+1443 776-2705 panelessays@gmail.com

 

Please explain how ERM adoption and implementation in the higher education (HE) environment differs from the public company sector environment. Pick a specific company for comparison purposes and do a direct connection within your answer.

Cite specific examples from this reading.

No plagiarism, 500 words. use at least 3 references

I am uploading text book for your reference, use it as a reference and match scenarios with the specific company.

 

CHAPTER 9

Lessons from the Academy
ERM Implementation in the University Setting

ANNE E. LUNDQUIST
Western Michigan University

T
he tragedy at Virginia Tech, infrastructure devastation at colleges and uni-
versities in the New Orleans area in the aftermath of Hurricane Katrina,
the sexual abuse scandal at Penn State, the governance crisis at the Uni-

versity of Virginia, American University expense-account abuse, and other high-
profile university situations have created heightened awareness of the potentially
destructive influence of risk and crisis for higher education administrators.1 The
recent Risk Analysis Standard for Natural and Man-Made Hazards to Higher Educa-
tion Institutions (American Society of Mechanical Engineers–Innovative Technolo-
gies Institute 2010) notes that “resilience of our country’s higher education insti-
tutions has become a pressing national priority” (p. vi). Colleges and universities
are facing increased scrutiny from stakeholders regarding issues such as invest-
ments and spending, privacy, conflicts of interest, information technology (IT)
availability and security, fraud, research compliance, and transparency (Willson,
Negoi, and Bhatnagar 2010). A statement from the review committee assembled to
examine athletics controversies at Rutgers University is not unique to that situa-
tion; the committee found that “the University operated with inadequate internal
controls, insufficient inter-departmental and hierarchical communications, an
uninformed board on some specific important issues, and limited presidential
leadership” (Grasgreen 2013).

The situation at Penn State may be one of the clearest signals that risk man-
agement (or lack thereof) has entered the university environment and is here to
stay. In a statement regarding the report, Louis Freeh, chair of the independent
investigation by his law firm, Freeh Sporkin & Sullivan, LLP, into the facts and
circumstances of the actions of Pennsylvania State University, said the following:

In our investigation, we sought to clarify what occurred . . . and to examine the Uni-
versity’s policies, procedures, compliance and internal controls relating to identi-
fying and reporting sexual abuse of children. Specifically, we worked to identify
any failures or gaps in the University’s control environment, compliance programs
and culture which may have enabled these crimes against children to occur on
the Penn State campus, and go undetected and unreported for at least these past
14 years.

143

www.it-ebooks.info

144 Implementing Enterprise Risk Management

The chair of Penn State’s board of trustees summed it up succinctly after the
release of the Freeh Report (Freeh and Sullivan 2012) regarding the university’s
handling of the sexual abuse scandal: “We should have been risk managers in a
more active way” (Stripling 2012).

The variety, type, and volume of risks affecting higher education are numer-
ous, and the public is taking notice of how those risks are managed. Accreditation
agencies are increasingly requiring that institutions of higher education (IHEs)
demonstrate effective integrated planning and decision making, including using
information gained from comprehensive risk management as a part of the gover-
nance and management process.2 Credit rating agencies now demand evidence of
comprehensive and integrated risk management plans to ensure a positive credit
rating, including demonstration that the board of trustees is aware of, and involved
in, risk management as a part of its decision making.3 Through its Colleges and
Universities Compliance Project, the Internal Revenue Service (IRS) is considering
how to hold IHEs responsible for board oversight of risk, investment decisions,
and other risk management matters.4 The news media has a heightened focus on
financial, governance, and ethical matters at IHEs, holding them accountable for
poor decisions and thus negatively affecting IHE reputations. In response to this,
many IHEs have implemented some form of enterprise risk management (ERM)
program to help them identify and respond to risk.

THE HIGHER EDUCATION ENVIRONMENT
Colleges and universities have often perceived themselves as substantially differ-
ent and separate from other for-profit and not-for-profit entities, and the outside
world has historically viewed and treated them as such. Colleges and universities
have been viewed as ivory towers, secluded and separated from the corporate (and
thus the federal regulatory and, often, legal) world. Higher education was largely a
self-created, self-perpetuating, insular, isolated, and self-regulating environment.
In this culture, higher education institutions were generally governed under the
traditional, independent “silos of power and silence” management model, with
the right hand in one administrative area or unit often unaware of the left hand’s
mission, objectives, programs, practices, and contributions in another area.

John Nelson (2012), managing director for the Public Finance Group (Health-
care, Higher Education, Not-for-Profits) for Moody’s Investors Service, observed
that higher education culture is somewhat of a contradiction in that colleges and
universities are often perceived as “liberal,” whereas organizationally they tend
to be “conservative and inward-looking.”5 Citing recent examples at Penn State
and Harvard, he noted that colleges and universities can be “victims of their own
success”; a past positive reputation can prevent boards from asking critical ques-
tions, and senior leadership from sharing troubling information with boards, and
this can perpetuate a culture that isn’t self-reflective, thus increasing the likelihood
for a systemic risk management or compliance failure. The Freeh Report (2012)
is instructive regarding not only the Penn State situation, but the hands-off and
rubber-stamp culture of university boards and senior leaders more broadly. The
Freeh Report found that the Penn State board failed in its duty to make reason-
able inquiry and to demand action from the president, and that the president,
a senior vice president, and the general counsel did not perform their duties.

www.it-ebooks.info

LESSONS FROM THE ACADEMY 145

The report calls these inactions a “failure of governance,” noting that the “board
did not have regular reporting procedures or committee structure to ensure dis-
closure of major risks to the University” and that “Penn State’s ‘Tone at the Top’
for transparency, compliance, police reporting, and child protection was com-
pletely wrong, as shown by the inaction and concealment on the part of its most
senior leaders, and followed by those at the bottom of the University’s pyramid of
power.”

In his text regarding organizational structures in higher education, How Col-
leges Work, Birnbaum (1988) notes that, organizationally and culturally, colleges
and universities differ in many ways from other organizations. He attributes this
difference to several factors: the “dualistic” decision-making structure (comprised
of faculty “shared governance” and administrative hierarchy); the lack of metrics
to measure progress and assess accountability; and the lack of clarity and agree-
ment within the academic organization on institutional goals (based, in part, on
the often competing threefold mission of most academic organizations of teaching,
research, and service). Because of these organizational differences, Birnbaum notes
that the “processes, structures, and systems for accountability commonly used in
business firms are not always sensible for [colleges and universities]” (p. 27).

While noting that colleges and universities are unique organizations,
Birnbaum also observes that they have begun to adopt more general business prac-
tices, concluding that “institutions have become more administratively centralized
because of requirements to rationalize budget formats, implement procedures that
will pass judicial tests of equitable treatment, and speak with a single voice to pow-
erful external agencies” (p. 17).

This evolution to a more businesslike culture for IHEs has been evolving since
the 1960s and has brought significant societal changes while seeing the federal gov-
ernment, as well as state governments, begin to enact specific legislation affecting
colleges and universities.6 The proliferation of various laws and regulations, cou-
pled with the rise of aggressive consumerism toward the end of the 1990s, has led to
an increased risk of private legal claims against institutions of higher education—
and their administrators—as well as a proliferation of regulatory and compliance
requirements. Higher education is now generally treated like other business enter-
prises by judges, juries, and creative plaintiffs’ attorneys, as well as by administra-
tive and law enforcement agencies, federal regulators—and the public.

Mitroff, Diamond, and Alpaslan (2006) point out that despite their core edu-
cational mission, colleges and universities are really more like cities in terms of
the number and variety of services they provide and the “businesses” they are in.
They cite the University of Southern California (USC) as an example, noting that
USC operates close to 20 different businesses, including food preparation, health
care, and sporting events, and that each of these activities presents the university
with different risks. Jean Chang (2012), former ERM director at Yale University,
observed that IHEs are complicated businesses with millions of dollars at stake,
but they don’t like to think of themselves as “enterprises.”

Organizational Type Impacts Institutional Culture

While Birnbaum (1988) notes that IHEs differ in important ways from other orga-
nizational types, especially for-profit businesses, he also concludes that colleges

www.it-ebooks.info

146 Implementing Enterprise Risk Management

and universities differ from each other in important ways. Birnbaum outlines five
models of organizational functioning in higher education: collegial, bureaucratic,
political, anarchical, and cybernetic. In Bush’s (2011) text on educational leader-
ship, he groups educational leadership theories into six categories: formal, colle-
gial, political, subjective, ambiguity, and cultural. In their discussion of organiza-
tional structure, Bolman and Deal (2008) provide yet another method for analysis
of organizational culture, identifying four distinctive “frames” from which people
view their world and that provide a lens for understanding organizational culture:
structural, human resources, political, and symbolic.

Each of these models can provide a conceptual framework by which to under-
stand and evaluate the culture of a college or university. Understanding the orga-
nizational type of a particular institution is imperative when considering issues
such as the process by which goals are determined, the nature of the decision-
making process, and the appropriate style of leadership to accomplish goals and
implement initiatives. What works in one university organizational type may not
be effective in another. The leadership style of senior administration may be oper-
ating from one frame or model while the culture of the faculty may be operating
from another, thus affecting policy and practice in positive or negative ways.

While not true across the board, for-profit organizations tend to operate from
what Bush as well as Bolman and Deal refer to as the formal or structural models
and Birnbaum terms bureaucratic. The structural frame represents a belief in ratio-
nality. Some assumptions of the structural frame are that “suitable forms of coordi-
nation and control ensure that diverse efforts of individuals and units mesh” and
that “organizations work best when rationality prevails over personal agendas”
(Bolman and Deal 2008, p. 47). Understanding this cultural and framing difference
is important when considering the adoption and implementation of ERM in the
university environment, and can help to explain why many university administra-
tors and faculty are skeptical of the more corporate approach often taken in ERM
implementation outside of higher education.

Bush observes that the collegial model has been adopted by most universities
and is evidenced, in part, by the extensive committee system. Collegial institu-
tions have an “emphasis on consensus, shared power, common commitments and
aspirations, and leadership that emphasizes consultation and collective responsi-
bilities” (Birnbaum, p. 86). Collegial models assume that professionals also have a
right to share in the wider decision-making process (Bush 2011, p. 73). Bush points
out that collegial models assume that members of an organization agree on orga-
nizational goals, but that often various members within the institution have differ-
ent ideas about the central purposes of the institution because most colleges and
universities have vague, ambiguous goals. Birnbaum describes the collegium (or
university environment) as having the following characteristics:

The right to participate in institutional affairs, membership in a congenial and sym-
pathetic company of scholars in which friendships, good conversation, and mutual
aid flourish, and the equal worth of knowledge in various fields that precludes
preferential treatment of faculty in different disciplines. (p. 87)

ERM (or risk management and compliance initiatives in general) tend to be
viewed as more corporate functions and to align with formal, structural, and
bureaucratic aims, goal setting, planning, and decision making. The chart in
Exhibit 9.1 outlines management practices and how they are viewed from the

www.it-ebooks.info

E
xh

ib
it

9.
1

D
is

ti
n

ct
io

n
s

b
et

w
ee

n
St

ru
ct

u
ra

la
n

d
C

o
ll

eg
ia

lE
le

m
en

ts
o

f
M

an
ag

em
en

t∗

E
le

m
en

ts
o

f
M

an
ag

em
en

t
F

o
rm

al
/S

tr
u

ct
u

ra
l

C
o

ll
eg

ia
l/

H
u

m
an

R
es

o
u

rc
es

B
o

lm
an

an
d

D
ea

l
B

u
sh

In
st

it
u

ti
o

n
al

B
ir

n
b

au
m

In
st

it
u

ti
o

n
al

B
o

lm
an

an
d

D
ea

l
B

u
sh

B
ir

n
b

au
m

L
ev

el
at

w
h

ic
h

g
o

al
s

ar
e

d
et

er
m

in
ed

In
st

it
u

ti
o

n
al

In
st

it
u

ti
o

n
al

th
ro

u
g

h
ag

re
em

en
t

an
d

co
n

se
n

su
s

P
ro

ce
ss

b
y

w
h

ic
h

g
o

al
s

ar
e

d
et

er
m

in
ed

V
er

ti
ca

la
n

d
la

te
ra

l
p

ro
ce

ss
es

Se
t

b
y

le
ad

er
s

B
as

ed
o

n
o

rg
an

iz
at

io
n

al
st

ru
ct

u
re

an
d

ro
le

s

A
g

re
em

en
t

A
g

re
em

en
t

C
o

n
se

n
su

s

R
el

at
io

n
sh

ip
b

et
w

ee
n

g
o

al
s

an
d

d
ec

is
io

n
s

O
rg

an
iz

at
io

n
s

ex
is

t
to

ac
h

ie
v

e
es

ta
b

li
sh

ed
g

o
al

s

D
ec

is
io

n
s

b
as

ed
o

n
g

o
al

s

C
o

n
sc

io
u

s
at

te
m

p
t

to
li

n
k

m
ea

n
s

to
en

d
s

an
d

re
so

u
rc

es
to

o
b

je
ct

iv
es

Sh
ar

ed
se

n
se

o
f

d
ir

ec
ti

o
n

an
d

co
m

m
it

m
en

t

D
ec

is
io

n
s

b
as

ed
o

n
g

o
al

s

St
ro

n
g

an
d

co
h

er
en

t
cu

lt
u

re
an

d
v

al
u

e
co

n
se

n
su

s
in

fo
rm

s
d

ec
is

io
n

s
N

at
u

re
o

f
th

e
d

ec
is

io
n

p
ro

ce
ss

R
at

io
n

al
;r

u
le

s,
p

o
li

ci
es

,a
n

d
st

an
d

ar
d

o
p

er
at

in
g

p
ro

ce
d

u
re

s

R
at

io
n

al
R

at
io

n
al

;c
o

m
p

li
an

ce
w

it
h

ru
le

s
an

d
re

g
u

la
ti

o
n

s

E
g

al
it

ar
ia

n
is

m
;

te
am

s
C

o
ll

eg
ia

l
D

el
ib

er
at

iv
e

co
n

se
n

su
s

N
at

u
re

o
f

st
ru

ct
u

re
O

rg
an

iz
at

io
n

s
in

cr
ea

se
ef

fi
ci

en
cy

an
d

en
h

an
ce

p
er

fo
rm

an
ce

th
ro

u
g

h
sp

ec
ia

li
za

ti
o

n
an

d
d

iv
is

io
n

o
f

la
b

o
r

O
b

je
ct

iv
e

re
al

it
y

;
h

ie
ra

rc
h

ic
al

D
es

ig
n

ed
to

ac
co

m
p

li
sh

la
rg

e-
sc

al
e

ta
sk

s
b

y
sy

st
em

at
ic

al
ly

co
o

rd
in

at
in

g
th

e
w

o
rk

o
f

m
an

y
in

d
iv

id
u

al
s

O
rg

an
iz

at
io

n
s

ex
is

t
to

se
rv

e
h

u
m

an
n

ee
d

s;
m

u
st

b
e

a
g

o
o

d
fi

t
b

et
w

ee
n

o
rg

an
iz

at
io

n
an

d
p

eo
p

le

L
at

er
al

C
o

ll
eg

iu
m

St
y

le
o

f
le

ad
er

sh
ip

E
st

ab
li

sh
ed

au
th

o
ri

ty
L

ea
d

er
es

ta
b

li
sh

es
g

o
al

s
an

d
in

it
ia

te
s

p
o

li
cy

L
ea

d
er

is
co

n
ce

rn
ed

w
it

h
p

la
n

n
in

g
,

d
ir

ec
ti

n
g

,
o

rg
an

iz
at

io
n

,
st

af
fi

n
g

,a
n

d
ev

al
u

at
in

g

D
o

es
n

’t
co

n
tr

o
lo

r
o

v
er

ly
st

ru
ct

u
re

;
se

n
si

ti
v

e
to

b
o

th
ta

sk
an

d
p

ro
ce

ss
;

u
se

o
f

te
am

s

L
ea

d
er

se
ek

s
to

p
ro

m
o

te
co

n
se

n
su

s

L
ea

d
er

is
“f

ir
st

am
o

n
g

eq
u

al
s,


co

n
su

lt
at

io
n

an
d

co
ll

ec
ti

v
e

re
sp

o
n

si
b

il
it

ie
s


A

d
ap

te
d

fr
o

m
B

u
sh

(2
01

1)
,1

99
(F

ig
u

re
9.

1)
.

147

www.it-ebooks.info

148 Implementing Enterprise Risk Management

formal/structural and collegial/human resources models. As will become clear
in the University of Washington ERM implementation case described in this chap-
ter, the culture of higher education in general, and the institution-specific culture
of the particular organization, cannot be ignored when adopting or implementing
an ERM program, and may be the most important element when making ERM
program, framework, and philosophy decisions.

Risks Affecting Higher Education

One way in which colleges and universities are becoming more like other organi-
zations is the type and variety of risks affecting them. Risk and crisis in higher edu-
cation may arise from a variety of sources: a failure of governance or leadership;
a business or consortium relationship; an act of nature; a crisis related to student
safety or welfare or that of other members of the community; a violation of federal,
state, or local law; or a myriad of other factors. The University Risk Management
and Insurance Association (URMIA 2007) cites several drivers that put increased
pressure and risk on colleges and universities, including competition for faculty,
students, and staff; increased accountability; external scrutiny from the govern-
ment, the public, and governing boards; IT changes; competition in the market-
place; and increased levels of litigation. A comprehensive, yet not exhaustive, list
of risks affecting higher education is outlined in Exhibit 9.2. Risks unmitigated at
the unit, department, or college level can quickly lead to high-profile institutional
risk when attorneys, the media, and the public get involved. Helsloot and Jong
(2006) observe that higher education has a unique risk as it relates to the genera-
tion and sharing of its core task: “to gather, develop, and disseminate knowledge”
(p. 154), noting that the “balance between the unfettered transfer of knowledge, on
the one hand, and security, on the other, is a precarious one” (p. 155).

EMERGENCE OF ERM IN HIGHER EDUCATION
In the corporate sector, interest in the integrated and more strategic concept of
enterprise risk management (ERM) has grown significantly in the past 15 years
(Arena, Arnaboldi, and Azzone 2010). Certain external factors affected the adop-
tion and implementation of ERM practices in corporations, including significant
business failures in the late 1980s that occurred as a result of high-risk financing
strategies (URMIA 2007). Governments in several European countries took actions
and imposed regulatory requirements regarding risk management earlier than was
done in the United States, issuing new codes of practice and regulations such as the
Cadbury Code (1992), the Hampel Report (1998), and the Turnbull Report (1999). In
2002, the Public Company Accounting Reform and Investor Protection Act (other-
wise known as Sarbanes-Oxley, or SOX) was enacted in the United States. In 2007,
the Securities and Exchange Commission (SEC) issued guidance placing greater
emphasis on risk assessment and began to develop requirements for enterprise-
wide evaluation of risk. In February 2010, the SEC imposed regulations requiring
for-profit corporations to report in depth on how their organizations identify risk,
set risk tolerances, and manage risk/reward trade-offs throughout the enterprise.

While widespread in the corporate sector, in large part due to regulatory com-
pliance, ERM is fairly new in higher education. Gurevitz (2009) observes that

www.it-ebooks.info

LESSONS FROM THE ACADEMY 149

Exhibit 9.2 Risks Affecting Higher Education

Institutional Area Types of Risk

Boards of Trustees and
Regents, President,
Senior Administrators

Accreditation
Board performance assessment
CEO assessment and compensation
Conflict of interest
Executive succession plan
Fiduciary responsibilities
IRS and state law requirements
Risk management role and responsibility

Business and Financial
Affairs

Articulation agreements
Bonds
Budgets
Business ventures
Cash management
Capital campaign
Contracting and purchasing
Credit rating
Debt load/ratio
Endowment
Federal financial aid
Fraud
Gift/naming policies
Insurance
Investments
Loans
Outsourcing
Transportation and travel
Recruitment and admissions model

Compliance with
Federal, State, and
Local Laws, Statutes,
Regulations, and
Ordinances

Americans with Disabilities Act (ADA)/Section 504
Copyright and fair use
Drug-Free Schools and Communities Act
Family Educational Rights and Privacy Act (FERPA)
Health Insurance Portability and Accountability Act of

1996 (HIPAA)
Higher Education Opportunity Act IRS regulations
Integrated Postsecondary Education Data System (IPEDS)
Jeanne Clery Disclosure of Campus Security Policy and

Campus Crime Statistics Act (Clery Act)
National Collegiate Athletic Association

(NCAA)/National Association of Intercollegiate
Athletics (NAIA) regulations

Record retention and disposal
Tax codes
Whistle-blower policies

Campus Safety and
Security

Emergency alert systems for natural disaster or other
threat

Emergency planning and procedures
Incident response

(continued)

www.it-ebooks.info

150 Implementing Enterprise Risk Management

Exhibit 9.2 (Continued)

Institutional Area Types of Risk

Campus Safety and
Security (continued)

Infectious diseases
Interaction with local, state, and federal authorities
Minors on campus
Terrorism
Theft
Violence on campus
Weapons on campus
Weather

Information Technology Business continuity
Cyber liability
Electronic records
Information security
Network integrity
New technologies
Privacy
System capacity
Web page accuracy

Academic Affairs Academic freedom
Competition for faculty
Faculty governance issues
Grade tampering
Grants
Human subject, animal, and clinical research
Intellectual property
Internship programs
Joint programs/partnerships
Laboratory safety
Online learning
Plagiarism
Quality of academic programs
Student records
Study abroad
Tenure

Student Affairs Admission/retention
Alcohol and drug use
Clubs and organizations
Conduct and disciplinary system
Dismissal procedures
Diversity issues
Fraternities and sororities
Hate crimes
Hazing
International student issues
Psychological disabilities issues
Sexual assault
Student death
Student protest
Suicide

www.it-ebooks.info

LESSONS FROM THE ACADEMY 151

Exhibit 9.2 (Continued)

Institutional Area Types of Risk

Employment/Human
Resources

Affirmative action
Background checks
Discrimination lawsuits
Employment contracts
Grievances
Labor laws
Performance evaluation
Personnel matters
Sexual harassment
Termination procedures
Unions
Workplace safety

Physical Plant Building and renovation
Fire
Infrastructure damage
Off-site programs
Public-private partnerships
Residence hall and apartment safety
Theft

Other Alumni
Athletics
External relations
Increased competition for students, faculty, and staff
Increased external scrutiny from the public, government,

and media
Medical schools, law schools
Vendors

educational institutions “have been slower to look at ERM as an integrated busi-
ness tool, as a way to help all the stakeholders—trustees, presidents, provosts,
CFOs, department heads, and frontline supervisors—identify early warning signs
of something that could jeopardize a school’s operations or reputation.” In 2000,
the Higher Education Funding Council of England enacted legislation requir-
ing all universities in England to implement risk management as a governance
tool (Huber 2009). In Australia, the Tertiary Education Quality Standards Agency
(TEQSA 2013) evaluates the performance of higher education providers against a
set of threshold standards and makes decisions in relation to their performance
in line with three regulatory principles, including understanding an institution’s
level of risk.

In the United States, engaging in risk management efforts and programs for
IHEs is not specifically required by accrediting agencies or the federal govern-
ment. Perhaps because it is not required, ERM has not been a top focus for boards
and senior administrators at IHEs. Tufano (2011) points out that risk management
in the nonprofit realm, including higher education, is significantly less developed
than in much of the corporate world and often still has a focus on avoidance of
loss rather than setting strategic direction. Mitroff, Diamond, and Alpaslan’s (2006)

www.it-ebooks.info

152 Implementing Enterprise Risk Management

survey assessing the state of crisis management in higher education revealed that
colleges and universities were generally well prepared for certain crises, particu-
larly fires, lawsuits, and crimes, in part because certain regulations impose require-
ments. They were also well prepared for infrequently experienced but high-profile
situations such as athletics scandals, perhaps based on their recent prominence in
the media. However, they were least prepared for certain types of crises that were
frequently experienced such as reputation and ethics issues, as well as other non-
physical crises such as data loss and sabotage.7 A survey conducted by the Asso-
ciation of Governing Boards of Universities and Colleges and United Educators
(2009) found that, of 600 institutions completing the survey, less than half of the
respondents “mostly agreed” that risk management was a priority at their insti-
tution. Sixty percent stated that their institutions did not use a comprehensive,
strategic risk assessment to identify major risks to mission success. Recent high-
profile examples may be beginning to change that. The Freeh Report regarding
Penn State determined that “the university’s lack of a robust risk-management sys-
tem contributed to systemic failures in identifying threats to individuals and the
university and created an environment where key administrators could ‘actively
conceal’ troubling allegations from the board” (Stripling 2012).

ADOPTING AND IMPLEMENTING ERM IN
COLLEGES AND UNIVERSITIES
In 2001, PricewaterhouseCoopers and the National Association of College and
University Business Officers (NACUBO) sponsored a think tank of higher educa-
tion leaders to discuss the topic of ERM in higher education, likely in response to
widespread discussion in the for-profit sector and in anticipation of potential reg-
ulatory implications for higher education. The group included Janice Abraham,
then president and chief executive officer of United Educators Insurance, as well
as senior administrators from seven universities.8 The focus of their discussion
was on the definition of risk; the risk drivers in higher education; implementa-
tion of risk management programs to effectively assess, manage, and monitor risk;
and how to proactively engage the campus community in a more informed dia-
logue regarding ERM. Their conversation produced a white paper, “Developing
a Strategy to Manage Enterprisewide Risk in Higher Education” (Cassidy et al.
2001). In 2007, NACUBO and the Association of Governing Boards of Universities
and Colleges (AGB) published additional guidance in their white paper, “Meeting
the Challenges of Enterprise Risk Management in Higher Education.” The Uni-
versity Risk Management and Insurance Association (URMIA) also weighed in
with its white paper, “ERM in Higher Education” (2007). In 2013, Janice Abraham
wrote a text published by AGB and United Educators, entitled Risk Management:
An Accountability Guide for University and College Boards. These documents provide
guidance and information to institutions considering the implementation of an
ERM program and discuss the unique aspects of the higher education environment
when considering ERM implementation.

Several authors have discussed the transferability of the ERM model to higher
education, even with the cultural and organizational differences that abound
between the for-profit environment and higher education. URMIA (2007) con-
cluded that “the ERM process is directly applicable to institutions of higher

www.it-ebooks.info

LESSONS FROM THE ACADEMY 153

education, just as it is to any other ‘enterprise’; there is nothing so unique to the col-
lege or university setting as to make ERM irrelevant or impossible to implement”
(p. 17). Whitfield (2003) assessed the “feasibility and transferability of a general
framework to guide the holistic consideration of risk as a critical component of
college and university strategic planning initiatives” (p. 78) and concluded that
“the for-profit corporate sector’s enterprise-wide risk management framework is
transferable to higher …