1 / 26

Mason Initiatives: Efficiency & Effectiveness Enterprise Risk Management

Mason Initiatives: Efficiency & Effectiveness Enterprise Risk Management. Beth Brock, Associate VP & Controller George Mason University May 21, 2010. Efficiency & Effectiveness (E&E) How we got started and the process Where we are now, observations , questions

aldan
Download Presentation

Mason Initiatives: Efficiency & Effectiveness Enterprise Risk Management

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Mason Initiatives:Efficiency & EffectivenessEnterprise Risk Management Beth Brock, Associate VP & Controller George Mason University May 21, 2010

  2. Efficiency & Effectiveness (E&E) How we got started and the process Where we are now, observations, questions Enterprise Risk Management (ERM) Overview How we got started and the process Where we are now, survey, questions Agenda

  3. E&E Initiative • Late 2010 - some members of BOV requested • All administrative functions in scope; academics excluded • Spring 2011 - explored big firm and boutique/trade assn approaches

  4. E&E Study Advice • Do not underestimate: • Disruption in workplace • Time and effort to do properly • Impact on employee moral • Expect to make an investment

  5. E&E Evolution • Issued RFP for benchmarking services in seven administrative areas: • Auxiliaries & Affiliated Entities • Facilities • Information Technology • Purchasing • Enrollment Services • Human Resources • Accounting & Finance

  6. RFP for Benchmarking Services • Selection criteria emphasized higher ed experience, recommended benchmarks required • Goal - inform a decision on areas for E&E review • Search committee: Controller; Director IA&MS; Fiscal Projects Director • Two firms selected for oral presentations • Senior VP and Chief of Staff attended orals

  7. Benchmarking Project • Huron Consulting selected for 3-4 month project: • Reviewed data on budgets and staffing • Interviewed unit heads • Confirmed benchmarks • Performed benchmarking and analysis • Delivered final report – functioning efficiently and effectively • Discussing next phase for some opportunities

  8. Efficiency & Effectiveness Observations and Questions

  9. ERM Defined Enterprise Risk Management (ERM) is generally defined as: a process, effected by an entity’s board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risks to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives1. 1Standard ERM Model content adapted from: Committee of Sponsoring Organizations of the Treadway Commission

  10. ERM Framework • Categorization of risks: • Strategic – organizational goals • Operations – executing objectives • Financial/Reporting – safeguarding assets • Compliance – adherence with laws and regs. • Reputational – public image • Cultural – character of university and personnel

  11. ERM Initiative at Mason • Late 2009 - BOV interested in risks other than financial risks • Spring 2010 - Controller’s office and IA&MS collaborated to survey approx. 80 unit heads • Responses reviewed, consolidated, reviewed again, 32 items presented to BOV

  12. ERM Evolution • Funding for next steps in FY11 budget • Issued RFP for assistance with designing a sustainable ERM program • Responses from 14 firms; orals from 5 • Sr. VP and Chief of Staff attended orals

  13. ERM Project • Huron Consulting selected late 2010 • Extensive data requests: • Org charts, audit reports, draft audit findings, budgets, IA&MS work plans, list of affiliates, strategic and/or business plans for IT, research, student, finance, President’s initiatives, ERM work to date

  14. Huron Phase I • Evaluated data • Met with about 25 unit heads • Identified common risks at other institutions • Assigned one or more of 6 framework categories • Assigned functional area: facilities, safety, IT, academic, research, fiscal, HR, etc.

  15. Assigning Risk Factors Evaluated each risk using five factors: External environment – e.g., federal regs Reputational risk – level of public visibility Financial exposure – e.g., budget, penalties Vulnerability – likelihood of occurrence Internal controls risk assessment

  16. Ranking our Risks • Used the collective high, medium, low scores for each factor to assign a relative impact score to each • 40 risks prioritized as highest, high, medium • Eleven highest priority include fraud, research compliance, succession planning • Phase I deliverable – modified risk inventory

  17. ERM Implementation Plan • Huron phase 2 deliverables: • Recommended organizational structure • Reviewed policies, provided gap analysis • Provided executive level reporting format (heat map) • Provided risk mitigation strategy guidance

  18. Hiring a Chief Risk Officer • New admin. faculty position, reporting to Sr. VP • Advertised late November 2011 - late January 2012 • Committee: Controller, Director IA&MS, Projects Director, Assoc. Dean College of Science • About 45 applicants, 3 selected for interview • Reopened search April 2012

  19. Interim Efforts • Applying the committee-based organizational model • Functional managers appointed to committee • Will develop mitigation strategies for highest priority risks • Will update risk inventory, determine factors for assessing relative degrees of risk

  20. Audience Survey Question #1 Q: How has your institution’s approach to risk management changed over the past two years? Significantly increased time and resources devoted to risk management Somewhat increased time and resources devoted Made few or no changes to risk-mgmt approach Decreased time and resources devoted

  21. Survey by CFO Magazine Q#1

  22. Audience Survey Question #2 Q: Who in your institution is most responsible for risk oversight? CFO 5. Board of Visitors President 6. Audit Committee Risk committee 7. Director, Internal Audit CRO

  23. Survey by CFO Magazine Q#2

  24. Audience Survey Question #3 Q: Which would you say is the single biggest impediment to improved risk management within your institution? Commitment of time/resources 5. N/A, adequate risk mgmt Internal expertise 6. Implement. methodology No clear mandate from top 7. Lack of IT system to Organizational structure address risk mgmt.

  25. Survey by CFO Magazine Q#3

  26. Enterprise Risk Management Observations and Questions Contact information: Beth Brock ebrock1@gmu.edu 703-993-2660

More Related