Q&A: An Introduction to Enterprise Risk Management in Higher Education

Nora Yin

Get answers to FAQs from those facing ERM challenges in higher ed.

3-Minute Read

Huron's Nora Yin and Rob Smith discuss an Introduction to Enterprise Risk Management (ERM) in Higher Education in the following Q&A:

Smith: For those new to research compliance, what do we mean when we say ERM or Enterprise Risk Management? And why should institutions pay attention to the topic?

Yin: ERM is a process applied across every level of an organization. It's meant to identify the potential risk that may assess an organization's reputation and any types of goals that are defined by the board of directors and management.

By understanding those key external and internal variables that are contributing to uncertainty in an institution and monitoring those trends over time, management can run the business more effectively. While risk can’t always be eliminated, ERM can be there to help an institution manage those risks more efficiently and effectively.

Smith: It sounds like it is helping institutions better manage risk.

Yin:  Right. It may sound like a large overhaul, but it really can be done simply when you do it upfront.  We recommend to clients who are interested in doing some form of ERM work to address the key components of the ERM framework when management presents new initiatives for consideration from the institutional leadership. 

Some components might include canvassing internal environment by using proactive compliance risk assessment, planning objectives that tie to the OIG work plan or other known forces of enforcement. And finally, considering designing an appropriate response throughout this process.

Smith: If an institution is going to undergo the steps as the part of an ERM framework as you've outlined, how can institutions obtain rapid feedback on these types of an inventions that you've just described for risk management?

Yin: It's important to review existing data that was collected during previous years through any type of compliance risk audit, while looking for opportunities rather than really compiling new data. By looking at this data from a proactive, ERM approach as described earlier, institutions can potentially identify ways to manage these risks and save costs by not doing a new risk assessment. 

To give an example, if a university is proposing to acquire a medical center, there are some questions the institutional board might ask itself. For instance: How does this align with the institutional strategy? How would the acquisition benefit the institution? What would be the consequences of not inquiring it?  

The key of obtaining rapid feedback is to keep the ERM effort simple and focus upfront and this will really help ensure that the institution’s longer term strategic plans are all in alignment.

For the full podcast interview, click the button below.

Contact Us

I want to talk to your experts in