• avatar

    Share This:

    • Share on Facebook
    • Share on Google Plus
    • Share on Linkedin
    • RSS
    « Back to Blogs
    January 2020

    The Four Steps to Proactively Manage Risks

    Schools, colleges and universities with effective institution-wide risk management programs tend to be better equipped to protect their institutions from major reputational threats.

    Enterprise risk management (ERM) is a proactive and collaborative process that empowers campus leaders to discuss and manage risk at the scale of the institution rather than at the level of a single functional area or department. Among the risks: sexual abuse and molestation, cybersecurity, and student mental health. These risks tend to cut across silos and impact the institution’s ability to fulfill its mission. Institutions often have a cross-functional team, or risk management committee, that meets regularly to identify, assess, treat, report, and monitor these types of risks.

    The four repeatable steps of ERM are:

    1. Identify. Identify risks that affect the entire institution rather than individual risks or those affecting single departments or functions. In most cases, a short list of fewer than 10 risks — even as few as three or four — provides a great starting point for ERM.

    2. Assess. Analyze and prioritize top risks to focus on by assessing likelihood to occur and impact to your institution’s mission and operations. By evaluating risks in this way, you can decide how to respond to each risk and how to prioritize efforts. Assign each risk to a risk owner (the leader responsible for overseeing risk management efforts for that risk) at this stage.

    3. Treat. Decide a treatment plan for each risk, how much to transfer, accept, reject, and/or mitigate. Most risks will require some mitigation. Develop mitigation plans by considering the five Ps of mitigation: 
      • Policies and procedures
      • People (including training and personnel)
      • Property
      • Processes (such as reporting mechanisms, reference checks, and contracting)
      • Practice (such as lockdown testing or evacuation drills) 

      You can mitigate each risk in several ways. For example, address the risk of serial sexual predators on campus by developing reporting processes and training employees on your institution’s policies. The result is a treatment or mitigation plan that your school commits to implement.

    4. Report and monitor. Report your progress to the board and share future goals.

      Consider creating a short overview report including all top risks for your board, president, or head of school. Also consider creating a separate, more detailed, operational report on each risk for each risk owner to track progress, maintain accountability, and manage next steps. Establish a regular cadence for reporting and as well as each process step. This way you can continually assess how the environment has changed, identify whether risk treatments work as expected, and determine whether your approach to the first three steps needs refinement.


    Add Comment

    Text Only 2000 character limit

    Page 1 of 1