Groups and organizations of many kinds encourage high school students to take advantage of opportunities for higher education, often enticing them with scholarships. Colleges and university boards strive to honor the students' commitment to further their education and become responsible citizens in the community by offering them the highest quality of education.
The main focus for colleges and universities has been academics, as it should be. Keeping ahead of the challenges that today's higher educational institutions face requires strong corporate governance. Good corporate governance reduces many of the risks and challenges that college boards face as they address the volatility and uncertainty of the current times.
Colleges and universities are facing increased competition for grants, private donors and government funding. Institutions that focus on assessing, preventing and managing risks position themselves at the front of the line for financial gift giving.
As the list of risk types facing colleges continues to grow, the best way to address and manage those risks is quickly becoming a top concern for colleges and universities.
Linking Risk Management With Corporate Governance
Corporate governance has typically been modeled after the successes and failures of banks and other financial institutions. While corporate governance best practices look a bit different for colleges and universities, they have some things to learn from the financial industry, such as lining up corporate governance practices so that they are better in keeping with risk-taking.
Reputational risk is also becoming a hot-button item for all types of organizations, including colleges and universities, because of increasing competition for student admittance.
As with the financial industry and other types of corporations, college boards are starting to consider how they can make changes to executive remuneration to better reflect a responsible approach to risk management. New reward structures may soon factor in such issues as having an awareness of risk management, avoiding taking unnecessary risks and yielding positive long-term growth for the school.
Many organizations are taking a serious look at Enterprise Risk Management (ERM), which is a holistic approach to risk management, as a means for managing risk the most effectively and at the lowest cost. Internal auditors may be the best place to start in identifying the largest areas of risk for colleges and universities.
The Role of Internal Auditors in Risk Management
Colleges and universities may have to look no farther than their own staff to find the primary people who can help them identify major risks. Internal auditors will already have some ideas of where risks are lurking on college campuses. Audit reports and analyses will also shed light on the main areas of risk for boards to focus on.
Enlisting the help of auditors means that auditors may need to reconfigure their own audit plans, so they can redirect their efforts to focus on the areas that pose the most significant risk. A suggestion from the Institute of Internal Auditors is to consider the skills, tools and expertise that auditors will need to keep pace with the evolution of risks and risk processes.
What Types of Risks Do Today's Colleges and Universities Face?
When we look at the long list of areas of risk concerns, it's easy to justify considering the ERM approach because it casts a broad lens on managing the total scope of risk. Following is a partial list of many of the common risks facing colleges and universities in today's society.
Internal fraud. Colleges and universities need to keep internal controls, checks and balances on internal accounting operations like processing purchase orders, receiving purchased goods, processing vendor invoices, disbursements and employee expenses.
Cybersecurity issues. Technology has made many processes for colleges and universities easier and more streamlined. The downside of technology has created some new problems like electronic viruses and other intruders, lack of electronic storage space, and the intentional or unintentional loss of personal data. New risks include storing backup data offsite and limiting access to certain types of information on mobile devices. Negative issues can go viral quickly, so colleges need a way to manage reputational damage on social media outlets.
Research-related fraud. History has shown that faculty may cave to the temptation to pursue research fraud, including falsifying data and misreporting research methods and results. Such fraud can create vast reputational risk.
Safeguarding assets. Many departments and activities at colleges and universities require the collection of cash, including the student union, fundraising events, the campus bookstore and activity fees. Anywhere there are cash and credit cards, there need to be controls to prevent fraud and theft.
Physical security. Parents want assurances that their college students will be safe and feel safe on campus. Campuses need to have adequate security cameras, lighting, and procedures for dealing with lockdowns or other crises. The recent national media attention on sexual harassment is another notable area of security concern.
Disaster recovery. Every area of the country is susceptible to natural disasters. Most areas are affected by some weather-related disasters such as severe snow, tornados, hurricanes, earthquakes, flooding, or severe drought or heat. College boards need to assess which types of natural disasters may affect their school and establish procedures and protocols for dealing with them responsibly when they occur.
Employee benefits. Regulations for employee benefits have changed in recent years. Colleges and universities have to consider the number of full- and part-time employees they hire and make sure that they are following federal and state laws in applying their employee benefits.
Health services. Colleges and universities need to be aware of how the growing opioid addiction problem is affecting their campuses. Colleges also need to be aware of HIPAA requirements and follow them implicitly.
How Could ERM Better Manage Risk and Strengthen Corporate Governance for Colleges and Universities?
With these and many other risks for colleges and universities to address, there is great risk of loss that could affect assets and reputation. ERM is designed to encompass a wider array of risk-related issues that could disrupt the college's mission and purpose.
ERM is comprehensive, inclusive and ongoing. The net effect is that it will constantly evolve to meet additional new risks. ERM also places the heaviest focus on the areas that may have the most significant financial or reputational impact. It also dovetails nicely with the strategic goals and plans for the college.
Moving toward an ERM approach doesn't happen all at once ' it takes time. Most colleges and universities favor an incremental approach with a work-in-progress mindset. Strong corporate governance will support responsible risk management protocols.
What is the Governance Cloud?
Board directors are obligated to perform a host of varied duties and responsibilities. Diligent developed a suite of governance tools to help them fulfill their responsibilities accurately and efficiently. The Governance Cloud ecosystem of products includes:
- Diligent Boards
- Director and officer questionnaires (pre-filled forms)
- Board evaluations
- Resolutions and voting
- Diligent Messenger
- Diligent Minutes (beta)
- Insights (curated content and videos) (beta)
- Entity Management
As board directors, leadership teams and general counsels continue to express their needs to digitize governance processes, Diligent will be the partner to grow with them. Collectively, these tools enable corporations to achieve a fully digitized and integrated governance ecosystem to mitigate risk, plan for strategic growth and ultimately, govern at the highest level.
