Strategy to Implement Enterprise Risk Management Programs at Colleges and Universities By Betty J. Simkins, PhD, and Keri Dawson
“Colleges and universities have traditionally perceived themselves as substantially different and separate from other for-profit and not-for-profit entities, and the “outside world” has historically viewed and treated them as such. Today’s risk managers know all too well what others in higher education administration are coming to realize: in addition to an increased focus on, and accountability for, student safety and welfare, colleges and universities face many of the same pressures and exposures to risk as those in the corporate world.” …. Anne E. Lundquist (2011)1
E
ven though colleges and universities have been traditionally perceived as different from other commercial entities, the fact remains that the risks they face are very similar to those in the corporate world.
Most universities, like corporate organizations, have implemented risk management initiatives in a decentralized manner. The various internal units function independently and are not always coordinated in their approach to address risk issues. This lack of a cohesive Enterprise Risk Management (ERM) program could hinder business performance.2
To help avoid such a scenario, this article explores how universities, like corporate organizations, can build a more integrated and effective ERM program that drives value for stakeholders, reduces the cost of risk and helps achieve strategic objectives. It draws lessons from corporate organizations to demonstrate the benefits of a university-wide risk management program, best practices in building such a program and the role of technology in doing so.
ABOUT THE AUTHORS
Betty Simkins, PhD, Williams Companies Professor of Business and Professor of Finance, Oklahoma State University. Dr. Simkins conducts research, teaches and consults in the areas of enterprise risk management, risk management and energy finance. Keri Dawson, VP Industry Solutions and Advisory Services, MetricStream. Ms. Dawson leads the integration and continued growth of MetricStream’s cloud-based content and consulting services.
THE IMPORTANCE OF A UNIVERSITY-WIDE RISK MANAGEMENT PROGRAM Let’s take a quick look at the corporate world. Today, most organizations are bound to have a risk governance program in place to ensure that they are compliant with regulatory requirements and to protect the interests of stakeholders. However, the recent financial crisis has led to greater governmental concern, monitoring and regulation around managing risk in corporations. The need for improved risk management has never been greater. In fact organizations with better risk management strategies are known to have better value. The hallmark of an effective risk management strategy is the ability to take a holistic view of risks across the enterprise and link it with corporate governance. That’s where ERM becomes important – it helps organizations achieve top-level oversight into risks across the enterprise and leverage this risk intelligence in strategic decision-making, as discussed by Fraser and Simkins (2010).3 Despite this advantage, ERM was not always a top organizational priority. The traditional approach to managing risks was more fragmented. Most units in an organization looked at risks in silos. Their focus was narrow and mainly on insurable risks like market risk or credit risk. 14 COLLEGE & UNIVERSITY AUDITOR