Where Innovation Is Tradition Mason Initiatives: Efficiency & Effectiveness Enterprise Risk Management Beth Brock, Associate VP & Controller George Mason University May 21,
Where Innovation Is Tradition Agenda Efficiency & Effectiveness (E&E) How we got started and the process Where we are now, observations, questions Enterprise Risk Management (ERM) Overview How we got started and the process Where we are now, survey, questions 2
Where Innovation Is Tradition E&E Initiative Late some members of BOV requested All administrative functions in scope; academics excluded Spring explored big firm and boutique/trade assn approaches 3
Where Innovation Is Tradition E&E Study Advice Do not underestimate: Disruption in workplace Time and effort to do properly Impact on employee moral Expect to make an investment 4
Where Innovation Is Tradition E&E Evolution Issued RFP for benchmarking services in seven administrative areas: Auxiliaries & Affiliated Entities Facilities Information Technology Purchasing Enrollment Services Human Resources Accounting & Finance 5
Where Innovation Is Tradition RFP for Benchmarking Services Selection criteria emphasized higher ed experience, recommended benchmarks required Goal - inform a decision on areas for E&E review Search committee: Controller; Director IA&MS; Fiscal Projects Director Two firms selected for oral presentations Senior VP and Chief of Staff attended orals 6
Where Innovation Is Tradition Benchmarking Project Huron Consulting selected for 3-4 month project: Reviewed data on budgets and staffing Interviewed unit heads Confirmed benchmarks Performed benchmarking and analysis Delivered final report – functioning efficiently and effectively Discussing next phase for some opportunities 7
Where Innovation Is Tradition Efficiency & Effectiveness Observations and Questions 8
Where Innovation Is Tradition ERM Defined Enterprise Risk Management (ERM) is generally defined as: a process, effected by an entity’s board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risks to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives 1. 1 Standard ERM Model content adapted from: Committee of Sponsoring Organizations of the Treadway Commission 9
Where Innovation Is Tradition ERM Framework Categorization of risks: Strategic – organizational goals Operations – executing objectives Financial/Reporting – safeguarding assets Compliance – adherence with laws and regs. Reputational – public image Cultural – character of university and personnel 10
Where Innovation Is Tradition ERM Initiative at Mason Late BOV interested in risks other than financial risks Spring Controller’s office and IA&MS collaborated to survey approx. 80 unit heads Responses reviewed, consolidated, reviewed again, 32 items presented to BOV 11
Where Innovation Is Tradition ERM Evolution Funding for next steps in FY11 budget Issued RFP for assistance with designing a sustainable ERM program Responses from 14 firms; orals from 5 Sr. VP and Chief of Staff attended orals 12
Where Innovation Is Tradition ERM Project Huron Consulting selected late 2010 Extensive data requests: Org charts, audit reports, draft audit findings, budgets, IA&MS work plans, list of affiliates, strategic and/or business plans for IT, research, student, finance, President’s initiatives, ERM work to date 13
Where Innovation Is Tradition Huron Phase I Evaluated data Met with about 25 unit heads Identified common risks at other institutions Assigned one or more of 6 framework categories Assigned functional area: facilities, safety, IT, academic, research, fiscal, HR, etc. 14
Where Innovation Is Tradition Assigning Risk Factors Evaluated each risk using five factors: 1.External environment – e.g., federal regs 2.Reputational risk – level of public visibility 3.Financial exposure – e.g., budget, penalties 4.Vulnerability – likelihood of occurrence 5.Internal controls risk assessment 15
Where Innovation Is Tradition Ranking our Risks Used the collective high, medium, low scores for each factor to assign a relative impact score to each 40 risks prioritized as highest, high, medium Eleven highest priority include fraud, research compliance, succession planning Phase I deliverable – modified risk inventory 16
Where Innovation Is Tradition ERM Implementation Plan Huron phase 2 deliverables: Recommended organizational structure Reviewed policies, provided gap analysis Provided executive level reporting format (heat map) Provided risk mitigation strategy guidance 17
Where Innovation Is Tradition Hiring a Chief Risk Officer New admin. faculty position, reporting to Sr. VP Advertised late November late January 2012 Committee: Controller, Director IA&MS, Projects Director, Assoc. Dean College of Science About 45 applicants, 3 selected for interview Reopened search April
Where Innovation Is Tradition Interim Efforts Applying the committee-based organizational model Functional managers appointed to committee Will develop mitigation strategies for highest priority risks Will update risk inventory, determine factors for assessing relative degrees of risk 19
Where Innovation Is Tradition Audience Survey Question #1 Q:How has your institution’s approach to risk management changed over the past two years? 1.Significantly increased time and resources devoted to risk management 2.Somewhat increased time and resources devoted 3.Made few or no changes to risk-mgmt approach 4.Decreased time and resources devoted 20
Where Innovation Is Tradition Survey by CFO Magazine Q#1 21
Where Innovation Is Tradition Audience Survey Question #2 Q: Who in your institution is most responsible for risk oversight? 1.CFO5.Board of Visitors 2.President6.Audit Committee 3.Risk committee7.Director, Internal Audit 4.CRO 22
Where Innovation Is Tradition Survey by CFO Magazine Q#2 23
Where Innovation Is Tradition Audience Survey Question #3 Q: Which would you say is the single biggest impediment to improved risk management within your institution? 1.Commitment of time/resources5. N/A, adequate risk mgmt 2.Internal expertise6. Implement. methodology 3.No clear mandate from top7. Lack of IT system to 4.Organizational structure address risk mgmt. 24
Where Innovation Is Tradition Survey by CFO Magazine Q#3 25
Where Innovation Is Tradition Enterprise Risk Management Observations and Questions Contact information: Beth Brock