What Future for Enterprise Risk Management?,” Journal

of Risk Research 17(8) (2014): 999-1017.

John Fraser, Betty Simkins, and Kristina Narvaez, Implementing Enterprise

Risk Management: Case Studies and Best Practices (John Wiley & Sons,

2014).

Leitch, “ISO 31000: 2009.”

Fraser, Simkins, and Narvaez, Implementing Enterprise Risk Management.

Ibid.

ASME Innovative Technologies Institute, LLC, A Risk Analysis Standard for

Natural and Manmade Hazards to Higher Education Institutions (2010).

URMIA Journal 2016

Richard Bell, Loyola University, New Orleans

Robert Beth, CPCU, CSP, DRM, Stanford University

Allen J. Bova, MBA, ARM, DRM, Cornell University

Mary Breighner, CPCU, DRM, Columbia University

Isaac Charlton, University of Alaska

Lawrence Cistrelli, Jr., CPCU, HIA, JD, Ball State University

Paul Clancy, ARM, DRM, Boston University

Ernest L. Conti*, Union College

Mary Donato, ARM, University of New Mexico

Murray C. Edge*, ARM, CSSD, WSO, DRM,

University of Tennessee

Charles D. Emerson, DRM*, University of Kentucky

Patricia J. Fowler, CPCU, ARM, Michigan State University

James R. Gallivan*, University of Illinois

Anne Gregson, University of Rhode Island

Thomas C. Halvorsen, ALCM, ARM, CPCU, BBA, DRM,

University of Wisconsin, Madison

George Harland, Rochester Institute of Technology

Thomas R. Henneberry, JD, DRM,

Massachusetts Institute of Technology

Alice Horner, ARM, Syracuse University

William Hustedt*, University of Wisconsin

Benning F. Jenness, DRM*, Washington State University

Michael G. Klein*, DRM, Pennsylvania State University

Glenn Klinksiek, CPCU, ARM, MBA, DRM,

University of Chicago

Julie C. Lageson, AIC, ARM, DRM, University of Alaska

Sandra LaGro, Bowling Green State University

Jill Laster, ARM, DRM, Texas Christian University

Jack Leavitt, MBA, LCPM

Claudina Madsen, DRM, CPSJ Insurance Group

Eugene D. Marquart, DRM,

California State University System

George H. Meeker, ARM, DRM*,

Cornell University Medical College

Linda C. Oliver, Southern Methodist University

William O. Park, MS, MBA, CPCU, ARM, DRM,

Northwestern University

Janet Parnell, ARM, University of Denver

William A. Payton, DRM, University of Missouri

Truman G. Pope, DRM, Ball State University

Alex J. Ratka*, University of Southern California

Harry E. Riddell, Princeton University

James R. Roesch, Ohio State University

William F. Ryan*, University of Michigan

Martin Siegel, New York University

Donna Smith, University of New Mexico

Stanley Tarr, DHL, DRM*, University of Evansville

Donald Thiel, DRM, University of Michigan

Kathy M. Van Nest, CPCU, DRM, Duke University

Leo Wade, Jr., PhD, ARM, DRM,

University of Southern California

John H. Walker, DRM, University of Alabama, Birmingham

Jerre Ward, Michigan State University

Robert B. Williams, CPCU, ARM,

The Johns Hopkins University

William J. Wilson, Jr., MBA, JD, DRM, Howard University

Taryn L. Wiskirchen, MBA,

Embry-Riddle Aeronautical University

Barbara M. Wolf, California Institute of Technology

*Deceased

URMIA Emeritus Members and Their Former Institutions

URMIA Journal 2016

2016-2017 Kathy E. Hargis,

Lipscomb University

2015-2016 Donna McMahon,

University of Maryland, College Park

2014–2015 Marjorie F.B. Lemmon, Yale University

2013–2014 Anita C. Ingram,

Southern Methodist University

2012–2013 Gary W. Langsdale,

The Pennsylvania State University

2011–2012 Steve Bryant,

Texas Tech University System

2010–2011 J. Michael Bale,

Oklahoma State University

2009–2010 Margaret Tungseth,

Concordia College (Minnesota)

2008–2009 Vincent E. Morris,

Wheaton College (Illinois)

2007–2008 Ellen M. Shew Holland,

University of Denver

2006–2007 Allen J. Bova, Cornell University

2005–2006 Mary Dewey, University of Vermont

2003–2005 William A. Payton,

University of Missouri

2002–2003 Steven C. Holland, University of Arizona

2001–2002 Larry V. Stephens, Indiana University

2000–2001 Leo Wade, Jr.,

University of Southern California

1999–2000 Larry V. Stephens, Indiana University

1998–1999 Glenn Klinksiek, University of Chicago

1997–1998 Gary H. Stokes, University of Delaware

1996–1997 George H. Meeker*,

Cornell University Medical College

1995–1996 Linda J. Rice, Clemson University

1994–1995 Gregory P. Clayton,

University of Nebraska

1993–1994 Murray C. Edge*, University of Tennessee

1992–1993 Kathy M. Van Nest, Duke University

1991–1992 Benning F. Jenness*,

Washington State University

1990–1991 Leta C. Finch, Champlain College

1989–1990 Thomas R. Henneberry,

Massachusetts Institute of Technology

1988–1989 Mary Breighner, Columbia University

1987–1988 John H. Walker,

University of Alabama—Birmingham

1986–1987 Thomas C. Halvorsen,

University of Wisconsin

1985–1986 Eugene D. Marquart,

California State Universities

1984–1985 William O. Park,

Northwestern University

1983–1984 Alex J. Ratka*,

University of Southern California

1982–1983 Truman G. Pope, Ball State University

1981–1982 Martin Siegel, New York University

1980–1981 Charles D. Emerson*,

University of Kentucky

1979–1980 Dale O. Anderson, University of Iowa

1978–1979 David N. Hawk*, Kent State University

1977–1978 James A. White, University of Illinois

1976–1977 James McElveen,

Louisiana State University

1975–1976 George A. Reese*, Temple University

1974–1975 Irvin Nicholas, University of California

1973–1974 Donald L. Thiel,

University of Michigan

1972–1973 Stanley R. Tarr*, Rutgers University

1971–1972 Warren R. Madden,

Iowa State University

1970–1971 Robert M. Beth, Stanford University

1969–1970 James R. Gallivan*, University of Illinois

*Deceased

URMIA President and Past Presidents

URMIA Journal 2016

2015 Michael J. Gansor, West Virginia University

Barbara Schatzer, University of San Diego

2014 Gary W. Langsdale, Pennsylvania State University

Steve Bryant, Texas Tech University System

2013 Ellen Shew Holland, Oregon University System

Paul D. Pousson, University of Texas System

2012 Julie C. (Baecker) Lageson, University of Alaska

David Pajak, Syracuse University

2011 Margaret Tungseth, Central College

2010 Barbara A. Davey, University of Notre Dame

Vincent Morris, Wheaton College, Illinois

2009 Donna Pearcy, The University of Iowa

Ruth A. Unks,

Maricopa County Community College District

2008 J. Michael Bale, Oklahoma State University

Steven C. Holland, University of Arizona

2007 Allen J. Bova, Cornell University

2006 William A. Payton, University of Missouri

Linda J. Rice, Clemson University

2005 Jill Laster, Texas Christian University

2004 Elizabeth J. Carmichael, Five Colleges, Inc.

Christine Eick, Auburn University

2003 Paul Clancy, Boston University

Mary C. Dewey, University of Vermont

2002 Larry Stephens, Indiana University

2001 Rebecca L. Adair, Iowa State University

2000 Glenn Klinksiek, University of Chicago

John E. Watson, Pepperdine University

1999 George H. Meeker*,

Cornell University Medical College

1998 Leo Wade, Jr., University of Southern California

1997 Charles R. Cottingham, University of Missouri

Kathy M. VanNest, Duke University

1996 Thomas R. Henneberry,

Massachusetts Institute of Technology

Michael G. Klein*,

The Pennsylvania State University

1995 James A. Breeding, Rutgers University

Donald Thiel, University of Michigan

1994 Benning F. Jenness*, Washington State University

Claudina Madsen, CPSJ Insurance Group

Truman G. Pope, Ball State University

William J. Wilson, Jr., Howard University

1993 Murray C. Edge, University of Tennessee

Leta Finch, University of Vermont

1992 Mary Breighner, Columbia University

Charles Emerson*, University of Kentucky

1990 Thomas C. Halvorsen,

University of Wisconsin, Madison

Stanley R. Tarr*, University of Evansville

1989 John Adams*, Georgia State University

Robert M. Beth, Stanford University

Eugene D. Marquart,

California State University System

William O. Park, Northwestern University

Lee B. Stenquist*, Utah State University

John H. Walker,

University of Alabama, Birmingham

*Deceased

Distinguished Risk Managers

URMIA would like to recognize the following contributors for their efforts in

reviewing and publishing the 2016 URMIA Journal:

CommuniCations Committee:

Julie Groves,

Co-Chair

Sharon Herschlag, Co-Chair

Allan Brooks,

Board Liaison

Mikel Birch

Jennifer Bowersock

Amy Daley

Robin Doerr

Deb Donning

Dennis Fleetwood

Diane Gould

Troy Harris

The URMIA Journal is published annually by the University Risk Manage-

ment and Insurance Association (URMIA), PO Box 1027, Bloomington, IN

47402-1027. URMIA is an incorporated non-proﬁt professional organization.

The 2016 URMIA Journal was edited and designed by Christie Koester, and

printing was completed at Indiana University Printing Services.

There is no charge to members for this publication. It is a privilege of mem-

bership, or it may be distributed free of charge to other interested parties.

Membership and subscription inquiries should be directed to the URMIA

National Ofﬁce at the address above or [email protected].

permission for material in this publication to be copied for use by non-proﬁt

educational institutions for scholarly or instructional purposes only, provided

that (1) copies are distributed at or below cost, (2) the author and URMIA are

identiﬁed, (3) all text must be copied without modiﬁcation and all pages must

be included, and (4) proper notice of the copyright appears on each copy. If

the author retains the copyright, permission to copy must be obtained from

the author.

Unless otherwise expressly stated, the views expressed herein are attributed

to the author and not to this publication or URMIA. The materials appear-

ing in this publication are for information purposes only and should not be

considered legal or ﬁnancial advice or used as such. For a speciﬁc legal or

ﬁnancial opinion, readers should confer with their own legal or ﬁnancial

counsel.

Lorna Jacobsen

Keswic Joiner

Blake Lovvorn

Samantha McClelland

Katie Pickard

Marlene Terpenning

Randy Troy

uRmia staff:

Jenny Whittington,

Executive Director

Recipients are listed along with the university for

which they worked when receiving the award.

The major difference between a thing that might go wrong and

a thing that cannot possibly go wrong is that when a thing that

cannot possibly go wrong goes wrong it usually turns out to be

impossible to get at or repair.

—douGlas adaMs,

NGlish authoR aNd huMoRist

Orlando, Florida

Presorted

Standard U.S.

Postage PAID

Bloomington, IN

Permit No. 171

If undeliverable, return to:

URMIA National Ofﬁce

P.O. Box 1027

Bloomington, IN 47402

48th Annual Conference Host City | September 23-27, 2017

Rear cover photo by Flickr user Anna Fox, https://ﬂic.kr/p/nFJjHw

Front cover photo by Flickr user Andrew Gorden, https://ﬂic.kr/p/6SSpKs