Risky business
Managing risk can seem like catching lightning in a bottle, yet real woe can befall those schools ”” and by extension other institutions ”” that fail to embrace what is known as enterprise risk management or ERM.
It is one of the most important issues being addressed by educational institutions, including in the regulatory arena, according to John A. Zinno Jr., a partner with accounting, tax and business consulting firm BlumShapiro, which employs 340 persons in offices in Connecticut ”” Shelton and Hartford ”” and in Massachusetts and Rhode Island.
Zinno addressed regulatory and other issues relevant to ERM.
“The stakes are high and various risks could threaten and, if not monitored, cause great damage to these institutions,” he said. “ERM is vital for educational institutions today to mitigate risk and keep litigation at a minimum. In our experience serving as consultants to many of these institutions, we have seen them challenged with devising and implementing the right ERM practices, because too often the responsibility simply falls to one committee, often the audit committee. But when it comes to protecting such vital institutions from potentially devastating risks, the scope cannot be that narrow. There must be a holistic approach involving the board of trustees, the business office, the administration, human resources, an audit committee and outside consultants.
“Of course, risk, in and of itself, comes in many different shapes and sizes, and the first step has to be identifying the many different forms in which risk can be found, such as:
Regulatory Risk ”” This is the kind of risk that comes from both external and internal regulations, laws and bylaws that must be followed. Often, changes made to laws and regulations can have a financial impact on an institution that must comply with them, and lack of preparation and knowledge of these regulations can cause serious harm to an institution”™s attractiveness and competitiveness.
Strategic Risk ”” This is the kind of risk that impacts an institution”™s ability to achieve its long-term goals. These potential risks, both internal and external, are the ones that could keep the institution from achieving its higher-level, mission-based goals.
Financial Risk ”” This is the kind of risk that could harm an institution”™s short- and long-term financial viability. Such risks include an institution accruing too much debt to function properly, making bad investments and lacking cash flow to meet critical obligations.
Operational Risk ”” This is the kind of risk, which impacts ongoing management of the educational institution. This is often found when the management structure of an institution lacks a proper framework for oversight and accountability within the administration.
Brand Risk ”” This is the kind of risk that could negatively impact an institution”™s reputation and/or brand, both of which are critically important to ongoing success. While this is a more intangible form of risk, damage to an educational institution”™s hard-earned brand and good name could prove to be irreparable, which is why we advise clients to make brand risk as much a priority as the other forms of risk.
“We have also learned of numerous areas of potential exposure created by these risks, any and all of which could prove extremely harmful to an educational institution. These areas range from financial to political, technological to cultural and competitive to environmental. Implementing an ERM process can safeguard against vulnerabilities in these areas and can give an institution the peace of mind of knowing it is prepared in case any such issue ever arises.
“The major benefit of having an ERM policy in place is preparedness. It creates procedures and specific guidelines for an institution to follow which spell out how to meaningfully act when a crisis ensues. Having ERM in place also means it can be tested from time to time, to ensure that all protocols are being followed correctly.
“We are hearing from our clients that while ERM remains relatively new terrain for educational institutions, many of them are starting to develop ERM committees to put plans together. This is good news because, again, no one group or committee within a large institution should be solely responsible for the development, implementation or ongoing monitoring of ERM.
“The ultimate goal with ERM should be its seamless incorporation into the educational institution”™s culture and long-term strategic agenda. The institution will find itself on much more stable ground if it commits to continual oversight, establishes active communication between all critical parties and consistently evaluates and tests the process to ensure it is working well.
“Risk can exist virtually everywhere for an educational institution today and failure to prepare for it and properly address it can have a devastating effect on its future. It is never too soon to begin the process of putting an ERM process in place.”