Using Strategic Risk Management to Gain Assurance and Communicate More Effectively

Size: px

Start display at page:

Download "Using Strategic Risk Management to Gain Assurance and Communicate More Effectively"

Bartholomew Stevenson
9 years ago
Views:

1 Using Strategic Risk Management to Gain Assurance and Communicate More Effectively Julie Englund Board Member, Treasurer and Finance Committee Chair Wilson College Raina Rose Tagle, CPA, CISA, CIA National Practice Leader, Higher Education Baker Tilly Baker Tilly Beers & Cutler, PLLC, is a wholly-owned subsidiary of Baker Tilly Virchow Krause, LLP.

Rose Tagle, CPA, CISA, CIA National Practice Leader, Higher Education Baker Tilly Baker

2 Introduction Julie Englund Board of Trustees, Member, Finance Committee Chair, and Treasurer at Wilson College Former Chief Financial Officer at the National Academy of Sciences Former Vice President for Finance and Administration at The Catholic University of America Former Dean for Administration at Harvard Law School Former Vice President for Finance and Administration at The Brookings Institution Raina Rose Tagle Baker Tilly Partner National Practice Leader, Higher Education 2

Catholic University of America Former Dean for Administration at Harvard Law School Former Vice President for Finance and

3 Agenda > Overview of Risk Management > Roles and Responsibilities > Getting Started: An Approach to Managing Risk 3

4 Overview of Risk Management 4

5 Risk and Its Importance Risk is the possibility of an event occurring that will impact the achievement of an organization s mission and objectives 5

6 Types of Risk Environment Operations Finance Compliance Technology Strategy Reputation 6

7 Risks in Higher Education Enrollment Accreditation Accidents student alcohol abuse, violence Workplace discrimination Natural disasters Crisis response Study abroad safety Compliance Investment management 7

discrimination Natural disasters Crisis response

8 COSO ERM Framework 8

9 Risk Management for Boards and Management Strategic Decision Making Strategic Planning and Implementation Strategic Financial Analysis Institutional Risk Management > Strategic planning and implementation Integrate strategic priorities as context for decision making > Strategic financial analysis Allocate resources to strategic goals and provide methods and tools to evaluate financial risks, conditions, and operations > Institutional risk management Take a programmatic view of potential risks and risk management activities to effectively achieve strategic goals 9

Strategic financial analysis Allocate resources to strategic goals and provide methods and tools to evaluate financial risks, conditions, and

10 Roles and Responsibilities 10

11 Roles and Responsibilities > Board > Management > Internal Audit/Monitoring > Risk Governance Framework 11

12 The Board s Role Ensure an integrated risk management approach to problems, solutions, and decisions, in the context of strategic goals and objectives Provide strategic comprehensive oversight of risk management processes Integrate risk considerations into committee work Integrate risk assessment and planning into comprehensive strategic and financial planning 12

oversight of risk management processes Integrate risk considerations into committee work

13 Management s Role Lead a risk assessment process and implement risk management plans, in the context of strategic goals and objectives Assess risks and develop priorities Manage the risk assessment process Plan risk management and mitigation activities 13

objectives Assess risks and develop priorities Manage the risk

14 Internal Audit s Role > In light of heightened concern about risk and its potential impact on institutions, many institutions have created an internal audit function to help assess risk and to audit key areas of vulnerability > An internal audit or other objective monitoring function can provide an objective, unbiased assessment of risks 14

help assess risk and to audit key areas of vulnerability > An internal audit or other

15 Evolution of Internal Audit In recent years, those successful in the profession have evolved into a trusted advisor role that proactively engages with management and strives to add value. Previous Outlook Tactical Reactive Backward looking Focused on accounting Singular focus on compliance Gotcha attitude Current Outlook Strategic Proactive Forward looking Focused on the business An appropriate complement of risk-based and compliance-based auditing Helpful ally 15 15

Previous Outlook Tactical Reactive Backward looking Focused on accounting Singular focus on compliance Gotcha

16 Higher Education Risk Governance Framework Board of Trustees Internal Audit/Monitoring Enrollment News and media coverage Student alcohol abuse Board Committees President Senior Management Higher Education Risks Natural disasters Workplace discrimination Violence Crisis response Study abroad safety Compliance Investment management 16

Committees President Senior Management Higher Education Risks Natural disasters

17 Risk Management Structure Illustration 17

18 Getting Started: An Approach to Managing Risk 18

19 An Approach to Managing Risk > Strategic risk assessment > Risk mapping > Key questions for assessing your strategic risk management 19

20 Strategic Risk Assessment A strategic risk assessment is a framework for entity-wide risk identification (unique to your institution), prioritization of key exposures, and development of operational responses and resources in the context of other strategic priorities 20

institution), prioritization of key exposures, and development of

21 Performing a Strategic Risk Assessment Get started Keep it simple and doable Remember that risk is constantly changing 21

22 Performing a Strategic Risk Assessment Senior Management Identify Risks Prioritize Risks Manage Risk Board of Trustees and Committees Oversee Risk Management 22

23 Identify Risks > Brainstorm potential risks at a strategic entity-wide level (Note: operational risks should be addressed by operational managers in a similar process) > Alternatively, use an outside, objective party to interview key administrators, President, and if desired, the Board, and draft an initial set of priorities based upon interviews 23

24 Prioritize Risks > Prioritize risks based on significance (i.e., potential impact) and likelihood (i.e., chance of occurrence) > Use the risk map as a roadmap for risk-related discussions and oversight Risks with the biggest potential impact and highest likelihood of occurrence are the top priority 24

25 Risk Mapping 25

26 Sample Risk Map High Impact / Moderate Likelihood High Impact / High Likelihood Data Security and Privacy Legal and Regulatory Environment Planning and Budgeting Potential Impact Information Retention and Institutional Knowledge Business Continuity Planning and Disaster Recovery Student Safety Reputation Governance Effectiveness Employee Conduct Growth Accounting Systems/Financial Reporting Change Management Moderate Impact / Moderate Likelihood Moderate Impact / High Likelihood Likelihood of Occurrence Strategy Operations Compliance Reputation Technology 26

27 Manage Risk > Clarify who is responsible for developing, implementing, and managing risk management plans Who owns each risk and is responsible for developing plans? The President typically has ultimate responsibility for risk management in an institution > Develop responses/plans to manage and mitigate risk, and monitor results This should include determining what risk management activities are already in place 27

28 Key Questions for Assessing Your Strategic Risk Management Is Management s risk assessment process comprehensive? Are Management s conclusions related to strategic risk appropriate? Are problems and solutions presented and discussed within a comprehensive context of competing priorities and resources? Are solutions transparently vetted in terms of alternative approaches? Are solutions discussed and decided based on risk/return characteristics? Do solutions address building/capital, student, academic, admissions, and diversity risks? Are resources being allocated to key strategic risks and strategies to protect the institution and help achieve goals? 28

29 Contact Information Julie Englund Board Member, Treasurer and Finance Committee Chair Wilson College Raina Rose Tagle, Partner, CPA, CISA, CIA National Practice Leader, Higher Education Baker Tilly Connect with us: 29

The College of New Jersey Enterprise Risk Management and Higher Education For Discussion Purposes Only January 2012

The College of New Jersey Enterprise Risk Management and Higher Education For Discussion Purposes Only Agenda Introduction Basic program components Recent trends in higher education risk management Why