Enterprise Risk Management

Similar documents
Enterprise Risk Management

ACADEMIC DIVISION ENTERPRISE RISK MANAGEMENT (ERM) GARY NIMAX ASSISTANT VICE PRESIDENT FOR COMPLIANCE AND ENTERPRISE RISK MANAGEMENT

University Risk Management Topics Assigned to Committee

Using a Compliance Program Assessment for Strategic Impact

Enterprise Risk Management (ERM) Program Primer

Charter for Enterprise Risk Management

Enterprise Risk Management Plan FY Submitted: April 3, 2017

Enterprise Risk Management, Compliance, and Management Advisory Services: An Integrated Approach. SCCE s Higher Education Compliance Conference

USG Comprehensive Administrative Review

Enterprise Risk Management One University s Approach. Assessing and Managing Risks at Texas A&M University

Enterprise Risk Management Assessment Results

UNIVERSITY OF COLORADO DEPARTMENT OF INTERNAL AUDIT 2018 AUDIT PLAN As of June 1, 2017

Standard Administrative Policy and Procedure

Enterprise Risk Management (ERM) Resource Toolkit

A Strategic Plan for the University of Wyoming Office of General Counsel

Improved Service Delivery at ISU: Overview of Proposed Models for Human Resources and Selected Finance Services

Enterprise Risk Management A strategic tool for the middle market

Enterprise Risk Management Program Development Update. Finance & Audit Committee Meeting September 25, 2015

EMPLOYEE ENGAGEMENT SURVEY 2011 RESULTS

REPORT TO THE BOARD OF GOVERNORS

San Francisco Chapter. Presented by Scott Perry - Slalom Consulting

Enterprise Risk Management. Assessing and Managing Risks at Texas A&M University

THE ENTERPRISE TRANSFORMATION

Streamlining Business Operations Belknap Campus. Town Hall Presentation Belknap Business Operations April 2016

IT Governance Proposal. Western Illinois University. September 2013

Improved Service Delivery at Iowa State University. Status Report November 14, 2018

VIRGINIA POLYTECHNIC INSTITUTE AND STATE UNIVERSITY COMPLIANCE, AUDIT, AND RISK COMMITTEE OF THE BOARD OF VISITORS COMPLIANCE, AUDIT, AND RISK CHARTER

Building Environmental Sustainability at Bowling Green State University Executive Summary

GRAMBLING STATE UNIVERSITY Risk Assessment Annual Audit Plan

Survey Position Descriptions

6/5/217 Challenge Met Real Stories Real Stories at Real Companies: Fortune 5 Motorcycle Manufacture Core Customers Fortune 2 Railroad Company Derailme

Top Tier Initiative Action Item Report

ENTERPRISE RISK MANAGEMENT

Structuring Compliance: The Duke Model

Executive Summary. Exhibit 1- Streamlined communication to the Board of Directors

Structuring Compliance: The Duke Model

CODE I: Senior Management Commitment and Risk Management

identifying areas for improvement with respect to the Institute s research administration internal control structure.

Proposed BoardAction. Recommend approval of the Internal Audit Report Goals and Objectives to the Board of Trustees. Background Information

Update 8: Board Response to the December 16, 2015 Higher Learning Commission Determination

WESDOME GOLD MINES LTD. MANDATE OF THE BOARD OF DIRECTORS

ENTERPRISE RISK MANAGEMENT

Enterprise Risk Management Handbook. June, 2010

METROPOLITAN TRANSPORTATION AUTHORITY

Internal Controls: COSO, the Uniform Guidance, and More!

IT TRANSFORMATION TEAM

Integrating ERM with Strategic Planning and Strategic Objective Annual Reviews

Moving the Throttle Forward: CEO 100-Day Report June 10, 2011

BOARD OF DIRECTORS MANDATE

MEMORANDUM. DATE: September 9, Enterprise Risk Management. 1 P a g e

ISACA. The recognized global leader in IT governance, control, security and assurance

UW-Madison Financial Forum

CTA Weekly Job Postings Apply on-line at

BACKGROUND KEY FINDINGS

Enterprise Risk Management

UWG INFORMATION SESSIONS OCTOBER 25,

4/10/2014. Developing an HR Strategic Plan A Step by Step Approach. Agenda. By a Show of Hands: The HR Strategic Plan. Critical Success Factors

INTEGRATING ENTERPRISE RISK MANAGEMENT IN THE FEDERAL GOVERNMENT. Partnership for Public Service September 10, 2015

From Dictionary.com. Risk: Exposure to the chance of injury or loss; a hazard or dangerous chance

RE: Internal Control Integrated Framework: Guidance on Monitoring Internal Control Systems Discussion Document

CLEMSON UNIVERSITY UNIVERSITY RELATIONS

EY Center for Board Matters. Leading practices for audit committees

NON-INSTRUCTIONAL UNIT ASSESSMENT GUIDE

DeVry Approach to ERM

ERM for Small to Mid-sized Companies

Informing Collaborative Design

University of South Carolina Division of Communications

Tennessee Board of Regents Shared Services Initiative*

CHIEF EXECUTIVE OFFICER TERMS OF REFERENCE

COSO ERM: Integrating with Strategy and Performance. Michael Parkinson

Approve Revised Timeline and Budget for HR/Payroll Modernization Program

Enterprise Risk Management at

IT Service Delivery And Support Week Seven: SLA. IT Auditing and Cyber Security Fall 2016 Instructor: Liang Yao

ACADEMIC AFFAIRS COUNCIL RETREAT ******************************************************************************

Chair all meetings of the Board of Directors and shareholders;

CSN Policy Hiring Policy Version 2. Policy Category: Human Resources Effective Date: 11/02/2016

November 7, 2018 MEMORANDUM. Issue. Background. Commissioner s Recommendation

Office of Compliance, Risk and Ethics Program Report. January 2016 December 2016

Strategic Planning Overview

Presentation to the General Committee. City of Markham. January 18, Auditor General Services. Presented by: Geoff Rodrigues & Veronica Bila

Finance & Audit Committee Meeting

PHASE IV: IMPLEMENTATION OF THE POWER OF SUNY Draft: October 19, 2010

Building Inclusive Workplaces: Accountability and Metrics Principles

Establishing Enterprise Risk Management in

Texas Tech University System

Enterprise Risk Management Montana State Fund

Office of Compliance Program Report

FY 2013 Internal Audit Annual Report

Charter for the Information Technology Governance Group (ITGG)

ENTERPRISE RISK MANAGEMENT AND COMPLIANCE PROGRAM PROGRAM DESCRIPTION

The School Leadership Pipeline: Ensuring Robust Leadership Development at Independent Schools

ACUPCC, WILDCAP & GHG INVENTORY

At a Glance. The Office of the CHRO (2) Talent Community of Expertise (2) Service Community of Expertise (2)

Enterprise Risk Management Report

EMPLOYEE TUITION ASSISTANCE PLAN AUDIT JULY 25, 2014

The Role of the Chief Risk Office and the Board s Role in Risk Oversight

Enterprise Risk Management Framework

The COSO Risk Framework: A reference for internal control? Transition from COSO I to COSO II

Strategies for Improving the U.S. Payment System Task Force Overview. Strategies for Improving the U.S. Payment System Task Force Overview

ENGAGEME ENT PLAN AND RISK. his/her own. and controls. annual plan. approach. Identify. objectives. Risks (START) Select Audits and.

Transcription:

Compliance, Audit, Risk Management and Legal Affairs Committee Enterprise Risk Management Higher Education Scorecards, Performance Based Metrics, and Faculty Compensation Alan D. Phillips Vice President for Administration and Finance Northern Illinois University February 18, 2016 1

What is Risk Management? Enterprise risk management (ERM) is an enterprise-wide continuous process that enables an enterprise to pursue its strategic mission while identifying, controlling and mitigating risks. ERM is a tool that combines compliance and control with strategic decision-making. 2

What is Risk Management? This Means: Identifying risks that may ultimately impact the university s core mission and goals Taking steps to assure that significant risks are being controlled and mitigated Providing senior leadership and the Board of Trustees the means to track significant risks and mitigation efforts Developing, over time, a culture of risk-informed decision making across campus that fosters a shared sense of risk-ownership 3

Issues Prompting Discussion of Risks Audit findings Business Continuity Planning Construction Projects Crisis Response Drills Cyber Security Enrollment Declines Financial Underperformance High Profile Event Legal/Regulatory Compliance New Academic Programs Litigation Reputation Issue Research/Healthcare Staff Reduction Student Health/Safety State Budget Reductions Tuition Increases 4

Core ERM Team David Stone (Chair) - AVP Strategic Innovation and Planning. Prof. Timur Gok - Dept of Finance. Scott Mooberry - Acting Director, Environmental Health and Safety. Emily Hochstatter - Compliance Coordinator, Risk Management). Jonathan Cavell - Program Administrator, Strategic Innovation and Planning). Role: Develop data collection tools, Conduct all information collection (leadership, unit leadership, unit level); Develop and conduct scenariobased risk exercises; Work with risk owners to develop and implement control and mitigation plans

Full ERM Team Alan Phillips (VP & CFO) David Stone (AVP Strategic Innovation (SI)) Prof. Timur Gok (Finance Faculty) Scott Mooberry (Dir, EH&S) Emily Hochstatter (Dir, Risk Management) Jonathan Cavell (Program Admin - SI) Brett Coryell (VP & CIO) Jerry Blazey (VP, RIPS) Larry Pinkelton (AVP, Finance) John Heckmann (AVP Facilities) Sue Mini (Vice Provost) Vernese Edghill-Walden (Assoc Vice Provost, Diversity) Celeste Latham (Assoc VP HR) Kelly Wesener-Michael (AVP, SAEM) Michael Stang (Asst VP, SAEM) Katrina Caldwell (Asst VP, SAEM) Debra Boughton (Assoc Dir, Athletics) Greg Brady (University Council) Foundation (TBD) Role: Set criteria and definitions; Review unit level risk information; Assess Risk; Identify cross-cutting risks; Prioritize risks; Review mitigation and control plans; Develop plans for ERM infrastructure going forward.

Terms of Reference What are NIU s principal activities? What is the relative importance of those activities? What is the nature of the risks inherent in those activities? How do we assess the potential severity of the risks inherent in those activities? How severe could a risk event related to one of those activities be? Given the potential of a given risk, how effective are our control mechanisms for reducing the risk inherent in that activity to an acceptable level? Given the potential risks and severity of that activity and the effectiveness of our control strategies for it, how likely is it that we will experience a risk event for that activity? What initiatives do we need to put in place to ensure that these risks have been properly identified, assessed, mitigated, controlled, and managed going forward.

Risk Considerations Risk Areas Academic Affairs Ancillary Services Enrollment/Financial Aid External Affairs Facilities Governance/Management Human Capital International/Abroad Information Technology Research Student Affairs Other Risk Types Financial Health & Safety Operational Reputational Strategic Compliance Additional Distinctions Internal External Emerging

A Continuous Risk Management Process Phase 1 Set Strategy/ Objectives Phases 6-7 Communicate & Monitor Identify Risks Phase 2 We are here Phase 5 Control Risks Assess Risks Phase 3 Treat Risks Phase 4

Process Activities Phase I: Identify strategic goals, key risks, establish risk tolerance, develop strategy. Phases II-III: Gather information from unit leadership and unit staff in each of the risk areas to: Identify risks factors, existing control mechanisms, and opportunities by functional areas. Phase IV: Convene Full ERM Team to integrate the risk and opportunity maps and conduct gap analyses in order to prioritize risk management needs and potential opportunities in line with institutional strategic goals. Phase V: Design action plans for control and mitigation of risks, identify resource needs, and develop timelines for implementation. Phase VI: Communicate resource needs and proposed action plans and timelines to the Board, the President and key decision-makers Phase VII: Design dashboards and set timelines to monitor progress

Steps in the Identification and Assessment Process (Phases 2 & 3) 1. Identify the NIU Strategic Objectives 2. Identify the Unit Level Strategic Objectives and Goals 3. Identify the Unit Level Activities 4. Identify the Unit Level Risks Associated with those Activities 5. Assess the Severity of the Risks 6. Assess the Likelihood or Frequency of those Risks.

Core ERM Team Timeline (Phases 2 & 3) Meetings Completed Facilities Management - December 18, 2015 Office of General Counsel - January 19, 2016 International Affairs - January 28, 2016 Public Safety - February 8, 2016 Meetings Scheduled for February Athletics - February 25, 2016 Research - February 29, 2016 Meetings to be Scheduled In March Human Resources - TBD IT - TBD Academic Affairs - TBD Outreach - TBD 12

Likelihood or Frequency Risk Heat Map (Facilities, Public Safety, Legal, International Programs) Risk Heat Map (5,1) (5,2) (5,3) Water Mains (Breaks & Contamination) Lack of Redundancy in Transportation (4,1) (4,2) (4,3) Investigations Loss of 911 Access Cultural Competence (5,4) Event Management (Policy/Staffing) Vehicle Fleets in Disrepair Fume Hoods Legal Bottleneck Poor Student Support (International) Contractual Timeliness No Centralized Reporting (4,4) Use of Force (Police Operations) Lack of Qualified Drivers (Buses) Lack of Redundancy in Heating Plant (5,5) Obsolete Boilers Food Sanitation (4,5) Lack of Camera Access Access Control Officer Turnover (5,6) Lack of Trained Staff in the Heating Plant Roofs Leaking (4,6) Antiquated EOC/ Antiquated Mobile EOC (3,1) (3,2) (3,3) Intergovernmental Relationship Intercommunity Relationship Perception of Police (2,1) (2,2) (2,3) Travel (3,4) (3,5) (3,6) Lack of Snowplows Emergency Notification Lack of Emergency Lack of Trained Staff in (Malfunction) Response Training Physical Plant CAD Façade Collapse Export Control Steam Tunnel Disrepair International Health & Safety (2,4) (2,5) (2,6) (1,1) (1,2) (1,3) (1,4) Financial Exposure (1,5) (1,6) Export Control Deemed Impact or Severity

Likelihood Risk Opportunity Map (Facilities, Legal, International Programs Opportunities Heat Map (5,1) (5,2) (5,3) (5,4) Public Safety Idea #1 (5,5) International Idea #1 (5,6) (4,1) (4,2) (4,3) (4,4) International Idea #2 (4,5) International Idea #3 (4,6) (3,1) (3,2) (3,3) (3,4) International Idea #4 (3,5) (3,6) (2,1) (2,2) (2,3) (2,4) (2,5) (2,6) (1,1) (1,2) (1,3) (1,4) (1,5) (1,6) Impact

Next Steps Phase 4 Treat Risks - Full ERM Team (April) The Full ERM Team will meet in April to: Review and discuss the information gathered to date regarding identified and assessed risks Identify those risks that cut across a number of areas of the university, especially those that may produce cascading risks that greatly multiply their initial impacts as they affect other areas on campus. Review and make determinations about risks that may demonstrate particular velocity effects, such that they need to be quickly mitigated or controlled in order to limit the severity of their impact (i.e. Steam Plant) Review potential opportunities. Effective ERM programs look at both downside risk and the possibility of upside opportunities that could benefit the institution if the risks involved can be properly managed. In the sessions we have been conducting, we have been identifying opportunities as well as risks. We want to review those opportunities and again look for cross-campus synergies or the potential for cascading benefits with input from the Full ERM Team. 15

Next Steps Phase 5 Control and Mitigate Risks Core ERM Team (May) The Core ERM Team will take the Full ERM Team s recommendations regarding the most significant risks back to the respective risk areas and discuss existing control and mitigation strategies. Risk heat maps will then be modified to account for the relative presence or absence of controls. Where strong controls exist, an identified risk will move down in our risk rankings. However, where risks are very high and controls are weak, these risks will rise to the top of the ranking. For those areas of highest risk, where the gap between the level of risk and the capacity for mitigation is large, the expectation is that proposals for enhancing mitigation will be formulated by the effected units and placed into the annual and five year budget process. 16

Next Steps Phase 6 & 7 Communicate & Monitor - Full ERM Team (Mid-May) A second meeting of the Full ERM Team is tentatively planned for mid-may. That meeting will have three goals, which are as follows: 1. To review and discuss the results of our mitigation reviews and refine our heat maps to account for existing controls. 2. To develop dashboard options for communicating risk, mitigation, and opportunity information to the senior leadership and to the Board. 3. To discuss options for creating an ongoing ERM infrastructure (e.g., an ERM Office, an ERM Committee, etc.) and make a recommendation to the VP for Administration and Finance. 17

Bottom Line The ERM initiative is on track and continues to move forward. We have excellent participation and support for the effort throughout campus. We have already identified risk issues that need to be addressed more quickly than others. We believe that we are on schedule to meet our ERM objectives. The ultimate goal is to have a comprehensive ERM Program in place as we move into FY17. 18

QUESTIONS? 19

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback