Chief business officers and their colleagues in the administration who think about risk management have no shortage of stimuli. Among the many pressures are board demands, compliance requirements, uncontrollable demographic trends, as well as growing internal complexity from international ventures, campus incidents, and of course political activism.
Pressures from Without and Within
For many of the discrete pressures listed here, a dedicated role exists on campus to be accountable for dealing with that activity and its associated risk (think here about campus safety, or the IT staff member caring for the campus firewall), which is good news. However, the holistic management of the many pressures listed here tend to come together in a storm cloud above the senior most business officer, as the person on campus accountable for making sure these risks are covered.
Getting a handle on the universe of risks that a CBO’s office oversees can be unwieldy—if not overwhelming—in higher education’s shared governance setting. A multi-layer approach can break down the venture into phases, prioritize filling urgent gaps, and setting a manageable path toward holistic risk management. EAB will be releasing an updated study later this quarter that contains further details; below is the recommended framework for approaching the challenge of campus risk management.
Phase one: Round out your response plan
Just as any organization would have a response plan for fire safety, a natural disaster, or campus safety incident, the first step is to round out the “event-response” plan portfolio with:
- An IT Security Breach Response Plan
- A Campus Activism First-Responders Plan
Phase two: Engage campus leaders in risk management
Having ensured that foreseeable “events” are covered with response plans, the opportunity opens up to tackle the bigger picture. The next step is to engage campus leaders in a discussion of risk management for the enterprise. The goal is to (re-)set stakeholders’ expectations that risk management does not have to be overwhelming, and to gain buy-in that structured risk management is in the interest of a successful, sustainable organization.
EAB offers a “foundational essentials” guide to establish a footing during this phase. The three basic tactics below are recommended:
- Establish a right-sized governance and oversight structure for risk
- Apply disciplines to scope down and clearly triage risks for treatment
- Borrow wisely from existing risk registers to kick-start the effort
In parallel, the campus CIO and Student Affairs VP may review the “foundational essentials” EAB is presenting for information security and campus activism. Improving these functions’ ability to prevent negative outcomes from incidents pays off greatly.
Phase three: Engage other campus stakeholders
With these building blocks in place, CBOs can engage other critical stakeholders such as faculty, trustees, community members, and the media, all in order to boost the campus’s resilience in fast-changing times.
Rolling Out Risk Management
Next, Check Out
Assessing and Managing Institutional Risk