Putting the “Enterprise” in Enterprise Risk Management By Cheryl Lloyd, Carrie Frandsen, MBA, ARM, Emily Breed, Kimberly A. Newman and Erin Ann Thomas
W
Risk management at UC used to be highly decentralized and traditional. In 2004, UC’s Office of the President (UCOP) realized that risk management needed to be more strategic and have a systemwide orientation. This was a shift in attitude and orientation, not in the authority wielded by UCOP, as each campus has significant autonomy when making strategic and operational decisions. “Our role is to support the campuses in their risk management activities,” says Carrie Frandsen, systemwide program manager for Enterprise Risk Management (ERM). “We can’t tell them what to do; we have to persuade them that we have good ideas that will provide value to them.”
ABOUT THE AUTHORS
Cheryl Lloyd (left) is the Chief Risk Officer for the University of California, Office of the President, and oversees the University’s extensive ERM program and Working Smarter initiatives. Major focuses include reducing the cost of risk, improving claims management, and overseeing business continuity planning. Before serving as CRO, Cheryl served as the Director of Liability and Property Programs. She has also worked at Chubb Insurance and Core-Mark International. Carrie Frandsen, MBA, ARM, (right) has five years’ experience managing higher education ERM programs. She is the ERM Program Manager with UCOP’s Office of Risk Services. Prior to joining UCOP, Carrie was the Manager, Enterprise Risk Services with UC Santa Barbara, having responsibility for the ERM, Emergency Management, and Continuity Planning programs. ACUA Summer 2014, Vol. 56, No. 2
The UC System began an ERM initiative as a natural progression after adopting the COSO (Committee of Sponsoring Organizations of the Treadway Commission) Internal Control – Integrated Framework in 1995 and learning of COSO’s publication of the Enterprise Risk Management – Integrated Framework in 2004. The COSO frameworks, as opposed to more traditional views of internal controls and enterprise risk management, are particularly suited to a university setting due to their broad view of the organization: everyone has a role, starting with the Board of Regents and the Audit Committee. This broad organizational view focuses first on the environment and the messages sent by the organization leaders, referred to as the tone at the top.
Enterprise Risk Management
ith more than 190,000 employees, 33,000 lines of business, 10 campuses, 5 medical centers, 3 national laboratories, and oversight for the statewide 4-H program, the University of California (UC) has to be enterprising and resourceful in how it manages risk.
This top-down energy has resulted in the implementation of more than 30 tools and systems, 46 dashboard reports, and over $196 million of savings from ERM initiatives in just three years. The latter results allowed for redirection of administrative costs to investments in the University’s core missions of teaching, research, patient care and public service. In keeping with our shared governance model, UC Risk Services provides infrastructure to increase efficiency, enhance performance and reduce cost of risk throughout the system, but ultimately the management of campus and medical-level risks depends on each location’s on-site risk management engagement at every level. This is why the slogan of our systemwide ERM program is “Everyone is a Risk Manager.” Equipped with the tools to succeed, we are working to support user adoption of new Available resources span risk management systems, processes and behaviors in order to levels of technological reach the peak of administrative excellence. literacy from Excel risk assessment tools PROVIDING ACCESS We created the My Managed Risk (MMR) Portal as a central entry to complex planning, point, providing individuals access to UC’s sophisticated suite of budgeting and forecasting risk management tools from one location through a single sign-on. Each portal user’s view is customized to allow access only to the tools. user’s authorized ERM applications. Available resources span levels of technological literacy from Excel risk assessment tools to complex planning, budgeting and forecasting tools. Our ERM Service Desk, located at UC Davis, provides support for our entire suite of online tools, 22 COLLEGE & UNIVERSITY AUDITOR