Role of the general counsel in institutional risk management

Slides:



Advertisements
Similar presentations
Museum Presentation Intermuseum Conservation Association.
Advertisements

Organizational Governance
Principles of Standards and Measures
Neighborhood Watch: University Compliance Developments related to Research Susan Rafferty, Interim Director Office of Institutional Compliance.
Cornell University’s “Toward New Destinations” Institutional Diversity Plan to Address Gender Diversity Lynette Chappell-Williams Associate Vice President,
A Cornell Approach to Safety, Health & Environment Risk Management… DSR Roundtable Presentation April 28 th, 2006.
Enterprise Risk Management EXECUTIVE POLICY GROUP Enterprise Risk Managementwww.utdallas.edu Enterprise Risk Management Campus Safety.
Enterprise Risk Management at Your School: Getting Started Constance Neary, VP for Risk Management, United Educators Debra Wilson, Legal Counsel, National.
Emerging and Strategic Risk Management TASSCUBO Janice M. Abraham, President & CEO.
CHDCCS Business Service Center, Information Technology and Financial Planning Employee Safety Training March 29, 2002.
WELCOME New Safety Coordinators! New Safety Coordinator Spring Orientation January 24, 2012.
Building a Compliance Risk Monitoring Program HCCA Compliance Institute New OrleansApril 19, 2005 Lois Dehls Cornell, Esq. Assistant Vice President, Deputy.
UNCW Institutional Risk Management IRM Overview and Policy Development & Implementation Plan Overview.
Audit Committees in Local Government FinPro Professional Development Seminar Linda MacRae Local Solutions Pty Ltd 25 October
Safety and Loss Control
CUAV Conference Risk Assessment May 18, 2015
OH&S Management System
National Association of College and University Attorneys 1 November 11, 2009 NACUA Fall 2009 Workshop November 2009.
1 CHCOHS312A Follow safety procedures for direct care work.
Peer Information Security Policies: A Sampling Summer 2015.
Institute for Criminal Justice Studies School Safety Teams School Safety Teams ©This TCLEOSE approved Crime Prevention Curriculum is the property of CSCS-ICJS.
Welcome Elizabeth Schanbacher Assistant Superintendent of Educational Technology.
Component 2: The Culture of Health Care Unit 3: Health Care Settings— The Places Where Care Is Delivered Lecture 3 This material was developed by Oregon.
What is Chapter Affairs? Global View and Support –Leadership Forum –Chapter Executive Workshop –Chapter Awards Program Liaison between Chapters and ACC.
Michael Mardis, University of Louisville Kevin Bailey, University of West Florida Jen Day Shaw, University of Florida Guy Sims, Virginia Tech June 14,
1 Endowment Overview Division of Finance and Administration Campus Safety Overview Mary Beth Koza Director: Environment, Health & Safety Jeff McCracken.
Audits & Assessments: What are the Differences and How Do We Learn from the Results? Brown Bag March 12, 2009 Sal Rubano – Director, Office of the Vice.
Higher Education Solutions 1 Internal Audit for Colleges and Universities By: Wally Wetherill, Regional Industry Partner – East Region John McKay, Supervisory.
The University of California UNIVERSITY OF CALIFORNIA Ethics & Compliance Program Sheryl Vacca SVP/Chief Compliance and Audit Officer Office of Ethics,
Basics of OHSAS Occupational Health & Safety Management System
SMS Operation.  Internal safety (SMS) audits are used to ensure that the structure of an SMS is sound.  It is also a formal process to ensure continuous.
University of Rochester Board of Trustees Orientation Financial Overview and Issues October 15, 2008.
University Strategic Resource Planning Council Budget.
NCAA Division I Institutional Performance Program 2015 NCAA Regional Rules Seminar Supplement.
UNM and Health System Internal Audit Departments Internal Audit Department Orientation Manu Patel, Internal Audit Director Purvi Mody, Executive Director,
Programs Involving Children Policy University Office of Public Safety.
Presentation to Senior Management MiFID for Senior Managers Introduction These slides introduce the big changes for senior management from MiFID.
Managing the Privacy Function at a Large Company Kimberly S. Gray, Esq., CIPP Chief Privacy Officer Highmark Inc.
Establishing A Compliance Program: It Makes Sense
Environmental Health and Safety (EH&S) Supplier Awareness Training ISR Systems Danbury, CT 2011.
Risk Management (“RM”) Program January Risk Management Objectives  Goal of the Halliburton RMProgram is to achieve: - Higher returns on capital.
Agency Risk Management & Internal Control Standards (ARMICS)
Manager ethics Business Ethics Infrastructure Slovak University of Technology Faculty of Material Science and Technology in Trnava.
NEW FACULTY ORIENTATION AUGUST 18, 2015 The First Line of Response: Student Disclosure of Sexual Misconduct.
Managing Conflicts of Interest at the IRB and Institutional Level: INSTITUTIONAL CONFLICTS OF INTEREST Claudia R. Adkison, J.D., Ph.D. Executive Associate.
UMBC POLICY ON ESH MANAGEMENT & ENFORCEMENT UMBC Policy #VI
Office of Research & Development (ORD) Local Accountability of Research 2009 Baltimore, Maryland January 13-14, 2009 “Meeting the Current Challenges of.
NEACS: CRO Perspective William Feher Vice President, Internal Audit and Chief Risk Officer October 27, 2015.
Risk and Innovation Janice M. Abraham, President & CEO, United Educators Tom W. Dwyer, Provost, Johnson & Wales University.
1 Research Compliance at HMS: What is it Why it is important Who is involved How it affects you and how you can get help Postdoctoral Fellow Orientation.
Tax Administration Diagnostic Assessment Tool MODULE 11 “POA 9: ACCOUNTABILITY AND TRANSPARENCY”
Office of Core and Shared Resources Faculty Council Meeting October 9, 2012.
Chief Compliance Officer
DEVELOPING A CLERY COMPLIANCE COMMITTEE KIRK M FITCH DIRECTOR OF CLERY COMPLIANCE NAU POLICE DEPARTMENT.
Legal framework Look at the legal compliance and framework a business is subject to.
.62 STRATEGIC PLANNING Framework, Process, & Calendar June 2008 LOMA LINDA UNIVERSITY ADVENTIST HEALTH SCIENCES CENTER.
Office of Research & Development (ORD) Local Accountability of Research 2009 Baltimore, Maryland January 13-14, 2009 “Meeting the Current Challenges of.
Compliance at the Crossroads: How can the Compliance Profession Move to the Second Generation? A Practical Approach to Integrating Compliance, Risk and.
Understanding Workwell Workplace Health & Safety Audit Adapted from TMG Connections Forum March 1, 2007 Wanda McKenna, Manager Employee Work-Life Support.
Valiants Verify Compliance Program Judith W. Spain, J.D., CCEP ® Chief Ethics and Compliance Officer General Counsel (Effective March 2016) 1.
#327 – Legal and Regulatory Risk: Silent and Possibly Deadly Deborah Frazer, CPA CISA CISSP Senior Director, Internal Audit PalmSource, Inc.
Introduction to Enterprise Risk Management (“ERM”)
Draft - Enterprise Risk Management Risk Universe
Safety Accountabilities
Corporate Governance Corporate Governance also plays an important role in maintaining corporate integrity and managing the risk of corporate fraud, combating.
Environmental Health and Safety (EH&S) Supplier Awareness Training
Enterprise Risk Management
2017 Administration and Finance Conference
Kenya Mann Faulkner Chief Ethics & Compliance Officer April 2019
UC Riverside Chairs 201 Workshop
Presentation transcript:

Role of the general counsel in institutional risk management Marcia Isaacson, CUNY James J. Mingle, Cornell University Stephen D. Sencer, Emory University

Introduction Jim Mingle – General Counsel of Cornell Steve Sencer – General Counsel of Emory

Overview of this session Structures for Institutional Risk Management Process for Risk Identification Process for Risk Management Board’s Role in Risk Oversight Compliance vs. Risk Management

Key Questions How do you know if the right risks are being identified? How do you determine who is “in charge” of managing and mitigating the risks? How do you know if the “most serious risks” are being aptly assessed institutional resources are strategically directed? What oversight and support structure will aid in the overall risk management effort?

Structures for Institutional Risk Management Committee/Council model Chief Risk Officer Model Hybrid Role of Risk and Insurance Department

Cornell Committee chaired by General Counsel – has 21 members from broad range of offices, including Finance & Administration, HR, University Relations, Research, Audit, Risk Management & Insurance, Campus Health, Student and Academic Services, EH&S, IT, Police, Facilities. Meets at least quarterly. Five Main Risk Categories: Operations, Finance, Life & Safety, Reputation, Legal. Guiding principles include: Identify main and specific risks and ensure that specific risks have responsible managers Enable an efficient system of guidance and support to individuals “in charge,” through development of appropriate policies and assistance of risk advisory committees (ad hoc and standing), and elimination of silos which may inhibit institutional risk and management efforts. Other Structures Considered Counsel’s Role in Shaping Structure

ERM Executive Committee ERM Steering Committee Emory’s ERM Structure ERM Executive Committee President (Committee Chair) Provost EVP for Health Affairs EVP for F&A SVP and General Counsel SVP and Dean for Campus Life SVP for Development VP and Secretary VP of Communications President and CEO, Emory Healthcare ERM Steering Committee Chief Risk Officer (Co-Chair) Chief Audit Officer (Co-Chair) Chief Investment Officer Deputy General Counsel VP for Campus Services VP for Finance VP for Human Resources VP for IT VP for Research Administration Senior Vice Provost Director of Student Activities Director of CEPAR Finance & Investment Campus Safety & Physical Plant Healthcare Information Technology Governance & Corporate Affairs Academic & Student Research Human Resources

Deputy General Counsel and Compliance Officer are members. CUNY Risk Management and Business Continuity Council (47 members:22 from Central and 25 from campuses) Chaired by the Director of Environmental, Health and Safety & Risk Management. Deputy General Counsel and Compliance Officer are members. Standing Committees Preparedness committee Information Technology committee Travel and transportation committee Insurance committee Infectious disease committee Residence hall committee Ad hoc committees formed as needed Monthly meetings include reports from standing committees and educational risk-related presentations.

Role of Counsel Re: Structure Legal, compliance and risk management overlap, but are not the same function Counsel should advise “institution” on risk management structure Management/Leadership Board (typically through Audit Committee) Counsel should participate in committee (s) Counsel should participate in risk briefings

Emory’s Risk Identification Process Cast a big net Asked committees to identify EVERY risk Generated 555 risks Eliminated duplicates Reduced list to 140 Assessed frequency and severity rankings Distilled the list to 50 “Key Risks”

Identified “Specific Risks” MAIN RISKS: University Governance Autonomy Academic Freedom Critical Partnerships Ethical Conduct Public Safety & Security Campus Crime Control Campus Code of Conduct Faculty/Student/Staff Mental Health Substance Abuse Fraternal/ Student Organizations LIFE & SAFETY LIFE & SAFETY REPUTATION FINANCIAL & PROPERTY Patient Care Medical Malpractice Compliance – Billing, etc. Health & Environment Hazards – Chemical, Biological, Radiological Occupational Health & Safety Fire Construction Accidents Campus Personal Injuries LEGAL OPERATIONS Employment Issues Misfeasance & Malfeasance Discrimination Recruitment/Retention Sexual Harassment Affirmative Action Labor Relations Financial Stewardship Accountability & Controls Endowment Management Subsidiaries Management Financial Fraud Effort Allocation Cost Allowability and Allocability Emergencies & Crises Prevention Planning Notification Response Recovery Business Continuity Data Security (Paper & IT) Personnel Payroll Donor Student Patient Athletics Controversies NCAA & Title IX Compliance Research Integrity & Assurance Human Subjects Conflicts of Interest, Commitment Research Misconduct Animal Research and Care Stem Cell Research International Programs Security Assessment & Advice Due Diligence Financial Management Intervention & Evacuation Travel Safety Info Tech Security Recovery Licensing Loss of Critical Infrastructure Buildings & Properties Utilities Transportation IT Intellectual Property Protection & Infringement Equity Interests & Start-ups

Risk Identification at CUNY Units/departments on each campus must complete annual risk management survey/report Academic Affairs Mental Health & Wellness Budget/Finance Human Resources Business Services Legal Affairs IT Environmental Health and Safety Facilities Public Safety Student Affairs One person on campus designated to distribute/collect the risk surveys

Risk Identification at CUNY (cont.) Risk Surveys (in template form) request: Risk Statement Likelihood/Impact/Risk Score Policy and Procedures (existing and potential) Education Training and Awareness (existing and potential) Operational Controls (existing and potential) Oversight, Monitoring or Executive Controls (existing) Audit Controls (Existing and Potential) Other Controls Responsible Person Mitigation Cost Scheduled Date to Revisit Plan Reports are returned to EHS & RM where they are put into a database for analysis by EHS & RM. CUNY Risk Manager visits each campus to review surveys.

Staying on the lookout for emerging and overlooked risks External Sources for Emerging Risks Regulatory Actions (Dear Colleague Letters) Agency/Inspector General/State Comptroller Audits Problems facing Corporate America (Target Data Breach; FCPA) Problems at other universities (overseas labor practices) Emerging Internal Risks Legal obligations with uncertain or multiple homes (privacy of student/patient information) Revenue generating initiatives International Programs Learning from Crises Non-governmental reporting of information

Emory’s Risk Management Process Assign Ownership “Risk Management Process Owner” for each risk Must be sufficiently familiar with the risk and best positioned to write a comprehensive Risk Management Plan Review with Senior Leadership Repeat

ENTERPRISE RISK MANAGEMENT Risk Management Plans Privileged and Confidential Attorney-Client Communication  EMORY UNIVERSITY ENTERPRISE RISK MANAGEMENT   RISK MANAGEMENT PLAN Date: __________________ Short Description of Risk: __________________________________ Risk Management Process Owner: ___________________________________    Describe the Risk, its Components, and Examples: Describe the Steps Being Taken to Manage the Risk at an Acceptable Level: Describe the Operational Response to an Adverse Occurrence: Describe the Communication Response to an Adverse Occurrence:

Once you have all the data about risk, what does the risk committee (or others) do with it? Gauging most serious risks, mitigation measures, risk tolerance Addressing Same Risks Year after Year What is counsel’s role?

Counsel’s Role in Managing Non-Legal Risks Tending to boundaries Identifying emerging risks Avoiding operational roles Ensuring reasonableness of risk management process

Board’s Role in Risk Oversight Board’s role is to oversee the risk management process, not manage day to day risks Management must provide the right amount of information for Board to perform its role Janice M. Abraham, Risk Management: An Accountability Guide for University and College Boards

Compliance vs. Risk Management Policies/Procedures/Controls Training/Education Monitoring Investigation Risk Management Non-legal Risk Health and Safety Incident Response Disaster Recovery/Business Continuity Infrastructure Identify / manage legal and regulatory risk; Work with Responsible Owners

QUESTIONS?