Conducting an ERM Evaluation

Institutions of higher education face a number of challenges in today’s highly competitive business and social climate: reputational risk, obsolescence, tuition revenue dependence, campus crises, cyber-attacks. I could go on, but you get the idea. If your institution is sophisticated in risk management, you probably have a process in place to compile these issues, among others, into a risk inventory. But are you really getting the most out of your process? Is it effective and efficient?

Institutions should periodically conduct reviews of enterprise risk management (ERM) processes to determine if the right personnel and systems are in place to effectively identify and manage risks. Internal Audit can be a great resource, but if that’s not currently an option, here are some questions that will get the ball rolling:

  • Does our system support current risk evaluation and reporting processes? Are we even using an ERM system?
  • Do we have all of the right people involved in the process? Is our ERM leadership appropriate and effective?
  • Are our identified risks consistently ranked across departments, divisions, etc.?
  • Are we considering new/emerging risks? If so, are those risks identified in a timely manner?
  • Are we challenging identified risks?
  • Are we communicating identified risks to the right individuals?
  • Does our ERM process allow us to seize new opportunities?
  • Are we performing a significant portion of the process manually? Could we automate some parts of the process with enhanced system reliance or with a new system?
  • Are we able to measure achievement of strategic objectives and goals?
  • Are we collecting proprietary or sensitive information? If so, is it stored in a secure manner?

It’s important to remember that ERM is not just a mechanism to collect risks in one place, but rather a highly valuable tool to view, assess and address risks across your entire institution. When managed properly, ERM should provide benefits like improved decision-making capabilities, more effective strategic and operational planning, greater stakeholder confidence and enhanced organizational resilience.

If you’re looking to conduct an evaluation of your ERM processes, Schneider Downs Risk Advisory Services group can help. Contact us at [email protected]

You’ve heard our thoughts… We’d like to hear yours

The Schneider Downs Our Thoughts On blog exists to create a dialogue on issues that are important to organizations and individuals. While we enjoy sharing our ideas and insights, we’re especially interested in what you may have to say. If you have a question or a comment about this article – or any article from the Our Thoughts On blog – we hope you’ll share it with us. After all, a dialogue is an exchange of ideas, and we’d like to hear from you. Email us at [email protected].

Material discussed is meant for informational purposes only, and it is not to be construed as investment, tax, or legal advice. Please note that individual situations can vary. Therefore, this information should be relied upon when coordinated with individual professional advice.

© 2022 Schneider Downs. All rights-reserved. All content on this site is property of Schneider Downs unless otherwise noted and should not be used without written permission.

our thoughts on
What Should a Service Organization Consider When Determining Its SOC Report Testing Period?
Lincoln College Closes Due to Ransomware Attack
Benefits of a Contract Lifecycle Management System
Changes in Athletics with the New NCAA Constitution Approval
Higher Education Institutions Looking to Cryptocurrency for Future Gift Acceptance Considerations
Public University Research Infrastructure Credit
Register to receive our weekly newsletter with our most recent columns and insights.
Have a question? Ask us!

We’d love to hear from you. Drop us a note, and we’ll respond to you as quickly as possible.

Ask us
contact us

This site uses cookies to ensure that we give you the best user experience. Cookies assist in navigation, analyzing traffic and in our marketing efforts as described in our Privacy Policy.