Enterprise Risk Management (ERM) combines traditional risk management, strategic planning and internal controls. The goal of ERM is to move away from viewing risk in a silo, separate and distinct from the institution’s overall mission. Instead, it encourages a more holistic view of risk by considering risks across the institution or enterprise as part of the strategic planning process. By adopting this approach, leadership can focus more broadly on the risks most likely to impede the institution from achieving its mission or strategic plan.
Demographic shifts, declining or stagnant state and federal government support, increased alternatives for students to pursue their degrees, and aging physical plants combine to significantly increase the risks all colleges and universities face. The following best practices from A Wake-up Call: Enterprise Risk Management at Colleges and Universities Today, support the governing board’s collaboration with senior administration to reduce risks and improve decision making regarding the allocation of resources:
- Role. The board does not implement the ERM process, the administration does. The board’s role is to remind the administration of this responsibility and hold them accountable.
- Accountability. Ownership of risk by both the board committees and senior administration is critical to establish accountability and a sound process.
- Process. Risk management is a process, not a project, and should be incorporated into the ongoing work of the full board and board committees.
- Question. The board should join with senior administration to question “sacred cows” so they can be assessed and managed.
- Schedule. Boards should move away from the “as needed” practice of identifying or discussing risks and incorporate discussions into annual schedules of committees and the full board.
Boards should embrace their role in the ERM process and support the administration as it evaluates risk in order to best acheive mission.