where innovation is tradition mason initiatives: efficiency & effectiveness enterprise risk...
TRANSCRIPT
Where Innovation Is Tradition1
Mason Initiatives:Efficiency & Effectiveness
Enterprise Risk Management
Beth Brock, Associate VP & Controller
George Mason University
May 21, 2010
Where Innovation Is Tradition2
Agenda
Efficiency & Effectiveness (E&E)• How we got started and the process• Where we are now, observations, questions
Enterprise Risk Management (ERM)• Overview• How we got started and the process• Where we are now, survey, questions
Where Innovation Is Tradition3
E&E Initiative
• Late 2010 - some members of BOV requested• All administrative functions in scope;
academics excluded• Spring 2011 - explored big firm and
boutique/trade assn approaches
Where Innovation Is Tradition4
E&E Study Advice
Do not underestimate:• Disruption in workplace• Time and effort to do properly• Impact on employee moral
Expect to make an investment
Where Innovation Is Tradition5
E&E Evolution
Issued RFP for benchmarking services in seven administrative areas:
• Auxiliaries & Affiliated Entities• Facilities• Information Technology• Purchasing• Enrollment Services• Human Resources• Accounting & Finance
Where Innovation Is Tradition6
RFP for Benchmarking Services
• Selection criteria emphasized higher ed experience, recommended benchmarks required
• Goal - inform a decision on areas for E&E review• Search committee: Controller; Director IA&MS;
Fiscal Projects Director• Two firms selected for oral presentations• Senior VP and Chief of Staff attended orals
Where Innovation Is Tradition7
Benchmarking Project
Huron Consulting selected for 3-4 month project:• Reviewed data on budgets and staffing• Interviewed unit heads• Confirmed benchmarks• Performed benchmarking and analysis• Delivered final report – functioning efficiently and
effectively• Discussing next phase for some opportunities
Where Innovation Is Tradition8
Efficiency & Effectiveness
Observations and Questions
Where Innovation Is Tradition9
ERM Defined
Enterprise Risk Management (ERM) is generally defined as:
a process, effected by an entity’s board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risks to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives1.
1Standard ERM Model content adapted from: Committee of Sponsoring Organizations of the Treadway Commission
Where Innovation Is Tradition10
ERM Framework
Categorization of risks:• Strategic – organizational goals• Operations – executing objectives• Financial/Reporting – safeguarding assets• Compliance – adherence with laws and regs.• Reputational – public image• Cultural – character of university and personnel
Where Innovation Is Tradition11
ERM Initiative at Mason
• Late 2009 - BOV interested in risks other than financial risks
• Spring 2010 - Controller’s office and IA&MS collaborated to survey approx. 80 unit heads
• Responses reviewed, consolidated, reviewed again, 32 items presented to BOV
Where Innovation Is Tradition12
ERM Evolution
• Funding for next steps in FY11 budget• Issued RFP for assistance with designing a
sustainable ERM program• Responses from 14 firms; orals from 5• Sr. VP and Chief of Staff attended orals
Where Innovation Is Tradition13
ERM Project
Huron Consulting selected late 2010
Extensive data requests:
Org charts, audit reports, draft audit findings, budgets, IA&MS work plans, list of affiliates, strategic and/or business plans for IT, research, student, finance, President’s initiatives, ERM work to date
Where Innovation Is Tradition14
Huron Phase I
• Evaluated data • Met with about 25 unit heads• Identified common risks at other
institutions• Assigned one or more of 6 framework
categories • Assigned functional area: facilities, safety,
IT, academic, research, fiscal, HR, etc.
Where Innovation Is Tradition15
Assigning Risk Factors
Evaluated each risk using five factors:
1. External environment – e.g., federal regs
2. Reputational risk – level of public visibility
3. Financial exposure – e.g., budget, penalties
4. Vulnerability – likelihood of occurrence
5. Internal controls risk assessment
Where Innovation Is Tradition16
Ranking our Risks
• Used the collective high, medium, low scores for each factor to assign a relative impact score to each
• 40 risks prioritized as highest, high, medium• Eleven highest priority include fraud, research
compliance, succession planning• Phase I deliverable – modified risk inventory
Where Innovation Is Tradition17
ERM Implementation Plan
• Huron phase 2 deliverables:• Recommended organizational structure• Reviewed policies, provided gap analysis• Provided executive level reporting format
(heat map)• Provided risk mitigation strategy guidance
Where Innovation Is Tradition18
Hiring a Chief Risk Officer
• New admin. faculty position, reporting to Sr. VP• Advertised late November 2011 - late January 2012• Committee: Controller, Director IA&MS, Projects
Director, Assoc. Dean College of Science• About 45 applicants, 3 selected for interview• Reopened search April 2012
Where Innovation Is Tradition19
Interim Efforts
• Applying the committee-based organizational model
• Functional managers appointed to committee• Will develop mitigation strategies for highest
priority risks• Will update risk inventory, determine factors
for assessing relative degrees of risk
Where Innovation Is Tradition20
Audience Survey Question #1
Q: How has your institution’s approach to risk management changed over the past two years?
1. Significantly increased time and resources devoted to risk management
2. Somewhat increased time and resources devoted
3. Made few or no changes to risk-mgmt approach
4. Decreased time and resources devoted
Where Innovation Is Tradition21
Survey by CFO Magazine Q#1
Where Innovation Is Tradition22
Audience Survey Question #2
Q: Who in your institution is most responsible for risk oversight?
1. CFO 5. Board of Visitors
2. President 6. Audit Committee
3. Risk committee 7. Director, Internal Audit
4. CRO
Where Innovation Is Tradition23
Survey by CFO Magazine Q#2
Where Innovation Is Tradition24
Audience Survey Question #3
Q: Which would you say is the single biggest impediment to improved risk management within your institution?
1. Commitment of time/resources 5. N/A, adequate risk mgmt
2. Internal expertise 6. Implement. methodology
3. No clear mandate from top 7. Lack of IT system to
4. Organizational structure address risk mgmt.
Where Innovation Is Tradition25
Survey by CFO Magazine Q#3
Where Innovation Is Tradition26
Enterprise Risk Management
Observations and Questions
Contact information: Beth Brock
[email protected] 703-993-2660