Transcription
Enterprise Risk Management for Independent SchoolsCAIS Trustee/ School Heads ConferenceWestin St. FrancisJanuary 25-26, 2014Ronald C. Wanglin, CIC, CSRMChairman of the BoardBolton & CompanyDenise K. GutchesPresidentDKG Consulting, Inc.
Historical Perspective No coordinated model for dealing with risk to the school Traditional solution was to purchase insurance and/orassume risk in-house More recently, educational institutions have establishedformal risk management committees Enterprise Risk Management (ERM) evolves to provide aholistic model for managing financial risk
Enterprise Risk Management5 types of risk schools should address in a comprehensive ERM:1.Strategic Risk that affects an organization’s ability to achieveit’s goals.2.Financial Risk that may result in a loss of assets.3.Operational Risk that affects on ongoing managementprocess.4.Compliance Risk that relates to externally imposed laws andregulations as well as with internally imposed policies andprocedures concerning safety, conflict of interest and the like.5.Reputational Risk that affects a school’s reputation, brand orboth.
Enterprise Risk ManagementRisk can affect the entire school and covers a broadspectrum of exposure: Financial Competitive Operational Strategic Technological Litigation Environmental Reputational Regulatory Political Compliance Cultural
Responsibility for Implementing ERMBoard of Trustees ExecutiveCommittee FinanceCommittee Audit CommitteeSchool Management Risk ManagementCommittee Head of School Business Officer Division Heads Operations/FacilitiesManager Human Resources
Implementing ERMThe Audit Committee’s Role:1.Determine whether the school has appropriate policiesin place to minimize risk2.Regular assessment of financial risk and exposure3.Assure adequate funding for staffing and facilitiesmaintenance/repairs to minimize risk4.Require annual reporting/updating of riskmanagement program5.Conduct a Risk Management Audit
Implementing ERMThe Head of School’s Role1. Promote risk management throughout the schoolcommunity2. Ensure that risk management is delegated to theappropriate individuals within the organization3. Monitor the program and keeping the Board apprisedof its implementation
Implementing ERMThe Business Officer’s Role Key player in the risk assessment, implementationand management process, primarily for: Financial Human Resources Facilities
Identifying & Managing RiskInternal Risk Management Audit:Ten Key Areas of Focus1.Board Oversight on Fiduciary Matters2.Financial and Accounting Policies3.Student Programs and Activities4.Facilities Management - maintenance, safety, security5.Human Resources - employment practices, handbooks, recordsmanagement
Identifying & Managing Risk6.Legal compliance - report filings, contracts7.Technology - internal controls, safeguarding data & assets8.Admissions - services, activities and policies9.Fundraising - services, activities and policies10. Environmental - indoor air quality, noise, lighting hazardousmaterials
Identifying & Managing Risk1.Identify and analyze lossexposures2.Examine alternative riskmanagement techniques3.Select Risk Managementtechniques4.Implement RiskManagement techniques5.Monitor resultsIdentifyExposures& ExamineRiskMgmtTechniquesSelect &ImplementRiskManagementTechniqueMonitorResults
Identifying & Managing RiskIdentify Degree of RiskExposureDetermine Risk ManagementApproachNoneRetain/ControlMinimalRetain /Control OR InsureTolerableRetain/Control OR InsureFrequentRetain/Control OR Transfer OR InsureSevereTransfer OR Insure OR AvoidUnknownInsure OR Avoid
Risk Management Audit & Risk AssessmentPotentialRisk AreaType ofExposureLikelihood of Extent ofExposure(1) handlingof cashtransactionsMinimal due 20,000to checks egal(1) Rate: none; minimal; tolerable; frequent; severe; unknown(2) Avoid; Retain/Control; Transfer; Insure
Risk Management & Insurance Audit Existing Insurance and Risk ManagementProgram Benchmark Existing Coverage and Limits Evaluate Assumption of Risk Self Insurance Deductibles Risk Retention Groups
ERM Best Practices1. Place on the Board’s strategic agenda2. Employ long-term thinking - proactive notreactive3. Establish an Audit Committee or Clarify AuditCommittee’s Role in Risk Management Oversight4. Conduct Internal Risk Management Audit andUpdate Annually
ERM Best Practices5. Implement critical policies and update regularly6. Conduct Insurance Risk Management Audit7. Review and benchmark results on a “peer topeer” basis8. Review and benchmark employeebenefits/retirement plans9. Consider Impact of Health Care Reform onMedical Plans (Grandfathered Status)
ERM Best PracticesPolicies Critical for Schools: Annual Audit PolicyConflict of InterestWhistleblowerDocument Retention/ManagementBanking and Cash ManagementFundraising—Gift Acceptance and Gift ManagementEndowment Investment Management and SpendingPersonnel and Employment PracticesFinancial Aid and Tuition AssistanceFacilities Management
Current Critical Issues in ERMEthics and Risk Management Tone at the Top - management’s ethics and integrityare unimpeachable and tone permeates organizationConflicts of Interest Policies to safeguard against actual and perceivedconflicts - how transactions identified and brought tothe Board; process to identify “excess benefits.” Contemporaneous discussion and documentation iscritical
Current Critical Issues in ERMFinancial Misstatements and Risks Assessment of risk of material misstatement Identification of major risk areas (i.e. debt covenants) Management incentive to distort reported results Occurs due to ethical tone, control environment and stafftraining and capacity Financial fraud and exposures Check forgeries Credit card usage
Current Critical Issues in ERMRegulatory ComplianceAwareness of breadth and nature of regulations theschool is subject to and protocols for compliance: Tax Return compliance Retirement Plans OSHA Federal funding
OSHA’s New GloballyHarmonized System (GHS)Adopting GHS will result in three major areas of change:1.Hazard classification: The definition of a hazardouschemical has been changed to provide specific, uniformcriteria for classification of health and physical hazards.2.Labels: Chemical manufacturers, importers and distributorswill be required to provide a label that includes aharmonized signal word, pictogram and hazard statementfor each hazard class and category. Precautionarystatements must also be provided.3.Safety Data Sheets: These will now have a specified 16section format.
What chemicals can myfaculty/staff/students be exposed to?Do you have science or chemistry classes?Do you have a pool?Do you have janitorial or custodial supplies?Do you have art classes, wood shop classes, or ceramicsclasses? Does your administrative staff work with printer ink or printertoner? Does your administrative staff regularly receive shipments ofchemicals for an of the above and distribute them to theirappropriate locations?
Current Critical Issues in ERMFundraising Collectability of pledges Events yielding budgeted net revenue Capital campaigns and impacts on related projectsAdmissions and Student Retention Understanding impacts on student enrollment and externalenvironment. Goals regarding student enrollment realistic to trends. Strategies to address declining enrollment.
Current Critical Issues in ERMEmployment Risks Impacts of compensation decisions on employees Increased incidence of workers’ compensationclaim Increased employment practices liability claims Increase in premiums and experiencemodification factors
Current Critical Issues in ERMInvestment and Debt Management Ensure clear understanding of investments and debt covenantsand how they work. Multiple revenue streams creates complexity in controlstructures requiring skills staffing may not possess. Investment policy—acceptable investments, asset classes, etc. Changes in investment managers. Comparison of investment returns to industry, to budgetexpectations, etc. Debt capacity. Credit rating/Letter of Credit renewals
Resources Insurance Broker Utility Companies Insurance CompanyLoss Control Dept. OSHA Inspector Outside Consultants Police Department Fire Department Health Inspector Physicians Lawyers Architects Investment Managers Real Estate Brokers
ERM Must Be Dynamic Remain alert to developing risks Adapt the risk management program and planaccordingly Be flexible to keep pace with ever-changingenvironment Tap available expertise and resources to stay apprisedof the risk environment: Trustees Insurance brokers Professional associations
Contact us with any questionsRonald C. Wanglin, CIC, CSRMrwanglin@boltonco.com(626) 535-1420Denise K. Gutchesdenise@dkgconsult.com(818) 566-6610
5 types of risk schools should address in a comprehensive ERM: 1. Strategic Risk that affects an organization’s ability to achieve it’s goals. 2. Financial Risk that may result in a loss of assets. 3. Operational Risk that affects on ongoing management process. 4. Compliance Risk that relates to externally imposed laws and re
