Assessing Risk

Risk management promotes awareness and understanding of risk taking throughout the Institute. It can inform decision making and enable prioritization of activities and resources based upon risk. It can also help the Institute, or individual units and DLCs, identify areas for enhanced controls, process improvement or other mitigation activities.

Risk Types

Risk is the effect (positive or negative) of uncertainty on the Institute's mission and goals. Generally, risks at MIT are grouped into five categories: Safety, Operational, Behavior, Financial, Compliance. Additionally, Reputation is another risk type that could result from risks in any of these five categories.

Reputation Safety Operational Behavior Financial Compliance

The consequences of each of the risks to MIT’s reputation

Risks of loss from an unsafe or unsecure campus, including risks of external events affecting the campus Risks of loss or opportunities for gain from the management of MIT’s academic, research and business activities Risks of loss or opportunities for gain from conduct in the community that is inconsistent with or tests standards, values, law or policy Risks of loss or opportunities for gain related to financial resources and assets Risks of loss from violations of law, regulation or policy

“Loss” means injury, liability, penalties, reduced funding or other damage

Risk Assessment Framework

Assessing risks at the Institute can help identify potential events that may affect its people, operations, research, or academic mission. It encourages continuous focus on the most important risks and opportunities in order to most effectively allocate resources and adjust work priorities. The framework below may serve as an informal model to analyze risk.

The goal of MIT’s risk assessment framework is to foster a culture of risk awareness that promotes intelligent,informed decisions about risk consistent with the MIT values of excellence and integrity, and within the decentralized, collaborative and entrepreneurial spirit of MIT. The steps of the assessment process are:

  • (Step 1) Identify Internal & External Risks
  • (Step 2) Determine Risk Owner(s)
  • (Step 3) Assess Risks & Evaluate Current Procedures
  • (Step 4) Mitigate, Avoid, Accept
  • (Step 5) Monitor Effectiveness of Mitigation Plans
  • (Step 6) Repeat process beginning with step 1, as risk management is a continual, iterative process.


Risk Management & Compliance Services serves as a resource for areas across the Institute interested in assessing its relevant risks. If a unit or DLC is interested in learning more about assessing risks in its area, please contact for more information.