Upload
skyler-denmark
View
215
Download
0
Tags:
Embed Size (px)
Citation preview
UNCW Institutional Risk Management Update
Board of Trustees Audit Committee
November 20, 2014
2
IRM Best Practice Action Steps
1. Develop a disciplined process to consider risk in strategic discussions.2. Designate an owner of the risk identification process.3. Require all top administrators to prioritize risk.4. Sift through the prioritized risks to decide which ones warrant
attention at the highest level.5. Require annual written reports on each high-priority risk being
monitored.6. Re-assess priority risks at the board level at least once a year.7. Look for blind spots.8. Move risk identification deeper into the institution each year.9. Keep repeating the process.
C 2009 Association of Governing Boards of Universities and Colleges, United Educators
3
IRM Organization
IRM Steering Committee
Provost and Vice Chancellor for Academic Affairs
Vice Chancellor for Business Affairs
Vice Chancellor for Student Affairs
General Counsel
Director – Internal Audit
IRM Committee, Chaired by IRM Officer
Academic Affairs (4)
Business Affairs (9)
Student Affairs (2)
Chancellor (2)
University Advancement (1)
Two processes: Tier 1 Profile: Engages leadership
Tier 2 and Emerging Risk Assessment Process: Engages employees across the institution; provides a screening of changing processes; helps the organization to manage interconnected risks.
4
Goals of the Tier 1 Profile (Strategic Risk Profile)
To understand institution-level risks* Correlate those risks to their potential impact on
institutional strategy Measure, monitor and report on those risks to the board
*Institution-level risks are not owned by any one department.
5
Tier 1 Evaluation – Interim Update
IRM Best Practice Action Steps
1. Require annual written reports on each high-priority risk being monitored. (Annual report is in April. November is an interim update.)
2. Keep repeating the process.
C 2009 Association of Governing Boards of Universities and Colleges, United Educators
6
Interim Tier 1 Update – New Mitigations
Essential Resources • Monitoring and watching state revenues for any downside impact
• Monitoring average student debt and student cohort default rate
Regulatory Intervention• Title IX responsibilities re-organized
• Federal Grant for $300,000 to provide enhancements to victim advocacy services, prevention and intervention teams, as well as bystander intervention programming
• Financial Aid Compliance checklist completed during DOE Program Review of Financial Aid
• Incorporated in the 2014 Annual Security Report (ASR) the requirements of new SaVE Act legislation (Clery Act amendment)
Talent Management • AVC HR search nearing completion
• Key positions filled for Assoc. Provost-Research/Dean, Vice Chancellor for Business Affairs, Dean – College of Arts & Sciences, Controller
• Informal succession planning (by division)
7
Interim Tier 1 Update – New Mitigations (cont’d)
Campus Health & Safety• $300,000 federal grant to enhance prevention and intervention teams as well as bystander
intervention programming
• Active shooter exercise after action report
• Study and proposal to design replacement of fire alarm notification system
• Increased frequency of lab inspections and training
• New and improved touch points between EH&S and new research faculty plus earlier warning of research lab closures
• Updated Communicable disease plan, partnering with area health providers
• Added express shuttle route on Randall Drive to accommodate new apartments off campus
Continuity of Operations• Design proposal received for new code-compliant fire alarm notification system for main campus.
• Design facilities plan for alarm receiving center in progress. (Also a safety item)
• Infrastructure improvements: Performance Contract 2; Stormwater Plan; Randall Library structural improvements; Renovation of S&BS.
8
Identification Cycle for Emerging/Tier 2 Risks
IRM Best Practice Action Steps1. Sift through the prioritized risks to decide which ones
warrant attention at the highest level.2. Move risk identification deeper into the institution each
year.
C 2009 Association of Governing Boards of Universities and Colleges, United Educators
International Travel
Determine and codify the alternatives for managing the risk analysis and decision-making around non-credit bearing international travel
Executive Sponsors: Provost Battles/VCSA Leonard
Facilitator: Dr. Martin Posey
Ebola
Protocols and partnerships are being established between EH&S, Student Health, EMT’s and local hospitals. An educational and
awareness campaign for our students and employees is ongoing. Procurement and usage of PPE.
Executive Sponsor: VCSA Leonard
Facilitator: Stan Harts
Mental and Physical Health Issues in Remote Programs
Coupled with the review of international travel policies is the degree of partnership with Student Health, evaluating
where this expertise could be leveraged to reduce risks
Executive Sponsors: Provost Battles/VCSA Leonard
Facilitator: Katrin Wesner
Determining which risks warrant attention requires a periodic identification and analysis of emerging and/or tier 2 risks, and evaluation to include completed or planned mitigations
Research Programming and Business Continuity
Review process for new programming. Assess support and requirements for buildings, laboratories, and equipment as well as adequacy of compliance.
Executive Sponsors: Provost Battles/ VCBA Whitfield
Facilitator: Dr. Ron Vetter
Fire Prevention and Preparedness
Fire system upgrades and replacement. Monitoring and reporting systems effective
24/7. Exit drills for academic spaces.
Executive Sponsors: VCBA Whitfield/VCSA Leonard
Facilitator: Stan Harts
Pedestrian, Bicycle and Skateboard Safety
Draft policy for on campus. Changes to physical infrastructure, additional shuttle
services, and traffic counts at major intersections.
Executive Sponsors: VCSA Leonard/VCBA Whitfield
Facilitator: Stan Harts
Transportation
Inadequate coverage at department level. Coordination with NCDOI affirms controls in
place are appropriate. White paper forthcoming from DOI to define affiliates.
Executive Sponsor: VCBA Whitfield
Facilitator: Pam Elliott
Determining which risks warrant attention requires a periodic identification and analysis of emerging and/or tier 2 risks, and evaluation to include completed or planned mitigations (continued)
PCI ComplianceNational incidents (Target, Home Depot) and average
incurred cost increasing (one source: $200/record).
Controller commissioning study. Updating registers and
contract language. Executive Sponsor: VCBA Whitfield
Facilitator: Sara Thorndike
IT Security Breach Response Plan
Expand our all hazards response planning to include
data breaches. Assess our response to the incident
occurring in 2014.
Executive Sponsors: GC Hoon/VCBA Whitfield
Facilitator: Zach Mitcham
Network and Physical Plant Infrastructure
Our network is in need of significant upgrades,
requiring increased funding. Performance contracts are enabling upgrade of HVAC
and energy monitoring systems.
Executive Sponsor: VCBA Whitfield
Facilitators: Steve Perry and Bob Fraser
Growth Capacity
Analyze the capacity of instruction, facilities and
services. Consider teaching and specialized spaces,
infrastructure and human capital.
Executive Sponsors: Provost Battles, VCBA
Whitfield, VCSA Leonard
Facilitators: Bob Fraser and Dr. Terry Curran
Determining which risks warrant attention requires a periodic identification and analysis of emerging and/or tier 2 risks, and evaluation to include completed or planned mitigations (continued)
Applied LearningApplied learning opportunities (e.g., study abroad, service learning, field research practicum)
introduce a variety of safety and programming
risks. Executive Sponsors: GC Hoon/Provost Battles
Facilitator: Pam Elliott
ADA – eLearning
How we comply with the Americans with Disabilities
Act changes as we increase our e-Learning
programming.
Executive Sponsors: GC Hoon
Facilitators: Dr. Martin Posey/Dr. Cecil Willis/Dr.
Peggy Turner
Financial Aid and Student Debt Cohort Default Rate
The financial demographics of our student population is changing reflective of
larger societal concerns.
Executive Sponsors: VCBA Whitfield/Provost Battles
Facilitators: Sara Thorndike/Dr. Ixchel Baker
Tate
Retention Analytics
Significant efforts and planning are required to
ensure the success of our student body. Analysis to probe who, what and why around student retention.
Executive Sponsors: VCBA Whitfield/Provost Battles
Facilitators: Dr. Martin Posey/Dr. Terry Curran
Determining which risks warrant attention requires a periodic identification and analysis of emerging or Tier 2 risks, and evaluation to include completed or planned mitigations (continued)
Clery Act Compliance
New reporting and education requirements in the Violence Against Women Reauthorization Act / and Campus Sexual Violence Elimination Act (SaVE) Provision (Clery Act amendment).
Executive Sponsors: GC Hoon/VCBA Whitfield
Facilitator: Chief Donaldson
Response Protocols for Incidences of gender-based/sexual misconduct
How we comply with Title IX is constantly evolving since the Dear Colleague letter of April 2011 and continuing legislation and
enforcement.
Executive Sponsors: GC Hoon/VCSA Leonard
Facilitator: Dr. Brian Victor
Determining which risks warrant attention requires a periodic identification and analysis of sufficiently narrow focus in Tier 1 areas. These two items are compliance based and continue to emerge as significant risks.
UNCW Institutional Risk Management UpdateQuestions?
Board of Trustees Audit Committee
15
Tier 1 Risks Evaluations – Interim Update
Volatile Essential Resources – Rated High RiskStrategic Objective
Risk Name Key Drivers Key Risk Indicators Current Mitigations
Minimize the impact of changing resources supporting University mission and goals
Shortfalls in funding with limited time to manage accordingly
Other state policy funding priorities
State withdrawal from continuing and one time needs
Heightened competitiveness for research awardsHeightened competitiveness for out of state students
Limits on available Pell funding
Average student debt
Pressure to increase expenses to meet regulatory mandates
Updating, retrofitting and replacing critical infrastructure
Supporting strategic initiatives
No significant change in the revenue mix
Positive enrollment (higher than expected) for Fall 2014. Housing contracts higher than expected as well.
Continuing decrease in indirect cost receipts
Budget cut more in FY14 than FY13, but less than FY12. 2015-17 Biennium, 2%
Caps on tuition, 5%Caps on financial aid paid with tuition, 15% (UNCW at 12.7%)
Shortfall in state revenues first 2 quarters
Student default rate maintaining after several years rising
• Focused management of research and graduate programs
• New revenue sources
• Improved Moody’s credit rating outlook
• Monitoring and watching out of state enrollment for any downside impact
• Monitoring and watching state revenues for any downside impact
• Monitoring average student debt and student cohort default rate
Risk Issue Tuition limits,
state support, research funding, and outcomes-based policies have the potential to reduce the availability of essential resources
Potential Impact Financial Strategic Operational
16
Tier 1 Risks Evaluations – Interim Update
Regulatory Intervention – Rated High RiskStrategic Objective
Risk Name Key Drivers Key Risk Indicators Current Mitigations
Mitigate regulatory compliance risk in an inherently decentralized environment
Inability to comply with all laws and regulations
NationallyIncrease in federal and state regulationsIncreased political scrutinyInstances of culture caught unaware of compliance failureIncreased regulatory oversight and intervention: Accountability for safety Pressure to increase
affordability and efficiency
GovernanceNationally, many states have legislation affecting tuition – freezes, caps and apportionment
UNCWCompliance position turnover
Added responsibilities
DOE: Title IX/Clery Act Nationally, 85 OCR investigations, key Resolution Agreements, federal inquiries, federal “It’s On Us” program, and legislation in several states
DOE program review at UNCW, uptick in Title IX reports (risk of federal complaint)
New reporting and education requirements in the Violence Against Women Reauthorization Act / and Campus Sexual Violence Elimination Act (SaVE) Provision (Clery Act amendment).
Pending rulemaking on federal financial aid
PCI Compliance
• Internal Audits with Compliance Components
• UNC System Coordination
• ITS Assessments
• Increased use of trained fact finders for Title IX investigations
• Title IX responsibilities re-organized
• Federal Grant for $300,000 to provide education and programming
• Financial Aid Compliance checklist completed during DOE Program Review of Financial Aid
• Incorporated in the 2014 Annual Security Report (ASR) the requirements of new SaVE legislation (Clery Amendment)
Risk Issue Deficient
coordination and support
Potential Impact Financial Reputational Operational
17
Tier 1 Risks Evaluations – Interim Update Campus Health & Safety – Rated High Risk
Strategic Objective
Risk Name Key Drivers Key Risk Indicators Current Mitigations
Mitigate vulnerability of students, faculty and staff in an open environment
Inability to achieve the safest possible environment in which to learn
Shift in national expectations from shared responsibility to the safest possible environment in which to learn
Title IX, White House “It’s On Us”
Alcohol prevention strategies
Title IX training of mandatory reporters. Title IX training of investigators.
Active shooter threat – increased frequency nationwide
UCLA Lab Incident resulting in personal accountability for faculty member and $4.5 million institutional expense for legal and consulting. Ebola (low likelihood, high impact), meningitis, seasonal flu
Growth in off campus student housing
2012 to 2013 (calendar year), violent crimes increased from 5 to 10; weapons violations decreased; many KRIs constant
Workers’ comp costs up 3.5%
FY14, Student health as self reported by students improved; health center visits increased 11%
FY15 (current year), uptick in Title IX campus reports and investigations
FY12: 0 reportable fires FY13: 1 reportable fire FY14: 2 reportable fire
2014, smoke from malfunctioning lab equipment
Fall 2014, Growth in new off campus housing impacting safety on College Road (150 left turns, 60 bicycles/hour)
Ebola death in US and travel to affected countries
• $300,000 federal grant to enhance victim advocacy services, enhance prevention and intervention teams as well as bystander intervention programming
• Active shooter exercise after action report
• Funding for Dept. of Insurance recommendations; study and proposal to design replacement of fire alarm notification system
• Increased frequency of lab inspections and training.
• New and improved touch points between EH&S and new research faculty plus earlier warning of research lab closures
• Updated Communicable disease plan, partnering with area health providers
• Added express shuttle route on Randall Drive
Risk Issue Expectations
and accountability for safety and health is increasing, and existing resources must meet stronger requirements
Potential Impact Reputationa
l Hazard Operational Financial Compliance
18
Tier 1 Risks Evaluations – Interim Update Talent Management – Rated High Risk
Strategic Objective
Risk Name Key Drivers Key Risk Indicators Current Mitigations
Mitigate talent management recruitment and retention risk
Inability to achieve a right-sized, innovative, highly effective workforce
Very limited institutional control over compensation
Stagnant wages, colliding with greater economic mobility
Noncompetitive salary/benefits/startup packages
CounterpointsInstitution Quality and Location
FY12 to FY13, Turnover rose from 9% to 10.8%. The highest numbers were in employees with 0-10 years of service; retirements represented 3.0% of workforce turnover.
Turnover was highest among professionals and paraprofessionals (these two classes represent 52.5% of all turnover and increased from 10.8% to 14.7%)
Faculty turnover is <6%
Leadership turnover is resulting in transitions – several key positions filled, new vacancies
• AVC HR search nearing completion
• Informal succession planning (by division)
• Leadership development (LEAD Program
• Climate surveys
• SPA compensation philosophy
• Key positions filled for Assoc. Provost-Research/Dean, Vice Chancellor for Business Affairs, Dean – College of Arts & Sciences, Controller
Risk Issue High quality
faculty and dedicated staff are essential to delivering the programs and services that best serve 21st century students
Potential Impact Strategic Operational
19
Tier 1 Risks Evaluations – Interim Update
Continuity of Operations – Rated High Risk Strategic Objective
Risk Name Key Drivers Key Risk Indicators Current Mitigations
Mitigate impact to students, faculty and staff, facilities and operations on a campus vulnerable to natural disasters
Inability to complete our teaching, research, and service mission following a disaster
Critical restoration abilities rely heavily on redundancy and hardening of critical services, such as power and data
Scientific and computer-based research heavily dependent upon specialized equipment and facilities
Dependency upon provision of supplies and services
Monitoring alarms is a 24/7 responsibility
Mutual aid is key when there is a larger scale event affecting the region
Effectiveness requires developed knowledge, relationships and training of essential personnel
Core mission delivery alternatives aid in recovery
Campus withstood Hurricane Arthur very well with little issues with stormwater
Several temporary failures of fire alarm notification system – (system has since been upgraded to more current technology)
• MARBIONC building with generators – gives campus hardened research centers
• Infrastructure improvements: Performance contract 2 and stormwater plan; renovation of S&BS.
• Eliminated single point of failure for data connection with the addition of MCNC site
• Design proposal received for new code-compliant fire alarm notification system for main campus, and facilities plan for alarm receiving center in progress. (Also a safety item)
• Having a FEMA-approved Pre Hazard Mitigation Plan establishes critical restoration priorities and allows federal reimbursement in a declared disaster
• Relationships with county and UNC system
Risk Issue Continuity of
operations plans are essential to minimizing the severity of impact and related business interruption caused by natural or manmade disasters
Potential Impact Strategic Operational Financial Hazard Reputational