Campus News

April 19, 2010

Enterprise risk management serves as a model

Emory is engaging in an annual risk assessment process to identify and plan for the most critical risk scenarios that could affect the institution. Now in its fourth year, Emory’s Enterprise Risk Management (ERM) process is chaired by President Jim Wagner.

“We based our risk assessment process on those used successfully at other large campus enterprises,” says Mike Bordoni, chief audit officer and co-chair of the ERM steering committee. “Today, Emory’s ERM program is recognized as a ‘best practices’ program among our peers in higher education.”

As part of the initial planning process, more than 500 risks were identified largely around reputational risk, financial risk, and risk to Emory employees, students, patients, visitors and property. From that list, the top 50 “key” risks were identified based on the likelihood of occurrence and the severity of harm to the institution. Each year the list is reevaluated using the frequency and severity calculation. Some risks fall off the list, and new ones emerge.

On an annual basis, individuals charged with primary responsibility for managing key risks present their risk management plans to the ERM executive committee, which includes the president’s cabinet.

Shulamith Klein, chief risk officer, also co-chairs the ERM steering committee. “Our goal is not to eliminate risk. Some level of risk is inherent in everything we do, as Emory strives to fulfill its mission,” she says. “The ERM process allows us to proactively identify and prepare for the most critical scenarios, and to identify gaps between Emory’s risk tolerance levels and our current state.”

One potential exposure identified via the ERM process involved faculty, staff and students traveling abroad on Emory-related business. In the event of an emergency abroad, there was a lack of centralized assistance for those travelers, whether it be medical care, legal services or evacuation assistance. 

Emory subsequently engaged International SOS (ISOS), a policy that provides protections for Emory travelers, and more recently changed the airline travel policy [] to maximize use of the ISOS services.

“Not only does the process allow us to identify potentially major risks, it helps us evaluate the adequacy of Emory’s emergency planning process, determine whether more resources are needed, and enables Emory to anticipate operational and communication needs in response to adverse events,“ says Klein.

For Emory, the ERM exercise is also significant because it brings together a threat assessment team with representatives from law enforcement, student affairs, public relations, general counsel, student mental health, and others, who meet regularly for confidential review of potentially threatening circumstances.

“Collaboration across departments is essential for issues of this magnitude,” says Bordoni. “And traditionally that is a challenge for a large university and health care system like Emory. Fortunately, once we started this exercise, the value of working collaboratively to anticipate and manage these threats became very clear, and under President Jim Wagner and his team’s leadership, collaboration in pursuit of excellence comes naturally.”

File Options

  • Print Icon Print