1 / 12

Risk Management at Harvard – Panel Discussion Harvard IT Summit

Risk Management at Harvard – Panel Discussion Harvard IT Summit. June 23, 2011. Introductions. Panel Members: Rick Mills, Executive Dean for Administration, Harvard Medical School Mary Ann Bradley, Associate Dean for Administrative Operations, Faculty of Arts and Sciences

eagan
Download Presentation

Risk Management at Harvard – Panel Discussion Harvard IT Summit

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Risk Management at Harvard – Panel Discussion Harvard IT Summit June 23, 2011

  2. Introductions • Panel Members: • Rick Mills, Executive Dean for Administration, Harvard Medical School • Mary Ann Bradley, Associate Dean for Administrative Operations, Faculty of Arts and Sciences • Ben Gaucherin, Chief Information and Technology officer, Harvard Law School • Eileen Sullivan, Controller, Harvard Business School • Presenters: • Gail McDermott, Director, Risk Management and Audit Services  • Amanda McDonnell, Manager of Strategic Planning, Risk Management and Audit Services

  3. Agenda Overview of risk management and risk assessment Overview of Harvard Risk Management Program Panel discussion Open questions

  4. Definition of "Risk" "Risk is the possibility that an event will occur and adversely affect the achievement of objectives." - COSO Enterprise Risk Management – Integrated Framework "Anything that may significantly affect the operations of the school in a way that limits the ability to achieve its mission." - A member of the Harvard Faculty

  5. Definition of Risk Management APROCESS, effected by an entity’s board of directors, management and other personnel, applied in strategy-settingandacross the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.

  6. Risk Management – A Continuous Process • Vision • Infrastructure • Goals, objectives and context • Culture • Identifying risks • Rating/prioritizing risks • Action planning • Reporting • Tolerate the risk • Treat the risk • Transfer the risk • Terminate the risk • Monitoring of risks and new risk events that may influence risk response

  7. The Value of Risk Management Why Risk Management? • Improve the likelihood of success for strategic planning initiatives by recognizing the risk associated with opportunities and forcing discussion of mitigation techniques • Prevent high impact risks from happening at your University or reduce impact of risk and to protect the University Reputation • Enable the University to make timely and informed decisions • Support Corporation responsibilities • Establish a culture of transparency and accountability through the explicit discussion of risks and mitigation practices and bring management team to consensus on risk management • Prioritize the allocation of resources to the most significant risks and effectively manage costs and eliminate redundancies.

  8. Risk management at Harvard • Risk Management in 2008 • Pockets of risk management activity across the University • Risk Management and Audit Services performs University-wide risk assessment • Risk Management Committee in place • Limited executive sponsorship • Changes since 2009 – 2010 • New Executive Vice President (EVP) joins Harvard • EVP Champions ERM • Internal socialization of ERM • Developed new ERM structure • Approval by JCI (Audit Committee)

  9. Ad-Hoc Capabilities characteristics of individuals Initial Process Established in parts of the organization Formalized Formal Consistent processes in each department Embedded Integrated processes are embedded in the business planning Optimized Organization focused on ERM as source of competitive advantage Systemically build and improve enterprise risk management capabilities Harvard University - Enterprise risk management Capabilities Maturity Model Harvard in FY2008 Harvard today Harvard planned for FY2013

  10. ERM Strategy and Value • Strategy: Provide an integrated, holistic approach to managing risk across the University – one that creates accountability and defines a process for identifying and mitigating risk. Implementing the approach should be an elastic process, flexing and expanding as prescribed by the needs of stakeholders. • Value • Establishes a culture of transparency and accountability through the explicit discussion of risks and mitigation practices • Improves the likelihood of success for strategic planning initiatives by recognizing the risk associated with opportunities and forcing discussion of mitigation techniques • Coordination and transparency assists in allocating resources to the most significant risks and may eliminate redundancies • Aggregation of risks at the University level allows for timely and informed decision making • Risk awareness should be embedded in all layers of the organization

  11. Harvard University - Risk Management Structure • University Risk Management Council (URMC) established • Co chaired by EVP and Provost • Reports out to President and Audit Committee on risk management program results • Monitors the program and evaluates risk mitigation strategies • Central Administration Risk Management Committee created • Risk Assessment and prioritization for centrally managed functions for report out to URMC • Each School creates a risk management committee – recommended co-chairs are Administrative Dean and Academic Dean • Complete risk assessment and prioritize issues identified • Submit risk management report to the URMC in Summer, 2011 • Begin to develop a risk mitigation plan and approach for monitoring for the top 3-5 risks

  12. Responsibility for Risk Management Everyone is a Risk Manager

More Related