Leverage Enterprise Risk Management for Higher Education Boards
Every industry carries unique types of risks. Due to student populations and school-related activities, institutions of higher education face many different types of risks than in other industries. An enterprise risk management in higher education helps colleges and universities to identify what kinds of things could happen that could negatively impact the school’s ability to reach their goals.
An enterprise risk management plan in higher education incorporates plans to identify risks, analyze the impact of those risks, and take steps to mitigate the risks. Governance software solutions are instrumental in the enterprise risk management process and in supporting good corporate governance principles as well.
What Is Enterprise Risk Management? (ERM)
Enterprise risk management (ERM) is a business process that helps companies identify risks that could prevent a business from becoming successful. ERM helps businesses understand what risks they may face. Furthermore, ERM helps boards and managers to assess how likely those risks are to happen and what their impact may be if they should happen.
The ERM process is a valuable tool for developing plans to continue monitoring risks and actively plan for them. Janice Abraham, President and CEO of United Educators, says that one of the easiest things that higher education can do is to see what the media is reporting about risks in higher education, not only in the school’s geographical area, but across the nation. Another viable way to identify risks in higher education is to check out what kinds of risk their competitors are facing. Sooner or later, the same risks are bound to come along.
Abraham wants boards and managers of higher education institutions to be aware of two things. First, senior administrators own responsibility for risk management. Secondly, risk management is a continual process—not a one-shot deal. Boards and managers are wise to be constantly looking at enterprise risk management.
Best Practices for Enterprise Risk Management in Higher Education
The most successful models for ERM in higher education embrace a serious attitude about risk management from the top. At the board and senior management levels, the primary belief has to be that risk management in higher education requires a comprehensive, integral approach.
This approach requires that board committees, in addition to the audit and finance committees, be engaged and involved in the process. Every department, club, and activity brings risk on a college campus and such issues as sexual assault and alcoholism present common risks. From the board’s governance committee to the student’s campus life committee, every board committee and school committee needs to understand its risks.
A good place for boards and committees to start is with their policies. Are their conflict of interest, gift acceptance, whistleblower, and other policies being followed? Creating awareness of the importance of abiding by policies is a good place to start.
Classifying Risks for an Enterprise Risk Management in Higher Education Plan
Boards can classify risks into many different categories. The impact of risk has many different facets. It may be helpful for boards to classify the impact of their risks into the most common categories. Each institution may have unique categories. Here are a few to get you started.
- Strategic risks-impacts strategic risks, causing them to fail
- Financial risks-generates unexpected costs or loss of revenue
- Operational risks-affects the quality of work and impacts its efficiency
- Reputational risks-media sensationalizes crime or other school incidents
- Environmental, health, and safety risks-threatens the students’, faculty’s, or someone’s well-being
- Technology risks-cybersecurity risks may leak personal or sensitive business information through applications, data, operating systems, network, or infrastructure for criminal use
- Legal risks-risks may instigate lawsuits against the institution
Ms. Abraham also warns that some colleges face unnecessary risks to protect their “sacred cows.” If your school has a top sports program, highly acclaimed academic program, or any special traditions that they want to protect and the board or management tries to shove the risks under the rug, risks could get out of control.
To be effective, boards and senior administrators must be accountable. Their best resource for ERM is learning from those who’ve been identifying and assessing risks in higher education for the long-term. ERM needs to be pervasive in all things. Board committees must write risk management into their charters and senior managers must ensure that it’s written into their job descriptions.
Establish Your Risk Tolerance
One of the more important steps in ERM is to establish a risk tolerance. This step requires risk committees to develop a scale, identify the organization’s risk tolerance and have a willingness to accept a certain outcome. Boards, managers, and their risk committees must continually evaluate the risk management plan to assess whether it’s too risky or too conservative. The process of continual assessment will help to shape the ERM over the long-term.
A Board Portal Can Serve as an ERM Program
Governance, risk, and compliance (GRC) software assists board in the areas of auditing, policy management, compliance management, and risk management. Unlike manual processes that can’t keep up with the complexity of risks, GRC software is highly secure. High levels of security are crucial for boards in dealing with such issues as cyber threats, economic fluctuations, operational factors, environmental factors, geopolitical factors, and much more.
In addition, board portals and governance software solutions provided by BoardEffect assist boards and senior managers with organizing and storing board materials, securing communications, conducting board evaluations, submitting compliance documents, recording board agendas and minutes, strategic planning, and analyzing data.
Enterprise Risk Management in Higher Education Now and for the Future
There’s no question that the future will bring more and varied risks with it. Higher education is already facing new challenges due to advancements in technology, advancements in health care, and the competition with online learning institutions.
Cybersecurity threats will continue and they’re bound to increase in sophistication. On campus scandals such as alcoholism, drug use, sexual assault, school shootings, and health risks will continue to keep board directors and senior administrators up at night. Risk management teams will be busy and on-call as the need to classify, assess the impact, and plan to mitigate risks increases over time.
A board portal system is an asset to higher education systems in forming a well-developed enterprise risk in higher education program.