Presentation is loading. Please wait.

Presentation is loading. Please wait.

Enterprise Risk Management

Published byAngelica McKenzie Modified over 5 years ago

Similar presentations

Presentation on theme: "Enterprise Risk Management"— Presentation transcript:

1 Enterprise Risk Management
2019 Massachusetts Trustees Conference | March 28, 2019

2 Panel Introductions Amanda Robbins: CSVP Advisor, Department of Higher Education Patricia Gentile: President, North Shore Community College Kevin Foley: Board of Trustees, Framingham State Linda Snyder: Board of Trustees, MassArt

3 Summary of Presentation
Introductions Overview of Enterprise Risk Management (ERM) Panel Discussion Questions & Answers

4 Enterprise Risk Management
A practical definition of ERM from Risk Management: An Accountability Guide for University and College Boards (AGB Press, 2013): ERM is a business process led by senior leadership that extends the concepts of risk management and includes: Identifying risks across the entire enterprise Assessing the impact of risks to the operations and mission Developing and practicing response or mitigation plans Monitoring the identified risks, holding the risk owner accountable, and consistently scanning for emerging risks

5 Risk Management Process
Operational Analysis Vulnerability Assessment Implementation Plan Risk Reduction Solutions

6 Operational Analysis Identify Assets: People Physical Property
Reputation Intellectual Property Proprietary Information

7 Vulnerability Assessment
Understanding Risk: Identify the threats and hazards that may affect your organization Determine the likelihood of occurrence and impact if a threat or hazard were to occur Evaluate current countermeasures in place to mitigate risk

8 Risks Impacting Higher Education
Traditional Operational Risk weather, active threats, fire, strike, accident Legal and Regulatory Risk litigation by staff and/or students Financial Risk drop in enrollment, decline in govt support, failed fundraising Political and Reputational Risk loss of accreditation, govt sanctions, negative PR

9 Risk Reduction Solutions
Based on the results of the operational analysis and vulnerability assessment, identify gaps and vulnerabilities Apply industry standards and best practices to develop risk reduction solutions to close gaps Focus on prevention, protection, mitigation, response, recovery Include physical, procedural, staffing, training, redundancy and technological risk reduction solutions

10 Phased implementation plans/timeline ~ Budget analysis and ROM pricing

11 Strategic Risk Management Plan
1-5 year Risk Management Master Plan Based on real-life vulnerabilities and risk based solutions Associated costs included Priorities weighed and set in a comprehensive and clear manner Easy to understand and justify to leadership Since it is a multi-year plan, performance metrics are essentially already built in Revisit your plan annually or every 2 years to adjust as needed and to show progress

12 Addressing Risk at Institutions in MA
Higher Education is different: Campus safety and violence prevention demands must be balanced with the overall philosophy of institutions of higher education. Campuses are quite different from airports or federal buildings. Their openness makes them, inevitably, soft targets but for all the right reasons: a desire to remain open to a wide variety of individuals, ideas, and even disagreements. Any safety and security apparatus must focus on minimizing risks and maximizing defenses to protect the community, but must also maintain the special status these institutions have in our society. Governance is key: The necessity of providing safe and secure environments goes well beyond tactical or procedural requirements. A number of the report’s recommendations focus instead on providing guidance on the best governance structures at the system, segmental, and institutional level that can provide coordinated approaches to protect the wellness of our communities. Ownership must be shared: The “silos” that exist between those charged with campus safety and violence prevention – either traditional law enforcement or staff involved with sexual violence complaints – and the leadership structures of each institution continue to persist. Safety and security, to be effective, must be “owned” by the entire community. Engagement and support from the institution’s leadership: Some of the most successful initiatives and programs at the institutions visited were incorporated into the school’s overall strategic plan for campus safety and violence prevention. Being elevated to this level was a direct result of an Administration and/or Board of Trustees that fully support and/or have an active role in guiding these efforts. Too often it is sidelined from the core planning; it must be elevated and recognized as a shared responsibility.

13 Current State of Enterprise Risk Management
Sample of AGB/UE Survey Results: In 2013, 45% of respondents “strongly agreed” that ERM is a priority at their institution compared to 2008 (41% “mostly agreed”) But, in many cases, institutions are not following any formal risk assessment processes - 39% of respondents say their institution has conducted an ERM process in the last 2 years (61% have not) 62% of respondents in 2013 report that the full board is engaged in risk discussions (up from 47% in 2008) and discussions are occurring across a greater number of board committees However, 60% of respondents reported that the risk information boards receive—particularly about financial risks—is adequate, only 39% strongly agreed that enough risk information is shared to fulfill their legal and fiduciary duties *A Wake-up Call: Enterprise Risk Management at Colleges and Universities Today. A Survey by the Association of Governing Boards of Universities and Colleges and United Educators

14 Trustee Engagement: 2016 Task Force Recommendations
Finding: Strategic Planning Process at the Institution Level Campus safety and violence prevention should be incorporated into each institution’s strategic planning process. Engagement at the institution level should include buy-in and commitment from the Board of Trustees as well as Senior Leadership. Too often it is sidelined from the core planning; it must be elevated and recognized as a shared responsibility. Recommendation: Elevate Board of Trustees Engagement The Board of Trustees for each institution carries a level of responsibility for managing and mitigating risks, as an important part of their overall fiduciary duty. Trustees need to be engaged in some level of oversight through the higher level strategic planning process to help make critical decisions related to initiatives and budget priorities. To this end, Trustees are encouraged to form campus safety and violence prevention committees, and receive regular updates on applicable issues, to enhance accountability for the quality of campus life at all levels of the institution.

15 Board Responsibility: AGB Recommendations
The Board’s responsibility for risk management has four components: Establishing ERM as an institutional priority Considering the institution’s tolerance for risk Calling on senior administrators to establish a process for identifying, prioritizing and monitoring risk, with formal assignment of responsibility for risk assessment and management to an appropriate individual or office Monitoring the plan’s implementation through regular, formal reporting to the board or an appropriate board committee by the appropriate senior administrator.

16 Panel Discussion Panelists: Questions for the audience to consider:
Patricia Gentile, President, North Shore Community College Kevin Foley, Board of Trustees, Framingham State Linda Snyder, Board of Trustees, MassArt Questions for the audience to consider: How frequently is institutional risk discussed at board meetings? What are the key risks facing your institution? How often are risk management plans updated and presented to the board? If your campus conducts/has conducted campus climate surveys, how does the data obtained affect the risk management process?

17 Questions and Conference Survey
Amanda Botelho Robbins Advisor, Campus Safety and Violence Prevention MA Dept of Higher Education Please fill out the conference survey:  

Download ppt "Enterprise Risk Management"

Similar presentations

Risk Management at Harvard – Panel Discussion Harvard IT Summit

Risk Management at Harvard – Panel Discussion Harvard IT Summit
Agency Risk Management and Internal Control Standards Presentation to the Board of Visitors November 14, 2014.

Agency Risk Management and Internal Control Standards Presentation to the Board of Visitors November 14, 2014.
Building a Better Business Model Start with a discussion of Risk Higher Education Policy Commission Board of Governors Summit August 2, 2014.

Building a Better Business Model Start with a discussion of Risk Higher Education Policy Commission Board of Governors Summit August 2, 2014.
ACT 1400  Established Arkansas Safe Campus Task Force  Review current campus safety and security practices Plans dealing with Campus Security Plans dealing.

ACT 1400  Established Arkansas Safe Campus Task Force  Review current campus safety and security practices Plans dealing with Campus Security Plans dealing.
Risk Assessment Frameworks

Risk Assessment Frameworks
Building a Compliance Risk Monitoring Program HCCA Compliance Institute New OrleansApril 19, 2005 Lois Dehls Cornell, Esq. Assistant Vice President, Deputy.

Building a Compliance Risk Monitoring Program HCCA Compliance Institute New OrleansApril 19, 2005 Lois Dehls Cornell, Esq. Assistant Vice President, Deputy.
Emerging Latino Communities Initiative Webinar Series 2011 June 22, 2011 Presenter: Janet Hernandez, Capacity-Building Coordinator.

Emerging Latino Communities Initiative Webinar Series 2011 June 22, 2011 Presenter: Janet Hernandez, Capacity-Building Coordinator.
National Association of College and University Attorneys 1 November 11, 2009 NACUA Fall 2009 Workshop November 2009.

National Association of College and University Attorneys 1 November 11, 2009 NACUA Fall 2009 Workshop November 2009.
EASTERN MICHIGAN UNIVERSITY Continuity of Operations Planning (COOP)

EASTERN MICHIGAN UNIVERSITY Continuity of Operations Planning (COOP)
Sustaining Change in Higher Education J. Douglas Toma Associate Professor Institute of Higher Education University of Georgia May 28, 2004.

Sustaining Change in Higher Education J. Douglas Toma Associate Professor Institute of Higher Education University of Georgia May 28, 2004.
Fundamentals of Trusteeship. Welcome Michael Mizzoni Deputy General Counsel Department and Board of Higher Education.

Fundamentals of Trusteeship. Welcome Michael Mizzoni Deputy General Counsel Department and Board of Higher Education.
1 Endowment Overview Division of Finance and Administration Campus Safety Overview Mary Beth Koza Director: Environment, Health & Safety Jeff McCracken.

1 Endowment Overview Division of Finance and Administration Campus Safety Overview Mary Beth Koza Director: Environment, Health & Safety Jeff McCracken.
Audits & Assessments: What are the Differences and How Do We Learn from the Results? Brown Bag March 12, 2009 Sal Rubano – Director, Office of the Vice.

Audits & Assessments: What are the Differences and How Do We Learn from the Results? Brown Bag March 12, 2009 Sal Rubano – Director, Office of the Vice.
A Proposed Risk Management Regulatory Framework Commissioner George Apostolakis Presented at the Organization of Agreement States 2012 Annual Meeting Milwaukee,

A Proposed Risk Management Regulatory Framework Commissioner George Apostolakis Presented at the Organization of Agreement States 2012 Annual Meeting Milwaukee,
NIST Special Publication Revision 1

NIST Special Publication Revision 1
Enterprise Risk Management & IT Compliance March 30, 2010 Presented by: Ken Rowe, Director Enterprise Systems Assurance & Chief Security Officer University.

Enterprise Risk Management & IT Compliance March 30, 2010 Presented by: Ken Rowe, Director Enterprise Systems Assurance & Chief Security Officer University.
An Integrated Control Framework & Control Objectives for Information Technology – An IT Governance Framework COSO and COBIT 4.0.

An Integrated Control Framework & Control Objectives for Information Technology – An IT Governance Framework COSO and COBIT 4.0.
Private & Confidential1 (SIA) 13 Enterprise Risk Management The Standard should be read in the conjunction with the Preface to the Standards on Internal.

Private & Confidential1 (SIA) 13 Enterprise Risk Management The Standard should be read in the conjunction with the "Preface to the Standards on Internal.
Gulana Hajiyeva Environmental Specialist World Bank Moscow Safeguards Training, May 30 – June 1, 2012.

Gulana Hajiyeva Environmental Specialist World Bank Moscow Safeguards Training, May 30 – June 1, 2012.
Bank Audit. Internal Audit Internal audit is an independent, objective assurance activity and can give valuable insight in providing assurance that major.

Bank Audit. Internal Audit Internal audit is an independent, objective assurance activity and can give valuable insight in providing assurance that major.

Similar presentations

Ads by Google