Presentation on theme: "Risk Management at Harvard – Panel Discussion Harvard IT Summit"— Presentation transcript:
1 Risk Management at Harvard – Panel Discussion Harvard IT Summit June 23, 2011
2 Introductions Panel Members: Presenters: Rick Mills, Executive Dean for Administration, Harvard Medical SchoolMary Ann Bradley, Associate Dean for Administrative Operations, Faculty of Arts and SciencesBen Gaucherin, Chief Information and Technology officer, Harvard Law SchoolEileen Sullivan, Controller, Harvard Business SchoolPresenters:Gail McDermott, Director, Risk Management and Audit Services Amanda McDonnell, Manager of Strategic Planning, Risk Management and Audit Services
3 Agenda Overview of risk management and risk assessment Overview of Harvard Risk Management ProgramPanel discussionOpen questions
4 Definition of "Risk""Risk is the possibility that an event will occur and adversely affect the achievement of objectives."- COSO Enterprise Risk Management – Integrated Framework"Anything that may significantly affect the operations of the school in a way that limits the ability to achieve its mission."- A member of the Harvard Faculty
5 Definition of Risk Management A PROCESS, effected by an entity’s board of directors, management and other personnel, applied in strategy-setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.
6 Risk Management – A Continuous Process VisionInfrastructureGoals, objectives and contextCultureIdentifying risksRating/prioritizing risksAction planningReportingAssess RiskMonitor Risk Indicators and EventsRespond to Risk EventsDevelop Risk Management StrategyTolerate the riskTreat the riskTransfer the riskTerminate the riskMonitoring of risks and new risk events that may influence risk response
7 The Value of Risk Management Why Risk Management? Improve the likelihood of success for strategic planning initiatives by recognizing the risk associated with opportunities and forcing discussion of mitigation techniquesPrevent high impact risks from happening at your University or reduce impact of risk and to protect the University ReputationEnable the University to make timely and informed decisionsSupport Corporation responsibilitiesEstablish a culture of transparency and accountability through the explicit discussion of risks and mitigation practices and bring management team to consensus on risk managementPrioritize the allocation of resources to the most significant risks and effectively manage costs and eliminate redundancies.
8 Risk management at Harvard Risk Management in 2008Pockets of risk management activity across the UniversityRisk Management and Audit Services performs University- wide risk assessmentRisk Management Committee in placeLimited executive sponsorshipChanges since 2009 – 2010New Executive Vice President (EVP) joins HarvardEVP Champions ERMInternal socialization of ERMDeveloped new ERM structureApproval by JCI (Audit Committee)
9 Systemically build and improve enterprise risk management capabilities Harvard University - Enterprise risk management Capabilities Maturity ModelAd-HocCapabilities characteristics of individualsInitialProcess Established in parts of the organizationFormalizedFormal Consistent processes in each departmentOptimizedOrganization focused on ERM as source of competitive advantageEmbeddedIntegrated processes are embedded in the business planningSystemically build and improve enterprise risk management capabilitiesHarvard in FY2008 Harvard today Harvard planned for FY2013
10 ERM Strategy and ValueStrategy: Provide an integrated, holistic approach to managing risk across the University – one that creates accountability and defines a process for identifying and mitigating risk. Implementing the approach should be an elastic process, flexing and expanding as prescribed by the needs of stakeholders.ValueEstablishes a culture of transparency and accountability through the explicit discussion of risks and mitigation practicesImproves the likelihood of success for strategic planning initiatives by recognizing the risk associated with opportunities and forcing discussion of mitigation techniquesCoordination and transparency assists in allocating resources to the most significant risks and may eliminate redundanciesAggregation of risks at the University level allows for timely and informed decision makingRisk awareness should be embedded in all layers of the organization
11 Harvard University - Risk Management Structure University Risk Management Council (URMC) establishedCo chaired by EVP and ProvostReports out to President and Audit Committee on risk management program resultsMonitors the program and evaluates risk mitigation strategiesCentral Administration Risk Management Committee createdRisk Assessment and prioritization for centrally managed functions for report out to URMCEach School creates a risk management committee – recommended co-chairs are Administrative Dean and Academic DeanComplete risk assessment and prioritize issues identifiedSubmit risk management report to the URMC in Summer, 2011Begin to develop a risk mitigation plan and approach for monitoring for the top 3-5 risks
12 Responsibility for Risk Management Everyone is a Risk Manager