School Of Computer And Information Sciences Chapter 9 Less

School Of Computer Information Sciencesits 835chapter 9 Lessons Fr

School of Computer & Information Sciences ITS 835 Chapter 9, “Lessons from the Academy: ERM Implementation in the University Setting.” This is a narrated presentation discussing the emergence, development, and lessons learned from Enterprise Risk Management (ERM) implementation in higher education institutions, with a focus on the University of Washington (UW). The presentation covers the institutional background, the evolution of ERM in higher education, leadership from top management, organizational structures, philosophical foundations, and outcomes.

The background emphasizes that higher education institutions have historically perceived themselves as distinct from other organizations, operating in insular, self-regulating silos with decentralized decision-making. This cultural and structural separation has impeded the adoption of integrated risk management frameworks commonly used in business enterprises.

The emergence of ERM in higher education has been slow, partly because accrediting agencies or federal mandates do not require such programs explicitly. While different university units automatically manage risks related to business, campus safety, IT, academic affairs, student affairs, HR, physical plant, and external relations, there has been limited cross-functional sharing of risk information. This siloed approach hampers a comprehensive view of organizational threats.

Top leadership, including the Strategic Risk Initiative Review Committee (SRIRC), plays a crucial role in evaluating best practices and proposing governance frameworks for ERM. Before formal implementation, resources were dedicated to building infrastructure, defining scope—whether institution-wide or targeted—and addressing questions about integrating strategic risks into organizational decision-making.

UW adopted an integrated ERM approach acknowledging its existing strengths while aiming to enhance existing processes through improved collaboration, communication, and strategic risk oversight. The scope primarily centered on legal and regulatory compliance within a centralized model that encouraged institution-wide risk awareness.

Organizationally, UW moved beyond reactive insurance-type management, recognizing the dispersion and silos within its risk management activities. The new model aimed to mitigate weaknesses associated with decentralization and complexity, fostering a unified approach that balances oversight with the institution’s entrepreneurial culture.

The philosophy of the program emphasizes three guiding principles: fostering an institution-wide perspective, ensuring best practices in regulatory management, and protecting the decentralized, collaborative, and innovative culture of UW.

Development of ERM at UW involved creating a common risk language, conducting assessments, and focusing initially on financial challenges. The Compliance, Operation, and Finance Council (COFi) was established to oversee risk assessments, ensuring that institutional and cross-departmental impacts are considered, and that efforts are coordinated to avoid redundancy.

UW adopted the COSO ERM model, customizing it to fit its culture and needs. The COSO framework’s eight steps—leadership, strategic goals, risk identification, assessment, response, controls, communication, and monitoring—were tailored for implementation in the university context, emphasizing leadership commitment, strategic alignment, and continuous improvement.

Outcome evaluations highlight that ERM provides both quantitative tools—such as risk maps and dashboards—and qualitative insights, which support strategic decision-making and risk mitigation. Key lessons include clarifying roles of risk committees, developing work plans and engaging agendas, avoiding distractions by focusing on risks that impact strategic objectives, and gathering sufficient data for effective risk assessment.

In conclusion, UW’s ERM journey underscores that successful risk management in higher education requires aligning organizational culture, leadership commitment, structured frameworks, and continuous learning. The lessons from UW offer valuable insights for other academic institutions seeking to implement or enhance ERM programs to better manage risks and capitalize on opportunities.

References

• COSO. (2017). Enterprise risk management—integrated framework. Committee of Sponsoring Organizations of the Treadway Commission.
• Kern, T. (2019). Higher education risk management: Strategies and best practices. Journal of Risk Research, 22(3), 301-318.
• Chadwick, C., & Lall, R. (2014). Risk management in higher education: Theory and practice. Journal of University Governance, 8(1), 45-60.
• University of Washington. (2020). ERM framework implementation report. Office of Risk Management.
• Sullivan, J. & Ryan, J. (2021). Building an enterprise risk management system in academia. Risk Management Journal, 34(4), 212-229.
• American Council on Education. (2018). Strategies for risk oversight in higher education institutions. ACE Publishing.
• McDaniel, R. R. (2016). Strategic risk management in universities: Challenges and solutions. International Journal of Educational Management, 30(2), 162-176.
• Williams, P., & Johnson, D. (2020). Culture and leadership in enterprise risk management in universities. Higher Education Policy, 33(2), 235-249.
• Gamble, P., & Gamble, J. (2019). Implementing ERM in complex organizations: Lessons learned from academia. Journal of Risk and Compliance, 7(2), 55-67.
• Brown, A. & Scott, M. (2022). Risk governance in higher education: Frameworks and best practices. Risk Governance Review, 8(1), 25-40.