Presentation is loading. Please wait.

Presentation is loading. Please wait.

Building a Better Business Model Start with a discussion of Risk Higher Education Policy Commission Board of Governors Summit August 2, 2014.

Published byReynard Clifton Golden Modified over 9 years ago

Similar presentations

Presentation on theme: "Building a Better Business Model Start with a discussion of Risk Higher Education Policy Commission Board of Governors Summit August 2, 2014."— Presentation transcript:

1 Building a Better Business Model Start with a discussion of Risk Higher Education Policy Commission Board of Governors Summit August 2, 2014

2 Importance of Risk Management Enterprise Risk Management (ERM) Commonly used by board members in their day job Equally important in your role on the governing board of your institution Higher Education Governing boards are more likely to take an “as needed” approach A crisis on your campus, a crisis on someone else’s campus, or an announcement of a reduction in funding Without a robust ERM process Institutions may be unprepared to address high-priority risks that may endanger strategic plans and institutional mission. Institutions may be unprepared to accept the risk of a bold initiative

3 What is ERM Identifying risk across the entire enterprise Assessing the impact of risk to the operations and mission Developing and practicing response or mitigation plans; and Monitoring the identified risks, holding the risk owner accountable, and consistently scanning for emerging risks. Two Important points Board members should specifically discourage senior leadership form only bringing positive issues forward and invite discussion about difficult, complex or “sacred cow” issues. Risk Management is not an end but a means to the end, with the end being the accomplishment of your Institution’s Mission.

4 What has the HEPC Done? Various issues at more than one Institution None or very small Internal audit departments at our Institutions Engaged Protiviti to perform an Internal Audit Risk Assessment For this purpose risk is defined as “the possibility of an event occurring that will have an impact on the achievement of objectives. Risk is measured in terms of impact and likelihood”. They reviewed risk exposure relating to the organization’s governance, operations and information systems Reliability & integrity of financial & operational information Effectiveness & efficiency of operation & programs Safeguarding of assets; and Compliance with laws, regulations, policies, procedures, & contracts

5 What has the HEPC Done (cont’d) Their process was robust and included interviews of 30+ members of our Institutions’ Administration Discussion focused on goals and objectives Key success factors to achieve goals and objectives Risks that would threaten the achievement of goals and objections Events or risks that would threaten or adversely impact the reputation of the institution Critical systems Planned changes in process, people & systems Other areas: Compliance/regulation requirements Decentralize activities Cash management and areas with potential for increase fraud risk Gathering and storing sensitive or non-public information

6 High Risks Identified Construction Absence of documented policies, procedure, controls Risk Type—Operational Financial Reporting Regulatory Compliance Absence of compliance departments that facilitates and monitors Compliance creates risk of fines, penalties, negative impact on reputation and future grant/other funding Risk Type-Legal & Regulatory/Reputation Date Security Lack of policies and procedures related to date security, resulting in increased risk of unauthorized access, resulting in fines, penalties, lawsuits and reputation Risk Type- IT/Reputation

7 High Risks Identified (cont’d) Procurement P-Card issues shows the risk of inappropriate use not being detected resulting in financial loss of the institutions funds. Risk Type – Operational/Financial Reporting Travel and Expense Absence of documented policies, procedure, and controls around T&E increases the risk of inappropriate expenditures resulting in financial loss of the Institutions funds. Risk Type- governance/operational/reputation/financial reporting

8 High Risks Identified (cont’d) Campus Security Inadequate policies, procedure and controls around campus security especially related to the Campus Security Dept. put the students & employees at risk and exposes the Institutions to reputational and compliance risk Risk Type – Operational/Reputation

9 Medium Risk Identified Financial reporting Grant Reporting and Compliance Succession Planning Endowment Management Records Retention

10 Next Steps Protiviti has developed an Internal Audit Plan around the six high risk areas identified The purpose of the audits in these risk areas will be to: Determine the level to which the risk is being mitigated Any further action required by the Institution to mitigate the risk to an acceptable level. Procedures and policies changed, recommended, deemed appropriate will be shared across the institutions as a way to mitigate the high risk areas identified. Who and how the medium risks are audited is yet to be determined.

11 Best Practices for Boards Re: Risk Management Require that management begin the process of developing a Risk Management System Acknowledge that the board, its committees and senior management are responsible for overseeing the process Understanding that Risk Management is a process, not a project. That means it gets incorporated into the ongoing work of the of the full board and its committees Agree to question the “sacred cows” aspects of the institution so they can be assess and managed Get risk assessment and review of the annual work plan of the board and its committee. Get away from the “as needed” practice of dealing with risk.

Download ppt "Building a Better Business Model Start with a discussion of Risk Higher Education Policy Commission Board of Governors Summit August 2, 2014."

Similar presentations

The Department of Energy Enterprise Risk Management Model

The Department of Energy Enterprise Risk Management Model
UW Risk Assessment Overview of Risk Assessment. UW Risk Assessment Overview of Risk Assessment Process Gather Information on Risk Universe Identify High.

UW Risk Assessment Overview of Risk Assessment. UW Risk Assessment Overview of Risk Assessment Process Gather Information on Risk Universe Identify High.
Risk The chance of something happening that will have an impact on objectives. A risk is often specified in terms of an event or circumstance and the consequences.

Risk The chance of something happening that will have an impact on objectives. A risk is often specified in terms of an event or circumstance and the consequences.
Auditing Governance Functions

Auditing Governance Functions
Control and Accounting Information Systems

Control and Accounting Information Systems
Operational Risk ACSDA Leadership Forum ACSDA Leadership Forum New York City, USA - October 8-10, 2007 Diana Downward, DTCC.

Operational Risk ACSDA Leadership Forum ACSDA Leadership Forum New York City, USA - October 8-10, 2007 Diana Downward, DTCC.
It’s Time to Talk About Risk and Control

It’s Time to Talk About Risk and Control
Understanding & Managing Risk

Understanding & Managing Risk
Introduction to Enterprise Risk Management (ERM)

Introduction to Enterprise Risk Management (ERM)
Sodexo.com Group Internal Audit. page 2 helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and.

Sodexo.com Group Internal Audit. page 2 helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and.
Internal Control.

Internal Control.
Internal Controls Todd Olszowy VP Finance/CFO Water & Power Community CU.

Internal Controls Todd Olszowy VP Finance/CFO Water & Power Community CU.
The Office of Information Technology Information Security Administrator Kenneth Pierce, Vice Provost for IT and Chief Information Officer.

The Office of Information Technology Information Security Administrator Kenneth Pierce, Vice Provost for IT and Chief Information Officer.
1 INTERNAL CONTROLS A PRACTICAL GUIDE TO HELP ENSURE FINANCIAL INTEGRITY.

1 INTERNAL CONTROLS A PRACTICAL GUIDE TO HELP ENSURE FINANCIAL INTEGRITY.
Operational risk management Margaret Guerquin, FSA, FCIA Canadian Institute of Actuaries 2006 General Meeting Chicago Confidential © 2006 Swiss Re All.

Operational risk management Margaret Guerquin, FSA, FCIA Canadian Institute of Actuaries 2006 General Meeting Chicago Confidential © 2006 Swiss Re All.
Internal Control Concepts A Guide for Deans, Directors, and Department Chairs.

Internal Control Concepts A Guide for Deans, Directors, and Department Chairs.
Risk Assessment Frameworks

Risk Assessment Frameworks
Euseden INTERNAL AUDIT & ASSURANCE SERVICES.

Euseden INTERNAL AUDIT & ASSURANCE SERVICES.
Central Piedmont Community College Internal Audit _____________________________ What to Expect When You Are Audited November 2014.

Central Piedmont Community College Internal Audit _____________________________ What to Expect When You Are Audited November 2014.
Www.UE.org Emerging and Strategic Risk Management TASSCUBO Janice M. Abraham, President & CEO.

Emerging and Strategic Risk Management TASSCUBO Janice M. Abraham, President & CEO.

Similar presentations

Ads by Google