A-to-Z Index

What is risk?




The Institute of Internal Auditors defines risk as "The possibility of an event occurring that will have an impact on the achievement of objectives.  Risk is measured in terms of impact and likelihood.    Examples of adverse events, which may occur due to the absence of internal controls or the ineffective use of resources, include: 


•  the potential for financial loss; 

•  the inappropriate disclosure of data; 

•  destruction/loss of data; 

•  inaccurate or incomplete data; and 

•  any form of embarrassment. 

As the University increases the use of technology, additional risks may exist. Examples of such risks include: 


•  intentional destruction of student or faculty files; 

•  unauthorized access to student or faculty files; 

•  destruction of files due to viruses; 

•  attack of files servers or other devices; and 

•  loss of grading capabilities due to destruction of information.


The above actions could be perpetrated by someone within the JMU community or an outsider, therefore increasing the University's vulnerability.

Return to    Audit and Management Services   home page