UNCW Institutional Risk Management Update Board of Trustees Audit Committee November 20, 2014

UNCW Institutional Risk Management Update

Board of Trustees Audit Committee

November 20, 2014

2

IRM Best Practice Action Steps

1. Develop a disciplined process to consider risk in strategic discussions.2. Designate an owner of the risk identification process.3. Require all top administrators to prioritize risk.4. Sift through the prioritized risks to decide which ones warrant

attention at the highest level.5. Require annual written reports on each high-priority risk being

monitored.6. Re-assess priority risks at the board level at least once a year.7. Look for blind spots.8. Move risk identification deeper into the institution each year.9. Keep repeating the process.

C 2009 Association of Governing Boards of Universities and Colleges, United Educators

3

IRM Organization

IRM Steering Committee

Provost and Vice Chancellor for Academic Affairs

Vice Chancellor for Business Affairs

Vice Chancellor for Student Affairs

General Counsel

Director – Internal Audit

IRM Committee, Chaired by IRM Officer

Academic Affairs (4)

Business Affairs (9)

Student Affairs (2)

Chancellor (2)

University Advancement (1)

Two processes: Tier 1 Profile: Engages leadership

Tier 2 and Emerging Risk Assessment Process: Engages employees across the institution; provides a screening of changing processes; helps the organization to manage interconnected risks.

4

Goals of the Tier 1 Profile (Strategic Risk Profile)

To understand institution-level risks* Correlate those risks to their potential impact on

institutional strategy Measure, monitor and report on those risks to the board

*Institution-level risks are not owned by any one department.

5

Tier 1 Evaluation – Interim Update

IRM Best Practice Action Steps

1. Require annual written reports on each high-priority risk being monitored. (Annual report is in April. November is an interim update.)

2. Keep repeating the process.


6

Interim Tier 1 Update – New Mitigations

Essential Resources • Monitoring and watching state revenues for any downside impact

• Monitoring average student debt and student cohort default rate

Regulatory Intervention• Title IX responsibilities re-organized

• Federal Grant for $300,000 to provide enhancements to victim advocacy services, prevention and intervention teams, as well as bystander intervention programming

• Financial Aid Compliance checklist completed during DOE Program Review of Financial Aid

• Incorporated in the 2014 Annual Security Report (ASR) the requirements of new SaVE Act legislation (Clery Act amendment)

Talent Management • AVC HR search nearing completion

• Key positions filled for Assoc. Provost-Research/Dean, Vice Chancellor for Business Affairs, Dean – College of Arts & Sciences, Controller

• Informal succession planning (by division)

7

Interim Tier 1 Update – New Mitigations (cont’d)

Campus Health & Safety• $300,000 federal grant to enhance prevention and intervention teams as well as bystander

intervention programming

• Active shooter exercise after action report

• Study and proposal to design replacement of fire alarm notification system

• Increased frequency of lab inspections and training

• New and improved touch points between EH&S and new research faculty plus earlier warning of research lab closures

• Updated Communicable disease plan, partnering with area health providers

• Added express shuttle route on Randall Drive to accommodate new apartments off campus

Continuity of Operations• Design proposal received for new code-compliant fire alarm notification system for main campus.

• Design facilities plan for alarm receiving center in progress. (Also a safety item)

• Infrastructure improvements: Performance Contract 2; Stormwater Plan; Randall Library structural improvements; Renovation of S&BS.

8

Identification Cycle for Emerging/Tier 2 Risks

IRM Best Practice Action Steps1. Sift through the prioritized risks to decide which ones

warrant attention at the highest level.2. Move risk identification deeper into the institution each

year.


International Travel

Determine and codify the alternatives for managing the risk analysis and decision-making around non-credit bearing international travel

Executive Sponsors: Provost Battles/VCSA Leonard

Facilitator: Dr. Martin Posey

Ebola

Protocols and partnerships are being established between EH&S, Student Health, EMT’s and local hospitals. An educational and

awareness campaign for our students and employees is ongoing. Procurement and usage of PPE.

Executive Sponsor: VCSA Leonard

Facilitator: Stan Harts

Mental and Physical Health Issues in Remote Programs

Coupled with the review of international travel policies is the degree of partnership with Student Health, evaluating

where this expertise could be leveraged to reduce risks

Executive Sponsors: Provost Battles/VCSA Leonard

Facilitator: Katrin Wesner

Determining which risks warrant attention requires a periodic identification and analysis of emerging and/or tier 2 risks, and evaluation to include completed or planned mitigations

Research Programming and Business Continuity

Review process for new programming. Assess support and requirements for buildings, laboratories, and equipment as well as adequacy of compliance.

Executive Sponsors: Provost Battles/ VCBA Whitfield

Facilitator: Dr. Ron Vetter

Fire Prevention and Preparedness

Fire system upgrades and replacement. Monitoring and reporting systems effective

24/7. Exit drills for academic spaces.

Executive Sponsors: VCBA Whitfield/VCSA Leonard


Pedestrian, Bicycle and Skateboard Safety

Draft policy for on campus. Changes to physical infrastructure, additional shuttle

services, and traffic counts at major intersections.

Executive Sponsors: VCSA Leonard/VCBA Whitfield


Transportation

Inadequate coverage at department level. Coordination with NCDOI affirms controls in

place are appropriate. White paper forthcoming from DOI to define affiliates.

Executive Sponsor: VCBA Whitfield

Facilitator: Pam Elliott

Determining which risks warrant attention requires a periodic identification and analysis of emerging and/or tier 2 risks, and evaluation to include completed or planned mitigations (continued)

PCI ComplianceNational incidents (Target, Home Depot) and average

incurred cost increasing (one source: $200/record).

Controller commissioning study. Updating registers and

contract language. Executive Sponsor: VCBA Whitfield

Facilitator: Sara Thorndike

IT Security Breach Response Plan

Expand our all hazards response planning to include

data breaches. Assess our response to the incident

occurring in 2014.

Executive Sponsors: GC Hoon/VCBA Whitfield

Facilitator: Zach Mitcham

Network and Physical Plant Infrastructure

Our network is in need of significant upgrades,

requiring increased funding. Performance contracts are enabling upgrade of HVAC

and energy monitoring systems.

Executive Sponsor: VCBA Whitfield

Facilitators: Steve Perry and Bob Fraser

Growth Capacity

Analyze the capacity of instruction, facilities and

services. Consider teaching and specialized spaces,

infrastructure and human capital.

Executive Sponsors: Provost Battles, VCBA

Whitfield, VCSA Leonard

Facilitators: Bob Fraser and Dr. Terry Curran

Determining which risks warrant attention requires a periodic identification and analysis of emerging and/or tier 2 risks, and evaluation to include completed or planned mitigations (continued)

Applied LearningApplied learning opportunities (e.g., study abroad, service learning, field research practicum)

introduce a variety of safety and programming

risks. Executive Sponsors: GC Hoon/Provost Battles

Facilitator: Pam Elliott

ADA – eLearning

How we comply with the Americans with Disabilities

Act changes as we increase our e-Learning

programming.

Executive Sponsors: GC Hoon

Facilitators: Dr. Martin Posey/Dr. Cecil Willis/Dr.

Peggy Turner

Financial Aid and Student Debt Cohort Default Rate

The financial demographics of our student population is changing reflective of

larger societal concerns.

Executive Sponsors: VCBA Whitfield/Provost Battles

Facilitators: Sara Thorndike/Dr. Ixchel Baker

Tate

Retention Analytics

Significant efforts and planning are required to

ensure the success of our student body. Analysis to probe who, what and why around student retention.

Executive Sponsors: VCBA Whitfield/Provost Battles

Facilitators: Dr. Martin Posey/Dr. Terry Curran

Determining which risks warrant attention requires a periodic identification and analysis of emerging or Tier 2 risks, and evaluation to include completed or planned mitigations (continued)

Clery Act Compliance

New reporting and education requirements in the Violence Against Women Reauthorization Act / and Campus Sexual Violence Elimination Act (SaVE) Provision (Clery Act amendment).

Executive Sponsors: GC Hoon/VCBA Whitfield

Facilitator: Chief Donaldson

Response Protocols for Incidences of gender-based/sexual misconduct

How we comply with Title IX is constantly evolving since the Dear Colleague letter of April 2011 and continuing legislation and

enforcement.

Executive Sponsors: GC Hoon/VCSA Leonard

Facilitator: Dr. Brian Victor

Determining which risks warrant attention requires a periodic identification and analysis of sufficiently narrow focus in Tier 1 areas. These two items are compliance based and continue to emerge as significant risks.

UNCW Institutional Risk Management UpdateQuestions?

Board of Trustees Audit Committee

15

Tier 1 Risks Evaluations – Interim Update

Volatile Essential Resources – Rated High RiskStrategic Objective

Risk Name Key Drivers Key Risk Indicators Current Mitigations

Minimize the impact of changing resources supporting University mission and goals

Shortfalls in funding with limited time to manage accordingly

Other state policy funding priorities

State withdrawal from continuing and one time needs

Heightened competitiveness for research awardsHeightened competitiveness for out of state students

Limits on available Pell funding

Average student debt

Pressure to increase expenses to meet regulatory mandates

Updating, retrofitting and replacing critical infrastructure

Supporting strategic initiatives

No significant change in the revenue mix

Positive enrollment (higher than expected) for Fall 2014. Housing contracts higher than expected as well.

Continuing decrease in indirect cost receipts

Budget cut more in FY14 than FY13, but less than FY12. 2015-17 Biennium, 2%

Caps on tuition, 5%Caps on financial aid paid with tuition, 15% (UNCW at 12.7%)

Shortfall in state revenues first 2 quarters

Student default rate maintaining after several years rising

• Focused management of research and graduate programs

• New revenue sources

• Improved Moody’s credit rating outlook

• Monitoring and watching out of state enrollment for any downside impact

• Monitoring and watching state revenues for any downside impact

• Monitoring average student debt and student cohort default rate

Risk Issue Tuition limits,

state support, research funding, and outcomes-based policies have the potential to reduce the availability of essential resources

Potential Impact Financial Strategic Operational

16


Regulatory Intervention – Rated High RiskStrategic Objective


Mitigate regulatory compliance risk in an inherently decentralized environment

Inability to comply with all laws and regulations

NationallyIncrease in federal and state regulationsIncreased political scrutinyInstances of culture caught unaware of compliance failureIncreased regulatory oversight and intervention: Accountability for safety Pressure to increase

affordability and efficiency

GovernanceNationally, many states have legislation affecting tuition – freezes, caps and apportionment

UNCWCompliance position turnover

Added responsibilities

DOE: Title IX/Clery Act Nationally, 85 OCR investigations, key Resolution Agreements, federal inquiries, federal “It’s On Us” program, and legislation in several states

DOE program review at UNCW, uptick in Title IX reports (risk of federal complaint)

New reporting and education requirements in the Violence Against Women Reauthorization Act / and Campus Sexual Violence Elimination Act (SaVE) Provision (Clery Act amendment).

Pending rulemaking on federal financial aid

PCI Compliance

• Internal Audits with Compliance Components

• UNC System Coordination

• ITS Assessments

• Increased use of trained fact finders for Title IX investigations

• Title IX responsibilities re-organized

• Federal Grant for $300,000 to provide education and programming

• Financial Aid Compliance checklist completed during DOE Program Review of Financial Aid

• Incorporated in the 2014 Annual Security Report (ASR) the requirements of new SaVE legislation (Clery Amendment)

Risk Issue Deficient

coordination and support

Potential Impact Financial Reputational Operational

17

Tier 1 Risks Evaluations – Interim Update Campus Health & Safety – Rated High Risk

Strategic Objective


Mitigate vulnerability of students, faculty and staff in an open environment

Inability to achieve the safest possible environment in which to learn

Shift in national expectations from shared responsibility to the safest possible environment in which to learn

Title IX, White House “It’s On Us”

Alcohol prevention strategies

Title IX training of mandatory reporters. Title IX training of investigators.

Active shooter threat – increased frequency nationwide

UCLA Lab Incident resulting in personal accountability for faculty member and $4.5 million institutional expense for legal and consulting. Ebola (low likelihood, high impact), meningitis, seasonal flu

Growth in off campus student housing

2012 to 2013 (calendar year), violent crimes increased from 5 to 10; weapons violations decreased; many KRIs constant

Workers’ comp costs up 3.5%

FY14, Student health as self reported by students improved; health center visits increased 11%

FY15 (current year), uptick in Title IX campus reports and investigations

FY12: 0 reportable fires FY13: 1 reportable fire FY14: 2 reportable fire

2014, smoke from malfunctioning lab equipment

Fall 2014, Growth in new off campus housing impacting safety on College Road (150 left turns, 60 bicycles/hour)

Ebola death in US and travel to affected countries

• $300,000 federal grant to enhance victim advocacy services, enhance prevention and intervention teams as well as bystander intervention programming

• Active shooter exercise after action report

• Funding for Dept. of Insurance recommendations; study and proposal to design replacement of fire alarm notification system

• Increased frequency of lab inspections and training.

• New and improved touch points between EH&S and new research faculty plus earlier warning of research lab closures

• Updated Communicable disease plan, partnering with area health providers

• Added express shuttle route on Randall Drive

Risk Issue Expectations

and accountability for safety and health is increasing, and existing resources must meet stronger requirements

Potential Impact Reputationa

l Hazard Operational Financial Compliance

18

Tier 1 Risks Evaluations – Interim Update Talent Management – Rated High Risk

Strategic Objective


Mitigate talent management recruitment and retention risk

Inability to achieve a right-sized, innovative, highly effective workforce

Very limited institutional control over compensation

Stagnant wages, colliding with greater economic mobility

Noncompetitive salary/benefits/startup packages

CounterpointsInstitution Quality and Location

FY12 to FY13, Turnover rose from 9% to 10.8%. The highest numbers were in employees with 0-10 years of service; retirements represented 3.0% of workforce turnover.

Turnover was highest among professionals and paraprofessionals (these two classes represent 52.5% of all turnover and increased from 10.8% to 14.7%)

Faculty turnover is <6%

Leadership turnover is resulting in transitions – several key positions filled, new vacancies

• AVC HR search nearing completion

• Informal succession planning (by division)

• Leadership development (LEAD Program

• Climate surveys

• SPA compensation philosophy

• Key positions filled for Assoc. Provost-Research/Dean, Vice Chancellor for Business Affairs, Dean – College of Arts & Sciences, Controller

Risk Issue High quality

faculty and dedicated staff are essential to delivering the programs and services that best serve 21st century students

Potential Impact Strategic Operational

19


Continuity of Operations – Rated High Risk Strategic Objective


Mitigate impact to students, faculty and staff, facilities and operations on a campus vulnerable to natural disasters

Inability to complete our teaching, research, and service mission following a disaster

Critical restoration abilities rely heavily on redundancy and hardening of critical services, such as power and data

Scientific and computer-based research heavily dependent upon specialized equipment and facilities

Dependency upon provision of supplies and services

Monitoring alarms is a 24/7 responsibility

Mutual aid is key when there is a larger scale event affecting the region

Effectiveness requires developed knowledge, relationships and training of essential personnel

Core mission delivery alternatives aid in recovery

Campus withstood Hurricane Arthur very well with little issues with stormwater

Several temporary failures of fire alarm notification system – (system has since been upgraded to more current technology)

• MARBIONC building with generators – gives campus hardened research centers

• Infrastructure improvements: Performance contract 2 and stormwater plan; renovation of S&BS.

• Eliminated single point of failure for data connection with the addition of MCNC site

• Design proposal received for new code-compliant fire alarm notification system for main campus, and facilities plan for alarm receiving center in progress. (Also a safety item)

• Having a FEMA-approved Pre Hazard Mitigation Plan establishes critical restoration priorities and allows federal reimbursement in a declared disaster

• Relationships with county and UNC system

Risk Issue Continuity of

operations plans are essential to minimizing the severity of impact and related business interruption caused by natural or manmade disasters

Potential Impact Strategic Operational Financial Hazard Reputational

Documents

UNCW Institutional Risk Management Update Board of Trustees Audit Committee November 20, 2014