Table of Contents
What is Enterprise Risk Management in Higher Education?
Enterprise Risk Management is the process by which higher education institutions plan for and mitigate risk to their institution that could prevent them from achieving their strategic goals and objectives.
Two components make up Enterprise Risk Management: risk planning and risk oversight.
Risk planning – which is the administration’s responsibility – is the process that institutions use to identify potential disruptions, mitigate their impact, and manage potential risks. This process naturally dovetails with scenario planning and allows institutional leaders to achieve their strategic goals and objectives when integrated into strategic planning.
Risk oversight – which is the board’s purview – requires the board to evaluate whether the higher education executives are effectively managing the organization’s risks. Additionally, this process involves examining the scenarios that administration build (and building new scenarios themselves) upon which strategic plans can be built.
Institutional Risk Planning
Institutional risk planning should be a holistic process, and as part of every strategic planning process The Change Leader facilitates, we ensure:
- risk planning is conducted, including doing scenario planning and developing mitigation strategies.
- structures are put in place to monitor potential risks and disruptions.
- metrics are developed that provide “early warning lines” for triggering mitigation actions.
Holistic institutional planning also includes regular updating of the strategic and implementation plans and the assumptions behind them, as well as updating the potential risks to the institution.
These are the differences between strategic planning and strategic management, the differences between The Change Leader and other firms’ planning processes.
Benefits of Good Risk Management Practices
Good risk management practices enable higher education institutions to:
Build a sure path to achieving your institutional strategic goals and objectives
Develop risk maps and scenarios that quantify risk and predict the impact, severity, and cost of disruptions
Create a more “risk-aware” culture that prevents derailment from achieving strategic goals and objectives
Maintain the financial health of the institution and adherence to its mission
Builds a culture of risk oversight on the board which ensures appropriate guardrails for managing risk are in place
Develop plans to mitigate potential risks and enable the institution to remain faithful to its mission
Operate with the highest integrity and ensure its institutional reputation remains excellent
Remain in good standing with its accreditor and be eligible to receive Title IV funds
Signs Your Risk Management Practices Need Improvement
There are many telltale signs that an institution’s enterprise risk management practices aren’t functioning properly. Unfortunately, most institutions do little if any risk planning or management, and when “life happens,” they are ill-prepared to continue in the directions they had planned. In reality, if institutions practiced good risk management, the institution and its board would not be at risk because disruptions had been properly planned for and mitigated.
Best Practices for Higher Education Risk Management
There are a number of higher education risk management best practices that institutions should follow to ensure they are helping their institutions be successful while overseeing and mitigating disruptions. These duties include:
Risk Management Best Practices for Higher Education Institutions Include:
Conduct risk profiling and disruption workshops at least semi-annually to review threats to the institution’s wellbeing
Build and/or update heat maps of potential disruptions, build mitigation strategies, and scenarios for budget planning
Ensure the board committess have risk oversight as part of their duties in their committee charters
Brief responsible board committee(s) quarterly on new risks and their mitigation strategies, and the full board annually
Involve stakeholders in the risk management process, including risk identification and mitigation
Ensure accountability for risk management and mitigation by putting it as part of senior executives’ duties and responsibilities
Ensure responsibilities for managing risk are understood and embedded into the institution’s culture
Communicate risks to stakeholders, and get them actively involved in risk identification and mitigation
Form stakeholder committees to identify and monitor risks to the institution
Incorporate risk planning into your annual strategic planning and budging processes
How We Help Our Clients with Higher Ed Risk Management and Planning
The Change Leader’s risk management consulting services provides proprietary processes and methods that have helped multiple universities and colleges improve their risk management processes, including integrating strategic planning and risk planning and providing board training for risk oversight.
Some of the areas we’ve helped boards with risk management include:
- Established standing board committees, including drafting committee charters, that increased board engagement with campus leadership and stakeholders, addressed ongoing needs and concerns, and provided for improved academic, operational, and strategic risk management and oversight.
- Created new ways for the board to communicate with faculty, staff, and stakeholders that created better lines of communication, increased transparency, and built trust that risk is mitigated.
- Developed and administered a proprietary board independence assessment matrix that enabled the board to self-assess its level of independence against accreditation standards that got the institution off probation.
- Updated the board and administration conflict of interest form to ensure members stay free of conflicts that would endanger its accreditation and risk oversight processes.
- Established an annual board training cycle, including creating risk planning and oversight processes to ensure risk management is reviewed annually.
- Created a board manual that became the “bible” for how the board operates and includes board guiding principles, an organization with job descriptions, committee charters and duties, election procedures, and board risk management best practices.
- Created an annual board calendar that ensures needed governance and risk management oversight activities are conducted annually.
- Facilitated the annual board retreat.
- Developed an annual presidential evaluation that holds the president and, through the president, the staff, accountable for risk mitigation.
Risk Management Frequently Asked Questions (FAQs)
Most frequent questions and answers about risk management consulting for higher education
What are the eight steps involved in enterprise risk management for higher education?
The eight steps of enterprise risk management are:
- Clarifying roles of the board and management
- Defining and understanding the institution’s risk profile
- Defining the institution’s risk appetite
- Creating heat maps and mitigation strategies for risks
- Integrating strategic planning and risk planning
- Having detailed risk management discussions at all levels of the institution and especially with the board
- Ensuring accountability is assigned for risk planning and mitigation
- Creating a culture of risk recognition, reporting, and mitigation
What is the board's role in monitoring the institution's risk management processes?
Boards must oversee the administration and hold the president accountable for the achievement of student outcomes, its adherence to its mission, its strategic plan, risk mitigation, and other metrics. Unfortunately, this doesn’t happen as regularly as it should.
There are multiple mechanisms how this can be done; they include through board committees, including the executive committee; annual evaluations of the president; and by the full board.