Addressing Persistent and Emerging Campus Risks

Addressing Persistent and Emerging Campus Risks

Foundational Capabilities for Enterprise Risk Management, Information Risk, and Student Activism

Our latest study breaks down the monolithic challenge of risk management, providing clear plans for rapid-response situations and implementation guidance for foundational enterprise risk capabilities.

Higher ed institutions seeking to manage risk holistically too frequently stumble when moving from vision to execution, whether distracted by one-off incident response obligations or overwhelmed by the sheer magnitude of the effort.

A top expectation for chief business officers

College and university stakeholders—trustees, funders, students, parents, community members, legislators, alumni—are holding their institutions to high standards, even as their complex enterprises experience more and more risks. Enterprise Risk Management, or ERM, is an intentional approach to managing an organization’s remediation of risks, although higher education’s distributed governance can render the risk identification process burdensome. Campus leaders also struggle to capture stakeholders’ focus because of repeated incident response episodes that distract from holistic risk management.

CBOs and cabinet colleagues seek to manage risks at various levels, with particular hot spots emerging in the areas of information security and student activism.

Best practices to phase in a multi-tiered risk management approach

1. Enterprise Risk Management

Finance and administrative executives seeking to professionalize their campuses’ approach to risk management attain critical stakeholder support by clarifying governance roles, preventing scope sprawl, and accelerating progress. By assigning oversight that includes a comprehensive set of viewpoints, defining the scope of oversight and what is included (and excluded) from the formal risk management process, risk managers can increase the odds of broad campus support for focused treatment of key risks.

Associated resource: Risk Register Straw Man (Appendix p. 54)

2. Information Risk

Chief information officers (CIOs) and Chief information security officers (CISOs) emphasize security awareness among campus members through proactive, relevant, targeted, and sustained communication. By changing the nature of security-related interactions to providing useful information that targets audiences’ interest areas, CISOs can tap into personal motivations, thereby engaging the broader campus in the mission to keep information safe.

Associated resource: IT Security Breach Response Toolkit (Appendix p. 63)

3. Student Activism

Campus leaders embrace activism as a vital ingredient of students’ engagement with the institution by building communication bridges and anticipating incidents. Seeking to professionalize their campuses’ approach to activism, student affairs offices prepare response plans, engage with potential activists, and ultimately leverage the energy and enthusiasm of activists to work together and drive change on campus.