SlideShare a Scribd company logo

School of Computer & Information SciencesITS 835Chapte

Download as DOCX, PDF
N
NarcisaBrandenburg70

School of Computer & Information Sciences ITS 835 Chapter 9, “Lessons from the Academy: ERM Implementation in the University Setting” This is a narrated presentation. Overview • Institutional Background • Emergence of ERM in Higher Education • Leadership from the Top – Create a Culture-Specific ERM Program – Scope of the Risk Framework – Organizational Structure – Philosophy of the Program • Evolution of ERM at UW – Compliance, Operation, and Finance Council (COFi) – Adopting and Adapting the COSO Model • Outcomes and Lessons Learned • Conclusion Institutional Background • Colleges and universities have often perceived themselves as substantially different and separate from other for-profit and not-for-profit entities, and the outside world has historically viewed and treated then as such. • Higher education was largely a self-created, self-perpetuating, insular, isolated, and self-regulating environment. In this culture, higher education institutions are generally governed under the traditional, independent, “silos of power and silence” management model, which the right hand in one administrative area or unit often unaware of the left hand’s mission, objectives, programs, practices, and contributions in other areas. • Organizational structures in higher education differ in many ways from other organizations. The differences are attributed to dualistic decision-making structures, lack of metrics to measure progress and assess accountability, and the lack of clarity and agreement within the academic organization on institutional goals. Thereby making processes, structures, and systems for accountability commonly used in business firms are not sensible for universities. Emergence of ERM in Higher Education Educational institutional “have been slower to look at ERM as an integrated business tool, as a way to help all the stakeholders – trustees, presidents, provosts, CFOs, department heads, and frontline supervisors – identify early warning signs of something that could jeopardize a school’s operations or reputation” In the United States, engaging in risk management efforts and programs for IHEs is not specifically required by accrediting agencies or the federal government Board of Directors •Accreditation •Conflict of Interest •Succession planning Business Affairs •Bonds •Cash management •Endowment Campus Safety •Emergency alert •Incident response •Infectious disease Information Technology •Cyber Liability •Electronic records •Privacy Academic Affairs •Academic freedom •Grade tampering •Grants Student Affairs •Emergency alert •Incident response •Infectious disease Human Resources •Affirmative Action •Grievance •Labor Law Physical Plant •Fire •Renovations •Infrastructure Damage Other •Alumni •Athletics •External Relations Leadership from the Top • The role of the Strategic Risk Initiative Review Committee (SRIRC) is to continue investiga ...

Education
1 of 12
School of Computer & Information Sciences ITS 835 Chapter 9, “Lessons from the Academy: ERM Implementation in the University Setting” This is a narrated presentation. Overview • Institutional Background • Emergence of ERM in Higher Education • Leadership from the Top – Create a Culture-Specific ERM Program – Scope of the Risk Framework – Organizational Structure – Philosophy of the Program • Evolution of ERM at UW – Compliance, Operation, and Finance Council (COFi) – Adopting and Adapting the COSO Model
• Outcomes and Lessons Learned • Conclusion Institutional Background • Colleges and universities have often perceived themselves as substantially different and separate from other for-profit and not-for-profit entities, and the outside world has historically viewed and treated then as such. • Higher education was largely a self-created, self-perpetuating, insular, isolated, and self-regulating environment. In this culture, higher education institutions are generally governed under the traditional, independent, “silos of power and silence” management model, which the right hand in one administrative area or unit often unaware of the left hand’s mission, objectives, programs, practices, and contributions in other areas. • Organizational structures in higher education differ in many ways from other organizations. The differences are attributed to dualistic decision-making structures, lack of metrics to measure progress
and assess accountability, and the lack of clarity and agreement within the academic organization on institutional goals. Thereby making processes, structures, and systems for accountability commonly used in business firms are not sensible for universities. Emergence of ERM in Higher Education Educational institutional “have been slower to look at ERM as an integrated business tool, as a way to help all the stakeholders – trustees, presidents, provosts, CFOs, department heads, and frontline supervisors – identify early warning signs of something that could jeopardize a school’s operations or reputation” In the United States, engaging in risk management efforts and programs for IHEs is not specifically required by accrediting agencies or the federal government Board of Directors
•Accreditation •Conflict of Interest •Succession planning Business Affairs •Bonds •Cash management •Endowment Campus Safety •Emergency alert •Incident response •Infectious disease Information Technology •Cyber Liability •Electronic records •Privacy Academic Affairs •Academic freedom •Grade tampering
•Grants Student Affairs •Emergency alert •Incident response •Infectious disease Human Resources •Affirmative Action •Grievance •Labor Law Physical Plant •Fire •Renovations •Infrastructure Damage Other •Alumni •Athletics •External Relations
Leadership from the Top • The role of the Strategic Risk Initiative Review Committee (SRIRC) is to continue investigating best practices in university risk management and make recommendations about a structure and framework for compliance that would fit the institutions culture. • The SRIRC asked questions such as, Does this proposal add value? What obstacles are apparent and how can they be addressed? How could this propose be improved? • Prior to formal implementation of the ERM program, resources were also dedicated to create an infrastructure to sustain the recommended model. • Prior to the implementation, some key decisions would need to be made: Would the scope of the program be institution-wide or targeted at the school, college, or unit level? Would it include all risks (compliance, finance, operations, and stratgey) or be on the continuum,” a model that integrates risks into the organizational strategic discussion. Create a Culture-Specific ERM Program
• UW adopted an integrated approach to managing risks and compliance, commonly called enterprise risk management (ERM).” It acknowledged that the proposed changed were not intended to “replace what already works across the university,” but rather to “argument the existing organization with thoughtful direction, collaboration, and communication on strategic risks.” • Defined key terms and made recommendations based on three basic parameters: scope of the framework, organizational structure for the framework, and philosophy of the program. Scope of the Risk Framework • Centralized Compliance Management approach. The model encompasses all risks, would focus primarily on legal and regulatory compliance. • “Collaborative, institution-wide risk management model, that “ensures that UW creates an excellent compliance model based on best practices, while protecting its decentralized, collaborative, and entrepreneurial culture.” Organizational Structure
• UW’s current approach to risk management, noting it had moved beyond the insurance approach, “which is usually reactive and ad hoc,” but also observing that responsibility for specific risks was currently distributed amongst the institutions organizational silos. • Highlighted the weaknesses of the current approach, including the fact that “due to the size, decentralization, and complexity of the institution, a proliferating of compliance, audit, and risk management activities has grown up around separate and distinct risk areas, each largely operating in a self- defined stovepipe.” Philosophy of the Program • Institutional profile report outlined three guiding principles to shape the evolution of compliance and risk management at UW. • Foster an institution-wide perspective • Ensure that regulatory management is consistent with best practices • Protect decentralized, collaborative entrepreneurial culture
Evolution of ERM at UW • Although many operational units, committees, and administrative bodies handled the risks faced in their own environment well, there is little cross-functional sharing of information. The opportunity aspect of risk is therefore not fully utilized by the University and risk mitigation priorities are not consistently driven by the institutions strategic objectives. • ERM at UW were formative and focused on: • Developing a common language around risk • Conducting individual risk assessments • Focusing discussion and mitigation on financial challenges • Drafting an initial compendium of enterprise-wise success metrics Compliance, Operation, and Finance Council (COFi) • The COFi Council has oversight of risk assessments at the division or functional level. It provides approval of
methods to monitor risks and identifies topics for outreach, particularly items that have university-wide potential impact or that involve cross-departmental or divisions silos. The six primary goal of the COFi Council are to: • Engage in continual, cross-functional process that results in effective prioritization of institutional responses to compliance, financial, and operational risks, and consider the impact to strategic and reputational risks. • Ensure that the institutional perspective is always present in risk and compliance management discussions. • Identify strategies to address emerging risks and compliance management issues. • Support risk and compliance management training and outreach efforts throughout the university. • Provide external auditors and regulators with information about the university’s risk and compliance programs. • Avoid the creation of additional bureaucracy by minimizing redundancy and maximizing resources.
Adopting and Adapting the COSO Model • UW had define ERM according to its interpretation of the Committee of Sponsoring Organizations (COSO) model, which describes ERM as “a process, effected by entity’s board of directors, management, and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives” • COSO model is an eight-step process 1. Leadership, culture, and values 2. Strategic goals 3. Risk identification 4. Risk assessment 5. Response 6. Controls 7. Information and communication 8. Monitoring and measuring
Outcomes and Lessons Learned • The value of ERM is both quantitative (e.g. risk and opportunity maps) and qualitative (e.g. dashboard to contextualize and display metrics). Each iteration of the ERM process results in new capabilities, and insight gained into managing financial risks and strategic opportunities • Key lessons learned • Clarify the roles of various risk committees • Develop a work plan for the committee • Develop engaging agenda, focused at the appropriate level • Don’t overemphasize lowest common denominator risks • Gather data/information to develop expertise on specific risks • Avoid discussing low-level, narrow risks • Don’t get into the weeds with implementation and process Conclusion

Recommended

HIGHER EDUCATION GOVERNANCE AND QUALITY ASSURANCE SYSTEMS: EXPERIENCES FROM U...
HIGHER EDUCATION GOVERNANCE AND QUALITY ASSURANCE SYSTEMS: EXPERIENCES FROM U...HIGHER EDUCATION GOVERNANCE AND QUALITY ASSURANCE SYSTEMS: EXPERIENCES FROM U...
HIGHER EDUCATION GOVERNANCE AND QUALITY ASSURANCE SYSTEMS: EXPERIENCES FROM U...
Elvis Muyanja
 
ITS 835Chapters 30, 31, 34Miscellaneous Case Studies on .docx
ITS 835Chapters 30, 31, 34Miscellaneous Case Studies on .docxITS 835Chapters 30, 31, 34Miscellaneous Case Studies on .docx
ITS 835Chapters 30, 31, 34Miscellaneous Case Studies on .docx
vrickens
 
mr neeraj - day 1 - compliance
mr neeraj - day 1 - compliancemr neeraj - day 1 - compliance
mr neeraj - day 1 - compliance
Neeraj Verma
 
ITS 835Chapter 9Lessons from the Academy .docx
ITS 835Chapter 9Lessons from the Academy .docxITS 835Chapter 9Lessons from the Academy .docx
ITS 835Chapter 9Lessons from the Academy .docx
vrickens
 
Enterprise Risk Management in ODL: The Imperatives and Lessons from the Zimba...
Enterprise Risk Management in ODL: The Imperatives and Lessons from the Zimba...Enterprise Risk Management in ODL: The Imperatives and Lessons from the Zimba...
Enterprise Risk Management in ODL: The Imperatives and Lessons from the Zimba...
IOSRJBM
 
Enterprise risk management february 9th solution training
Enterprise risk management february 9th solution trainingEnterprise risk management february 9th solution training
Enterprise risk management february 9th solution training
veritama
 
Risk management ppt 111p (training module)
Risk management ppt 111p (training module)Risk management ppt 111p (training module)
Risk management ppt 111p (training module)
Sadia Razzaq
 
CELOE MRKI Lecture Notes 02 v0.1_old.pptx
CELOE MRKI Lecture Notes 02 v0.1_old.pptxCELOE MRKI Lecture Notes 02 v0.1_old.pptx
CELOE MRKI Lecture Notes 02 v0.1_old.pptx
DandzaPraditya
 

Recommended

HIGHER EDUCATION GOVERNANCE AND QUALITY ASSURANCE SYSTEMS: EXPERIENCES FROM U...
HIGHER EDUCATION GOVERNANCE AND QUALITY ASSURANCE SYSTEMS: EXPERIENCES FROM U...HIGHER EDUCATION GOVERNANCE AND QUALITY ASSURANCE SYSTEMS: EXPERIENCES FROM U...
HIGHER EDUCATION GOVERNANCE AND QUALITY ASSURANCE SYSTEMS: EXPERIENCES FROM U...
Elvis Muyanja
 
ITS 835Chapters 30, 31, 34Miscellaneous Case Studies on .docx
ITS 835Chapters 30, 31, 34Miscellaneous Case Studies on .docxITS 835Chapters 30, 31, 34Miscellaneous Case Studies on .docx
ITS 835Chapters 30, 31, 34Miscellaneous Case Studies on .docx
vrickens
 
mr neeraj - day 1 - compliance
mr neeraj - day 1 - compliancemr neeraj - day 1 - compliance
mr neeraj - day 1 - compliance
Neeraj Verma
 
ITS 835Chapter 9Lessons from the Academy .docx
ITS 835Chapter 9Lessons from the Academy .docxITS 835Chapter 9Lessons from the Academy .docx
ITS 835Chapter 9Lessons from the Academy .docx
vrickens
 
Enterprise Risk Management in ODL: The Imperatives and Lessons from the Zimba...
Enterprise Risk Management in ODL: The Imperatives and Lessons from the Zimba...Enterprise Risk Management in ODL: The Imperatives and Lessons from the Zimba...
Enterprise Risk Management in ODL: The Imperatives and Lessons from the Zimba...
IOSRJBM
 
Enterprise risk management february 9th solution training
Enterprise risk management february 9th solution trainingEnterprise risk management february 9th solution training
Enterprise risk management february 9th solution training
veritama
 
Risk management ppt 111p (training module)
Risk management ppt 111p (training module)Risk management ppt 111p (training module)
Risk management ppt 111p (training module)
Sadia Razzaq
 
CELOE MRKI Lecture Notes 02 v0.1_old.pptx
CELOE MRKI Lecture Notes 02 v0.1_old.pptxCELOE MRKI Lecture Notes 02 v0.1_old.pptx
CELOE MRKI Lecture Notes 02 v0.1_old.pptx
DandzaPraditya
 
The role of ia in erm process
The role of ia in erm processThe role of ia in erm process
The role of ia in erm process
SALIH AHMED ISLAM
 
Incorporating Risk Management into BCP
Incorporating Risk Management into BCPIncorporating Risk Management into BCP
Incorporating Risk Management into BCP
Ron Andrews
 
COSO_ERM.ppt
COSO_ERM.pptCOSO_ERM.ppt
COSO_ERM.ppt
SashaKing4
 
Best Practices on Corporate Governance of Higher Education InstitutionsPp2
Best Practices on Corporate Governance of Higher Education InstitutionsPp2Best Practices on Corporate Governance of Higher Education InstitutionsPp2
Best Practices on Corporate Governance of Higher Education InstitutionsPp2
Mwiza Helen
 
Coso erm
Coso ermCoso erm
Coso erm
luisrobles_cl
 
Coso erm
Coso ermCoso erm
Coso erm
Humberto Omar Valverde Taborga
 
Manajemen Risiko Menurut COSO
Manajemen Risiko Menurut COSOManajemen Risiko Menurut COSO
Manajemen Risiko Menurut COSO
Dina Pramudianti
 
COSO Vs ERM - NMIMS INDORE
COSO Vs ERM - NMIMS INDORECOSO Vs ERM - NMIMS INDORE
COSO Vs ERM - NMIMS INDORE
Naresh Parandhaman
 
Adopting Enterprise Risk Management inToday’s Wo.docx
Adopting Enterprise Risk Management inToday’s Wo.docxAdopting Enterprise Risk Management inToday’s Wo.docx
Adopting Enterprise Risk Management inToday’s Wo.docx
SALU18
 
Adopting Enterprise Risk Management inToday’s Wo.docx
Adopting Enterprise Risk Management inToday’s Wo.docxAdopting Enterprise Risk Management inToday’s Wo.docx
Adopting Enterprise Risk Management inToday’s Wo.docx
katherncarlyle
 
Adopting Enterprise Risk Management inToday’s Wo.docx
Adopting Enterprise Risk Management inToday’s Wo.docxAdopting Enterprise Risk Management inToday’s Wo.docx
Adopting Enterprise Risk Management inToday’s Wo.docx
daniahendric
 
Chapter 3Mars’ ERM HistoryMars, Incorporated Is a privately .docx
Chapter 3Mars’ ERM HistoryMars, Incorporated Is a privately .docxChapter 3Mars’ ERM HistoryMars, Incorporated Is a privately .docx
Chapter 3Mars’ ERM HistoryMars, Incorporated Is a privately .docx
spoonerneddy
 
Best practices on corporate governance of higher education 1....
Best practices on corporate governance of higher education 1....Best practices on corporate governance of higher education 1....
Best practices on corporate governance of higher education 1....
Mwiza Helen
 
Chapter 3 presented the approach Mars, Incorporated used to implem.docx
Chapter 3 presented the approach Mars, Incorporated used to implem.docxChapter 3 presented the approach Mars, Incorporated used to implem.docx
Chapter 3 presented the approach Mars, Incorporated used to implem.docx
keturahhazelhurst
 
Good Governance for Improving the Quality of Higher Education in Bangladesh
Good Governance for Improving the Quality of Higher Education in Bangladesh Good Governance for Improving the Quality of Higher Education in Bangladesh
Good Governance for Improving the Quality of Higher Education in Bangladesh
Md. Nazrul Islam
 
Enterprise Risk Management - Aligning Risk with Strategy and Performance
Enterprise Risk Management - Aligning Risk with Strategy and PerformanceEnterprise Risk Management - Aligning Risk with Strategy and Performance
Enterprise Risk Management - Aligning Risk with Strategy and Performance
Resolver Inc.
 
Presentation Makes the Case for Enterprise Risk Management
Presentation Makes the Case for Enterprise Risk ManagementPresentation Makes the Case for Enterprise Risk Management
Presentation Makes the Case for Enterprise Risk Management
PYA, P.C.
 
The role of auditing in the erm process
The role of auditing in the erm processThe role of auditing in the erm process
The role of auditing in the erm process
Salih Islam
 
Swansea University - Integrated Assurance Case Study, 17 May 2016
Swansea University - Integrated Assurance Case Study, 17 May 2016Swansea University - Integrated Assurance Case Study, 17 May 2016
Swansea University - Integrated Assurance Case Study, 17 May 2016
Association for Project Management
 
ITS 835 enterprise risk managementChapter 9Lessons from the .docx
ITS 835 enterprise risk managementChapter 9Lessons from the .docxITS 835 enterprise risk managementChapter 9Lessons from the .docx
ITS 835 enterprise risk managementChapter 9Lessons from the .docx
vrickens
 
1. A frequently asked question is Can structured techniques and obj.docx
1. A frequently asked question is Can structured techniques and obj.docx1. A frequently asked question is Can structured techniques and obj.docx
1. A frequently asked question is Can structured techniques and obj.docx
NarcisaBrandenburg70
 
1. Which of the following BEST describes the primary goal of a re.docx
1. Which of the following BEST describes the primary goal of a re.docx1. Which of the following BEST describes the primary goal of a re.docx
1. Which of the following BEST describes the primary goal of a re.docx
NarcisaBrandenburg70
 

More Related Content

Similar to School of Computer & Information SciencesITS 835Chapte

Incorporating Risk Management into BCP
Incorporating Risk Management into BCPIncorporating Risk Management into BCP
Incorporating Risk Management into BCP
Ron Andrews
 
Best Practices on Corporate Governance of Higher Education InstitutionsPp2
Best Practices on Corporate Governance of Higher Education InstitutionsPp2Best Practices on Corporate Governance of Higher Education InstitutionsPp2
Best Practices on Corporate Governance of Higher Education InstitutionsPp2
Mwiza Helen
 
Adopting Enterprise Risk Management inToday’s Wo.docx
Adopting Enterprise Risk Management inToday’s Wo.docxAdopting Enterprise Risk Management inToday’s Wo.docx
Adopting Enterprise Risk Management inToday’s Wo.docx
SALU18
 
Adopting Enterprise Risk Management inToday’s Wo.docx
Adopting Enterprise Risk Management inToday’s Wo.docxAdopting Enterprise Risk Management inToday’s Wo.docx
Adopting Enterprise Risk Management inToday’s Wo.docx
katherncarlyle
 
Adopting Enterprise Risk Management inToday’s Wo.docx
Adopting Enterprise Risk Management inToday’s Wo.docxAdopting Enterprise Risk Management inToday’s Wo.docx
Adopting Enterprise Risk Management inToday’s Wo.docx
daniahendric
 
Chapter 3Mars’ ERM HistoryMars, Incorporated Is a privately .docx
Chapter 3Mars’ ERM HistoryMars, Incorporated Is a privately .docxChapter 3Mars’ ERM HistoryMars, Incorporated Is a privately .docx
Chapter 3Mars’ ERM HistoryMars, Incorporated Is a privately .docx
spoonerneddy
 
Chapter 3 presented the approach Mars, Incorporated used to implem.docx
Chapter 3 presented the approach Mars, Incorporated used to implem.docxChapter 3 presented the approach Mars, Incorporated used to implem.docx
Chapter 3 presented the approach Mars, Incorporated used to implem.docx
keturahhazelhurst
 
Enterprise Risk Management - Aligning Risk with Strategy and Performance
Enterprise Risk Management - Aligning Risk with Strategy and PerformanceEnterprise Risk Management - Aligning Risk with Strategy and Performance
Enterprise Risk Management - Aligning Risk with Strategy and Performance
Resolver Inc.
 
ITS 835 enterprise risk managementChapter 9Lessons from the .docx
ITS 835 enterprise risk managementChapter 9Lessons from the .docxITS 835 enterprise risk managementChapter 9Lessons from the .docx
ITS 835 enterprise risk managementChapter 9Lessons from the .docx
vrickens
 

Similar to School of Computer & Information SciencesITS 835Chapte (20)

The role of ia in erm process
The role of ia in erm processThe role of ia in erm process
The role of ia in erm process
 
Incorporating Risk Management into BCP
Incorporating Risk Management into BCPIncorporating Risk Management into BCP
Incorporating Risk Management into BCP
 
COSO_ERM.ppt
COSO_ERM.pptCOSO_ERM.ppt
COSO_ERM.ppt
 
Best Practices on Corporate Governance of Higher Education InstitutionsPp2
Best Practices on Corporate Governance of Higher Education InstitutionsPp2Best Practices on Corporate Governance of Higher Education InstitutionsPp2
Best Practices on Corporate Governance of Higher Education InstitutionsPp2
 
Coso erm
Coso ermCoso erm
Coso erm
 
Coso erm
Coso ermCoso erm
Coso erm
 
Manajemen Risiko Menurut COSO
Manajemen Risiko Menurut COSOManajemen Risiko Menurut COSO
Manajemen Risiko Menurut COSO
 
COSO Vs ERM - NMIMS INDORE
COSO Vs ERM - NMIMS INDORECOSO Vs ERM - NMIMS INDORE
COSO Vs ERM - NMIMS INDORE
 
Adopting Enterprise Risk Management inToday’s Wo.docx
Adopting Enterprise Risk Management inToday’s Wo.docxAdopting Enterprise Risk Management inToday’s Wo.docx
Adopting Enterprise Risk Management inToday’s Wo.docx
 
Adopting Enterprise Risk Management inToday’s Wo.docx
Adopting Enterprise Risk Management inToday’s Wo.docxAdopting Enterprise Risk Management inToday’s Wo.docx
Adopting Enterprise Risk Management inToday’s Wo.docx
 
Adopting Enterprise Risk Management inToday’s Wo.docx
Adopting Enterprise Risk Management inToday’s Wo.docxAdopting Enterprise Risk Management inToday’s Wo.docx
Adopting Enterprise Risk Management inToday’s Wo.docx
 
Chapter 3Mars’ ERM HistoryMars, Incorporated Is a privately .docx
Chapter 3Mars’ ERM HistoryMars, Incorporated Is a privately .docxChapter 3Mars’ ERM HistoryMars, Incorporated Is a privately .docx
Chapter 3Mars’ ERM HistoryMars, Incorporated Is a privately .docx
 
Best practices on corporate governance of higher education 1....
Best practices on corporate governance of higher education 1....Best practices on corporate governance of higher education 1....
Best practices on corporate governance of higher education 1....
 
Chapter 3 presented the approach Mars, Incorporated used to implem.docx
Chapter 3 presented the approach Mars, Incorporated used to implem.docxChapter 3 presented the approach Mars, Incorporated used to implem.docx
Chapter 3 presented the approach Mars, Incorporated used to implem.docx
 
Good Governance for Improving the Quality of Higher Education in Bangladesh
Good Governance for Improving the Quality of Higher Education in Bangladesh Good Governance for Improving the Quality of Higher Education in Bangladesh
Good Governance for Improving the Quality of Higher Education in Bangladesh
 
Enterprise Risk Management - Aligning Risk with Strategy and Performance
Enterprise Risk Management - Aligning Risk with Strategy and PerformanceEnterprise Risk Management - Aligning Risk with Strategy and Performance
Enterprise Risk Management - Aligning Risk with Strategy and Performance
 
Presentation Makes the Case for Enterprise Risk Management
Presentation Makes the Case for Enterprise Risk ManagementPresentation Makes the Case for Enterprise Risk Management
Presentation Makes the Case for Enterprise Risk Management
 
The role of auditing in the erm process
The role of auditing in the erm processThe role of auditing in the erm process
The role of auditing in the erm process
 
Swansea University - Integrated Assurance Case Study, 17 May 2016
Swansea University - Integrated Assurance Case Study, 17 May 2016Swansea University - Integrated Assurance Case Study, 17 May 2016
Swansea University - Integrated Assurance Case Study, 17 May 2016
 
ITS 835 enterprise risk managementChapter 9Lessons from the .docx
ITS 835 enterprise risk managementChapter 9Lessons from the .docxITS 835 enterprise risk managementChapter 9Lessons from the .docx
ITS 835 enterprise risk managementChapter 9Lessons from the .docx
 

More from NarcisaBrandenburg70

1. A frequently asked question is Can structured techniques and obj.docx
1. A frequently asked question is Can structured techniques and obj.docx1. A frequently asked question is Can structured techniques and obj.docx
1. A frequently asked question is Can structured techniques and obj.docx
NarcisaBrandenburg70
 
1. Can psychological capital impact satisfaction and organizationa.docx
1. Can psychological capital impact satisfaction and organizationa.docx1. Can psychological capital impact satisfaction and organizationa.docx
1. Can psychological capital impact satisfaction and organizationa.docx
NarcisaBrandenburg70
 
1. A logistics specialist for Charm City Inc. must distribute case.docx
1. A logistics specialist for Charm City Inc. must distribute case.docx1. A logistics specialist for Charm City Inc. must distribute case.docx
1. A logistics specialist for Charm City Inc. must distribute case.docx
NarcisaBrandenburg70
 
1. (TCO 4) Major fructose sources include (Points 4)     .docx
1. (TCO 4) Major fructose sources include (Points 4)     .docx1. (TCO 4) Major fructose sources include (Points 4)     .docx
1. (TCO 4) Major fructose sources include (Points 4)     .docx
NarcisaBrandenburg70
 

More from NarcisaBrandenburg70 (20)

1. A frequently asked question is Can structured techniques and obj.docx
1. A frequently asked question is Can structured techniques and obj.docx1. A frequently asked question is Can structured techniques and obj.docx
1. A frequently asked question is Can structured techniques and obj.docx
 
1. Which of the following BEST describes the primary goal of a re.docx
1. Which of the following BEST describes the primary goal of a re.docx1. Which of the following BEST describes the primary goal of a re.docx
1. Which of the following BEST describes the primary goal of a re.docx
 
1. Can psychological capital impact satisfaction and organizationa.docx
1. Can psychological capital impact satisfaction and organizationa.docx1. Can psychological capital impact satisfaction and organizationa.docx
1. Can psychological capital impact satisfaction and organizationa.docx
 
1. Apply principles and practices of human resource function2. Dem.docx
1. Apply principles and practices of human resource function2. Dem.docx1. Apply principles and practices of human resource function2. Dem.docx
1. Apply principles and practices of human resource function2. Dem.docx
 
1. A logistics specialist for Charm City Inc. must distribute case.docx
1. A logistics specialist for Charm City Inc. must distribute case.docx1. A logistics specialist for Charm City Inc. must distribute case.docx
1. A logistics specialist for Charm City Inc. must distribute case.docx
 
1. (TCO 4) Major fructose sources include (Points 4)     .docx
1. (TCO 4) Major fructose sources include (Points 4)     .docx1. (TCO 4) Major fructose sources include (Points 4)     .docx
1. (TCO 4) Major fructose sources include (Points 4)     .docx
 
1. Which major change in western society altered the image of chi.docx
1. Which major change in western society altered the image of chi.docx1. Which major change in western society altered the image of chi.docx
1. Which major change in western society altered the image of chi.docx
 
1. Briefly explain the meaning of political power and administrative.docx
1. Briefly explain the meaning of political power and administrative.docx1. Briefly explain the meaning of political power and administrative.docx
1. Briefly explain the meaning of political power and administrative.docx
 
1. Assume that you are assigned to conduct a program audit of a gran.docx
1. Assume that you are assigned to conduct a program audit of a gran.docx1. Assume that you are assigned to conduct a program audit of a gran.docx
1. Assume that you are assigned to conduct a program audit of a gran.docx
 
1. Which of the following is most likely considered a competent p.docx
1. Which of the following is most likely considered a competent p.docx1. Which of the following is most likely considered a competent p.docx
1. Which of the following is most likely considered a competent p.docx
 
1. The most notable philosophies influencing America’s founding w.docx
1. The most notable philosophies influencing America’s founding w.docx1. The most notable philosophies influencing America’s founding w.docx
1. The most notable philosophies influencing America’s founding w.docx
 
1. The disadvantages of an automated equipment operating system i.docx
1. The disadvantages of an automated equipment operating system i.docx1. The disadvantages of an automated equipment operating system i.docx
1. The disadvantages of an automated equipment operating system i.docx
 
1. Which one of the following occupations has the smallest percen.docx
1. Which one of the following occupations has the smallest percen.docx1. Which one of the following occupations has the smallest percen.docx
1. Which one of the following occupations has the smallest percen.docx
 
1. Unless otherwise specified, contracts between an exporter and .docx
1. Unless otherwise specified, contracts between an exporter and .docx1. Unless otherwise specified, contracts between an exporter and .docx
1. Unless otherwise specified, contracts between an exporter and .docx
 
1. Which Excel data analysis tool returns the p-value for the F-t.docx
1. Which Excel data analysis tool returns the p-value for the F-t.docx1. Which Excel data analysis tool returns the p-value for the F-t.docx
1. Which Excel data analysis tool returns the p-value for the F-t.docx
 
1. The common currency of most of the countries of the European U.docx
1. The common currency of most of the countries of the European U.docx1. The common currency of most of the countries of the European U.docx
1. The common currency of most of the countries of the European U.docx
 
1. Expected value” in decision analysis is synonymous with most.docx
1. Expected value” in decision analysis is synonymous with most.docx1. Expected value” in decision analysis is synonymous with most.docx
1. Expected value” in decision analysis is synonymous with most.docx
 
1. Anna gathers leaves that have fallen from a neighbor’s tree on.docx
1. Anna gathers leaves that have fallen from a neighbor’s tree on.docx1. Anna gathers leaves that have fallen from a neighbor’s tree on.docx
1. Anna gathers leaves that have fallen from a neighbor’s tree on.docx
 
1. One of the benefits of a railroad merger is (Points 1)     .docx
1. One of the benefits of a railroad merger is (Points 1)     .docx1. One of the benefits of a railroad merger is (Points 1)     .docx
1. One of the benefits of a railroad merger is (Points 1)     .docx
 
1. President Woodrow Wilson played a key role in directing the na.docx
1. President Woodrow Wilson played a key role in directing the na.docx1. President Woodrow Wilson played a key role in directing the na.docx
1. President Woodrow Wilson played a key role in directing the na.docx
 

Recently uploaded

Recently uploaded (20)

Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
 
This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.
 
Plant propagation: Sexual and Asexual propapagation.pptx
Plant propagation: Sexual and Asexual propapagation.pptxPlant propagation: Sexual and Asexual propapagation.pptx
Plant propagation: Sexual and Asexual propapagation.pptx
 
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptxExploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
 
ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.
 
Food safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdfFood safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdf
 
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
 
REMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptxREMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptx
 
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdf
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdfUnit 3 Emotional Intelligence and Spiritual Intelligence.pdf
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdf
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)
 
Google Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptxGoogle Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptx
 
Fostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the ClassroomFostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the Classroom
 
Understanding Accommodations and Modifications
Understanding Accommodations and ModificationsUnderstanding Accommodations and Modifications
Understanding Accommodations and Modifications
 
Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...
Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...
Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...
 
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxHMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
 
How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17
 
FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024
 
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
 
How to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POSHow to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POS
 

School of Computer & Information SciencesITS 835Chapte

  • 1. School of Computer & Information Sciences ITS 835 Chapter 9, “Lessons from the Academy: ERM Implementation in the University Setting” This is a narrated presentation. Overview • Institutional Background • Emergence of ERM in Higher Education • Leadership from the Top – Create a Culture-Specific ERM Program – Scope of the Risk Framework – Organizational Structure – Philosophy of the Program • Evolution of ERM at UW – Compliance, Operation, and Finance Council (COFi) – Adopting and Adapting the COSO Model
  • 2. • Outcomes and Lessons Learned • Conclusion Institutional Background • Colleges and universities have often perceived themselves as substantially different and separate from other for-profit and not-for-profit entities, and the outside world has historically viewed and treated then as such. • Higher education was largely a self-created, self-perpetuating, insular, isolated, and self-regulating environment. In this culture, higher education institutions are generally governed under the traditional, independent, “silos of power and silence” management model, which the right hand in one administrative area or unit often unaware of the left hand’s mission, objectives, programs, practices, and contributions in other areas. • Organizational structures in higher education differ in many ways from other organizations. The differences are attributed to dualistic decision-making structures, lack of metrics to measure progress
  • 3. and assess accountability, and the lack of clarity and agreement within the academic organization on institutional goals. Thereby making processes, structures, and systems for accountability commonly used in business firms are not sensible for universities. Emergence of ERM in Higher Education Educational institutional “have been slower to look at ERM as an integrated business tool, as a way to help all the stakeholders – trustees, presidents, provosts, CFOs, department heads, and frontline supervisors – identify early warning signs of something that could jeopardize a school’s operations or reputation” In the United States, engaging in risk management efforts and programs for IHEs is not specifically required by accrediting agencies or the federal government Board of Directors
  • 4. •Accreditation •Conflict of Interest •Succession planning Business Affairs •Bonds •Cash management •Endowment Campus Safety •Emergency alert •Incident response •Infectious disease Information Technology •Cyber Liability •Electronic records •Privacy Academic Affairs •Academic freedom •Grade tampering
  • 5. •Grants Student Affairs •Emergency alert •Incident response •Infectious disease Human Resources •Affirmative Action •Grievance •Labor Law Physical Plant •Fire •Renovations •Infrastructure Damage Other •Alumni •Athletics •External Relations
  • 6. Leadership from the Top • The role of the Strategic Risk Initiative Review Committee (SRIRC) is to continue investigating best practices in university risk management and make recommendations about a structure and framework for compliance that would fit the institutions culture. • The SRIRC asked questions such as, Does this proposal add value? What obstacles are apparent and how can they be addressed? How could this propose be improved? • Prior to formal implementation of the ERM program, resources were also dedicated to create an infrastructure to sustain the recommended model. • Prior to the implementation, some key decisions would need to be made: Would the scope of the program be institution-wide or targeted at the school, college, or unit level? Would it include all risks (compliance, finance, operations, and stratgey) or be on the continuum,” a model that integrates risks into the organizational strategic discussion. Create a Culture-Specific ERM Program
  • 7. • UW adopted an integrated approach to managing risks and compliance, commonly called enterprise risk management (ERM).” It acknowledged that the proposed changed were not intended to “replace what already works across the university,” but rather to “argument the existing organization with thoughtful direction, collaboration, and communication on strategic risks.” • Defined key terms and made recommendations based on three basic parameters: scope of the framework, organizational structure for the framework, and philosophy of the program. Scope of the Risk Framework • Centralized Compliance Management approach. The model encompasses all risks, would focus primarily on legal and regulatory compliance. • “Collaborative, institution-wide risk management model, that “ensures that UW creates an excellent compliance model based on best practices, while protecting its decentralized, collaborative, and entrepreneurial culture.” Organizational Structure
  • 8. • UW’s current approach to risk management, noting it had moved beyond the insurance approach, “which is usually reactive and ad hoc,” but also observing that responsibility for specific risks was currently distributed amongst the institutions organizational silos. • Highlighted the weaknesses of the current approach, including the fact that “due to the size, decentralization, and complexity of the institution, a proliferating of compliance, audit, and risk management activities has grown up around separate and distinct risk areas, each largely operating in a self- defined stovepipe.” Philosophy of the Program • Institutional profile report outlined three guiding principles to shape the evolution of compliance and risk management at UW. • Foster an institution-wide perspective • Ensure that regulatory management is consistent with best practices • Protect decentralized, collaborative entrepreneurial culture
  • 9. Evolution of ERM at UW • Although many operational units, committees, and administrative bodies handled the risks faced in their own environment well, there is little cross-functional sharing of information. The opportunity aspect of risk is therefore not fully utilized by the University and risk mitigation priorities are not consistently driven by the institutions strategic objectives. • ERM at UW were formative and focused on: • Developing a common language around risk • Conducting individual risk assessments • Focusing discussion and mitigation on financial challenges • Drafting an initial compendium of enterprise-wise success metrics Compliance, Operation, and Finance Council (COFi) • The COFi Council has oversight of risk assessments at the division or functional level. It provides approval of
  • 10. methods to monitor risks and identifies topics for outreach, particularly items that have university-wide potential impact or that involve cross-departmental or divisions silos. The six primary goal of the COFi Council are to: • Engage in continual, cross-functional process that results in effective prioritization of institutional responses to compliance, financial, and operational risks, and consider the impact to strategic and reputational risks. • Ensure that the institutional perspective is always present in risk and compliance management discussions. • Identify strategies to address emerging risks and compliance management issues. • Support risk and compliance management training and outreach efforts throughout the university. • Provide external auditors and regulators with information about the university’s risk and compliance programs. • Avoid the creation of additional bureaucracy by minimizing redundancy and maximizing resources.
  • 11. Adopting and Adapting the COSO Model • UW had define ERM according to its interpretation of the Committee of Sponsoring Organizations (COSO) model, which describes ERM as “a process, effected by entity’s board of directors, management, and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives” • COSO model is an eight-step process 1. Leadership, culture, and values 2. Strategic goals 3. Risk identification 4. Risk assessment 5. Response 6. Controls 7. Information and communication 8. Monitoring and measuring
  • 12. Outcomes and Lessons Learned • The value of ERM is both quantitative (e.g. risk and opportunity maps) and qualitative (e.g. dashboard to contextualize and display metrics). Each iteration of the ERM process results in new capabilities, and insight gained into managing financial risks and strategic opportunities • Key lessons learned • Clarify the roles of various risk committees • Develop a work plan for the committee • Develop engaging agenda, focused at the appropriate level • Don’t overemphasize lowest common denominator risks • Gather data/information to develop expertise on specific risks • Avoid discussing low-level, narrow risks • Don’t get into the weeds with implementation and process Conclusion