原文:UniversityRiskManagementOrganizationsaroundtheworldarefacingchallengingtimesduetocontinuingeconomicvolatilityandfacingnewrisksthatcausethemcontinuouslytoassessthepotentialimpact,financialandotherwise,ofmarketconditionsontheperformanceoftheiroperations.Anduniversitiesarenoexception.Institutionsofhighereducationhavesignificantcompliancerequirements,andmanyhaveinvestedgreatlyinresponsetoheightenedexpectationsfromstakeholderstostaycompetitivelyviableamongotheruniversities.However,manycontinuetoapproachriskandcontrolrequirementsinsilos,whichleadstothecreationofmultipleframeworksforgovernance,infrastructure,andprocesses;fragmentedriskandcontrolactivities;potentialgapsinoverallriskcoverage;andduplicationofeffort.Understandably,thereisaresultingconcernaboutcompliancebreaches.Withoutacommonbasisforevaluation,auditcommitteesstruggletodeterminetheadequacyofriskandcontrolefforts,andboardsandexecutiveswantassurancethatinvestmentsareappropriatelyfocused,consistentwithpeers,andalignedtotheinstitution’suniqueriskissues.Universitiesarealsofacingincreasedscrutinyfromstakeholdersregardingissuessuchasinvestmentsandspending,privacy,conflictsofinterest,ITavailabilityandsecurity,fraud,researchcompliance,andtransparency.Students,facultymembers,staff,donors,andotherinterestedpartiesarelookingnotonlyatwhatisbeingdone,buthowitisbeingdone.Althoughtheapproachtoriskmanagementvariesfrominstitutiontoinstitution,thereareclearlysomecommonchallengesandtrends.Overall,agrowingnumberofuniversitiesareintegratingariskmanagementframeworkintotheirstrategicplanninganddecision-makingprocesses,butsustainingformalriskmanagementandreportingprocessisachallenge.Theboardofgovernors,president,andotherseniormanagementmembersareofteninvolvedinongoingriskidentificationandassessment,andaretakingpartineffortstodevelopandimplementbothinternalandexternalriskmanagementprocessesandcontrols.Theestablishmentofriskchampions(membersoftheuniversitybeyondtheuniversity’sadministrationwhocanchampionriskmanagement)withintheuniversityisalsoincreasing,whichraisestheawarenessofrisk,fostersbetterunderstandingofriskmanagementprogramsandpractices,andincreasescommunicationtorelevantstakeholders.ApplyingERTtouniversitesEnterpriseriskmanagement(ERM)canbedescribedasastrategicprocessaffectedbyauniversity’sgovernancestructure,management,administration,andfaculty,designedto:•Helpidentifyrisksthatmayaffecttheinstitution.•Manageidentifiedriskswithintheuniversity’sriskappetite.•Provideassurancethattheuniversitycanachieveitsobjectives.Thevaluesoftheuniversityinfluencehowriskisperceived,anditisimportantthattheculturereflectsariskmanagementphilosophy.HavingastrongERMframeworkcanprovideacommonunderstandingofriskacrosstheorganizationandhelpitachieveitsstrategicandacademicobjectivesthroughfocusingontheinterrelatedrisksthatcouldhavethemostsignificantimpact.Itdrivestheorganizationtointegrateriskintoitseverydayplanningandbudgeting/forecastingprocessandoperations,andstrengthensitsabilitytodealventunexpectedorstealthrisks.Asinotherorganizations,auniversity’sriskmanagementapproachmustgrowandchangewiththeenvironmentinwhichitoperates.Anembedded,sustainableERMapproachallowsmanagementtoassess,improve,andmonitorconsistentlythewaytheuniversitymanagesitsevolvingrisks.AuniversityriskmanagementmaturitymodelTherearethreestagesofmaturitythatcanbeappliedtouniversities.Theriskmanagementmaturitymodelcanbeusedasaroadmapforevaluatinganinstitution'scurrentstateanddefiningnextsteps.TheBaselinePracticesstagetypicallyconsistsoffundamentalcomplianceactivities.Typically,therearenoestablishedriskmanagementroles,responsibilities,processes,ordocumentation,andmosteffortsaremadein“silos”.Then,astheuniversityimprovesitsunderstandingofERMandaltersitspracticesaccordingly,itprogressestoanImprovedPracticesstate.Inthis“alignment”phase,theorganization’sERMeffortshavemovedbeyondmerecompliance.Thereisacertainlevelofriskownershipbytheboardofgovernors,butatthispointtheroles,responsibilities,andprocesshavenotbeendefinedclearlyandcompletely.Finally,intheOptimizedPracticesstate,theuniversityhasreachedastageinwhichERMprocessesandresponsibilitiesarefullyestablishedandhavebecomeintegratedintotheorganization’sstrategyanddayto-dayoperations.Thefocusduringthis“integration”phaseisnowoncontinuouslyre-evaluatingriskandperformance,andadjustingitsresponseaccordingly.UniversitieswithoutarobustriskmanagementframeworkareincreasinglyexploringandimplementingnewERMprocesses,andmakingriskmanagementanintegralpartoftheirplanninganddecision-makingprocesses,whileuniversitiesthathavealreadyadoptedERMarealteringtheirapproachaccordinglytoreachanoptimalstate.Currenttrendsincluderaisingawarenessthroughactivitiessuchasseekinginternalandexternalstakeholderinput,increasingcommunicationsofrelevantriskmanagementinitiativessuchascampusemergencycommunications,identifyingriskchampionstofosteranddevelopnewprogramsandprocesses,andinvolvinguniversityexecutivesandtheboardinriskidentificationandassessment.Who’sresponsibleforriskmanagement?Riskmanagementiseveryone’sresponsibility