Lessons from leading ERM programs in higher education

In November 2018, Baker Tilly was honored to co-convene the Enterprise Risk Management (ERM) in Higher Education Workshop with North Carolina (NC) State University’s ERM Initiative. This interactive event provided a unique opportunity for leaders from 30 institutions to share strategies for evolving their ERM approaches. The workshop engaged participants through a combination of group discussions and technical sessions facilitated by leaders from across higher education, including the following themes:

1. Gaining practical insights from leading corporate ERM practices
2. Evolving ERM in higher education
3. Putting risk appetite into practice
4. Leveraging the intersection of internal audit, compliance and ERM

Download our findings or continue reading below >

1. Gaining practical insights from leading corporate ERM practices

Boards and senior leaders across all industries are calling for more effective risk oversight. While practices and principles vary among industries and organization types, many common themes and leading practices from the corporate world can be leveraged to tackle the challenges faced in higher education. During the workshop, Mark Beasley, Director of the Enterprise Risk Management Initiative at NC State University, reviewed applicable themes from the corporate landscape that could also improve the effectiveness of higher education ERM programs. Shifting ERM’s focus from a more detailed, operational view to broader enterprise-wide issues (i.e., those with potential impact to mission) can increase ERM’s value-add.

Other key themes from Beasley’s presentation included:

Expanding your institution’s peripheral view

Many institutions fall into the trap of “knowing what they know,” or focusing on familiar risks based on their industry experiences, institutional structure and culture. However, in order to fully capture the current and emerging risks of an institution, Beasley encourages looking for “blind spots,” or hidden biases, when assessing an organization’s risk landscape. Institutions should consider expanding their peripheral views by leveraging risk events at other institutions and evaluating the likelihood of similar event occurring at their own institution? What would be the impact? Does your institution’s “blinders” prevent that risk from being mitigated sufficiently?