UNCW Institutional Risk Management
Update
Board of Trustees Audit Committee
November 20, 2014
IRM Best Practice Action Steps
1.
2.
3.
4.
5.
6.
7.
8.
9.
Develop a disciplined process to consider risk in strategic discussions.
Designate an owner of the risk identification process.
Require all top administrators to prioritize risk.
Sift through the prioritized risks to decide which ones warrant
attention at the highest level.
Require annual written reports on each high-priority risk being
monitored.
Re-assess priority risks at the board level at least once a year.
Look for blind spots.
Move risk identification deeper into the institution each year.
Keep repeating the process.
C 2009 Association of Governing Boards of Universities and Colleges, United Educators
2
IRM Organization
IRM Steering Committee
IRM Committee, Chaired by
IRM Officer
Provost and Vice Chancellor for
Academic Affairs
Academic Affairs (4)
Vice Chancellor for Business
Affairs
Business Affairs (9)
Vice Chancellor for Student Affairs
Student Affairs (2)
General Counsel
Chancellor (2)
Director – Internal Audit
University Advancement (1)
Two processes:
Tier 1 Profile: Engages leadership
Tier 2 and Emerging Risk Assessment Process: Engages employees across
the institution; provides a screening of changing processes; helps the
organization to manage interconnected risks.
3
Goals of the Tier 1 Profile
(Strategic Risk Profile)
 To understand institution-level risks*
 Correlate those risks to their potential impact on
institutional strategy
 Measure, monitor and report on those risks to the board
*Institution-level risks are not owned by any one department.
4
Tier 1 Evaluation – Interim Update
IRM Best Practice Action Steps
1. Require annual written reports on each high-priority risk
being monitored.
(Annual report is in April. November is an interim update.)
2. Keep repeating the process.
C 2009 Association of Governing Boards of Universities and Colleges, United Educators
5
Interim Tier 1 Update –
New Mitigations
Essential Resources
• Monitoring and watching state revenues for any downside impact
• Monitoring average student debt and student cohort default rate
Regulatory Intervention
• Title IX responsibilities re-organized
• Federal Grant for $300,000 to provide enhancements to victim advocacy services, prevention
and intervention teams, as well as bystander intervention programming
• Financial Aid Compliance checklist completed during DOE Program Review of Financial Aid
• Incorporated in the 2014 Annual Security Report (ASR) the requirements of new SaVE Act
legislation (Clery Act amendment)
Talent Management
• AVC HR search nearing completion
• Key positions filled for Assoc. Provost-Research/Dean, Vice Chancellor for Business Affairs,
Dean – College of Arts & Sciences, Controller
• Informal succession planning (by division)
6
Interim Tier 1 Update –
New Mitigations (cont’d)
Campus Health & Safety
• $300,000 federal grant to enhance prevention and intervention teams as well as bystander
intervention programming
• Active shooter exercise after action report
• Study and proposal to design replacement of fire alarm notification system
• Increased frequency of lab inspections and training
• New and improved touch points between EH&S and new research faculty plus earlier warning of
research lab closures
• Updated Communicable disease plan, partnering with area health providers
• Added express shuttle route on Randall Drive to accommodate new apartments off campus
Continuity of Operations
• Design proposal received for new code-compliant fire alarm notification system for main campus.
• Design facilities plan for alarm receiving center in progress. (Also a safety item)
• Infrastructure improvements: Performance Contract 2; Stormwater Plan; Randall Library structural
improvements; Renovation of S&BS.
7
Identification Cycle for
Emerging/Tier 2 Risks
IRM Best Practice Action Steps
1. Sift through the prioritized risks to decide which ones
warrant attention at the highest level.
2. Move risk identification deeper into the institution each
year.
C 2009 Association of Governing Boards of Universities and Colleges, United Educators
8
Determining which risks warrant attention requires a periodic
identification and analysis of emerging and/or tier 2 risks, and evaluation
to include completed or planned mitigations
International Travel
Ebola
Mental and Physical Health
Issues in Remote Programs
Determine and codify the
alternatives for managing the risk
analysis and decision-making
around non-credit bearing
international travel
Protocols and partnerships are
being established between EH&S,
Student Health, EMT’s and local
hospitals. An educational and
awareness campaign for our
students and employees is ongoing.
Procurement and usage of PPE.
Coupled with the review of
international travel policies is the
degree of partnership with Student
Health, evaluating where this
expertise could be leveraged to
reduce risks
Executive Sponsors: Provost
Battles/VCSA Leonard
Executive Sponsor: VCSA Leonard
Executive Sponsors: Provost
Battles/VCSA Leonard
Facilitator: Dr. Martin Posey
Facilitator: Stan Harts
Facilitator: Katrin Wesner
Determining which risks warrant attention requires a periodic
identification and analysis of emerging and/or tier 2 risks, and evaluation
to include completed or planned mitigations (continued)
Research Programming
and Business Continuity
Fire Prevention and
Preparedness
Pedestrian, Bicycle and
Skateboard Safety
Transportation
Review process for new
programming. Assess
support and requirements
for buildings, laboratories,
and equipment as well as
adequacy of compliance.
Fire system upgrades and
replacement. Monitoring
and reporting systems
effective 24/7. Exit drills for
academic spaces.
Draft policy for on campus.
Changes to physical
infrastructure, additional
shuttle services, and traffic
counts at major
intersections.
Inadequate coverage at
department level.
Coordination with NCDOI
affirms controls in place are
appropriate. White paper
forthcoming from DOI to
define affiliates.
Executive Sponsors: Provost
Battles/ VCBA Whitfield
Executive Sponsors: VCBA
Whitfield/VCSA Leonard
Executive Sponsors: VCSA
Leonard/VCBA Whitfield
Executive Sponsor: VCBA
Whitfield
Facilitator: Dr. Ron Vetter
Facilitator: Stan Harts
Facilitator: Stan Harts
Facilitator: Pam Elliott
Determining which risks warrant attention requires a periodic
identification and analysis of emerging and/or tier 2 risks, and evaluation
to include completed or planned mitigations (continued)
IT Security Breach
Response Plan
Network and Physical
Plant Infrastructure
Growth Capacity
National incidents (Target,
Home Depot) and average
incurred cost increasing
(one source: $200/record).
Controller commissioning
study. Updating registers
and contract language.
Expand our all hazards
response planning to
include data breaches.
Assess our response to the
incident occurring in 2014.
Our network is in need of
significant upgrades,
requiring increased
funding. Performance
contracts are enabling
upgrade of HVAC and
energy monitoring systems.
Analyze the capacity of
instruction, facilities and
services. Consider teaching
and specialized spaces,
infrastructure and human
capital.
Executive Sponsor: VCBA
Whitfield
Executive Sponsors: GC
Hoon/VCBA Whitfield
Executive Sponsor: VCBA
Whitfield
Executive Sponsors: Provost
Battles, VCBA Whitfield, VCSA
Leonard
Facilitator: Sara Thorndike
Facilitator: Zach Mitcham
Facilitators: Steve Perry and Bob
Fraser
Facilitators: Bob Fraser and Dr.
Terry Curran
PCI Compliance
Determining which risks warrant attention requires a periodic
identification and analysis of emerging or Tier 2 risks, and evaluation
to include completed or planned mitigations (continued)
Applied Learning
ADA – eLearning
Financial Aid and Student
Debt Cohort Default Rate
Retention Analytics
Applied learning
opportunities (e.g., study
abroad, service learning,
field research practicum)
introduce a variety of
safety and programming
risks.
How we comply with the
Americans with
Disabilities Act changes
as we increase our eLearning programming.
The financial
demographics of our
student population is
changing reflective of
larger societal concerns.
Significant efforts and
planning are required to
ensure the success of our
student body. Analysis to
probe who, what and
why around student
retention.
Executive Sponsors: GC
Hoon/Provost Battles
Executive Sponsors: GC
Hoon
Executive Sponsors: VCBA
Whitfield/Provost Battles
Executive Sponsors: VCBA
Whitfield/Provost Battles
Facilitator: Pam Elliott
Facilitators: Dr. Martin
Posey/Dr. Cecil Willis/Dr.
Peggy Turner
Facilitators: Sara
Thorndike/Dr. Ixchel Baker
Tate
Facilitators: Dr. Martin
Posey/Dr. Terry Curran
Determining which risks warrant attention requires a periodic
identification and analysis of sufficiently narrow focus in Tier 1 areas.
These two items are compliance based and continue to emerge as
significant risks.
Clery Act Compliance
Response Protocols for Incidences
of gender-based/sexual misconduct
New reporting and education requirements
in the Violence Against Women
Reauthorization Act / and Campus Sexual
Violence Elimination Act (SaVE) Provision
(Clery Act amendment).
How we comply with Title IX is constantly
evolving since the Dear Colleague letter of
April 2011 and continuing legislation and
enforcement.
Executive Sponsors: GC Hoon/VCBA
Whitfield
Executive Sponsors: GC Hoon/VCSA Leonard
Facilitator: Chief Donaldson
Facilitator: Dr. Brian Victor
UNCW Institutional Risk Management
Update
Questions?
Board of Trustees Audit Committee
Tier 1 Risks Evaluations – Interim Update
Volatile Essential Resources – Rated High Risk
Strategic
Objective
Risk Name
Key Drivers
Key Risk Indicators Current
Mitigations
Minimize the
impact of
changing
resources
supporting
University
mission and goals
Shortfalls in
funding with
limited time to
manage
accordingly
Other state policy funding
priorities
No significant change in
the revenue mix
State withdrawal from
continuing and one time
needs
Positive enrollment
(higher than expected)
for Fall 2014. Housing
contracts higher than
expected as well.
Risk Issue
 Tuition limits,
state support,
research
funding, and
outcomesbased policies
have the
potential to
reduce the
availability of
essential
resources
Heightened
competitiveness for
research awards
Potential
Impact
 Financial
 Strategic
 Operational
Continuing decrease in
indirect cost receipts
Heightened
competitiveness for out of Budget cut more in FY14
state students
than FY13, but less than
FY12. 2015-17
Limits on available Pell
Biennium, 2%
funding
Average student debt
Pressure to increase
expenses to meet
regulatory mandates
Updating, retrofitting and
replacing critical
infrastructure
Supporting strategic
initiatives
• Focused management
of research and
graduate programs
• New revenue sources
• Improved Moody’s
credit rating outlook
• Monitoring and
watching out of state
enrollment for any
downside impact
• Monitoring and
watching state
revenues for any
downside impact
Caps on tuition, 5%
Caps on financial aid paid
with tuition, 15% (UNCW • Monitoring average
student debt and
at 12.7%)
student cohort default
Shortfall in state
rate
revenues first 2 quarters
Student default rate
maintaining after several
years rising
15
Tier 1 Risks Evaluations – Interim Update
Regulatory Intervention – Rated High Risk
Strategic
Objective
Risk Name Key Drivers
Key Risk Indicators
Current Mitigations
Mitigate regulatory
compliance risk in
an inherently
decentralized
environment
Inability to
comply with all
laws and
regulations
DOE: Title IX/Clery Act
Nationally, 85 OCR
investigations, key
Resolution Agreements,
federal inquiries, federal
“It’s On Us” program, and
legislation in several states
• Internal Audits with
Compliance Components
Nationally
Increase in federal and state
regulations
Increased political scrutiny
Instances of culture caught
unaware of compliance
failure
Risk Issue
Potential
Impact
Increased regulatory
oversight and intervention:
coordination and  Financial
 Accountability for safety
support
 Reputational  Pressure to increase
 Operational
affordability and
efficiency
 Governance
 Deficient
DOE program review at
UNCW, uptick in Title IX
reports (risk of federal
complaint)
New reporting and
education requirements in
the Violence Against
Women Reauthorization
Nationally, many states have Act / and Campus Sexual
legislation affecting tuition – Violence Elimination Act
(SaVE) Provision (Clery Act
freezes, caps and
amendment).
apportionment
UNCW
Compliance position
turnover
Added responsibilities
Pending rulemaking on
federal financial aid
PCI Compliance
• UNC System Coordination
• ITS Assessments
• Increased use of trained
fact finders for Title IX
investigations
• Title IX responsibilities reorganized
• Federal Grant for $300,000
to provide education and
programming
• Financial Aid Compliance
checklist completed during
DOE Program Review of
Financial Aid
• Incorporated in the 2014
Annual Security Report
(ASR) the requirements
of new SaVE legislation
(Clery Amendment)
16
Tier 1 Risks Evaluations – Interim Update
Campus Health & Safety – Rated High Risk
Strategic
Objective
Risk Name Key Drivers
Mitigate
vulnerability of
students, faculty
and staff in an open
environment
Inability to
achieve the
safest possible
environment in
which to learn
Risk Issue
Potential
Impact
 Expectations
and
accountability
for safety and
health is
increasing, and
existing
resources must
meet stronger
requirements
Shift in national expectations
from shared responsibility to
the safest possible
environment in which to
learn
Title IX, White House “It’s On
Us”
Key Risk Indicators
Current Mitigations
2012 to 2013 (calendar year),
• $300,000 federal grant to
violent crimes increased from 5
enhance victim advocacy
to 10; weapons violations
services, enhance
decreased; many KRIs constant
prevention and intervention
teams as well as bystander
Workers’ comp costs up 3.5%
intervention programming
FY14, Student health as self
• Active shooter exercise after
reported by students improved;
action report
Alcohol prevention strategies health center visits increased
• Funding for Dept. of
11%
 Reputational
Title IX training of mandatory
Insurance
 Hazard
reporters. Title IX training of FY15 (current year), uptick in
recommendations; study
 Operational investigators.
Title IX campus reports and
and proposal to design
 Financial
investigations
replacement of fire alarm
 Compliance Active shooter threat –
notification system
FY12: 0 reportable fires
increased frequency
FY13: 1 reportable fire
nationwide
• Increased frequency of lab
FY14: 2 reportable fire
inspections and training.
UCLA Lab Incident resulting in
personal accountability for
• New and improved touch
2014, smoke from
faculty member and $4.5
points between EH&S and
malfunctioning lab equipment
million institutional expense
new research faculty plus
Fall 2014, Growth in new off
for legal and consulting.
earlier warning of research
campus housing impacting
lab closures
safety on College Road (150 left
Ebola (low likelihood, high
• Updated Communicable
impact), meningitis, seasonal turns, 60 bicycles/hour)
disease plan, partnering
flu
with area health providers
Ebola death in US and travel to
Growth in off campus student affected countries
• Added express shuttle route
housing
on Randall Drive
17
Tier 1 Risks Evaluations – Interim Update
Talent Management – Rated High Risk
Strategic
Objective
Risk Name
Key Drivers
Key Risk Indicators
Mitigate talent
management
recruitment and
retention risk
Inability to
achieve a rightsized,
innovative,
highly effective
workforce
Very limited
institutional control
over compensation
• AVC HR search
FY12 to FY13, Turnover rose
nearing completion
from 9% to 10.8%.
The highest numbers were in
• Informal succession
employees with 0-10 years of
planning (by division)
service; retirements
represented 3.0% of workforce • Leadership
development (LEAD
turnover.
Potential
Impact
Noncompetitive
salary/benefits/startup
packages
Risk Issue
 High quality
Stagnant wages,
colliding with greater
economic mobility
faculty and
 Strategic
dedicated
 Operational Counterpoints
staff are
Institution Quality and
essential to
Location
delivering the
programs and
services that
best serve
21st century
students
Turnover was highest among
professionals and
paraprofessionals (these two
classes represent 52.5% of all
turnover and increased from
10.8% to 14.7%)
Current
Mitigations
Program
• Climate surveys
• SPA compensation
philosophy
• Key positions filled for
Assoc. ProvostFaculty turnover is <6%
Research/Dean, Vice
Chancellor for
Leadership turnover is resulting in
Business Affairs, Dean
transitions – several key positions
– College of Arts &
filled, new vacancies
Sciences, Controller
18
Tier 1 Risks Evaluations – Interim Update
Continuity of Operations – Rated High Risk
Strategic
Objective
Risk Name
Key Drivers
Key Risk
Indicators
Current Mitigations
Mitigate impact
to students,
faculty and
staff, facilities
and operations
on a campus
vulnerable to
natural
disasters
Inability to
complete our
teaching,
research, and
service mission
following a
disaster
Critical restoration abilities
rely heavily on redundancy
and hardening of critical
services, such as power and
data
Campus withstood
Hurricane Arthur very well
with little issues with
stormwater
• MARBIONC building with
generators – gives campus
hardened research centers
Risk Issue
Potential
Impact
Dependency upon provision of
supplies and services





Monitoring alarms is a 24/7
responsibility
 Continuity of
operations
plans are
essential to
minimizing the
severity of
impact and
related
business
interruption
caused by
natural or
manmade
disasters
Strategic
Operational
Financial
Hazard
Reputational
Scientific and computer-based
research heavily dependent
upon specialized equipment
and facilities
Mutual aid is key when there
is a larger scale event affecting
the region
Effectiveness requires
developed knowledge,
relationships and training of
essential personnel
Core mission delivery
alternatives aid in recovery
Several temporary failures
of fire alarm notification
system – (system has since
been upgraded to more
current technology)
• Infrastructure improvements:
Performance contract 2 and
stormwater plan; renovation
of S&BS.
• Eliminated single point of
failure for data connection
with the addition of MCNC
site
• Design proposal received for
new code-compliant fire
alarm notification system for
main campus, and facilities
plan for alarm receiving
center in progress. (Also a
safety item)
• Having a FEMA-approved Pre
Hazard Mitigation Plan
establishes critical restoration
priorities and allows federal
reimbursement in a declared
disaster
• Relationships with county and
19
UNC system