• No results found

Using Strategic Risk Management to Gain Assurance and Communicate More Effectively

N/A
N/A
Protected

Academic year: 2021

Share "Using Strategic Risk Management to Gain Assurance and Communicate More Effectively"

Copied!
29
0
0

Loading.... (view fulltext now)

Full text

(1)

Using Strategic Risk Management to

Gain Assurance and

Communicate More Effectively

Julie Englund

Board Member, Treasurer and Finance Committee Chair Wilson College

Raina Rose Tagle, CPA, CISA, CIA

National Practice Leader, Higher Education Baker Tilly

(2)

Introduction

2

Julie Englund

•Board of Trustees, Member, Finance Committee Chair, and Treasurer at Wilson College

•Former Chief Financial Officer at the National Academy of Sciences

•Former Vice President for Finance and Administration at The Catholic University of America

•Former Dean for Administration at Harvard Law School

•Former Vice President for Finance and Administration at The Brookings Institution

Raina Rose Tagle

•Baker Tilly Partner

(3)

Agenda

> Overview of Risk Management

> Roles and Responsibilities

(4)

Overview of Risk

Management

(5)

Risk and Its Importance

Risk is the possibility of an event occurring

that will impact the achievement of an

organization’s mission and objectives

(6)

Types of Risk

6

Environment

Operations

Finance

Compliance

Technology

Strategy

(7)

Risks in Higher Education

Enrollment Accreditation Accidents – student alcohol abuse, violence Workplace discrimination Natural

disasters Crisis response

Study abroad

safety Compliance

Investment management

(8)

COSO ERM Framework

(9)

Risk Management for

Boards and Management

> Strategic planning and implementation

Integrate strategic priorities as context for decision making

> Strategic financial analysis

Allocate resources to strategic goals and

provide methods and tools to evaluate financial risks, conditions, and operations

> Institutional risk management

Take a programmatic view of potential risks

and risk management activities to effectively achieve strategic goals

S tr at egi c P lanni ng and Im pl em ent at ion S tr at egi c F inanc ial A nal y s is Ins ti tut ional R is k M anagem ent

(10)

10

(11)

Roles and Responsibilities

> Board

> Management

> Internal Audit/Monitoring

(12)

The Board’s Role

12

Ensure an integrated risk management approach to

problems, solutions, and decisions, in the context of

strategic goals and objectives

Provide strategic

comprehensive

oversight of risk

management

processes

Integrate risk

considerations

into committee

work

Integrate risk

assessment and

planning into

comprehensive

strategic and

financial planning

(13)

Management’s Role

Lead a risk assessment process and implement risk

management plans, in the context of strategic goals

and objectives

Assess risks and develop priorities

Manage the risk assessment process

Plan risk

management and mitigation activities

(14)

Internal Audit’s Role

> In light of heightened concern about risk and its potential impact on institutions, many institutions have created an internal audit function to help assess risk and to “audit” key areas of

vulnerability

> An internal audit or other objective monitoring function can provide an objective, unbiased assessment of risks

(15)

Evolution of Internal Audit

In recent years, those successful in the profession have evolved into a trusted advisor role that proactively

engages with management and strives to add value.

Previous Outlook Current Outlook

Tactical Strategic

Reactive Proactive

Backward looking Forward looking

Focused on accounting Focused on the business

Singular focus on compliance

An appropriate complement of risk-based and compliance-based

auditing

(16)

Higher Education Risk

Governance Framework

16 Board of Trustees Board Committees President Senior Management Int er nal A udi t/ M oni tor ing

Higher Education Risks Enrollment

News and media coverage Student alcohol abuse Natural disasters Workplace discrimination Violence Crisis response

Study abroad safety Compliance

Investment management

(17)

Risk Management

(18)

18

Getting Started: An Approach

to Managing Risk

(19)

An Approach to Managing Risk

> Strategic risk assessment

> Risk mapping

> Key questions for assessing your strategic risk management

(20)

Strategic Risk Assessment

20

A strategic risk assessment is a

f

ramework for entity-wide risk identification

(unique to your institution), prioritization of

key exposures, and development of

operational responses and resources in

the context of other strategic priorities

(21)

Performing a Strategic

Risk Assessment

Get started

Keep it

simple and

doable

Remember

that risk is

constantly

changing

(22)

Performing a Strategic

Risk Assessment

22 Identify Risks Prioritize Risks Manage Risk Board of Trustees

and Committees Oversee Risk Management Senior

(23)

Identify Risks

> Brainstorm potential risks at a strategic entity-wide level (Note: operational risks should be addressed by operational managers in a similar process)

> Alternatively, use an outside, objective party to interview key administrators, President, and if

desired, the Board, and draft an initial set of priorities based upon interviews

(24)

Prioritize Risks

> Prioritize risks based on significance (i.e., potential impact) and likelihood (i.e., chance of occurrence)

> Use the risk map as a roadmap for risk-related discussions and oversight

Risks with the biggest potential impact and highest likelihood of occurrence are the top priority

(25)
(26)

Sample Risk Map

26

Likelihood of Occurrence

Moderate Impact / Moderate Likelihood

High Impact / High Likelihood

Potential Impact

High Impact / Moderate Likelihood

Moderate Impact / High Likelihood

Compliance Legal and Regulatory Environment Reputation Student Safety Strategy Operations Change Management Technology

Data Security and Privacy Information Retention and Institutional Knowledge Reputation Governance Effectiveness Growth Business Continuity Planning and Disaster Recovery Accounting Systems/Financial Reporting Employee Conduct Planning and Budgeting

(27)

Manage Risk

> Clarify who is responsible for developing,

implementing, and managing risk management plans

• Who “owns” each risk and is responsible for

developing plans?

• The President typically has ultimate

responsibility for risk management in an institution

> Develop responses/plans to manage and mitigate risk, and monitor results

• This should include determining what risk

(28)

Key Questions for Assessing

Your Strategic Risk

Management

28

Is Management’s risk assessment process comprehensive?

Are Management’s conclusions related to strategic risk appropriate?

Are problems and solutions presented and discussed within a comprehensive context of competing priorities and resources?

Are solutions transparently vetted in terms of alternative approaches?

Are solutions discussed and decided based on risk/return characteristics? Do solutions address building/capital, student, academic, admissions, and diversity risks?

Are resources being allocated to key strategic risks and strategies to protect the institution and help achieve goals?

(29)

Contact Information

Julie Englund

Board Member, Treasurer and Finance Committee Chair Wilson College

[email protected]

202 957 5300

Raina Rose Tagle, Partner, CPA, CISA, CIA National Practice Leader, Higher Education

Baker Tilly

[email protected]

703 923 8251 Connect with us:

References

Related documents