140 likes | 304 Views
High Risk Areas in Student Affairs. Jennifer Hammat, Mark Luker & Jeff Toreki The University of Texas at Austin. Overview of the Session. How do you determine if you have a successful compliance program for Student Affairs departments? Are high risk areas well controlled?
E N D
High Risk Areas in Student Affairs Jennifer Hammat, Mark Luker & Jeff Toreki The University of Texas at Austin
Overview of the Session • How do you determine if you have a successful compliance program for Student Affairs departments? • Are high risk areas well controlled? • How and why do we do what we do to mitigate risks? • Departmental ERM Footprints • Training Plans • Monitoring Plans • Reporting Plans • Assurance Activities • Audit Programs • Coordination of Effort
Compliance Program • Monthly reporting of compliance issues to the compliance office routed through office of VPSA • Institutionally determined high risk areas has to this point simply included “Student Affairs” without any specificity • VP decided not to arbitrarily determine our high risk activities on his own • Each department participated in Enterprise Risk Management process
Compliance Program • Departments in Student Affairs include: • Office of the Vice President • Office of the Dean of Students • Division of Recreational Sports • University Health Services • Division of Housing & Food • Counseling & Mental Health Center • UT Learning Center • Career Exploration Center • Texas Student Media • Texas Union • Office of the Registrar • Office of Student Financial Services
Points 2 and 3 for Discussion • Are high risk areas well controlled? • This has to be a conversation at the divisional, departmental, and inner departmental level to be meaningful • How and why do we do what we do to mitigate risks? • We talk, we review, we control, we monitor, we assess, we revisit, we compare footprints from one department to the next to see if one area does it better than another
Departmental ERM Process • Each department director determined which senior and/or mid level managers would participate in the process • Senior/mid level manager teams ranged from 6 to 35 members based on the department director’s discretion • Time frame to complete the ERM process was anywhere from 2 weeks to 4 months depending on the depth and breadth
Departmental ERM Process • Review of the process • Owned by each department • Considered to be an internal management tool • Shared with the VPSA • Divisional critical risks taken from the department level up • Phase 1 of the process took 1 year
Training Plans • Departmentally expecting 100% compliance with institutional online training plans • Specific departments found areas where additional training was necessary based on the ERM process • Divisionally we also have found areas for training focus: email protocol (saving, deleting, use) and additional ethics training are two examples
Monitoring Plans • As the Phase 1 roll out occurred over 1 year, so too are the Phase 2 monitoring meetings • I meet individually with the departmental designee in charge of recording the monitoring efforts for the department • Each department selected the items to monitor for the first year • Once those are reviewed, the next items to monitor will be selected
Reporting Plans • Currently all SA departments submit monthly compliance reports to me directly and I compile them for the division and submit them to the Compliance Office • Monitoring reports will also be submitted every quarter to the Compliance Office so they are continually informed of our internal Risk Auditing efforts • Annual report for Student Affairs will also include a section on Enterprise Risk Management efforts
Assurance Activities • At the VPSA level, ERM implementation, oversight, monitoring, progress and the like are part of my job description • At the director and AVP level the ERM progress initiative has been added into the special projects area of their evaluations as well • Within the departments, job descriptions have been modified for the monitoring and controls listed
Audit Programs • Although Jeff and Mark are from Internal Audits, they made it clear in every session that ERM was not an audit process • Having said that – with a risk footprint available for the director to hand over to an auditor, it is our hope in Student Affairs that they would actually look at the footprint for the self identified high risk activities and see if the controls are working
Coordination of Efforts • This to me is all about communication and having a person dedicated to getting people to play nicely together. Operationally, I ask the departments to monitor the activity and controls. They provide information in reports. I share those with the Compliance Office and we dialogue with the Audit Office on audits and Phase 2 of the ERM process should we continue to need assistance
Contact Information • Jennifer Hammat 512-232-3992 j.hammat@austin.utexas.edu • Mark Luker 512-471-8978 mark.luker@austin.utexas.edu • Jeff Toreki 512-471-8974 jtoreki@mail.utexas.edu Thanks so much! Enjoy your conference!