Five lines of assurance a new paradigm in internal audit & ermDr. Zar Rdj
• Boards are provided with a tangible vehicle to demonstrate they are actively overseeing the company’s “risk appetite framework” (“RAF”)
• The process is designed to fully integrate with strategic planning, new product/service initiatives, and M&A activities.
• The process provides a clear response to emerging expectations like the UK Governance Code, Canadian Securities Administrators, SEC, FSB, credit agencies, institutional investors and TSB.
• The main role of internal audit is to report on the effectiveness of the risk management processes and the consolidated report on residual risk status the board receives from the CEO or his/her designate and to help the company build and maintain robust risk management processes
• Boards are provided with a tangible vehicle to demonstrate they are actively overseeing the company’s “risk appetite framework” (“RAF”)
• The process is designed to fully integrate with strategic planning, new product/service initiatives, and M&A activities.
• The process provides a clear response to emerging expectations like the UK Governance Code, Canadian Securities Administrators, SEC, FSB, credit agencies, institutional investors and TSB.
• The main role of internal audit is to report on the effectiveness of the risk management processes and the consolidated report on residual risk status the board receives from the CEO or his/her designate and to help the company build and maintain robust risk management processes.
Татьяна Будишевская
Старший менеджер Deloitte
Современная методика оценки культуры управления рисками в организации
Практические инструменты внедрения риск-культуры
Five lines of assurance a new paradigm in internal audit & ermDr. Zar Rdj
• Boards are provided with a tangible vehicle to demonstrate they are actively overseeing the company’s “risk appetite framework” (“RAF”)
• The process is designed to fully integrate with strategic planning, new product/service initiatives, and M&A activities.
• The process provides a clear response to emerging expectations like the UK Governance Code, Canadian Securities Administrators, SEC, FSB, credit agencies, institutional investors and TSB.
• The main role of internal audit is to report on the effectiveness of the risk management processes and the consolidated report on residual risk status the board receives from the CEO or his/her designate and to help the company build and maintain robust risk management processes
• Boards are provided with a tangible vehicle to demonstrate they are actively overseeing the company’s “risk appetite framework” (“RAF”)
• The process is designed to fully integrate with strategic planning, new product/service initiatives, and M&A activities.
• The process provides a clear response to emerging expectations like the UK Governance Code, Canadian Securities Administrators, SEC, FSB, credit agencies, institutional investors and TSB.
• The main role of internal audit is to report on the effectiveness of the risk management processes and the consolidated report on residual risk status the board receives from the CEO or his/her designate and to help the company build and maintain robust risk management processes.
Татьяна Будишевская
Старший менеджер Deloitte
Современная методика оценки культуры управления рисками в организации
Практические инструменты внедрения риск-культуры
Julia Graham
Technical Director and Deputy CEO, Airmic
Immediate Past President and Board Member, FERMA
The Fourth Revolution Managing risk in a changing world Are you a tenant or an owner?
5th April 2016
Moscow
Failure deriving from underestimating risk managementPECB
What is risk? Why are organizations concerned with it?
Whether it is driving, taking a shower or just going at the grocery store, everyone exposes themselves to risk. Organizations face internal and external risks that endanger the possibility of achieving their goals and objectives. As the world becomes more unpredictable, the concept of risk has turned into a major concern to professionals of different industries. According to ISO 31000, risk is the effect of uncertainty on objectives. In addition, risk management is the process of identifying, analyzing, and prioritizing risks. The goal of risk management is to manage risks before they affect the organization.
This is the first Code of ethics that FERMA has produced. The aim is to provide a sound basis for a code that can be expanded and updated over the coming years.
The ethics team showed a clear consensus. They agreed that the FERMA Code of ethics should be brief, easy to read, and easy to understand .
FERMA believes that working ethically means respecting certain criteria which impact on the professional behaviour of all workers. The following four principles should shape and inform the professional behaviour and attitude of a risk manager, and should govern the way they perform their work.
When setting the risk appetite, does your firm:
1.Balance the risks with the mitigation costs
2.Balance the risks with the mitigation costs AND the client focus
3.None of the above
Helping to Frame the Board’s Risk Conversation - A Profession in Transformation
by AIRMIC John Hurrell and Julia Graham
This session presented on October 04, 2016 during the FERMA European Risk Seminar in Malta, set out some of the issues involved for risk managers making this professional journey and offer practical ideas and suggestions on how risk managers can seize these professional opportunities.
Reinforcing FERMA’s vision of “a world where risk management is embedded in the business model and culture of organisations”, this session will focus on how risk management can be embedded in the business model of the organisation and the importance of risk culture and the profiling of risk culture as part of this process.
The session introduced models, tools and techniques designed for the risk manager developed in partnership with colleagues from other professions and in consultation with those who have a seat at the boardroom table.
Risk Reimagined! Series- The Importance of People and Culture to Effective Ri...Resolver Inc.
Copyright notice: The following slides are intended for professional use within an organization for discussion purposes only. Any other uses or modifications are strictly prohibited.
Any organization is an assembly of people: people who take risk as they manage and direct the enterprise; people who decide how much risk is acceptable or even desirable; and provide oversight of the management of risk across the extended enterprise.
Organizational culture has been the topic of study for many years.
• “Culture is how organizations ‘do things’.” — Robbie Katanga
• “Organizational culture is the sum of values and rituals which serve as ‘glue’ to integrate the members of the organization.” — Richard Perrin
Richard Anderson and Norman Marks share their views on this complex subject. They cover:
• What is the difference between the “risk” culture and the “organizational” culture? How can it be analysed?
• Who takes risk, and who should be responsible for deciding how much risk to take?
• Is there such a thing as a single risk level?
• Why do so many of us take different views of exactly the same risks? How does an organization decide which view is “right”?
• Is one person’s risk another’s opportunity?
• What about when the actions of one impact the success of another?
One of our goals is to provide you the tools required to succeed in your chosen field. To do so, we will help you tailor your program to a specific specialization that fits your needs. Whether you are interested in building on previous experience or contemplating a career change, the Flores MBA Program provides traditional and cutting-edge specializations to meet your career goals. The course offerings are continuously reviewed to meet the changing demands of the marketplace.
Most organizations have multiple project going on concurrently. They need a framework that allows them to evaluate (and mitigate) project risk in a way that reflects the potential business impact of this portfolio of projects.
C-Suite’s Guide to Enterprise Risk Management and Emerging RisksAronson LLC
Significant opportunities remain for organizations to continue to strengthen their approaches to identifying and assessing key risks. This program will provide an overview of Enterprise Risk Management (ERM) best practices and current emerging risks that should be on your radar for 2018.
Watch the complete webinar here: https://aronsonllc.com/c-suites-guide-to-enterprise-risk-management-and-emerging-risks/?sf_data=all&_sft_insight-type=on-demand-webinar
Enterprise risk management has become a vital component to cyber security, logistics management, asset management and supply chain management. As organizations continue to rely on data to drive workforce automation, Industrial IoT and process automation, it is becoming necessary to analyze data to discover risk before it occurs and implement effective remediation practices and processes. Seminar participants will collaborate and explore the emerging new use cases for enterprise risk management that addresses the need to better understand how to leverage critical data to predict and understand how data analytics can support risk management and mitigation in an increasingly data-dependent workforce environment.
During this seminar, participants will:
a. Explore new innovations in enterprise risk management that will provide new career opportunities for STEM professionals
b. Examine the skills and experiences necessary to take advantage of risk management career opportunities
c. Discern the applicable areas for enterprise risk management
d. Determine the importance of addressing enterprise risk management in all digital transformation initiatives
e. Identify the market growth and consulting opportunities in enterprise risk management
The new guidance is based on IRM’s professional standards and is aimed at organisations of all types seeking to recruit a Chief Risk Officer (CRO), perhaps their first, or to make other senior risk appointments.
Enterprise Risk Management (ERM) and the Indian Higher Education System.
According to the IRM’s Risk Management Standard, ERM is a central part of any organisation’s strategy.
It is the process whereby organisations methodically address the risks attached to their activities with the
goal of achieving sustained benefit within each activity and across their portfolio. Furthermore, it should be
a continuous and developing process that runs throughout the organisation’s strategy with the capability to
address all risks surrounding activities past, present and in particular, future.
https://www.theirmindia.org/
https://www.theirmindia.org/globalqualifications/ermevolution
12/4/2019 SafeAssign Originality Report
https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReportPrint?course_id=_111857_1&paperId=2392353571&&atte… 1/8
3134.202010 - FALL 2019 - ENTERPRISE RISK MANAGEMENT (ITS-835-15) - SECOND BI-TERM
Reflection Paper
MADHUKAR SAMALA
on Thu, Nov 28 2019, 1:25 AM
66% highest match
Submission ID: c1d76132-6f80-406e-ba44-61e3a7fec4c2
Attachments (1)
Madhukar Samala ERM Reflection Paper.docx
Running Head: REFLECTION PAPER 1
REFLECTION PAPER 4
Knowledge in ERM
Student Name: Madhukar
Student ID: 003011136
Course ID: ITS 835 - 15
Date: 1 28/11/2019
2 UPON COMPLETION OF THIS COURSE I HAVE LEARNED THAT ERM DATA
FRAMEWORK OFFER GROUNDS PARTNERS AT NUMEROUS DIMENSIONS
THE BASIC DATA THEY NEED WHEN SETTLING ON COMPELLING AND
OPPORTUNE BUSINESS CHOICES. IT CAN CHARACTERIZE, FEATURE, AND
FORESEE RISKS AND PATTERNS, ENABLING SUPERVISORS TO INTERCEDE
BEFORE ISSUES EMERGE (SIMKINS & NARVAEZ, 2016). 1 ERM SEEKS TO
(http://safeassign.blackboard.com/)
Madhukar Samala ERM Reflection Paper.docx
Word Count: 640
Attachment ID: 2392353571
66%
http://safeassign.blackboard.com/
12/4/2019 SafeAssign Originality Report
https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReportPrint?course_id=_111857_1&paperId=2392353571&&atte… 2/8
LOOK AT RISK IN A LARGER CONTEXT, AND MITIGATE THOSE RISKS THAT
WILL HAVE AN IMPACT ON THE ENTERPRISE. IT GOES OUT ON A LIMB
COMPONENTS FROM EACH ASPECT OF THE BUSINESS, AND LOOKS FOR
APPROACHES TO ALLEVIATE THE DANGERS ON A VENTURE LEVEL.
IT INCLUDES RISK IDENTIFICATION, OR WHAT AND WHERE MY THREATS
ARE? IT INCLUDES RISK ASSESSMENT, OR HOW TERRIBLE ARE THESE
THREATS? IT INCLUDES RISK REVIEW, OR HOW, AS A GROUP WILL WE
SURVEY AND RANK THESE THREATS. IT INVOLVES RISK MITIGATION, OR
BY WHAT METHOD WILL WE MAKE RESTORATIVE MOVE TO MODERATE
THE DANGER OF REPLICATION? AND AT THAT POINT, RISK REPORTING TO
DECIDE HOW WE'VE DIMINISHED THE THREAT WITHIN THE
ORGANIZATION.
I have learned that organizational culture assumes a basic role in the implementation and
adoption of ERM in a profit environment, for example, how significant activities are
actualized, how rapidly the association can respond to market changes, and whether the
association can effectively explore significant changes in the business condition (Lam, 2017).
1 AS ORGANIZATIONS EXPAND AND BECOME PROGRESSIVELY WIDE AND
SOPHISTICATED, EXCLUSIVE TOOLS, DOCUMENTATION, AND PROFICIENT,
COMPREHENSIVE RISK MANAGEMENT PROCEDURES AND PRACTICES
BECOME INCREASINGLY SIGNIFICANT, AND A COMPELLING ERM
IMPLEMENTATION CAN ORGANIZE AND PROVIDE IMPORTANT
INFORMATION TO TOP MANAGEMENT.
Before allocating any resources into ERP, it's essential that management see every one of the
intricate details of their own organizations. Knowing how the venture functions helps
management see where ERP can enhance performance, and work to make the organization
increasingly effective. ...
Julia Graham
Technical Director and Deputy CEO, Airmic
Immediate Past President and Board Member, FERMA
The Fourth Revolution Managing risk in a changing world Are you a tenant or an owner?
5th April 2016
Moscow
Failure deriving from underestimating risk managementPECB
What is risk? Why are organizations concerned with it?
Whether it is driving, taking a shower or just going at the grocery store, everyone exposes themselves to risk. Organizations face internal and external risks that endanger the possibility of achieving their goals and objectives. As the world becomes more unpredictable, the concept of risk has turned into a major concern to professionals of different industries. According to ISO 31000, risk is the effect of uncertainty on objectives. In addition, risk management is the process of identifying, analyzing, and prioritizing risks. The goal of risk management is to manage risks before they affect the organization.
This is the first Code of ethics that FERMA has produced. The aim is to provide a sound basis for a code that can be expanded and updated over the coming years.
The ethics team showed a clear consensus. They agreed that the FERMA Code of ethics should be brief, easy to read, and easy to understand .
FERMA believes that working ethically means respecting certain criteria which impact on the professional behaviour of all workers. The following four principles should shape and inform the professional behaviour and attitude of a risk manager, and should govern the way they perform their work.
When setting the risk appetite, does your firm:
1.Balance the risks with the mitigation costs
2.Balance the risks with the mitigation costs AND the client focus
3.None of the above
Helping to Frame the Board’s Risk Conversation - A Profession in Transformation
by AIRMIC John Hurrell and Julia Graham
This session presented on October 04, 2016 during the FERMA European Risk Seminar in Malta, set out some of the issues involved for risk managers making this professional journey and offer practical ideas and suggestions on how risk managers can seize these professional opportunities.
Reinforcing FERMA’s vision of “a world where risk management is embedded in the business model and culture of organisations”, this session will focus on how risk management can be embedded in the business model of the organisation and the importance of risk culture and the profiling of risk culture as part of this process.
The session introduced models, tools and techniques designed for the risk manager developed in partnership with colleagues from other professions and in consultation with those who have a seat at the boardroom table.
Risk Reimagined! Series- The Importance of People and Culture to Effective Ri...Resolver Inc.
Copyright notice: The following slides are intended for professional use within an organization for discussion purposes only. Any other uses or modifications are strictly prohibited.
Any organization is an assembly of people: people who take risk as they manage and direct the enterprise; people who decide how much risk is acceptable or even desirable; and provide oversight of the management of risk across the extended enterprise.
Organizational culture has been the topic of study for many years.
• “Culture is how organizations ‘do things’.” — Robbie Katanga
• “Organizational culture is the sum of values and rituals which serve as ‘glue’ to integrate the members of the organization.” — Richard Perrin
Richard Anderson and Norman Marks share their views on this complex subject. They cover:
• What is the difference between the “risk” culture and the “organizational” culture? How can it be analysed?
• Who takes risk, and who should be responsible for deciding how much risk to take?
• Is there such a thing as a single risk level?
• Why do so many of us take different views of exactly the same risks? How does an organization decide which view is “right”?
• Is one person’s risk another’s opportunity?
• What about when the actions of one impact the success of another?
One of our goals is to provide you the tools required to succeed in your chosen field. To do so, we will help you tailor your program to a specific specialization that fits your needs. Whether you are interested in building on previous experience or contemplating a career change, the Flores MBA Program provides traditional and cutting-edge specializations to meet your career goals. The course offerings are continuously reviewed to meet the changing demands of the marketplace.
Most organizations have multiple project going on concurrently. They need a framework that allows them to evaluate (and mitigate) project risk in a way that reflects the potential business impact of this portfolio of projects.
C-Suite’s Guide to Enterprise Risk Management and Emerging RisksAronson LLC
Significant opportunities remain for organizations to continue to strengthen their approaches to identifying and assessing key risks. This program will provide an overview of Enterprise Risk Management (ERM) best practices and current emerging risks that should be on your radar for 2018.
Watch the complete webinar here: https://aronsonllc.com/c-suites-guide-to-enterprise-risk-management-and-emerging-risks/?sf_data=all&_sft_insight-type=on-demand-webinar
Enterprise risk management has become a vital component to cyber security, logistics management, asset management and supply chain management. As organizations continue to rely on data to drive workforce automation, Industrial IoT and process automation, it is becoming necessary to analyze data to discover risk before it occurs and implement effective remediation practices and processes. Seminar participants will collaborate and explore the emerging new use cases for enterprise risk management that addresses the need to better understand how to leverage critical data to predict and understand how data analytics can support risk management and mitigation in an increasingly data-dependent workforce environment.
During this seminar, participants will:
a. Explore new innovations in enterprise risk management that will provide new career opportunities for STEM professionals
b. Examine the skills and experiences necessary to take advantage of risk management career opportunities
c. Discern the applicable areas for enterprise risk management
d. Determine the importance of addressing enterprise risk management in all digital transformation initiatives
e. Identify the market growth and consulting opportunities in enterprise risk management
The new guidance is based on IRM’s professional standards and is aimed at organisations of all types seeking to recruit a Chief Risk Officer (CRO), perhaps their first, or to make other senior risk appointments.
Enterprise Risk Management (ERM) and the Indian Higher Education System.
According to the IRM’s Risk Management Standard, ERM is a central part of any organisation’s strategy.
It is the process whereby organisations methodically address the risks attached to their activities with the
goal of achieving sustained benefit within each activity and across their portfolio. Furthermore, it should be
a continuous and developing process that runs throughout the organisation’s strategy with the capability to
address all risks surrounding activities past, present and in particular, future.
https://www.theirmindia.org/
https://www.theirmindia.org/globalqualifications/ermevolution
12/4/2019 SafeAssign Originality Report
https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReportPrint?course_id=_111857_1&paperId=2392353571&&atte… 1/8
3134.202010 - FALL 2019 - ENTERPRISE RISK MANAGEMENT (ITS-835-15) - SECOND BI-TERM
Reflection Paper
MADHUKAR SAMALA
on Thu, Nov 28 2019, 1:25 AM
66% highest match
Submission ID: c1d76132-6f80-406e-ba44-61e3a7fec4c2
Attachments (1)
Madhukar Samala ERM Reflection Paper.docx
Running Head: REFLECTION PAPER 1
REFLECTION PAPER 4
Knowledge in ERM
Student Name: Madhukar
Student ID: 003011136
Course ID: ITS 835 - 15
Date: 1 28/11/2019
2 UPON COMPLETION OF THIS COURSE I HAVE LEARNED THAT ERM DATA
FRAMEWORK OFFER GROUNDS PARTNERS AT NUMEROUS DIMENSIONS
THE BASIC DATA THEY NEED WHEN SETTLING ON COMPELLING AND
OPPORTUNE BUSINESS CHOICES. IT CAN CHARACTERIZE, FEATURE, AND
FORESEE RISKS AND PATTERNS, ENABLING SUPERVISORS TO INTERCEDE
BEFORE ISSUES EMERGE (SIMKINS & NARVAEZ, 2016). 1 ERM SEEKS TO
(http://safeassign.blackboard.com/)
Madhukar Samala ERM Reflection Paper.docx
Word Count: 640
Attachment ID: 2392353571
66%
http://safeassign.blackboard.com/
12/4/2019 SafeAssign Originality Report
https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReportPrint?course_id=_111857_1&paperId=2392353571&&atte… 2/8
LOOK AT RISK IN A LARGER CONTEXT, AND MITIGATE THOSE RISKS THAT
WILL HAVE AN IMPACT ON THE ENTERPRISE. IT GOES OUT ON A LIMB
COMPONENTS FROM EACH ASPECT OF THE BUSINESS, AND LOOKS FOR
APPROACHES TO ALLEVIATE THE DANGERS ON A VENTURE LEVEL.
IT INCLUDES RISK IDENTIFICATION, OR WHAT AND WHERE MY THREATS
ARE? IT INCLUDES RISK ASSESSMENT, OR HOW TERRIBLE ARE THESE
THREATS? IT INCLUDES RISK REVIEW, OR HOW, AS A GROUP WILL WE
SURVEY AND RANK THESE THREATS. IT INVOLVES RISK MITIGATION, OR
BY WHAT METHOD WILL WE MAKE RESTORATIVE MOVE TO MODERATE
THE DANGER OF REPLICATION? AND AT THAT POINT, RISK REPORTING TO
DECIDE HOW WE'VE DIMINISHED THE THREAT WITHIN THE
ORGANIZATION.
I have learned that organizational culture assumes a basic role in the implementation and
adoption of ERM in a profit environment, for example, how significant activities are
actualized, how rapidly the association can respond to market changes, and whether the
association can effectively explore significant changes in the business condition (Lam, 2017).
1 AS ORGANIZATIONS EXPAND AND BECOME PROGRESSIVELY WIDE AND
SOPHISTICATED, EXCLUSIVE TOOLS, DOCUMENTATION, AND PROFICIENT,
COMPREHENSIVE RISK MANAGEMENT PROCEDURES AND PRACTICES
BECOME INCREASINGLY SIGNIFICANT, AND A COMPELLING ERM
IMPLEMENTATION CAN ORGANIZE AND PROVIDE IMPORTANT
INFORMATION TO TOP MANAGEMENT.
Before allocating any resources into ERP, it's essential that management see every one of the
intricate details of their own organizations. Knowing how the venture functions helps
management see where ERP can enhance performance, and work to make the organization
increasingly effective. ...
Global Enterprise Risk Management Foundation ExamThe IRM India
IRM is the leading professional body for Enterprise Risk Management (ERM). We drive excellence in managing risk to ensure organisations are ready for the opportunities and threats of the future. We do this by providing internationally recognised qualifications and training, publishing research and guidance, and setting professional standards.
Nulearn offers the best market risk courses such as courses in financial risk management, applied credit risk analytics. Learn from the best faculty of market risk courses from IIM Kashipur. Enroll with Nulearn for better career.
How to Write Assignment On Risk Management?
Table Of Contents :
What is Risk management
Principles of Risk Management
Why Do Risk Management Assignments Need Help?
Topics Of Risk Management
How we help in your assignment
Recommendation
References
What Do You Mean By Risk Management?
It entails a process of preserving, identifying, assessing the risks and ambiguity around the capital, and planning its advantages. These risks or dangers may come from a variety of sources, including as natural or unnatural calamities, legal liabilities, and poor strategic management.
Principles of Risk management
Many organizations have established risk management guidelines. Both the Project Management Body of Knowledge and the International Organization for Standardization provide risk management guidelines.
Twelve principles are outlined in the Project Management Body of Knowledge (PMBOK). Both PMBOK and ISO concepts are combined in this article. The various guidelines include:
Organizational Context: Different environmental elements have differing degrees of impact on every firm (Political, Social, Legal, and Technological, Societal etc). In contrast to another firm operating in the same sector and environment, one organization may be impervious to changes in import duties.
Stakeholder Involvement: Stakeholders should be involved in the risk management process at every decision-making stage. They must to keep informed about every choice that is made. Understanding the potential contributions that stakeholders can make at each stage is also in the organization’s best interests.
Organizational Objectives: It’s crucial to keep your organization’s objectives in mind when managing risks. The uncertainty should be specifically addressed in the risk management process. This necessitates being organised, methodical, and keeping the big picture in mind.
Reporting: Communication is crucial in risk management. It is necessary to confirm the accuracy of the information. The best information should be used to inform decisions, and there should be transparency and awareness surrounding that information.
Risk Management & Responsibilities: Risk management must be open and inclusive. Roles and Responsibilities. The human components should be considered, and it should be made sure that everyone understands their responsibilities at each level of the risk management process.
Support System: The risk management team’s value is highlighted by the support system. The team members must be tenacious, adaptable, and energetic. Every team member needs to be aware of their role at every stage of the project management lifecycle.
Why Do Risk Management Assignments Need Help?
There are several main reasons why students opt for online help with their risk management assignments.
Due to uncertainty regarding the information they are writing in their assignments, students may not finish them for a variety of reasons.
Students fall behind because they lack the necessary writing abilities. The
This presentation provides a comprehensive plan for implementing an enterprise risk management program. It covers the costs/benefits of an ERM program, the critical knowledge, skills and abilities of a Chief Risk Officer, a risk taxonomy for insurance firms, a hypothetical organizational structure for an electric utility, a sample risk register, and other useful information.
It provides a general overview of enterprise risk management principles which can help to transform corporate from risk exposure to the risk protected. Consideration for basic steps in Risk Management Process are critically and logically analysed
Presentation Makes the Case for Enterprise Risk ManagementPYA, P.C.
PYA Principal David McMillan recently co-presented “Enterprise Risk Management” at the Massachusetts Continuing Legal Education 15th Annual Hospital & Health Law Conference.
3. Administrators of private colleges and universities face a complex portfolio of risks as they seek to
provide superior education and opportunities for students and their families. Risk presents itself
across every aspect of higher education, starting with the admissions process all the way through to
graduation rates, institutional rankings, and alumni support. Colleges and universities must protect
their students along with their infrastructure and financial capital, while also providing for the
productivity, wellness, and satisfaction of their faculty and staff members.
RCM&D launched its enterprise risk management (ERM) benchmarking survey specifically to
private liberal arts colleges throughout the mid-Atlantic region in order to understand the top risk
concerns for this unique subset of higher education. The higher education industry is constantly
evolving, which especially affects the risk landscape for liberal arts colleges. The following report
provides aggregate results from respondents, including risk heat maps reflecting the survey results
that may be used as an ERM benchmark.
We greatly appreciate the time and input from our survey respondents, which in turn allowed us to
analyze the results and provide you with this extensive report. We hope that you will find the
information contained herein to be of value to you and your institution’s risk prevention efforts,
whether you are considering implementing an ERM program or already have an established process.
Foreword
Edward Hanna
Enterprise Risk Management Leader
Christina Childs
Enterprise Risk Management Consultant
4. Authors
Edward Hanna | Enterprise Risk Management Leader
ehanna@rcmd.com
Christina Childs | Enterprise Risk Management Consultant
cchilds@rcmd.com
Contributing Writers
Bethany Benedict | Risk Consultant
bbenedict@rcmd.com
Erin Lamartina | Manager, Information Technology
elamartina@rcmd.com
Matia Marks | Client Executive, Management Liability and Cyber Liability
mmarks@rcmd.com
James Shewey | Client Executive, Education
jshewey@rcmd.com
William Skene | Insurance Consultant
wskene@rcmd.com
5. 1 Executive Summary
2 Methodology
4 Results and Analysis
9 Enrollment and Education Services
11 Information Technology
18 Finance
22 Development, Alumni and Parent Relations
25 Student and College Life
31 Facilities and Infrastructure
32 Human Resources
34 Academics
36 Athletics
37 Compliance Management
39 Camps and Conferences
41 Summary
43 Appendix A: Risk Ranking
45 Appendix B: Open Comments
Table of Contents
6. RCM&D conducted a benchmarking study of 29 institutions encompassing 11 operational domains
and 56 enterprise risks from the later part of 2015 through early 2016. The study intentionally
targeted participants in a chief financial officer (CFO) or risk manager role at private liberal arts
institutions with enrollment of less than 4,000 students and located in Pennsylvania, Maryland,
Virginia, Delaware, or Washington, D.C.
Perceptions of risk can and will vary depending on the subject matter expertise of the participants.
University and college administrators and faculty will have differing opinions both within and
outside of their respective groups. For example, a trustee, CFO, provost, dean of students, or vice
president of admissions may all rank various risks differently. A successful risk mapping process
identifies the aggregate opinions, as well as instances where key institutional stakeholders agree or
disagree. These data can then be used as a starting point for strategic discussions regarding
institutional priorities to best assess, adjust, manage, control, and/or monitor enterprise risks while
considering the strategic, reputational, technology, compliance, operational, and financial aspects.
The study’s design reduced variability by targeting institutional roles that most often initiate an
ERM process and peer institutions that operate in a similar competitive and geographic space.
While the design improved the precision of the results, it does present a limitation in that other key
stakeholders are not represented, such as trustee, president, or provost. This process was designed
to provide an external benchmark while also delivering a repeatable methodology that can be
expanded to include additional members of an institution to address the need internally.
The full report provides extensive detail regarding the study results, along with additional insights
regarding their implications. RCM&D’s consultants have addressed the challenges of managing
interdependent enterprise risks with shared ownership and governance needs that senior
administrators and governing boards should consider when establishing an ERM process and the
supporting structure. Taking the operational areas as an aggregate, Education and Enrollment
Services, Information Technology, and Finance were indicated as the top operational areas
(domains) of concern.
Executive Summary
1
{A repeatable methodology can easily be expanded
to include additional key stakeholders. }
7. Enterprise Risk Management at Private Liberal Arts Colleges
2016 Benchmarking Snapshot
RCM&D launched an enterprise risk management benchmarking survey for private liberal arts
colleges in the mid-Atlantic region to identify the top risk concerns for this unique landscape.
Participants were asked to consider 56 risk areas within 11 operational domains for their
potential impact and likelihood. We developed the survey using a composite of industry experience,
in-depth research, and external resources, such as the Association of Governing Boards of
Universities and Colleges, the International Organization for Standardization 31000, and the
Committee of Sponsoring Organizations of the Treadway Commission.
Chief Financial
Officer
46%
Risk
Manager
36%
Other
Stakeholders
18%
5
4
3
2
1
The Respondents
The Top Risks
1
5
4
3
2
Tuition Dependency
Finance
Financial Goals
Finance
Data and Network Security
Information Technology
Admissions
Enrollment and Education Services
Alumni and Donor Support
Development, Alumni and
Parent Relations
6
10
9
8
7
Student Behavioral and
Mental Health Issues
Student and College Life
Cyber Liability
Information Technology
Communications Systems
Information Technology
Student Safety
Student and College Life
Financial Aid
Finance
1
5
4
3
2
Tuition Dependency
Finance
Financial Goals
Finance
Data and Network Security
Information Technology
Admissions
Enrollment and Education Services
Alumni and Donor Support
Development, Alumni and
Parent Relations
6
10
9
8
7
Student Behavioral and
Mental Health Issues
Student and College Life
Cyber Liability
Information Technology
Communications Systems
Information Technology
Student Safety
Student and College Life
Financial Aid
Finance
Private Liberal
Arts Institutions
Enrollment under 4,000
Mid-Atlantic Region:
PA, MD, VA, DC
29
To request a copy of the complete 2016 Benchmarking Report, please visit
rcmd.com/ermstudy or contact Ed Hanna at ehanna@rcmd.com or 484.581.2815.
