Using Strategic Risk Management to
Gain Assurance and
Communicate More Effectively
Julie Englund
Board Member, Treasurer and Finance Committee Chair Wilson College
Raina Rose Tagle, CPA, CISA, CIA
National Practice Leader, Higher Education Baker Tilly
Introduction
2
Julie Englund
•Board of Trustees, Member, Finance Committee Chair, and Treasurer at Wilson College
•Former Chief Financial Officer at the National Academy of Sciences
•Former Vice President for Finance and Administration at The Catholic University of America
•Former Dean for Administration at Harvard Law School
•Former Vice President for Finance and Administration at The Brookings Institution
Raina Rose Tagle
•Baker Tilly Partner
Agenda
> Overview of Risk Management
> Roles and Responsibilities
Overview of Risk
Management
Risk and Its Importance
Risk is the possibility of an event occurring
that will impact the achievement of an
organization’s mission and objectives
Types of Risk
6
Environment
Operations
Finance
Compliance
Technology
Strategy
Risks in Higher Education
Enrollment Accreditation Accidents – student alcohol abuse, violence Workplace discrimination Naturaldisasters Crisis response
Study abroad
safety Compliance
Investment management
COSO ERM Framework
Risk Management for
Boards and Management
> Strategic planning and implementation
Integrate strategic priorities as context for decision making
> Strategic financial analysis
Allocate resources to strategic goals and
provide methods and tools to evaluate financial risks, conditions, and operations
> Institutional risk management
Take a programmatic view of potential risks
and risk management activities to effectively achieve strategic goals
S tr at egi c P lanni ng and Im pl em ent at ion S tr at egi c F inanc ial A nal y s is Ins ti tut ional R is k M anagem ent
10
Roles and Responsibilities
> Board
> Management
> Internal Audit/Monitoring
The Board’s Role
12
Ensure an integrated risk management approach to
problems, solutions, and decisions, in the context of
strategic goals and objectives
Provide strategic
comprehensive
oversight of risk
management
processes
Integrate risk
considerations
into committee
work
Integrate risk
assessment and
planning into
comprehensive
strategic and
financial planning
Management’s Role
Lead a risk assessment process and implement risk
management plans, in the context of strategic goals
and objectives
Assess risks and develop priorities
Manage the risk assessment process
Plan risk
management and mitigation activities
Internal Audit’s Role
> In light of heightened concern about risk and its potential impact on institutions, many institutions have created an internal audit function to help assess risk and to “audit” key areas of
vulnerability
> An internal audit or other objective monitoring function can provide an objective, unbiased assessment of risks
Evolution of Internal Audit
In recent years, those successful in the profession have evolved into a trusted advisor role that proactively
engages with management and strives to add value.
Previous Outlook Current Outlook
Tactical Strategic
Reactive Proactive
Backward looking Forward looking
Focused on accounting Focused on the business
Singular focus on compliance
An appropriate complement of risk-based and compliance-based
auditing
Higher Education Risk
Governance Framework
16 Board of Trustees Board Committees President Senior Management Int er nal A udi t/ M oni tor ingHigher Education Risks Enrollment
News and media coverage Student alcohol abuse Natural disasters Workplace discrimination Violence Crisis response
Study abroad safety Compliance
Investment management
Risk Management
18
Getting Started: An Approach
to Managing Risk
An Approach to Managing Risk
> Strategic risk assessment
> Risk mapping
> Key questions for assessing your strategic risk management
Strategic Risk Assessment
20
A strategic risk assessment is a
f
ramework for entity-wide risk identification
(unique to your institution), prioritization of
key exposures, and development of
operational responses and resources in
the context of other strategic priorities
Performing a Strategic
Risk Assessment
Get started
Keep it
simple and
doable
Remember
that risk is
constantly
changing
Performing a Strategic
Risk Assessment
22 Identify Risks Prioritize Risks Manage Risk Board of Trusteesand Committees Oversee Risk Management Senior
Identify Risks
> Brainstorm potential risks at a strategic entity-wide level (Note: operational risks should be addressed by operational managers in a similar process)
> Alternatively, use an outside, objective party to interview key administrators, President, and if
desired, the Board, and draft an initial set of priorities based upon interviews
Prioritize Risks
> Prioritize risks based on significance (i.e., potential impact) and likelihood (i.e., chance of occurrence)
> Use the risk map as a roadmap for risk-related discussions and oversight
Risks with the biggest potential impact and highest likelihood of occurrence are the top priority
Sample Risk Map
26
Likelihood of Occurrence
Moderate Impact / Moderate Likelihood
High Impact / High Likelihood
Potential Impact
High Impact / Moderate Likelihood
Moderate Impact / High Likelihood
Compliance Legal and Regulatory Environment Reputation Student Safety Strategy Operations Change Management Technology
Data Security and Privacy Information Retention and Institutional Knowledge Reputation Governance Effectiveness Growth Business Continuity Planning and Disaster Recovery Accounting Systems/Financial Reporting Employee Conduct Planning and Budgeting
Manage Risk
> Clarify who is responsible for developing,
implementing, and managing risk management plans
• Who “owns” each risk and is responsible for
developing plans?
• The President typically has ultimate
responsibility for risk management in an institution
> Develop responses/plans to manage and mitigate risk, and monitor results
• This should include determining what risk
Key Questions for Assessing
Your Strategic Risk
Management
28
Is Management’s risk assessment process comprehensive?
Are Management’s conclusions related to strategic risk appropriate?
Are problems and solutions presented and discussed within a comprehensive context of competing priorities and resources?
Are solutions transparently vetted in terms of alternative approaches?
Are solutions discussed and decided based on risk/return characteristics? Do solutions address building/capital, student, academic, admissions, and diversity risks?
Are resources being allocated to key strategic risks and strategies to protect the institution and help achieve goals?
Contact Information
Julie Englund
Board Member, Treasurer and Finance Committee Chair Wilson College
202 957 5300
Raina Rose Tagle, Partner, CPA, CISA, CIA National Practice Leader, Higher Education
Baker Tilly
703 923 8251 Connect with us: