Navigating Risk- Fall 2024, What to Watch for

It has been a challenging summer semester. Colleges and universities experienced many obstacles on the risk front, including financial pressures, declining enrollment, and regulatory changes. But with challenges comes opportunity.

Risk management is making news, and this is a good thing. Recent headlines will help propel enterprise risk management conversations into the boardroom. To understand where risks facing colleges and universities are headed, let's review the risk themes highlighted in the recent headlines.

Summer 2024 Risk Recap:

Financial risk: A recent article shares that the higher education sector shrunk by 2%.

Regulatory risk: Clery Act violations continue, this time impacting UC Santa Cruz and other institutions in California.

Reputational risk: Leadership departures at prominent institutions such as the University of Florida and Columbia University tested fiscal responsibility, transparency, free speech, and incident response plans.

Third party risk: The Crowdstrike incident, while not centered upon higher education, nonetheless underscored the downstream impact of third-parties on institutional operations.

AI Risk: From admissions to surveillance. AI risks will impact traditional educational values and practices beyond plagiarism.

Will these trends persist?

In my view, yes.

The higher education sector will continue to face ongoing challenges as a result of the enrollment cliff and a dynamic regulatory environment. To combat the effects, institutions will focus on growth and innovation to survive. However, embracing innovation and change also brings increased risk.

Predictions for Fall.

Third-party risk management will get the attention it deserves: Reliance on third-party vendors for critical university operations is expected to continue. This will compel the industry to consider adopting or enhancing a third-party risk management program. Remember, transferring operations to a third party does always insulate institutions from liability. This trend will necessitate a more thorough review of supplier agreements.

Industry consolidation: College closures, declining enrollment, and industry consolidation will continue. This trend will increase certain liability risk factors, especially if institutions consider mergers or acquisitions.

Data privacy concerns remain: The impact of data privacy regulations will continue to be in forefront. This will be especially important as institutions expand internationally.

Regulatory changes are long-term: Title IX will continue to make headlines and subject universities to increased claims reporting and lawsuits. Regulatory changes will continue to influence higher education policy, regardless of who wins the Presidential election.

“Resistance if futile”:  AI adoption will increase and will cause further disruption in the higher education sector as AI potentially impacts the workforce.  Further, the desire to improve efficiency and facilitate better decision-making will require adopting an AI framework.

What can be done?

Institutions must align their risk management strategy with their overall business strategies. They should integrate risk management into their strategic planning and involve boards and trustees in the risk assessment and reporting processes. The URMIA—University Risk Management & Insurance Association, in partnership with Deloitte created a four-part webinar series to emphasize the importance of this concept.

Risk appetite which is a word used frequently but remains elusive will be essential to guiding leadership and fiduciaries to know which risks to take or avoid.

Insurance will also not be the sole solution. Most of these risks are cross-functional and will necessitate incorporating enterprise risk management to avoid blind spots. Board participation will be integral to success.

So, where to begin?

It starts with boards and fiduciaries asking good questions.

• How does our risk management strategy align with the institution’s mission and goals?

• What is the benefit of taking that risk? (for new ventures)

• What steps are management taking to ensure compliance with regulatory requirements?

• How are we ensuring that all levels of the organization are engaged in and aware of risk management practices?

• What resources are needed to mitigate these risks?

• How do we know the risk management plan is working as designed?

The bottom line:

Risk management in higher education is changing and necessitates a more integrated approach. Institutions must align their risk strategies with their overall mission and goals. By implementing enterprise risk management with participation from boards and fiduciaries, colleges and universities can rise to the challenges and maintain financial resilience.