Presentation on theme: "RISK MANAGEMENT AT HARVARD – PANEL DISCUSSION HARVARD IT SUMMIT June 23, 2011."— Presentation transcript:
RISK MANAGEMENT AT HARVARD – PANEL DISCUSSION HARVARD IT SUMMIT June 23, 2011
Introductions Panel Members: Rick Mills, Executive Dean for Administration, Harvard Medical School Mary Ann Bradley, Associate Dean for Administrative Operations, Faculty of Arts and Sciences Ben Gaucherin, Chief Information and Technology officer, Harvard Law School Eileen Sullivan, Controller, Harvard Business School Presenters: Gail McDermott, Director, Risk Management and Audit Services Amanda McDonnell, Manager of Strategic Planning, Risk Management and Audit Services
Agenda Overview of risk management and risk assessment Overview of Harvard Risk Management Program Panel discussion Open questions
Definition of "Risk" "Anything that may significantly affect the operations of the school in a way that limits the ability to achieve its mission." - A member of the Harvard Faculty "Risk is the possibility that an event will occur and adversely affect the achievement of objectives." - COSO Enterprise Risk Management – Integrated Framework
Definition of Risk Management A PROCESS, effected by an entitys board of directors, management and other personnel, applied in strategy- setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.
Risk Management – A Continuous Process Assess Risk Monitor Risk Indicators and Events Respond to Risk Events Develop Risk Management Strategy Vision Infrastructure Goals, objectives and context Culture Identifying risks Rating/prioritizing risks Action planning Reporting Monitoring of risks and new risk events that may influence risk response Tolerate the risk Treat the risk Transfer the risk Terminate the risk
The Value of Risk Management Why Risk Management? Improve the likelihood of success for strategic planning initiatives by recognizing the risk associated with opportunities and forcing discussion of mitigation techniques Prevent high impact risks from happening at your University or reduce impact of risk and to protect the University Reputation Enable the University to make timely and informed decisions Support Corporation responsibilities Establish a culture of transparency and accountability through the explicit discussion of risks and mitigation practices and bring management team to consensus on risk management Prioritize the allocation of resources to the most significant risks and effectively manage costs and eliminate redundancies.
Risk management at Harvard Risk Management in 2008 Pockets of risk management activity across the University Risk Management and Audit Services performs University- wide risk assessment Risk Management Committee in place Limited executive sponsorship Changes since 2009 – 2010 New Executive Vice President (EVP) joins Harvard EVP Champions ERM Internal socialization of ERM Developed new ERM structure Approval by JCI (Audit Committee)
Harvard University - Enterprise risk management Capabilities Maturity Model Ad-Hoc Capabilities characteristics of individuals Initial Process Established in parts of the organization Formalized Formal Consistent processes in each department Optimized Organization focused on ERM as source of competitive advantage Embedded Integrated processes are embedded in the business planning Systemically build and improve enterprise risk management capabilities Harvard in FY2008 Harvard today Harvard planned for FY2013
ERM Strategy and Value Strategy: Provide an integrated, holistic approach to managing risk across the University – one that creates accountability and defines a process for identifying and mitigating risk. Implementing the approach should be an elastic process, flexing and expanding as prescribed by the needs of stakeholders. Value Establishes a culture of transparency and accountability through the explicit discussion of risks and mitigation practices Improves the likelihood of success for strategic planning initiatives by recognizing the risk associated with opportunities and forcing discussion of mitigation techniques Coordination and transparency assists in allocating resources to the most significant risks and may eliminate redundancies Aggregation of risks at the University level allows for timely and informed decision making Risk awareness should be embedded in all layers of the organization
Harvard University - Risk Management Structure University Risk Management Council (URMC) established Co chaired by EVP and Provost Reports out to President and Audit Committee on risk management program results Monitors the program and evaluates risk mitigation strategies Central Administration Risk Management Committee created Risk Assessment and prioritization for centrally managed functions for report out to URMC Each School creates a risk management committee – recommended co- chairs are Administrative Dean and Academic Dean Complete risk assessment and prioritize issues identified Submit risk management report to the URMC in Summer, 2011 Begin to develop a risk mitigation plan and approach for monitoring for the top 3-5 risks
Responsibility for Risk Management Everyone is a Risk Manager