Recent history indicates that the pace of change in Higher Education is unprecedented; however, institutions are only seeing a modest increase in the use of risk-based decision making. The COSO “Enterprise Risk Management – Integrated Framework” defines ERM as “a process, effected by an entity’s board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.”
Value in ERM
The value of ERM lies in understanding risk, and appropriately allocating an organization’s resources to business activities that present high risk and exposure to its strategic purpose and its ability to prosper. ERM offers a framework for effectively managing uncertainty, responding to risk and harnessing opportunities as they arise. By focusing on, dedicating resources to, and continuously monitoring these business activities, an institution can continuously improve its operations and its value.
ERM in Higher Education
In the current highly competitive environment, colleges and universities are under intense pressure to attract and retain faculty and students and maximize their assets – something that cannot be achieved without tight control of risks across the board. ERM can assist in uncovering both downside risks and upside opportunities for institutions to achieve their objectives. Focused attention on key business, using activities such as, but not limited to, the following will aid in achieving an institution’s goals.
- Enrollment and admissions
- Construction and facilities management
- Campus safety and business continuity
- Faculty and curriculum management
- Data privacy and security
- Registrar and degree conferral
- Tuition billing and financial aid
- Grant management
How Internal Audit Can Help?
ERM is a business process led by senior leadership that extends the concept of risk management and includes conducting an enterprise risk assessment. Internal Audit can assist with this ERM in the following ways:
- Identifying risks and opportunities across the entire institution;
- Assessing the impact of risks and opportunities to the operations, mission and objectives of the institution;
- Developing and practicing response or mitigation plans; and
- Monitoring the identified risks, holding the risk owner accountable, and consistently scanning for emerging risks and opportunities.
Visit Schneider Downs Risk Advisory’s Services webpage /risk-advisory-services.
