Download - May 18, 2009
![Page 1: May 18, 2009](https://reader035.vdocuments.mx/reader035/viewer/2022062520/56815a9b550346895dc81b75/html5/thumbnails/1.jpg)
MAY 18, 2009
Linda Anderson Carnegie Mellon University
EASFAAEnterprise Risk Management
and theFinancial Aid Office
![Page 2: May 18, 2009](https://reader035.vdocuments.mx/reader035/viewer/2022062520/56815a9b550346895dc81b75/html5/thumbnails/2.jpg)
2
Definition: “…a process effected by an entity’s board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may effect the entity, and manage risk, to provide reasonable assurance regarding the achievement of entity objectives.”
Need to think of risk as a strategy and manage it as a bottom line driver.
ERM: Enterprise Risk Management
![Page 3: May 18, 2009](https://reader035.vdocuments.mx/reader035/viewer/2022062520/56815a9b550346895dc81b75/html5/thumbnails/3.jpg)
3
Risk is any issue that impacts an organization’s ability to meet its objectives.
Risk management is: A process of understanding, evaluating and taking action on
risks. Systematic and supports accountability. A process that considers the external and internal
environment. Need to define the risks which could impact our ability to
achieve our strategic objectives. Need to assess probability and impact of risk.
Risk Management
![Page 4: May 18, 2009](https://reader035.vdocuments.mx/reader035/viewer/2022062520/56815a9b550346895dc81b75/html5/thumbnails/4.jpg)
4
Purpose of the Project: to enable Management and the Board of Trustees to understand the types of risks facing the university, current methods to address risks, and mitigation steps.
Risk Management: Purpose
![Page 5: May 18, 2009](https://reader035.vdocuments.mx/reader035/viewer/2022062520/56815a9b550346895dc81b75/html5/thumbnails/5.jpg)
5
University Compliance and Risk Committee
Senior Director of University Risk Management Committee comprised of Departmental Directors Quarterly Committee Reporting and Review
Risk Management: University Structure
![Page 6: May 18, 2009](https://reader035.vdocuments.mx/reader035/viewer/2022062520/56815a9b550346895dc81b75/html5/thumbnails/6.jpg)
6
Strategic: High level goals aligned with and supporting the college’s mission.
Operational: Effective and efficient use of resources. Reporting: Reliability of external and internal reporting. Compliance: Compliance with applicable laws and
regulations. Reputational: Damage caused by any of the above four
that impacts how the university is valued or perceived.
5 Categories of Risk
![Page 7: May 18, 2009](https://reader035.vdocuments.mx/reader035/viewer/2022062520/56815a9b550346895dc81b75/html5/thumbnails/7.jpg)
7
Internal: Compliance is one of several categories: Institutional compliance concepts:
Coordination of compliance responsibilities through a formalized structure and network of functional compliance specialists.
Identify, assess and mitigate and monitor risk priorities and solutions.
Clarification and strengthen accountabilities for traditional functional compliance responsibilities.
Need to assign responsibility of risk management.
Risks in Higher Education: Internal Compliance
![Page 8: May 18, 2009](https://reader035.vdocuments.mx/reader035/viewer/2022062520/56815a9b550346895dc81b75/html5/thumbnails/8.jpg)
8
Define Objectives: determine risk objectives. Identify Events: which events could adversely impact risk objectives. Estimate Probability:/Likelihood that a risk will occur. Estimate Impact: negative impact resulting in potential University
financial losses and or reputational losses. Preliminary Risk Assessment: the risk of an event considering probability,
impact and existing policies and procedures and controls. Planned Risk Mitigation strategy: additional control procedures to
alleviate the preliminary risk assessment. Assess Residual Risks: the remaining risk subsequent to risk management
controls.
Financial Aid Office: Development of a Compliance Risk Profile
![Page 9: May 18, 2009](https://reader035.vdocuments.mx/reader035/viewer/2022062520/56815a9b550346895dc81b75/html5/thumbnails/9.jpg)
9
Financial Aid Strategy Financial Aid Compliance: federal and state
regulations. OMB A-133 Compliance FERPA,GLB HEOA of 2008 ARRA: 2009 HCERA: 2010
Possible Areas for Consideration in the Financial Aid Office:
![Page 10: May 18, 2009](https://reader035.vdocuments.mx/reader035/viewer/2022062520/56815a9b550346895dc81b75/html5/thumbnails/10.jpg)
10
Enrollment Growth Management. Financial Aid Compliance: Donor Restrictions. Student Records Management. Installation of new financial aid software/system. Institutional Loan Programs and Risk Assessment,
reserve for probable loan defaults. Increase in student loan defaults due to regulatory
changes.
Possible Areas for Consideration in the Financial Aid Office:
![Page 11: May 18, 2009](https://reader035.vdocuments.mx/reader035/viewer/2022062520/56815a9b550346895dc81b75/html5/thumbnails/11.jpg)
Definitions for Template Design and Use
Event: incident or occurrence that could affect the achievement of objectives (including compliance with regulations and policies.
Existing Policies and Procedures Probability/Likelihood: Qualitative measure
of the possibility that an event will occur within a 3 year timeframe. (likely, possible, unlikely, rare)
![Page 12: May 18, 2009](https://reader035.vdocuments.mx/reader035/viewer/2022062520/56815a9b550346895dc81b75/html5/thumbnails/12.jpg)
Definitions for Template Design and Use
Impact: measured financial and reputational impact; consider materiality and level of management concerns. (extreme, high, medium, low, negligible)
Preliminary Risk Assessment Planned Risk Mitigation Strategy Net Residual Risk Assessment
![Page 13: May 18, 2009](https://reader035.vdocuments.mx/reader035/viewer/2022062520/56815a9b550346895dc81b75/html5/thumbnails/13.jpg)
13
Financial Aid Office Compliance Risk Assessment Template
![Page 14: May 18, 2009](https://reader035.vdocuments.mx/reader035/viewer/2022062520/56815a9b550346895dc81b75/html5/thumbnails/14.jpg)
14
Financial Aid Office Compliance Risk Assessment Template
![Page 15: May 18, 2009](https://reader035.vdocuments.mx/reader035/viewer/2022062520/56815a9b550346895dc81b75/html5/thumbnails/15.jpg)
15
Financial Aid Office Compliance Risk Assessment Template
![Page 16: May 18, 2009](https://reader035.vdocuments.mx/reader035/viewer/2022062520/56815a9b550346895dc81b75/html5/thumbnails/16.jpg)
16
Financial Aid Office Compliance Risk Assessment Template
![Page 17: May 18, 2009](https://reader035.vdocuments.mx/reader035/viewer/2022062520/56815a9b550346895dc81b75/html5/thumbnails/17.jpg)
17
Financial Aid Office Operational Risk Assessment Template
![Page 18: May 18, 2009](https://reader035.vdocuments.mx/reader035/viewer/2022062520/56815a9b550346895dc81b75/html5/thumbnails/18.jpg)
18
Implementation of new regulations do not necessarily constitute an ‘event’.
Intersection of events among offices. Compliance and Operational events. Requires quarterly discussions and updating. A positive tool for Staff, Management and Audit
Committees An enterprise wide strategy.
Recommendations and Summary: