Risk Management Practice

We help clients to implement risk management as a core decision support function that fosters the development of an institutional risk culture and clarifies risk appetite on a strategic and operational level. Our software solution allows for the institution-wide tracking of risk management activities and standardized reporting to satisfy compliance requirements.

Why Risk Management Matters

Higher education institutions (HEIs) are exposed to a multitude of risks that need to be assessed, mitigated and controlled on an ongoing basis, e.g.,

  • unexpected changes in fee income, potentially exacerbated by dependencies on certain student recruitment markets,
  • reputation risks related to faculty and staff violating behavioral protocols (e.g., inappropriate interaction with students, inappropriate use of third-party research funds),
  • vulnerability of critical infrastructure to disruption (e.g., cybersecurity issues, natural disaster risks)
  • challenges to faculty & staff retention in a hypercompetitive recruitment market.

At the same time, the risk landscape in higher education is widening, for instance due to the emergence of creeping risks that can appear at the doorstep of a HEI all-of-a-sudden. Think of the growing importance of micro-credentials, stackable qualifications and shared learning arrangements, and how these trends have been affected by the COVID pandemic.

External pressures to formalize and professionalize their risk management approaches emanate from a variety of sources:

  • Annual financial audits and regulatory oversight to ensure the continued financial solvency of HEIs (especially private and foundation-owned institutions).
  • National academic oversight bodies paying more attention to the continued economic viability of HEIs (to protect enrolled students from undue disruptions). A prominent example is the Australian TEQSA risk assessment framework.
  • International accreditation bodies have incorporated risk management into their standards & criteria in order to ensure financial and reputational viability during an accreditation cycle. Examples include AACSB Standards (Standard 1) and the EFMD EQUIS Standards & Criteria (Chapter 7).

Why Work with XOLAS

We invite you to engage in a conversation with us on your advisory needs, especially if the following statements describe the status quo of risk management in your institution:

  • Risk management is managed top-down by the leadership without clearly defined key risk indicators (KRIs), early warning indicators (EWIs) or objectives.
  • Risk management responsibilities are not shared within the organization, e.g., by appointing “risk owners” or “risk managers”.
  • Risk assessments are conducted in an ad-hoc manner using a traffic light system.
  • Risk aggregation and reporting utilizes spreadsheets.
  • Risk management is disconnected from the existing data infrastructure and does not use risk-relevant data.

Our Services

We provide to our clients a one-stop solution for the implementation of a comprehensive, professional risk management framework that delivers much more than regulatory compliance. We offer our services to HEIs (and their faculties / schools) which consist of:


Establishment of a comprehensive risk governance system which includes handbooks, risk management and reporting responsibilities, all with the purpose of developing an institution-wide risk culture


Implementation of processes for the identification, assessment and mitigation of risks


Alignment of risk management frameworks to meet compliance and reporting requirements.


Advisory on how to move beyond the scope of traditional risk management with the focus on enhancing resilience to uncertainty and disruption

We offer our services in conjunction with a versatile software solution, EDURISK.

EDURISK Software

XOLAS is a software partner of Arlanto, the provider of the EDURISK software. XOLAS collaborates with Arlanto in marketing and software customization. With this exclusive partnership, we can combine strategic advisory, process design and IT solution as an integrated offer to our clients.

EDURISK is built on the risk register methodology which is state-of-the-art in higher education as well as in the corporate and financial sectors. It enables the evaluation and tracking of risks on a continuous basis and in line with their potentially distinctive lifecycles.

EDURISK facilitates organization-wide risk management that permits an effective delegation of risk management as well as reporting responsibilities. It helps clients to deal with the most challenging aspects of risk management – the cultivation of an institution-wide risk culture and the translation of strategic risk appetite into operational targets.

EDURISK enables clients to lift their risk management activities above and beyond the meeting of external compliance requirements; as a result, risk management can become an organic catalyst of institutional development.

For further information on EDURISK, please click here.

Risk Management Insights

XOLAS publishes regularly on the advancement of state-of-the-art risk management in higher education. A recent example is:


10 Principles of Effective Risk Management«, in: AACSB Insights, 07 September 2021. Reprint in: MBA International Business, Nr. 78 (November 2021).

Your expert

Please send your inquiries to risk@xol.as

Prof. Ulrich Hommel, Ph.D.

Prof. Ulrich Hommel, Ph.D.

Leader of the XOLAS Risk Management Practice