UNCW Institutional Risk Management IRM Overview and Policy Development & Implementation Plan Overview.

Slides:

Advertisements

Similar presentations

Research Environments and the Research Report Card Brenda Recchia Jeffers, PhD, RN Associate Professor Director Graduate Program and Research Mennonite.

Advertisements

Risk Management at Harvard – Panel Discussion Harvard IT Summit

Lisanne Sison Director ERM Bickmore

UNCW Institutional Risk Management Tier 1 Update and Trend Report & IRM Policy Overview Presented to the Audit Committee of the Board of Trustees April.

Tax Risk Management Keeping Up with the Ever-Changing World of Corporate Tax March 27, 2007 Tax Services Bryan Slone March 27, 2007.

Building a Better Business Model Start with a discussion of Risk Higher Education Policy Commission Board of Governors Summit August 2, 2014.

Florida Atlantic University Overview of Operating Budget Process Presentation to the Florida Atlantic University Foundation, Inc. Board of Directors February.

Institutional Effectiveness Operational Update Presentation made to the Indiana State University Board of Trustees October 5, 2001.

Expanded Version of COSO a presentation by Steve Wadleigh Expanded Version of COSO a presentation by Steve Wadleigh Standards for Internal Control in the.

Orientation to the Accreditation Internal Evaluation (Self-Study) Flex Activity March 1, 2012 Lassen Community College.

Risk Assessment Frameworks

Purpose of the Standards

Central Piedmont Community College Internal Audit _____________________________ What to Expect When You Are Audited November 2014.

Procurement Transformation State of North Carolina

Corporate Ethics Compliance *

Building a Compliance Risk Monitoring Program HCCA Compliance Institute New OrleansApril 19, 2005 Lois Dehls Cornell, Esq. Assistant Vice President, Deputy.

1 Business Continuity and Compliance Working Together Kristy Justice, AVP WaMu Card Services 08/19/2008.

Chapter 11.  The board is ultimately responsible for risk management  Oversee strategic risks, operational risks, and financial risks  Many federal.

SIS MODERNIZATION PROJECT INSTITUTIONAL EFFECTIVENESS & STUDENT SUCCESS NOVEMBER 20, 2013.

Chicagoland IASA Spring Conference

National Association of College and University Attorneys 1 November 11, 2009 NACUA Fall 2009 Workshop November 2009.

Compliance and its Cast of Characters ~ Introductory Compliance Concepts for those with Auxiliary Roles Kimberli E. Bowman NCAA Membership Services.

Peer Information Security Policies: A Sampling Summer 2015.

Enterprise IT Decision Making

Welcome Elizabeth Schanbacher Assistant Superintendent of Educational Technology.

An Educational Computer Based Training Program CBTCBT.

Audits & Assessments: What are the Differences and How Do We Learn from the Results? Brown Bag March 12, 2009 Sal Rubano – Director, Office of the Vice.

Higher Education Solutions 1 Internal Audit for Colleges and Universities By: Wally Wetherill, Regional Industry Partner – East Region John McKay, Supervisory.

Chapter 3 Internal Controls.

Establishing A Compliance Program: It Makes Sense

Chapter Three IT Risks and Controls.

Copyright T. Rowe Price. All rights reserved 1 Ms. Deborah D. Seidel of T. Rowe Price Financial Services Vice President and Manager of Compliance.

CDS Operational Risk Management - October 28, 2005 Existing Methodologies for Operational Risk Mitigation - CDS’s ERM Program ACSDA Seminar - October 26.

PRESIDENT’S REPORT Academic Senate Carol Kimbrough, MA, MFT November 25, 2014.

Presented by: Meg Boyd The Blue Mountains Drinking Water System: DWQMS Overview.

Learning Objectives LO5 Illustrate how business risk analysis is used to assess the risk of material misstatement at the financial statement level and.

The Report of the Provost’s Advisory Group on the SUNY Assessment Initiative September 2009 Tina Good, Ph.D. President Faculty Council of Community Colleges.

Preparing for SACS: Focusing our Quality Enhancement Plan.

Private & Confidential1 (SIA) 13 Enterprise Risk Management The Standard should be read in the conjunction with the "Preface to the Standards on Internal.

Status Report for Critical Infrastructure Protection Advisory Group

What could we learn from learning outcomes assessment programs in the U.S public research universities? Samuel S. Peng Center for Educational Research.

Meeting the ‘Great Divide’: Establishing a Unified Culture for Planning and Assessment Cathy A. Fleuriet Ana Lisa Garza Presented at the 2006 Conference.

SACS Leadership Retreat 9/23/ Western Carolina University SACS Reaffirmation of Accreditation Frank Prochaska Executive Director, UNC Teaching.

SAFETY MANAGEMENT SYSTEM IN TURKISH STATE RAILWAYS (TCDD)

1 Integrated Risk Management: A Provincial Perspective Presentation by the Public Service Commission to the Portfolio Committee on Public Service and Administration.

Chief Compliance Officer

SPC Advisory Committee Training - TAC Fall 2015 Institutional Research President’s Office 1 Abridged from the SPC Advisory Committee Training on October.

SPC Advisory Committee Training Fall 2015 Institutional Research President’s Office SPC 10/9/20151.

Swedish Risk Management System Internal management and control Aiming to Transport Administration with reasonable certainty to.

ERM 2014 The Implementation of ERM at The University of Kentucky.

1 COSO ERM Framework Update Our Next Challenge and Opportunity September 2015.

Valiants Verify Compliance Program Judith W. Spain, J.D., CCEP ® Chief Ethics and Compliance Officer General Counsel (Effective March 2016) 1.

CAA Review Joint CAA Review Steering Committee Charge Reason for Review Focus Revision of Policy Goals Strategies Milestones.

EMPOWERMENT THROUGH EDUCATION Business Retention and Expansion Task Force Workshop Joe Lucente Assistant Professor and Extension Educator OSU Extension.

Principles of Good Governance

An Overview on Risk Management

SACSCOC Fifth-Year Readiness Audit

COSO and ERM Committee of Sponsoring Organizations (COSO) is an organization dedicated to providing thought leadership and guidance on internal control,

Overview – Guide to Developing Safety Improvement Plan

Research Program Strategic Plan

Overview – Guide to Developing Safety Improvement Plan

Faculty Performance Review

IT Governance Planning Overview

Enterprise Risk Management

SIS Modernization project

Enterprise Risk Management (ERM) at Clayton State University

Vijay Rachamadugu and David Snyder September 7, 2006

Taking the STANDARDS Seriously

Good practices for risk assessment and control activities

FY 2020 Audit Plan Kickoff July 15, 2019

Presentation transcript:

UNCW Institutional Risk Management IRM Overview and Policy Development & Implementation Plan Overview

University of North Carolina Wilmington IRM BOT Audit Committee Background Institutional Risk Management Presentations to the UNCW Board of Trustees Audit Committee began April 2011 with overview of process and identified risk areas. Tier 1 Risk Areas with scores (impact, likelihood of occurrence) and heat map presented April Interim Report – October 2012 Tier 1 Response Plan – April 2013 – Presented refined risk statements, indicators, mitigations and next steps for Tier 1 Risk Areas with High Rating

University of North Carolina Wilmington IRM Organization IRM Steering Committee Provost and Vice Chancellor for Academic Affairs Vice Chancellor for Business Affairs General Counsel Director – Internal Audit IRM Committee, Chaired by IRM Officer Academic Affairs (7) Business Affairs (7) Student Affairs (2) Chancellor (2) University Advancement (1)

University of North Carolina Wilmington IRM Objectives The ultimate goal of Institutional Risk Management (IRM) is to help the organization achieve its objectives by identifying, evaluating, prioritizing and managing institutional risks that might endanger the university’s mission and reputation. No federal, state or UNC requirement to have a comprehensive, systematic process for risk identification and management currently exists. The Association of Governing Boards (AGB) of Universities and Colleges conducted a joint survey with United Educators in Survey findings found that higher education was lagging behind in this important fiduciary responsibility (60 percent said they do not use comprehensive, strategic risk assessment). Action steps were recommended.

University of North Carolina Wilmington IRM Best Practice Action Steps 1.Develop a disciplined process to consider risk in strategic discussions. 2.Designate an owner of the risk identification process. 3.Require all top administrators to prioritize risk. 4.Sift through the prioritized risks to decide which ones warrant attention at the highest level. 5.Require annual written reports on each high-priority risk being monitored. 6.Re-assess priority risks at the board level at least once a year. 7.Look for blind spots. 8.Move risk identification deeper into the institution each year. 9.Keep repeating the process. C 2009 Association of Governing Boards of Universities and Colleges, United Educators C 2009 Association of Governing Boards of University and Colleges, United Educators

University of North Carolina Wilmington UNCW’s Central Process Tenants Institutional Risk Management (IRM) processes are holistic, flexible and under continuous refinement. The six types of risks move beyond the traditional focus on financial risks covered by insurance. Risks are broadly defined to represent any impediment to accomplishing institutional goals. The Tier I risk areas, though broad, are regularly analyzed to ensure a relevant and sufficiently narrow focus exists for each. The figure below illustrates other important IRM process components.

University of North Carolina Wilmington UNCW Risk Tier Overview Tier I – Top Tier Risk Areas containing risks with potential to affect the university’s mission, strategies, and goals Tier II – Shared risks across multiple areas or single area risks with cascading impacts Tier III - Unit or single area risks which are largely identified and managed at the department level Tier I Tier II Tier III

University of North Carolina Wilmington Tier I Risk Profile The Tier I Profile is currently comprised of nine risk areas, each possessing a mission critical nature and risks with higher than average potential impacts. For these reasons, their proper management is considered to be of greatest institutional priority. The top five are all rated “High Risk” and fall within the orange area outlined in bold on the Risk Matrix. Repeating the steps of analysis and evaluation for April report. Tier I High Risk Areas 1. Volatile Essential Resources 2. Regulatory Intervention 3. Human Capital Management 4. Campus Health and Safety 5. Continuity of Operations Impact Serious Severe Likelihood Almost Certain Likely Possible

University of North Carolina Wilmington Selected Tier II Risk Areas Tier II – Shared risks across multiple areas Single area risks with cascading impacts -- Often involve continuous monitoring -- In various stages of analysis, evaluation, and treatment 1Minors on Campus 2 Vehicle Usage 3 Applied Learning 4 Water Safety 5 IT / Data / Cyber Security 6Athletics Facilities 7Fire Safety 8International Travel

University of North Carolina Wilmington Tier III - Unit Risk Assessment Unit level risk assessments aid in the identification, evaluation and prioritization of risks. The process also aids in developing front line managers’ risk awareness, risk evaluation, and risk mitigation skills. 60 units have completed a unit risk assessment. Further refinement of unit risk assessments planned for

Process Maturation Policy Development & Implementation Plan

University of North Carolina Wilmington Policy Development & Implementation Plan In order to facilitate a more disciplined process and move risk identification deeper into the institution, a risk management policy is needed. Policy Purpose Policy Purpose: Serves as a statement of the overall UNCW risk management goals and focus. It is intended to help ensure a consistent approach throughout the university. Policy Scope: Policy Scope: Managed with procedures and tools consistent with industry best practices, including (but not limited to) the International Organization of Standardization’s ISO 31000: Risk Management Principles and Guidelines, and the Committee of Sponsoring Organizations of The Treadway Commission’s (COSO) Enterprise Risk Management Framework

University of North Carolina Wilmington Policy Development & Implementation Plan Research best practices Present draft policy to IRM Steering Committee and IRM Committee  Create list of constituent groups, ensuring inclusion of Academic Coordinating Council, Faculty Senate, Staff Senate, Student Government, Chancellor committees and selected units  Conduct workshops to introduce policy and seek feedback  Submit proposed edits to IRM Steering Committee  Submit policy for legal sufficiency review  Propose final policy to Cabinet, followed by the Chancellor for approval with Chancellor Authority  Present to April 2014 meeting of the Audit Committee of Board of Trustees

University of North Carolina Wilmington Policy Development & Implementation Plan Communication Campaign Communication Campaign to parallel training and support. Communication campaign to cover unit risks assessments, as well as education and outreach on topics of compliance, continuity of operations, fraud and corruption, insurance, and memorandums of agreement. Policy Development and Implementation Plan Policy Development and Implementation Plan is congruent with best practice research and AGB Recommended Action Steps: Develop a disciplined process. Move risk identification deeper into the institution each year. Keep repeating the process.