1 / 18

May 18, 2009

EASFAA Enterprise Risk Management and the Financial Aid Office. May 18, 2009. Linda Anderson Carnegie Mellon University. ERM: Enterprise Risk Management.

misu
Download Presentation

May 18, 2009

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. EASFAA Enterprise Risk Management and the Financial Aid Office May 18, 2009 Linda Anderson Carnegie Mellon University

  2. ERM: Enterprise Risk Management • Definition: “…a process effected by an entity’s board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may effect the entity, and manage risk, to provide reasonable assurance regarding the achievement of entity objectives.” • Need to think of risk as a strategy and manage it as a bottom line driver.

  3. Risk Management • Risk is any issue that impacts an organization’s ability to meet its objectives. • Risk management is: • A process of understanding, evaluating and taking action on risks. • Systematic and supports accountability. • A process that considers the external and internal environment. • Need to define the risks which could impact our ability to achieve our strategic objectives. • Need to assess probability and impact of risk.

  4. Risk Management: Purpose • Purpose of the Project: to enable Management and the Board of Trustees to understand the types of risks facing the university, current methods to address risks, and mitigation steps.

  5. Risk Management: University Structure University Compliance and Risk Committee • Senior Director of University Risk Management • Committee comprised of Departmental Directors • Quarterly Committee Reporting and Review

  6. 5 Categories of Risk • Strategic: High level goals aligned with and supporting the college’s mission. • Operational: Effective and efficient use of resources. • Reporting: Reliability of external and internal reporting. • Compliance: Compliance with applicable laws and regulations. • Reputational: Damage caused by any of the above four that impacts how the university is valued or perceived.

  7. Risks in Higher Education: Internal Compliance • Internal: Compliance is one of several categories: • Institutional compliance concepts: • Coordination of compliance responsibilities through a formalized structure and network of functional compliance specialists. • Identify, assess and mitigate and monitor risk priorities and solutions. • Clarification and strengthen accountabilities for traditional functional compliance responsibilities. • Need to assign responsibility of risk management.

  8. Financial Aid Office: Development of a Compliance Risk Profile • Define Objectives: determine risk objectives. • Identify Events: which events could adversely impact risk objectives. • Estimate Probability:/Likelihood that a risk will occur. • Estimate Impact: negative impact resulting in potential University financial losses and or reputational losses. • Preliminary Risk Assessment: the risk of an event considering probability, impact and existing policies and procedures and controls. • Planned Risk Mitigation strategy: additional control procedures to alleviate the preliminary risk assessment. • Assess Residual Risks: the remaining risk subsequent to risk management controls.

  9. Possible Areas for Consideration in the Financial Aid Office: • Financial Aid Strategy • Financial Aid Compliance: federal and state regulations. • OMB A-133 Compliance • FERPA,GLB • HEOA of 2008 • ARRA: 2009 • HCERA: 2010

  10. Possible Areas for Consideration in the Financial Aid Office: • Enrollment Growth Management. • Financial Aid Compliance: Donor Restrictions. • Student Records Management. • Installation of new financial aid software/system. • Institutional Loan Programs and Risk Assessment, reserve for probable loan defaults. • Increase in student loan defaults due to regulatory changes.

  11. Definitions for Template Design and Use • Event: incident or occurrence that could affect the achievement of objectives (including compliance with regulations and policies. • Existing Policies and Procedures • Probability/Likelihood: Qualitative measure of the possibility that an event will occur within a 3 year timeframe. (likely, possible, unlikely, rare)

  12. Definitions for Template Design and Use • Impact: measuredfinancial and reputational impact; consider materiality and level of management concerns. (extreme, high, medium, low, negligible) • Preliminary Risk Assessment • Planned Risk Mitigation Strategy • Net Residual Risk Assessment

  13. Financial Aid Office Compliance Risk Assessment Template

  14. Financial Aid Office Compliance Risk Assessment Template

  15. Financial Aid Office Compliance Risk Assessment Template

  16. Financial Aid Office Compliance Risk Assessment Template

  17. Financial Aid Office Operational Risk Assessment Template

  18. Recommendations and Summary: • Implementation of new regulations do not necessarily constitute an ‘event’. • Intersection of events among offices. • Compliance and Operational events. • Requires quarterly discussions and updating. • A positive tool for Staff, Management and Audit Committees • An enterprise wide strategy.

More Related