Institutions of higher education face a number of challenges in today’s highly competitive business and social climate: reputational risk, obsolescence, tuition revenue dependence, campus crises, cyber-attacks. I could go on, but you get the idea. If your institution is sophisticated in risk management, you probably have a process in place to compile these issues, among others, into a risk inventory. But are you really getting the most out of your process? Is it effective and efficient?
Institutions should periodically conduct reviews of enterprise risk management (ERM) processes to determine if the right personnel and systems are in place to effectively identify and manage risks. Internal Audit can be a great resource, but if that’s not currently an option, here are some questions that will get the ball rolling:
- Does our system support current risk evaluation and reporting processes? Are we even using an ERM system?
- Do we have all of the right people involved in the process? Is our ERM leadership appropriate and effective?
- Are our identified risks consistently ranked across departments, divisions, etc.?
- Are we considering new/emerging risks? If so, are those risks identified in a timely manner?
- Are we challenging identified risks?
- Are we communicating identified risks to the right individuals?
- Does our ERM process allow us to seize new opportunities?
- Are we performing a significant portion of the process manually? Could we automate some parts of the process with enhanced system reliance or with a new system?
- Are we able to measure achievement of strategic objectives and goals?
- Are we collecting proprietary or sensitive information? If so, is it stored in a secure manner?
It’s important to remember that ERM is not just a mechanism to collect risks in one place, but rather a highly valuable tool to view, assess and address risks across your entire institution. When managed properly, ERM should provide benefits like improved decision-making capabilities, more effective strategic and operational planning, greater stakeholder confidence and enhanced organizational resilience.
If you’re looking to conduct an evaluation of your ERM processes, Schneider Downs Risk Advisory Services group can help. Contact us at [email protected]