Enterprise Risk Management in Higher Education, and How Internal Audit Can Help

Recent history indicates that the pace of change in Higher Education is unprecedented; however, institutions are only seeing a modest increase in the use of risk-based decision making. The COSO “Enterprise Risk Management - Integrated Framework” defines ERM as “a process, effected by an entity’s board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.”

Value in ERM

The value of ERM lies in understanding risk, and appropriately allocating an organization’s resources to business activities that present high risk and exposure to its strategic purpose and its ability to prosper. ERM offers a framework for effectively managing uncertainty, responding to risk and harnessing opportunities as they arise. By focusing on, dedicating resources to, and continuously monitoring these business activities, an institution can continuously improve its operations and its value.

ERM in Higher Education

In the current highly competitive environment, colleges and universities are under intense pressure to attract and retain faculty and students and maximize their assets – something that cannot be achieved without tight control of risks across the board. ERM can assist in uncovering both downside risks and upside opportunities for institutions to achieve their objectives. Focused attention on key business, using activities such as, but not limited to, the following will aid in achieving an institution’s goals.

  • Enrollment and admissions
  • Construction and facilities management
  • Campus safety and business continuity
  • Faculty and curriculum management
  • Data privacy and security
  • Registrar and degree conferral
  • Tuition billing and financial aid
  • Grant management

How Internal Audit Can Help?

ERM is a business process led by senior leadership that extends the concept of risk management and includes conducting an enterprise risk assessment. Internal Audit can assist with this ERM in the following ways:

  • Identifying risks and opportunities across the entire institution;
  • Assessing the impact of risks and opportunities to the operations, mission and objectives of the institution;
  • Developing and practicing response or mitigation plans; and
  • Monitoring the identified risks, holding the risk owner accountable, and consistently scanning for emerging risks and opportunities.

Visit Schneider Downs Risk Advisory’s Services webpage https://www.schneiderdowns.com/risk-advisory-services.

You’ve heard our thoughts… We’d like to hear yours

The Schneider Downs Our Thoughts On blog exists to create a dialogue on issues that are important to organizations and individuals. While we enjoy sharing our ideas and insights, we’re especially interested in what you may have to say. If you have a question or a comment about this article – or any article from the Our Thoughts On blog – we hope you’ll share it with us. After all, a dialogue is an exchange of ideas, and we’d like to hear from you. Email us at contactSD@schneiderdowns.com.

Material discussed is meant for informational purposes only, and it is not to be construed as investment, tax, or legal advice. Please note that individual situations can vary. Therefore, this information should be relied upon when coordinated with individual professional advice.

© 2020 Schneider Downs. All rights-reserved. All content on this site is property of Schneider Downs unless otherwise noted and should not be used without written permission.

our thoughts on

Ransomware Attack Disrupts Popular Sports Gambling Sites
FASB Issues Accounting Standards Update for Not-for-Profit Entities on Contributed Nonfinancial Assets
The Hardware Failure That Took Down The Tokyo Stock Exchange
The Impact of COVID-19 on Community Colleges
Don’t Forget About Your HEERF Reporting Requirements
The FFIEC’s Take on Addressing Pandemic Planning within Business Continuity Processes

Register to receive our weekly newsletter with our most recent columns and insights.

Have a question? Ask us!

We’d love to hear from you. Drop us a note, and we’ll respond to you as quickly as possible.

Ask us

contact us

Map of Pittsburgh Office

One PPG Place, Suite 1700
Pittsburgh, PA 15222

p:412.261.3644     f:412.261.4876

Map of Columbus Office

65 East State Street, Suite 2000
Columbus, OH 43215

p:614.621.4060     f:614.621.4062

Map of Washington Office
Washington, D.C.

1660 International Drive, Suite 600
McLean, VA 22102