Contact Us | Sign In | Join
Policy Matters
Blog Home All Blogs
Administered by the Blog Committee, Policy Matters posts are written by members on a variety of topics. From think pieces to how-to's, editorials to news round-ups, there is something for every policy administrator. Interested in contributing a post? Let us know by emailing admin@acupa.org.

 

Search all posts for:   

 

Top tags: policy  policy development  Policy Administration  Jessica Teets  policy process  collaboration  Deborah Bartlett  pandemic  accessibility  COVID-19  Jennifer Gallagher  Gina Kennedy  writing  ACUPA  data  equity  IT  Productivity  remote work  How-to  Lisa Biagas  news  resources  Sara Gigeroff  students  AI  change  compliance  culture  free speech 

Managing Risk for Your Enterprise
Posted By Deborah Bartlett, Washington State University, Monday, October 9, 2023
Updated: Friday, October 6, 2023

Risk Management Policy Considerations

Identifying, minimizing, and controlling exposures to loss are important functions for all institutions.  Most of you have already implemented a risk management policy for your college or university, or are in the process of developing or updating one.

My institution, Washington State University (WSU), published an administrative Policy on Risk Management (EP6) in January 2019.  In August 2023, we finalized a revision to EP6 which included a number of new approaches for overseeing this process that I thought I'd share for your consideration.

Enterprise Type—Campus or System

WSU has multiple campuses in various parts of the state, plus an online (global) campus.  For many years, our Pullman campus was our main administrative hub.  A few years ago, the administration decided to move to a systemwide management model, with each campus, including our flagship Pullman campus, led by a separate campus chancellor, who in turn reports to our system president. 

Some administrative functions are best served by specific campus oversight, and some are best served by systemwide oversight.  International standards encourage an enterprise (systemwide) approach to risk management.  WSU follows International Organization for Standardization (ISO) 31000: 2018—Risk Management Guidelines to identify potential obstacles or occurrences that could threaten an enterprise's ability to meet its mission and goals.

Enterprise Risk Management Software

The state of Washington also encourages an enterprise approach to risk management by state agencies, of which WSU is one.  To facilitate this, the Washington Department of Enterprise Services (DES) provides software modules to the risk management offices at all state agencies to assist with risk identification and rating, risk controls, and planning for managing risks.  The software that DES selected to distribute is the Origami risk management information system. The software platform integrates insurance, risk, safety, and compliance solutions.

I found this addition to our policy rather fascinating, as I'm a fan of tech solutions.  Since the software is distributed directly to our RM office only, little direct information was put into our executive policy.  If you're interested in investigating this further, go to the link above to get more information from the manufacturer's website.

Administrative Oversight

WSU decided to implement a four-level approach to administrative oversight of risk management:

  1. Risk Management Executive Committee (RMEC):  RMEC is a presidential committee that provides executive oversight for enterprise and operational risk. It oversees the Enterprise Risk Management (ERM) process. RMEC also provides guidance to the Risk Management Advisory Group (RMAG) and Risk Management (RM) office.
  2. Risk Management Advisory Group (RMAG): RMAG is appointed by our Executive Vice President of Finance and Administration. Its membership is representative of system units engaged in daily risk management. Units may request to join RMAG through the Risk Management Office.
  3. Risk Management Office (RM): The RM office at WSU is a part of Compliance and Risk Management under Finance and Administration. RM coordinates and evaluates the risk management program for the WSU system and has responsibility and authority in four primary areas:
    • Risk awareness, assessment, and assistance services to units and personnel;
    • Coordination of systemwide risk committees;
    • Managing and administering insurance coverages and related services to units; and,
    • Reporting risks, accidents, injuries, liabilities, and other risk management activities to university departments and applicable state and federal agencies.

  4. Individuals and Units: Individual employees, departments, and units are responsible for taking steps to reduce the risk of injury and accidental loss to the greatest extent possible, consistent with carrying out the institution's mission and goals. RM is available to provide assistance to individuals and units, as needed.

Every institution handles risk management processes differently, but as we've all found, it is a good idea to formalize a policy for managing risks.  I hope what I've shared from the WSU perspective helps you start or continue your own conversations about developing or revising risk management at your institution.

Tags:  ACUPA  considerations  Deborah Bartlett  developing policy  enterprise  enterprise risk management  ERM  ERM software  ISO 31000  Origami  Origami Risk  oversight  risk  risk management  risk management software  tools 

PermalinkComments (0)
 

Other Duties as Assigned
Posted By Teresa Raetz, Georgia Gwinnett College, Monday, October 7, 2019

Policy, Strategic Planning, and the Future Adventures of an Enterprise Risk Management Newbie

 

I am the policy manager for my campus, and I am organizationally housed within a department called Plans, Policies, and Analysis.  The unit includes the traditional institutional effectiveness functions, including academic and co-curricular assessment, institutional strategic planning, and, of course, policy process management.  My role within my department is to manage the institutional policy review process, but I have no role with managing the policies themselves (other than our own departmental policies).  Despite the clear boundaries around my responsibilities, I have arguably the widest view of policies on our campus—which policies we have and how they relate—since I work with all of them. 

 

Because of this broad policy view, I was recently asked to represent my department on my college’s Enterprise Risk Management (ERM) Committee.  While I am generally familiar with ERM, I have not been part of any ERM activities before, so my first action, after asking a few questions and receiving the committee charter, was to dive deeper into the role of policy in ERM, so that I can attend my first meeting well prepared.

 

My role on this committee hasn’t really begun yet, but for now, I believe that it will be to articulate risks, as they arise, that are created by extant policy or the absence of policy.  Because my unit drives institutional strategic planning, my role will also be to identify and articulate risks associated with our strategic plan and its processes.  According to Deloitte, these include risks that inform the strategic plan (such as legislation that could alter our activities), risks to the implementation of the plan itself (such as imminent budget cuts), and risks created by the plan.  An example of the latter could be creating a strategic priority around moving data to the cloud, which would create some risk around security of the data.

 

One of the things I’m most looking forward to is working with campus leadership in a slightly different capacity.  I currently work with a wide swath of administrators and staff through the policy editing and review process.  They know me as the person who provides training for policy processes and best practices and the editor of individual policy changes.  My role on the ERM committee will be more analytical and broad-based, as we work together to identify risks and prioritize the amount of risk they present.  Another thing I’m looking forward to is the opportunity to “sit at the top of the mountain” and further my understanding of how key institutional processes work together to feed the success of the college.  I’m a bit of an organizational development nerd, so I’m sure I will find it fascinating to learn more about how the strategic plan, institutional policy, and the various parts of ERM work together (or, don’t, eek!). 

 

What experiences have you had with ERM?  What advice or resources can you share that have been helpful to you in risk management?  In your current role, do you identify policy risks, either inside a risk management structure or more informally?  What do you do to increase the chance that these concerns are responded to?

Tags:  ERM  risk management  strategic planning 

PermalinkComments (4)
 

Contact Us

admin@acupa.org

Quick Links

Follow Us