Enterprise-Wide Risk Assessment...Agenda 1. Definition of risk. 2. Risk drivers in higher education...
Transcript of Enterprise-Wide Risk Assessment...Agenda 1. Definition of risk. 2. Risk drivers in higher education...
![Page 1: Enterprise-Wide Risk Assessment...Agenda 1. Definition of risk. 2. Risk drivers in higher education today. 3. Implementing an enterprise-wide risk management (ERM) program to effectively](https://reader035.fdocuments.in/reader035/viewer/2022063007/5fba3c17c439305a5c41a8c7/html5/thumbnails/1.jpg)
Enterprise-Wide Risk Assessment
![Page 2: Enterprise-Wide Risk Assessment...Agenda 1. Definition of risk. 2. Risk drivers in higher education today. 3. Implementing an enterprise-wide risk management (ERM) program to effectively](https://reader035.fdocuments.in/reader035/viewer/2022063007/5fba3c17c439305a5c41a8c7/html5/thumbnails/2.jpg)
Agenda
1. Definition of risk.2. Risk drivers in higher education today.3. Implementing an enterprise-wide risk management
(ERM) program to effectively assess, manage, and monitor risk.
4. How to proactively engage the campus community in a more informed dialogue regarding ERM.
USF System Compliance & Ethics Program
![Page 3: Enterprise-Wide Risk Assessment...Agenda 1. Definition of risk. 2. Risk drivers in higher education today. 3. Implementing an enterprise-wide risk management (ERM) program to effectively](https://reader035.fdocuments.in/reader035/viewer/2022063007/5fba3c17c439305a5c41a8c7/html5/thumbnails/3.jpg)
Definition of Risk
• Before risks can be effectively managed, we must agree on a common definition of risk that is clearly understood by the board, management, faculty, and staff.
• Replace old definitions of risk and risk management.
USF System Compliance & Ethics Program
![Page 4: Enterprise-Wide Risk Assessment...Agenda 1. Definition of risk. 2. Risk drivers in higher education today. 3. Implementing an enterprise-wide risk management (ERM) program to effectively](https://reader035.fdocuments.in/reader035/viewer/2022063007/5fba3c17c439305a5c41a8c7/html5/thumbnails/4.jpg)
Old Language• Negative outcomes• Risk Management
- Making sure that the organization was adequately protected in the event of a catastrophe.
New Language• Any issue that affects the
organization’s ability to meet its objectives
• Enterprise-wide Risk Management- Encompasses all of the
operational, financial, compliance, strategic, and reputation issues encountered in attempt to achieve objectives.
Definition of Risk
USF System Compliance & Ethics Program
![Page 5: Enterprise-Wide Risk Assessment...Agenda 1. Definition of risk. 2. Risk drivers in higher education today. 3. Implementing an enterprise-wide risk management (ERM) program to effectively](https://reader035.fdocuments.in/reader035/viewer/2022063007/5fba3c17c439305a5c41a8c7/html5/thumbnails/5.jpg)
What is ERM?
Enterprise Risk Management (ERM):• Is a process through which management identifies
significant threats that would prevent their organization from meeting stated goals and objectives.
• Assigns specific responsibility and accountability for developing controls to mitigate risks.
• Implements those controls.• Monitors the controls to verify they are working as
intended.
USF System Compliance & Ethics Program
![Page 6: Enterprise-Wide Risk Assessment...Agenda 1. Definition of risk. 2. Risk drivers in higher education today. 3. Implementing an enterprise-wide risk management (ERM) program to effectively](https://reader035.fdocuments.in/reader035/viewer/2022063007/5fba3c17c439305a5c41a8c7/html5/thumbnails/6.jpg)
• ERM is about establishing the oversight, control, and discipline to drive continuous improvement of an entity’s risk management capabilities in a changing operating environment.
• ERM is a means to an end, not an end it itself.
What is ERM?
USF System Compliance & Ethics Program
![Page 7: Enterprise-Wide Risk Assessment...Agenda 1. Definition of risk. 2. Risk drivers in higher education today. 3. Implementing an enterprise-wide risk management (ERM) program to effectively](https://reader035.fdocuments.in/reader035/viewer/2022063007/5fba3c17c439305a5c41a8c7/html5/thumbnails/7.jpg)
Benefits
Benefits of establishing a risk management program:• Improved reputation.• More efficient operations.• Resource allocation – money directed to the right
place, the areas of highest risk.• Campus sense of pride in a well-managed and
disciplined institution.• Lower insurance costs.
USF System Compliance & Ethics Program
![Page 8: Enterprise-Wide Risk Assessment...Agenda 1. Definition of risk. 2. Risk drivers in higher education today. 3. Implementing an enterprise-wide risk management (ERM) program to effectively](https://reader035.fdocuments.in/reader035/viewer/2022063007/5fba3c17c439305a5c41a8c7/html5/thumbnails/8.jpg)
Benefits
ERM enhances the organization’s ability to:• Align appetite for risk with strategy.• Link growth, risk, and return.• Enhance risk response decisions.• Minimize operational surprises and losses.• Identify and manage cross-enterprise risks.
USF System Compliance & Ethics Program
![Page 9: Enterprise-Wide Risk Assessment...Agenda 1. Definition of risk. 2. Risk drivers in higher education today. 3. Implementing an enterprise-wide risk management (ERM) program to effectively](https://reader035.fdocuments.in/reader035/viewer/2022063007/5fba3c17c439305a5c41a8c7/html5/thumbnails/9.jpg)
Benefits
• Provide integrated responses to multiple risks.• Seize opportunities.• Deal effectively with potential future events that
create uncertainty.• Respond in a manner that reduces the likelihood of
downside outcomes and increases the upside.
USF System Compliance & Ethics Program
![Page 10: Enterprise-Wide Risk Assessment...Agenda 1. Definition of risk. 2. Risk drivers in higher education today. 3. Implementing an enterprise-wide risk management (ERM) program to effectively](https://reader035.fdocuments.in/reader035/viewer/2022063007/5fba3c17c439305a5c41a8c7/html5/thumbnails/10.jpg)
Limitations
• ERM is designed to provide reasonable assurance to an entity’s management and board regarding the achievement of objectives.
• Reasonable assurance is not absolute assurance.• Uncertainty and risk relate to the future, which no
one can predict with precision.• ERM can be an early warning system for potential
high-risk events.
USF System Compliance & Ethics Program
![Page 11: Enterprise-Wide Risk Assessment...Agenda 1. Definition of risk. 2. Risk drivers in higher education today. 3. Implementing an enterprise-wide risk management (ERM) program to effectively](https://reader035.fdocuments.in/reader035/viewer/2022063007/5fba3c17c439305a5c41a8c7/html5/thumbnails/11.jpg)
Types of Risk
Five types of risk:1. Strategic – goals of the organization.2. Financial – safeguarding assets.3. Operational – processes that achieve goals.4. Compliance – laws and regulations.5. Reputation – public image.
USF System Compliance & Ethics Program
![Page 12: Enterprise-Wide Risk Assessment...Agenda 1. Definition of risk. 2. Risk drivers in higher education today. 3. Implementing an enterprise-wide risk management (ERM) program to effectively](https://reader035.fdocuments.in/reader035/viewer/2022063007/5fba3c17c439305a5c41a8c7/html5/thumbnails/12.jpg)
Risk Continuum
Risk continuum:• Upside and downside potential - offense vs. defense.
USF System Compliance & Ethics Program
![Page 13: Enterprise-Wide Risk Assessment...Agenda 1. Definition of risk. 2. Risk drivers in higher education today. 3. Implementing an enterprise-wide risk management (ERM) program to effectively](https://reader035.fdocuments.in/reader035/viewer/2022063007/5fba3c17c439305a5c41a8c7/html5/thumbnails/13.jpg)
Market Continuum
Market continuum:• From managing hazards to uncertainty to seeing risk as
an opportunity.
USF System Compliance & Ethics Program
![Page 14: Enterprise-Wide Risk Assessment...Agenda 1. Definition of risk. 2. Risk drivers in higher education today. 3. Implementing an enterprise-wide risk management (ERM) program to effectively](https://reader035.fdocuments.in/reader035/viewer/2022063007/5fba3c17c439305a5c41a8c7/html5/thumbnails/14.jpg)
Risk View Function Responsible
Hazard Crisis management & compliance
Controller, auditors, insurance risk manager
Uncertainty Business continuity protection
CFO & line managers (operations)
Opportunity Stakeholder value enhancement
Sr. management & planning staff
Risk View
USF System Compliance & Ethics Program
![Page 15: Enterprise-Wide Risk Assessment...Agenda 1. Definition of risk. 2. Risk drivers in higher education today. 3. Implementing an enterprise-wide risk management (ERM) program to effectively](https://reader035.fdocuments.in/reader035/viewer/2022063007/5fba3c17c439305a5c41a8c7/html5/thumbnails/15.jpg)
Self Assessment Question #1: • Where is USF on the Risk Continuum?
- Ideally, an institution should be doing all of these -managing hazards, complying with laws and regulations, controlling uncertainties, and viewing risk as an opportunity to enhance value.
Self-Assessment 1
USF System Compliance & Ethics Program
![Page 16: Enterprise-Wide Risk Assessment...Agenda 1. Definition of risk. 2. Risk drivers in higher education today. 3. Implementing an enterprise-wide risk management (ERM) program to effectively](https://reader035.fdocuments.in/reader035/viewer/2022063007/5fba3c17c439305a5c41a8c7/html5/thumbnails/16.jpg)
Risk Drivers StakeholdersEmerging delivery systems Students, faculty
Inability of governance processes to support strategic objectives
Trustees, faculty
Excess physical capacity Trustees, donors
Quality of academic programs Students, faculty
Increasing customer expectations (e.g., financial aid, student life, access, capacity)
Students, parents
Strategic Risk Drivers
USF System Compliance & Ethics Program
![Page 17: Enterprise-Wide Risk Assessment...Agenda 1. Definition of risk. 2. Risk drivers in higher education today. 3. Implementing an enterprise-wide risk management (ERM) program to effectively](https://reader035.fdocuments.in/reader035/viewer/2022063007/5fba3c17c439305a5c41a8c7/html5/thumbnails/17.jpg)
Risk Drivers StakeholdersNew technologies Trustees, exec.
Mgt., staffReimbursement & financial issues facing medical centers
Dean of Medicine, regulators
Research and intellectual property Research
Unionization HR, staff, faculty
Decentralized responsibility Staff, faculty, auditors
Operational Risk Drivers
USF System Compliance & Ethics Program
![Page 18: Enterprise-Wide Risk Assessment...Agenda 1. Definition of risk. 2. Risk drivers in higher education today. 3. Implementing an enterprise-wide risk management (ERM) program to effectively](https://reader035.fdocuments.in/reader035/viewer/2022063007/5fba3c17c439305a5c41a8c7/html5/thumbnails/18.jpg)
Risk Drivers Stakeholders
Increased regulatory scrutiny & accountability
Trustees, internal audit, public
Human resource management Unions, staff
Security, internet access, electronic records Students, faculty, staff
Student behavior and community Alumni, parents, students, faculty
Contracting and related processes Attorneys
Endowment management Trustees, alumni, donors
Operational Risk Drivers
USF System Compliance & Ethics Program
![Page 19: Enterprise-Wide Risk Assessment...Agenda 1. Definition of risk. 2. Risk drivers in higher education today. 3. Implementing an enterprise-wide risk management (ERM) program to effectively](https://reader035.fdocuments.in/reader035/viewer/2022063007/5fba3c17c439305a5c41a8c7/html5/thumbnails/19.jpg)
Self-Assessment Question #2: • Are any of these risks affecting USF? • Has USF considered its strategic and reputational
risks?
Self-Assessment 2
USF System Compliance & Ethics Program
![Page 20: Enterprise-Wide Risk Assessment...Agenda 1. Definition of risk. 2. Risk drivers in higher education today. 3. Implementing an enterprise-wide risk management (ERM) program to effectively](https://reader035.fdocuments.in/reader035/viewer/2022063007/5fba3c17c439305a5c41a8c7/html5/thumbnails/20.jpg)
Approach to ERM
Today’s organizations approach risk management in ways that can be categorized into five levels:
I. See little value in proactive ERM.II. General awareness about ERM and some conceptual
appreciation for its value.III. Aware of ERM and have set up mechanisms to monitor risks.IV. Have created a risk management position to review “hot” spots,
assist in risk assessment within business units, and keep score.V. ERM has fully evolved from a back office function to a CEO-level
concern and is embedded in every part of the organization. Each business unit designs its own risk mitigation plan, tracks progress, and establishes training programs.
USF System Compliance & Ethics Program
![Page 21: Enterprise-Wide Risk Assessment...Agenda 1. Definition of risk. 2. Risk drivers in higher education today. 3. Implementing an enterprise-wide risk management (ERM) program to effectively](https://reader035.fdocuments.in/reader035/viewer/2022063007/5fba3c17c439305a5c41a8c7/html5/thumbnails/21.jpg)
Self-Assessment Question #3: • How would you categorize USF?
As a Level: I, II, III, IV, V?
Self-Assessment 3
USF System Compliance & Ethics Program
![Page 22: Enterprise-Wide Risk Assessment...Agenda 1. Definition of risk. 2. Risk drivers in higher education today. 3. Implementing an enterprise-wide risk management (ERM) program to effectively](https://reader035.fdocuments.in/reader035/viewer/2022063007/5fba3c17c439305a5c41a8c7/html5/thumbnails/22.jpg)
Eight Key Elements for Effective ERM:1. Acceptance of a risk management framework and
common language about risk.2. Senior management commitment.3. Risk management owner/champion.4. Communication.5. Training.6. Reinforcement through HR mechanisms.7. Process.8. Monitoring by Internal Audit.
Success Factors
USF System Compliance & Ethics Program
![Page 23: Enterprise-Wide Risk Assessment...Agenda 1. Definition of risk. 2. Risk drivers in higher education today. 3. Implementing an enterprise-wide risk management (ERM) program to effectively](https://reader035.fdocuments.in/reader035/viewer/2022063007/5fba3c17c439305a5c41a8c7/html5/thumbnails/23.jpg)
Challenges:• Marketing risk – has a negative connotation.• Measuring risk – difficult to quantify.• Identifying champions – need authority and
credibility.• Culture – decentralized, slow to change,
reactive.• Defining accountability – too often viewed as
someone else’s problem.
Engagement
USF System Compliance & Ethics Program
![Page 24: Enterprise-Wide Risk Assessment...Agenda 1. Definition of risk. 2. Risk drivers in higher education today. 3. Implementing an enterprise-wide risk management (ERM) program to effectively](https://reader035.fdocuments.in/reader035/viewer/2022063007/5fba3c17c439305a5c41a8c7/html5/thumbnails/24.jpg)
Solutions:• Find new ways to talk about risk.• Develop a model with appropriate qualitative
and quantitative outcomes and indicators.• Appeal to trustees’ experience and find a
champion on the board.• Find sponsors at the faculty/department level.• Tie risk to strategic objectives in the planning
process.
Engagement
USF System Compliance & Ethics Program
![Page 25: Enterprise-Wide Risk Assessment...Agenda 1. Definition of risk. 2. Risk drivers in higher education today. 3. Implementing an enterprise-wide risk management (ERM) program to effectively](https://reader035.fdocuments.in/reader035/viewer/2022063007/5fba3c17c439305a5c41a8c7/html5/thumbnails/25.jpg)
• Most colleges and universities focus primarily on financial and compliance risk and on building effective compliance programs.
• Risk Management impacts not just the numbers, but also brand, competitiveness, and strategy.– University of Pennsylvania example (University
City)
Engagement
USF System Compliance & Ethics Program
![Page 26: Enterprise-Wide Risk Assessment...Agenda 1. Definition of risk. 2. Risk drivers in higher education today. 3. Implementing an enterprise-wide risk management (ERM) program to effectively](https://reader035.fdocuments.in/reader035/viewer/2022063007/5fba3c17c439305a5c41a8c7/html5/thumbnails/26.jpg)
• An organization is only as good as its weakest link or most ineffective process.
• USF must move from building controls on a process to building risk management into a process.
Final Thoughts
It’s our choice…Risk can be managed with foresight orDamage can be managed with hindsight.
USF System Compliance & Ethics Program
![Page 27: Enterprise-Wide Risk Assessment...Agenda 1. Definition of risk. 2. Risk drivers in higher education today. 3. Implementing an enterprise-wide risk management (ERM) program to effectively](https://reader035.fdocuments.in/reader035/viewer/2022063007/5fba3c17c439305a5c41a8c7/html5/thumbnails/27.jpg)
NACUBO’s “Developing a Strategy to Manage Enterprise-wide Risk in Higher Education.”
(www.nacubo.org/PWC_Enterprisewide_Risk_in_Higher_Educ_2003.pdf)
Reference
USF System Compliance & Ethics Program