Grace Crickette’s job is not one for the faint of heart. As chief risk officer of the University of California, she is responsible for identifying, assessing and managing an eye-popping array of risks confronting the vast institution.
Crickette oversees risks at the university’s 10 campuses in California, two other campuses in Washington and Mexico City, more than a dozen medical facilities and five medical centers nationwide, the Lawrence Berkeley National Laboratory, numerous international research facilities, the Lick and Keck observatories in California and Hawaii, respectively, and the world’s largest fleet of maritime research vessels.
She also manages risks confronting the state’s agricultural and natural resources programs and keeps watch over the university’s patents, of which it has more than any other organization. Then there are the hazards facing UC’s 180,000 employees and 250,000 students within the state, the 2,500 students and faculty on average that are traveling overseas, and the hundreds of thousands of patients served each year at its medical facilities.
Given the extent of her responsibilities, it makes sense that Crickette’s first decision upon accepting the CRO position in 2004 was to build a new risk management structure from the ground up, moving away from a decentralized system to a centralized one embracing the principles of enterprise risk management. Six months after taking the job, Crickette took the wrapping off UC’s ERM portal, designed to put everyone on the same page, risk management-wise.
“I wanted a system in which everyone here was a risk manager, identifying, monitoring, managing and reporting risks in their respective areas,” she says. “To try and manage risk from the Office of the President, where I report, would be futile. I’d never be able to live long enough to do it.”
The portal is called MMR, for My Managed Risk. While the university previously treated risks as hazards requiring transfer to third parties via insurance or other risk financing means, MMR is predicated on risk identification and mitigation. UC employees logging onto the site can access a variety of “low-tech, high-tech and no-tech tools,” Crickette says, ranging from a simple risk assessment tool to a robust incident-reporting system, that are designed to allow employees to become de facto risk managers. There is even an ERM Help Desk for portal visitors requiring a bit more direction.
“We’ve gone from risk financing to true risk management here,” she says. “We’re no longer just insuring our failures.”
In creating the portal, which sports the logo "Everyone is a Risk Manager" (Get it? ERM?), Crickette gathered 125 people from all parts of the university at its first Risk Summit, where they opened up about risks in their respective areas. The summit is now an annual event, and last year 805 people attended. “It’s become a big deal,” she says.
Asked for an example of how someone benefited from the portal, Crickette recalls a phone call she received from a librarian at UC’s Berkeley campus library, which houses one of the world’s largest collections of books, rare and otherwise.
“He saw the risk assessment tool on the site and wanted to create one focused on the library collections,” she says. “Books are susceptible to heat, light, humidity, theft, and so on. He had limited resources because of recent budget cuts and wanted to know where best to deploy resources from a risk-based standpoint.”
Crickette and her team worked with the librarian to modify the risk assessment tool to address his needs. “He’s now shared it with other professional librarians across the world,” she says.
See Treasury & Risk’s 2012 100 Most Influential People in Finance list here.