Enterprise Risk Management – What Educational Institutions Should Be ConsideringAugust 13, 2013
John A. Zinno, Jr. CPA
One of the most important issues currently being addressed by educational institutions is that of Enterprise Risk Management (ERM), a process that allows an institution to mitigate from an array of potential risks. ERM incorporates the methods and processes used by organizations to manage risks and seize opportunities related to the achievement of their objectives, as well as providing a framework for risk management that proactively protects and adds value to the institution and its stakeholders.
There are myriad potential risks for which to prepare, including long-term strategic risks, financial and operational risks, regulatory risks and risks that could impact the institution’s overall brand. ERM is an area we have explored extensively when working with educational institution clients, and a well-planned and thorough ERM process allows such institutions to mitigate risk at all levels and develop comprehensive plans with policies and procedures to manage risk on a consistent basis.
These institutions, after all, have much to protect, ranging from the tangible – student and faculty populations, meaningful endowments and the many other assets they possess – to more intangible but no less important elements such as brand and reputation. The stakes are high and various risks could threaten and, if not monitored, cause great damage to these institutions.
ERM is vital for educational institutions today to mitigate risk and keep litigation at a minimum. In our experience serving as consultants to many of these institutions, we have seen them challenged with devising and implementing the right ERM practices, because too often the responsibility simply falls to one committee, often the audit committee. But when it comes to protecting such vital institutions from potentially devastating risks, the scope cannot be that narrow. There must be a holistic approach in which the entire community – the Board of Trustees, the business office, the administration, human resources, an audit committee and outside consultants – are actively involved.
Key Risk Types
Of course, as stated above, “risk,” in and of itself, comes in many different shapes and sizes, and the first step has to be identifying the many different forms in which risk can be found, such as:
Strategic Risk – This is the kind of risk that impacts an institution’s ability to achieve its long-term goals. These potential risks, both internal and external, are the ones that could keep the institution from achieving its higher-level, mission-based goals.
Financial Risk – This is the kind of risk that could harm an institution’s short - and long-term financial viability. Such risks include an institution accruing too much debt to function properly, making bad investments and lacking cash flow to meet critical obligations.
Operational Risk – This is the kind of risk which impacts ongoing management of the educational institution. This is often found when the management structure of an institution lacks a proper framework for oversight and accountability within the administration.
Regulatory Risk – This is the kind of risk that comes from both external and internal regulations, laws and bylaws that must be followed. Often changes made to laws and regulations can have a financial impact on an institution that must comply with them, and lack of preparation and knowledge of these regulations can cause serious harm to an institution’s attractiveness and competitiveness.
- Brand Risk – This is the kind of risk that could negatively impact an institution’s reputation and/or brand, both of which are critically important to ongoing success. While this is a more intangible form of risk, damage to an educational institution’s hard-earned brand and good name could prove to be irreparable, which is why we advise clients to make brand risk as much a priority as the other forms of risk.
We have also learned of numerous areas of potential exposure created by these risks, any and all of which could prove extremely harmful to an educational institution. These areas range from financial to political, technological to cultural and competitive to environmental. Implementing an ERM process can safeguard against vulnerabilities in these areas, and can give an institution the peace of mind of knowing it is prepared in case any such issue ever arises.
The major benefit of having an ERM policy in place is preparedness. It creates procedures and specific guidelines for an institution to follow which spell out how to meaningfully act when a crisis ensues. Having ERM in place also means it can be tested from time to time, to ensure that all protocols are being followed correctly.
We are hearing from our clients that while ERM remains relatively new terrain for educational institutions, many of them are starting to develop ERM committees to put plans together. This is good news because, again, no one group or committee within a large institution should be solely responsible for the development, implementation or ongoing monitoring of ERM.
The ultimate goal with ERM should be its seamless incorporation into the educational institution’s culture and long-term strategic agenda. The institution will find itself on much more stable ground if it commits to continual oversight, establishes active communication between all critical parties and consistently evaluates and tests the process to ensure it is working well.
Risk can exist virtually everywhere for an educational institution today, and failure to prepare for it and properly address it can have a devastating effect on its future. It is never too soon to begin the process of putting an ERM process in place.
John A. Zinno, Jr., CPA, is a partner with BlumShapiro, the largest regional accounting, tax and business consulting firm based in New England, with offices in Connecticut, Massachusetts and Rhode Island. The firm, with 340 professionals and staff, offers a diversity of services which includes auditing, accounting, tax and business advisory services. In addition, BlumShapiro provides a variety of specialized consulting services such as succession and estate planning, business technology services, employee benefit plan audits, litigation support and valuation and financial staffing. The firm serves a wide range of privately held companies, government and non-profit organizations and provides non-audit services for publicly traded companies.