150 likes | 428 Views
Risk Management at Harvard – Panel Discussion Harvard IT Summit. June 23, 2011. Introductions. Panel Members: Rick Mills, Executive Dean for Administration, Harvard Medical School Mary Ann Bradley, Associate Dean for Administrative Operations, Faculty of Arts and Sciences
E N D
Risk Management at Harvard – Panel Discussion Harvard IT Summit June 23, 2011
Introductions • Panel Members: • Rick Mills, Executive Dean for Administration, Harvard Medical School • Mary Ann Bradley, Associate Dean for Administrative Operations, Faculty of Arts and Sciences • Ben Gaucherin, Chief Information and Technology officer, Harvard Law School • Eileen Sullivan, Controller, Harvard Business School • Presenters: • Gail McDermott, Director, Risk Management and Audit Services • Amanda McDonnell, Manager of Strategic Planning, Risk Management and Audit Services
Agenda Overview of risk management and risk assessment Overview of Harvard Risk Management Program Panel discussion Open questions
Definition of "Risk" "Risk is the possibility that an event will occur and adversely affect the achievement of objectives." - COSO Enterprise Risk Management – Integrated Framework "Anything that may significantly affect the operations of the school in a way that limits the ability to achieve its mission." - A member of the Harvard Faculty
Definition of Risk Management APROCESS, effected by an entity’s board of directors, management and other personnel, applied in strategy-settingandacross the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.
Risk Management – A Continuous Process • Vision • Infrastructure • Goals, objectives and context • Culture • Identifying risks • Rating/prioritizing risks • Action planning • Reporting • Tolerate the risk • Treat the risk • Transfer the risk • Terminate the risk • Monitoring of risks and new risk events that may influence risk response
The Value of Risk Management Why Risk Management? • Improve the likelihood of success for strategic planning initiatives by recognizing the risk associated with opportunities and forcing discussion of mitigation techniques • Prevent high impact risks from happening at your University or reduce impact of risk and to protect the University Reputation • Enable the University to make timely and informed decisions • Support Corporation responsibilities • Establish a culture of transparency and accountability through the explicit discussion of risks and mitigation practices and bring management team to consensus on risk management • Prioritize the allocation of resources to the most significant risks and effectively manage costs and eliminate redundancies.
Risk management at Harvard • Risk Management in 2008 • Pockets of risk management activity across the University • Risk Management and Audit Services performs University-wide risk assessment • Risk Management Committee in place • Limited executive sponsorship • Changes since 2009 – 2010 • New Executive Vice President (EVP) joins Harvard • EVP Champions ERM • Internal socialization of ERM • Developed new ERM structure • Approval by JCI (Audit Committee)
Ad-Hoc Capabilities characteristics of individuals Initial Process Established in parts of the organization Formalized Formal Consistent processes in each department Embedded Integrated processes are embedded in the business planning Optimized Organization focused on ERM as source of competitive advantage Systemically build and improve enterprise risk management capabilities Harvard University - Enterprise risk management Capabilities Maturity Model Harvard in FY2008 Harvard today Harvard planned for FY2013
ERM Strategy and Value • Strategy: Provide an integrated, holistic approach to managing risk across the University – one that creates accountability and defines a process for identifying and mitigating risk. Implementing the approach should be an elastic process, flexing and expanding as prescribed by the needs of stakeholders. • Value • Establishes a culture of transparency and accountability through the explicit discussion of risks and mitigation practices • Improves the likelihood of success for strategic planning initiatives by recognizing the risk associated with opportunities and forcing discussion of mitigation techniques • Coordination and transparency assists in allocating resources to the most significant risks and may eliminate redundancies • Aggregation of risks at the University level allows for timely and informed decision making • Risk awareness should be embedded in all layers of the organization
Harvard University - Risk Management Structure • University Risk Management Council (URMC) established • Co chaired by EVP and Provost • Reports out to President and Audit Committee on risk management program results • Monitors the program and evaluates risk mitigation strategies • Central Administration Risk Management Committee created • Risk Assessment and prioritization for centrally managed functions for report out to URMC • Each School creates a risk management committee – recommended co-chairs are Administrative Dean and Academic Dean • Complete risk assessment and prioritize issues identified • Submit risk management report to the URMC in Summer, 2011 • Begin to develop a risk mitigation plan and approach for monitoring for the top 3-5 risks
Responsibility for Risk Management Everyone is a Risk Manager