Risk Management Practice
Why Risk Management Matters
Higher education institutions (HEIs) are exposed to a multitude of risks that need to be assessed, mitigated and controlled on an ongoing basis, e.g.,
- unexpected changes in fee income, potentially exacerbated by dependencies on certain student recruitment markets,
- reputation risks related to faculty and staff violating behavioral protocols (e.g., inappropriate interaction with students, inappropriate use of third-party research funds),
- vulnerability of critical infrastructure to disruption (e.g., cybersecurity issues, natural disaster risks)
- challenges to faculty & staff retention in a hypercompetitive recruitment market.
At the same time, the risk landscape in higher education is widening, for instance due to the emergence of creeping risks that can appear at the doorstep of a HEI all-of-a-sudden. Think of the growing importance of micro-credentials, stackable qualifications and shared learning arrangements, and how these trends have been affected by the COVID pandemic.
External pressures to formalize and professionalize their risk management approaches emanate from a variety of sources:
- Annual financial audits and regulatory oversight to ensure the continued financial solvency of HEIs (especially private and foundation-owned institutions).
- National academic oversight bodies paying more attention to the continued economic viability of HEIs (to protect enrolled students from undue disruptions). A prominent example is the Australian TEQSA risk assessment framework.
- International accreditation bodies have incorporated risk management into their standards & criteria in order to ensure financial and reputational viability during an accreditation cycle. Examples include AACSB Standards (Standard 1) and the EFMD EQUIS Standards & Criteria (Chapter 7).
Why Work with XOLAS
We invite you to engage in a conversation with us on your advisory needs, especially if the following statements describe the status quo of risk management in your institution:
- Risk management is managed top-down by the leadership without clearly defined key risk indicators (KRIs), early warning indicators (EWIs) or objectives.
- Risk management responsibilities are not shared within the organization, e.g., by appointing “risk owners” or “risk managers”.
- Risk assessments are conducted in an ad-hoc manner using a traffic light system.
- Risk aggregation and reporting utilizes spreadsheets.
- Risk management is disconnected from the existing data infrastructure and does not use risk-relevant data.
We provide to our clients a one-stop solution for the implementation of a comprehensive, professional risk management framework that delivers much more than regulatory compliance. We offer our services to HEIs (and their faculties / schools) which consist of:
Establishment of a comprehensive risk governance system which includes handbooks, risk management and reporting responsibilities, all with the purpose of developing an institution-wide risk culture
Implementation of processes for the identification, assessment and mitigation of risks
Alignment of risk management frameworks to meet compliance and reporting requirements.
Advisory on how to move beyond the scope of traditional risk management with the focus on enhancing resilience to uncertainty and disruption
We offer our services in conjunction with a versatile software solution, EDURISK.
XOLAS is a software partner of Arlanto, the provider of the EDURISK software. XOLAS collaborates with Arlanto in marketing and software customization. With this exclusive partnership, we can combine strategic advisory, process design and IT solution as an integrated offer to our clients.
EDURISK is built on the risk register methodology which is state-of-the-art in higher education as well as in the corporate and financial sectors. It enables the evaluation and tracking of risks on a continuous basis and in line with their potentially distinctive lifecycles.
EDURISK facilitates organization-wide risk management that permits an effective delegation of risk management as well as reporting responsibilities. It helps clients to deal with the most challenging aspects of risk management – the cultivation of an institution-wide risk culture and the translation of strategic risk appetite into operational targets.
EDURISK enables clients to lift their risk management activities above and beyond the meeting of external compliance requirements; as a result, risk management can become an organic catalyst of institutional development.
Risk Management Insights
XOLAS publishes regularly on the advancement of state-of-the-art risk management in higher education. A recent example is: