Desktop version

Home arrow Management

ADOPTING AND IMPLEMENTING ERM IN COLLEGES AND UNIVERSITIES

In 2001, PricewaterhouseCoopers and the National Association of College and University Business Officers (NACUBO) sponsored a think tank of higher education leaders to discuss the topic of ERM in higher education, likely in response to widespread discussion in the for-profit sector and in anticipation of potential regulatory implications for higher education. The group included Janice Abraham, then president and chief executive officer of United Educators Insurance, as well as senior administrators from seven universities.[1] The focus of their discussion was on the definition of risk; the risk drivers in higher education; implementation of risk management programs to effectively assess, manage, and monitor risk; and how to proactively engage the campus community in a more informed dialogue regarding ERM. Their conversation produced a white paper, "Developing a Strategy to Manage Enterprisewide Risk in Higher Education" (Cassidy et al. 2001). In 2007, NACUBO and the Association of Governing Boards of Universities and Colleges (AGB) published additional guidance in their white paper, "Meeting the Challenges of Enterprise Risk Management in Higher Education." The University Risk Management and Insurance Association (URMIA) also weighed in with its white paper, "ERM in Higher Education" (2007). In 2013, Janice Abraham wrote a text published by AGB and United Educators, entitled Risk Management: An Accountability Guide for University and College Boards. These documents provide guidance and information to institutions considering the implementation of an ERM program and discuss the unique aspects of the higher education environment when considering ERM implementation.

Several authors have discussed the transferability of the ERM model to higher education, even with the cultural and organizational differences that abound between the for-profit environment and higher education. URMIA (2007) concluded that "the ERM process is directly applicable to institutions of higher education, just as it is to any other 'enterprise'; there is nothing so unique to the college or university setting as to make ERM irrelevant or impossible to implement" (p. 17). Whitfield (2003) assessed the "feasibility and transferability of a general framework to guide the holistic consideration of risk as a critical component of college and university strategic planning initiatives" (p. 78) and concluded that "the for-profit corporate sector's enterprise-wide risk management framework is transferable to higher education institutions" (p. 79).

National conferences for higher education associations such as NACUBO, AGB, URMIA, and others had presentations on ERM. Insurers of higher education, such as United Educators and Aon, as well as consultants such as Accenture and Deloitte, among others, provided workshops to institutions and published white papers of their own, such as the Gallagher Group's "Road to Implementation: Enterprise Risk Management for Colleges and Universities" (2009). In the early 2000s, many IHEs rushed to form committees to examine ERM and hired risk officers in senior-level positions, following the for-profit model.[2] However, when specific regulations such as those imposed by the SEC for for-profit entities did not emerge in the higher education sector, interest in highly developed ERM models at colleges and universities began to wane. Gurevitz (2009) points out that the early ERM frameworks weren't written with higher education in mind and were often presented "in such a complicated format that it made it difficult to translate the concepts for many universities."

Institutions with ERM programs have taken various paths in their selection of models and methods and have been innovative and individualized in their approaches. There is no comprehensive list of higher education institutions with ERM programs, and not all IHEs with integrated models use the term ERM. Exhibit 9.3 shows a snapshot of IHEs that have adopted ERM; a review of their websites demonstrates the various risk management approaches adopted by IHEs and the wide variability in terminology, reporting lines, structure, and focus. In many instances, those IHEs with highly developed programs today had some form of "sentinel event" (regulatory, compliance, student safety, financial, or other) that triggered the need for widespread investigation and, therefore, the development of more coordinated methods for compliance, information sharing, and decision making. In other situations, governing board members brought their business experience with ERM to higher education, recognizing the "applicability and relevance of using a holistic approach to risk management in academic institutions" (Abraham 2013, p. 6).

Regardless of the impetus, the current focus appears to be on effectively linking risk management to strategic planning. Abraham points out that many higher education institutions are recognizing that an effective ERM program, with the full support of the governing board, "will increase a college, university or system's likelihood of achieving its plans, increase transparency, and allow better allocation of scarce resources. Good risk management is good governance" (p. 5). Ken Barnds (2011), vice president at Augustana College, points out that "many strategic planning processes, particularly in higher education, spent an insufficient amount of time thinking about threats and weaknesses." Barnds believes that "an honest and thoughtful assessment of the college's risks ... would lead [Augustana] in a positive, engaged, and proactive direction." A recent Grant Thornton (2011) thought paper urges university leaders to think about more strategic issues as part of their risk management, including board governance, IRS scrutiny of board oversight

Exhibit 9.3 Sample of Colleges and Universities with ERM Programs

Institution

Title of Person with ERM Responsibility

Website

Duke University

Executive Director of Internal Audit

intemalaudits.duke.edu/risk-assessment/index.php

Emory University

Chief Audit Officer

emory.edu/EMORY_REPORT/stories/2010/04/19/risk_ management.html

Georgia State University

Director, Enterprise Risk Management

gsu.edu/accounting/63370.htrnl

Iowa State University

Associate Vice President for Budget and Planning

provost.iastate.edu/what-we-do/erm

Johnson & Wales

Director of Compliance, Internal Audit, and Risk Management

jwu.edu/content.aspx?id=57825

Maricopa County Community College District (MCCCD)

Director of Enterprise Risk Management

maricopa .edu/publicstewardship/governance/adminregs / auxiliary/4_16.php

Ohio University

Associate Vice President for Risk Management and Safety

ohio.edu/riskandsafety/urmi.htm

Texas A&M University System

Office of Risk Management and Benefits Administration

tamus.edu/offices/risk/riskmanage/guide/enterprise-risk- management/

University of Alaska System

Chief Risk Officer

alaska.edu/risksafety/

University of California

Risk Services, Office of the President

ucop.edu/enterprise-risk-management/

University of Denver

Director of Enterprise Risk Management

du.edu/internal-audit/intemal_audit/faq.html

University of Iowa

Senior Vice President of Finance and Operations and Treasurer

uiowa.edu/~fusrm/EnterpriseRiskManagement/index.html

University of Maryland

Vice President for Planning and Accountability

umaryland.edu/accountability-old/risk-management/

University of Notre Dame

Director of Risk Management and Safety

riskmanagement.nd.edu/about/

University of Vermont

Senior Strategist for Enterprise Risk and Planning, Office of the Vice President for Finance & Administration

uvm.edu/~erm/

University of Maryland

Vice President for Planning and Accountability

umaryland.edu/accountability-old/risk-management/

University of Washington

Risk Analyst

f2.washington.edu/fm/erm

Yale University

Director of ERM

ogc.yale.edu/riskmanagement

practices, investment performance in university endowments, indirect cost rates in research, changes in employment practices, and outsourcing arrangements.

Regardless of terminology, there is an increased priority on taking a more enterprise-wide approach to risk management and moving from a compliance- driven approach to a comprehensive, strategic approach across and throughout the organization that is used to positively affect decision making and impact mission success and the achievement of strategic goals. Tutano (2011) points out that even in the corporate environment, top leaders are not inclined to work through a detailed step-by-step risk management process, but rather take a top-level approach. In the university environment, this means asking three fundamental questions: What is our mission? What is our strategy to achieve it? What risks might derail us from achieving our mission? Richard F. Wilson, president of Illinois Wesleyan University, may best summarize the current perspective of senior-level higher education administrators:

When I first started seeing the phrase "enterprise risk management" pop up in higher education literature, my reaction was one of skepticism. It seemed to me yet another idea of limited value that someone had created a label for, to make it seem more important than it really was. Although some of that skepticism remains, I find myself increasingly in sympathy with some of its basic tenets ... [especially] the analysis that goes into decisions about the future. Most institutions are currently engaged in some kind of strategic planning effort driven, in part, by the need to protect their financial viability and vitality for the foreseeable future. ... Bad plans and bad execution of good ideas can put an institution at risk fairly quickly in the current environment. Besides examining what we hope will happen if a particular plan is adopted, we should also devote time to the consequences if the plan does not work. I still cannot quite get comfortable incorporating enterprise risk management into my daily vocabulary, but I have embraced the underlying principles. (Wilson 2013)

  • [1] One of those administrators was Elizabeth Cherry, Director of Risk Management, from the University of Washington (UW). As will be discussed in the case study, the UW was embroiled in several high-profile risk situations at the time and was undergoing the first of several presidential transitions.
  • [2] See A. P. Liebenberg and R. E. Hoyt, "The Determinants of Enterprise Risk Management: Evidence from the Appointment of Chief Risk Officers," Risk Management and Insurance Review 6:1 (2003): 37-52. Their study uses a logistic model to examine the characteristics of firms that adopt ERM programs, most of which signal the fact that they have an ERM program through the hiring of a CRO.
 
< Prev   CONTENTS   Next >

Related topics