Risk Management System

What is Risk Management?

Risk management promotes awareness and understanding of risks and opportunities throughout the Institute. It can inform decision-making and enable prioritization of activities and resources. It can also help the Institute or individual units identify areas for enhanced controls, process improvement or other mitigation activities.

The Institute defines risk as any event or circumstance that, if realized, could impede MIT from achieving its strategic objectives. Risks can be categorized in one or more of the following areas:

  • Behavior: Community conduct inconsistent with MIT’s culture, values and policies
  • Compliance: Violations of law, regulation or policy
  • Financial: Financial loss/gain from management of assets and financial processes
  • Operational: Effectiveness of academic, research and business processes, systems and workforce
  • Safety: Physical or psychological harm to community members or visitors

Risk events in any of the above categories can also impact MIT’s reputation and ability to achieve its mission to advance knowledge and educate students in service to the nation and the world.

Risk Assessment Framework

Assessing risks at the Institute can help identify potential events that may affect its people, operations, research, or academic mission. It encourages continuous focus on the most important risks and opportunities in order to most effectively allocate resources and adjust work priorities. The framework below serves as a high-level model of how risk assessments and risk management plans are developed at MIT.


Risk Management & Compliance Services serves as a resource for areas across the Institute interested in assessing risks within their sphere of operations. If your unit is interested in learning more about how we can help you assess your risks, please contact riskmanagement@mit.edu

Risk System Structure

The following groups are key components of MIT’s risk system:

  • Risk Advisory Team: Multi-disciplinary team of representatives from across MIT that is responsible for identification and assessment of Institute-level risks.
  • Risk & Compliance Steering Group: A sub-set of MIT’s senior leadership team that provides strategic guidance and direction on top Institute risks and the risk system overall.
  • Risk & Audit Committee: Committee of the MIT Corporation that is responsible for oversight of the Institute’s systems for risk management.