Getting Started on Enterprise Risk Management Janice M. Abraham, President & CEO

Why Enterprise Risk Management (ERM)? Sustainability Preparedness Strategic planning Internal controls Mission Peace of mind ERM for Independent Schools

What is ERM? A collaborative process, led by senior leadership, that extends the concept of traditional risk management: Identifying risks across the entire institution Assessing the impact of risks to the operations and mission Planning and practicing response or mitigation Monitoring the identified risks, holding risk owners accountable, and regularly scanning for emerging risks ERM for Independent Schools

The ERM Process Call to Action Risk Identification Risk Assessment Mitigation Planning Report and Monitor ERM for Independent Schools

The ERM Process Call to Action Risk Identification Risk Assessment Mitigation Planning Report and Monitor ERM for Independent Schools

Key Players Board of Trustees Senior Leadership Risk Management Audit Committee, Standing Committees Senior Leadership Head of School Business Officer Risk Management Risk Manager, Risk Owners Risk Committee ERM for Independent Schools

Step 1: Call to Action Communicate Key Roles Commitment to process Importance to institution Enlist support and participation Key Roles Board Head of School Call to Action Risk Identification Risk Assessment Mitigation Planning Report and Monitor ERM for Independent Schools

Step 2: Risk Identification Focus and scope Ongoing process 1st – Priority or known risks 2nd – Expand to more risks Key Roles Business Officer Senior leaders Call to Action Risk Identification Risk Assessment Mitigation Planning Report and Monitor ERM for Independent Schools

Sample Risk Register IT infrastructure and security Abuse of students/ interactions with adults Crisis management Employment practices Facilities/deferred maintenance Health center IT infrastructure and security International students School security Shifting demographics Study abroad programs ERM for Independent Schools

School Risk Register Operational Risk – Decreasing enrollment (local, Out-of-State, and International) and increasing number of cochlear implanted children whose parents opt for an oral education. Financial Risk – Reduced number of students and increased per capita share of appropriations that exceed tuition rates to "Out of State" and "International Students,” creating a continued net operating deficit in the Core program. Reputational Risk – Perceived as a school for children with additional disabilities/deafness (and the impact on parents of deaf children and LEAs) and/or as a "Signing School" only (not able to address learning and communication needs of deaf, hard of hearing, and implanted students). Political Risk – Legislative Relations: Changes in administration that has been supportive to school and challenge of policy makers understanding the deafness and service delivery platforms impacting the Core program’s sustainability. Hazard Risk - School Security and Student Health/Safety Risk Management: A Framework

Step 3: Risk Assessment Evaluate Prioritize Key Roles Likelihood Impact Optional – velocity Prioritize Risk scoring Key Roles Business officer Senior leaders Risk management Call to Action Risk Identification Risk Assessment Mitigation Planning Report and Monitor ERM for Independent Schools

Sample Heat Map Independent School Risks Abuse of students Crisis management Employment practices Facilities management Health center IT security International students School security Shifting demographics Study abroad programs 9 1 5 2 6 7 3 10 4 IMPACT 8 LIKELIHOOD ERM for Independent Schools

ASD Independent School Heat Map 2 5 1 3 4 Decreasing enrollment/ increasing cochlear implants  Reduced CT students Perception of ASD  Legislative Relations  ASD Security/Student Health/ Safety I M P A C T L I K E L I H O O D

Risk Scoring Rubric x = TOTAL RISK SCORE ERM for Independent Schools IMPACT 1-2 Insignificant/Mid 3 Moderate 4-5 Significant/Catastrophic Minimal impact on annual operations, reputation or financial condition. Could delay plans in place, short-term programs affected, and require moderate management effort; 1-6 months’ recovery. Long-term and significant effect on ability to recruit students, faculty, financial support; material breach of confidence & reputation. x LIKELIHOOD 1-2 Unlikely 3 More Likely 4-5 High Probability Unlikely to happen in the near future and no immediate action is needed. More an likely to occur and management should begin to mitigate. High probability event/risk will occur within a year; immediate action plans needed. = TOTAL RISK SCORE ERM for Independent Schools

Step 4: Mitigation Planning Develop plan Ownership Subject matter expertise Milestones and timetable Key Roles Senior leaders Risk owners/ experts Call to Action Risk Identification Risk Assessment Mitigation Planning Report and Monitor ERM for Independent Schools

Developing a Mitigation Plan Remember the 80/20 Rule Overall RM Strategy Risk appetite and tolerance Accept, reject, transfer/share, manage Planning Tools Policy and procedures Resources – staff, budget, outside experts Practices – education, coordination, practice, reporting, response ERM for Independent Schools

Sample: Crisis Management Risk Owner/Partner: Head’s Cabinet/Safety Committee Board Committees: Full Board Description: Despite past investments in emergency response, the school is concerned about complacency and its affect on overall readiness to effectively execute CR&M plan in a real emergency. Mitigation plan is intended to re-energize past efforts. Risk Score/Tolerance: 12/3 Goal: 8/2 Treatment: Fill new Facilities position with “emergency manager” responsibilities Reestablish Safety Committee with a clear mandate to strengthen crisis response and management Update and disseminate revised Emergency Operations Plan Drill institutional staff in notification, lockdown and evacuation procedures ERM for Independent Schools

Step 5: Report and Monitor Report to board Top 5 to 10 risks Approach with other risks Monitor and scan Key Roles Board/Assigned Committees Head of School Business Officer Call to Action Risk Identification Risk Assessment Mitigation Planning Report and Monitor ERM for Independent Schools

Consider Scope Carefully ERM Implementation Consider Scope Carefully Available risk management resources Leadership, dedicated staff, committees, risk owners Scope of the effort Comprehensive or incremental Implementation approach Systematic or priority driven ERM for Independent Schools

Implementation Approaches Systematic Top Down Bottom Up Strategic Financial Compliance Operational ERM for Independent Schools

Implementation Approaches Priority Driven Hybrid Strategic Financial Compliance Operational ERM for Independent Schools

Implementation Approaches Priority Driven Hybrid Strategic Financial Compliance Operational ERM for Independent Schools

Linking efforts to strategic plan Establish a discipline Common Good Practices Tone at the top Linking efforts to strategic plan Establish a discipline Focus on high-impact risks Question sacred cows Focus on mitigation planning ERM for Independent Schools

Micromanagement by board ERM as a project Common Pitfalls Scope or mission creep Micromanagement by board ERM as a project Overemphasis on risk identification Exposure to potential liability ERM for Independent Schools

Stay Connected bit.ly/UELinkedIn @UnitedEducators bit.ly/UEYouTube Janice Abraham President & CEO____ 7700 Wisconsin Avenue, Suite 500 Bethesda, MD 20814 Office: (301) 907-4908 Direct: (301) 215-8462 jabraham@ue.org@ue.org bit.ly/UELinkedIn @UnitedEducators bit.ly/UEYouTube