【文章內(nèi)容簡(jiǎn)介】 ritizing key risks and aligning university resources accordingly.? Improving alignment and coordination among risk and control activities.? Leveraging best practices on managing and controlling key risks.? Maintaining appropriate oversight of key controls.? Monitoring and escalating risks.The university’s senior administrators are responsible for the management of the daytoday functioning of the university, including strategic, financial, operational, and pliance activities.Risk management and internal auditingThe risk management and internal audit teams play an important role in university risk management. In general, internal audition’s responsibilities can include:? Understanding the university’s challenges and key objectives, and establishing an appropriate, detailed internal audit plan.? Helping the university’s management and board understand, assess. and manage the organization’s risk through consistent munication and reporting.? Ensuring that processes are addressing changes and the associated risks adequately, and working as intended, especially during times of change. In general, risk management’s responsibilities can include:? Facilitating the pletion of an enterprise risk assessment (ERA) and identifying risk mitigation and monitoring practices required for the university.? Developing an ERM framework, approach, and program that will sustain risk management activities and better coordinate them —where appropriate.? Ensuring sufficient transparency of relevant risk management practices residing at the university either by way of training, awareness programs, or munication.In addition to the board and senior administrative members, internal auditors play a crucial role in a university risk management strategy—regardless of whether the risk management group reports directly to the internal audit function.Improving risk management practicesThe steps required to improve a university’s risk management practices can be broken down into three general phases. The core risk management group should start by assessing the current situation to defame and prioritize the key risks that could prevent strategic objectives from being achieved. The group should then review the design and operation of the risk management and internal control framework to determine the areas where incremental enhancements would provide the greatest benefits. Once the necessary improvements and processes are in place, they must be monitored and modified, if necessary, to ensure that they are relevant and effective and that risks are being managed appropriately.One of the most important elements of a successful risk management function is ongoing and involves creating and maintaining a strong risk management culture and incorporating the implications of risk management into regular, everyday decision making. This type of environment can be facilitated through visible executive support for risk management programs, clear expectations, transparent munication and reporting, clearly defined roles and responsibilities, strong governance, and regular selfassessments to review risk exposure.Phase1:defining and prioritizing the risk that matter for the universityBefore undertaking efforts to enhance the way risk is managed, it is important to understand the institution’s key risks by conducting an ERA. Defining the risks that matter is a critical step to understanding the key controls and decisionmaking processes, and developing an enterprise wide view of risk. The ERA is conducted as a facilitated self assessment, provides insight regarding the significant risks faced, and links them to the objectives, initiatives, and business processes. Although the approach is performed using standard tools and processes, the output must be validated and prioritized by senior management and the board. The risk assessment methodology assists with:? Providing an insightful point of view on significant risks inherent to institutes of higher education.? Efficiently capturing insight from across the university using a bination of surveys and structured interviews.? Validating and prioritizing key risks for monitoring and testing.? Defining opportunities for improvements to internal controls and management activities.? Developing th