Upload
misu
View
20
Download
0
Tags:
Embed Size (px)
DESCRIPTION
EASFAA Enterprise Risk Management and the Financial Aid Office. May 18, 2009. Linda Anderson Carnegie Mellon University. ERM: Enterprise Risk Management. - PowerPoint PPT Presentation
Citation preview
MAY 18, 2009
Linda Anderson Carnegie Mellon University
EASFAAEnterprise Risk Management
and theFinancial Aid Office
2
Definition: “…a process effected by an entity’s board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may effect the entity, and manage risk, to provide reasonable assurance regarding the achievement of entity objectives.”
Need to think of risk as a strategy and manage it as a bottom line driver.
ERM: Enterprise Risk Management
3
Risk is any issue that impacts an organization’s ability to meet its objectives.
Risk management is: A process of understanding, evaluating and taking action on
risks. Systematic and supports accountability. A process that considers the external and internal
environment. Need to define the risks which could impact our ability to
achieve our strategic objectives. Need to assess probability and impact of risk.
Risk Management
4
Purpose of the Project: to enable Management and the Board of Trustees to understand the types of risks facing the university, current methods to address risks, and mitigation steps.
Risk Management: Purpose
5
University Compliance and Risk Committee
Senior Director of University Risk Management Committee comprised of Departmental Directors Quarterly Committee Reporting and Review
Risk Management: University Structure
6
Strategic: High level goals aligned with and supporting the college’s mission.
Operational: Effective and efficient use of resources. Reporting: Reliability of external and internal reporting. Compliance: Compliance with applicable laws and
regulations. Reputational: Damage caused by any of the above four
that impacts how the university is valued or perceived.
5 Categories of Risk
7
Internal: Compliance is one of several categories: Institutional compliance concepts:
Coordination of compliance responsibilities through a formalized structure and network of functional compliance specialists.
Identify, assess and mitigate and monitor risk priorities and solutions.
Clarification and strengthen accountabilities for traditional functional compliance responsibilities.
Need to assign responsibility of risk management.
Risks in Higher Education: Internal Compliance
8
Define Objectives: determine risk objectives. Identify Events: which events could adversely impact risk objectives. Estimate Probability:/Likelihood that a risk will occur. Estimate Impact: negative impact resulting in potential University
financial losses and or reputational losses. Preliminary Risk Assessment: the risk of an event considering probability,
impact and existing policies and procedures and controls. Planned Risk Mitigation strategy: additional control procedures to
alleviate the preliminary risk assessment. Assess Residual Risks: the remaining risk subsequent to risk management
controls.
Financial Aid Office: Development of a Compliance Risk Profile
9
Financial Aid Strategy Financial Aid Compliance: federal and state
regulations. OMB A-133 Compliance FERPA,GLB HEOA of 2008 ARRA: 2009 HCERA: 2010
Possible Areas for Consideration in the Financial Aid Office:
10
Enrollment Growth Management. Financial Aid Compliance: Donor Restrictions. Student Records Management. Installation of new financial aid software/system. Institutional Loan Programs and Risk Assessment,
reserve for probable loan defaults. Increase in student loan defaults due to regulatory
changes.
Possible Areas for Consideration in the Financial Aid Office:
Definitions for Template Design and Use
Event: incident or occurrence that could affect the achievement of objectives (including compliance with regulations and policies.
Existing Policies and Procedures Probability/Likelihood: Qualitative measure
of the possibility that an event will occur within a 3 year timeframe. (likely, possible, unlikely, rare)
Definitions for Template Design and Use
Impact: measured financial and reputational impact; consider materiality and level of management concerns. (extreme, high, medium, low, negligible)
Preliminary Risk Assessment Planned Risk Mitigation Strategy Net Residual Risk Assessment
13
Financial Aid Office Compliance Risk Assessment Template
14
Financial Aid Office Compliance Risk Assessment Template
15
Financial Aid Office Compliance Risk Assessment Template
16
Financial Aid Office Compliance Risk Assessment Template
17
Financial Aid Office Operational Risk Assessment Template
18
Implementation of new regulations do not necessarily constitute an ‘event’.
Intersection of events among offices. Compliance and Operational events. Requires quarterly discussions and updating. A positive tool for Staff, Management and Audit
Committees An enterprise wide strategy.
Recommendations and Summary: