Between mitigating the risks of COVID-19 and the shift to distance learning, schools, colleges and universities have had a lot to deal with over the past two tumultuous years. And with new risks emerging at a regular pace, heads of educational institutions no doubt have a long list of scenarios that could potentially impact the daily running of their organisations, keeping them up at night.
No longer an emerged risk, the pandemic certainly put the world’s education systems through its paces. By the end of March 2020 over 185 countries shut their doors affecting 90 percent of the world’s students. In-house learning came to an abrupt stop, and schools mobilised to deploy various technologies to continue lessons externally – some more successfully than others. Yet the swiftness of the closures and the rapid move to distance learning left little time for schools, colleges and universities to reflect, or to safeguard against potential risks, let alone look at ways to maximise the opportunities that these new circumstances could bring for them.
It’s no secret that the education sector has been undergoing change at a dizzying rate. Some of these shifts have been years in the making, others are the results of recent disruption to the sector itself.
While the challenges for education bodies across the globe seem to be stabilising – as students head back to classrooms – the need to ensure continuous improvement and remaining agile in the face of unprecedented events remains. The pandemic has led many institutions to consider the implementation of Enterprise Risk Management (ERM) platforms in order to enhance their risk programmes. By embracing this technology and being prepared to react to unforeseen events – schools, colleges, and universities can ensure a high level of education can be sustained, no matter which risks become a reality.
Breaking Away from Silo Mentality
Regardless of whether your’ learning institution is a 50,000-student state university or a 1,200-student private boarding school, the responsibility of governance, risk, and compliance lies with many people and teams across multiple departments, often in multiple locations. These departments often operate in silo with their own policies, processes and IT networks and have limited time to focus on potential risks and remaining compliant with obligations. However, these teachers and staff are fundamental to mitigating risk and achieving compliance – and must be involved to a certain degree. ERM platforms streamline risk & compliance requirements, providing a structured process that staff can feed into in a timely manner, allowing them to spend more time where they should be – focusing on students and lessons.
Historically, risk management in the education sector has been confined to specific domains including internal audit, insurance, compliance, and safety. Now many education sector institutions are currently re-thinking the way they view risk and are beginning to realise their risk portfolios are inherently interconnected and that while heightened visibility helps, it certainly is not enough, and must be backed up with plans to resolve risks and reduce the likelihood of any future risks.
In the aftermath of the pandemic, schools, colleges, and universities are finding they need best practice governance, risk, and compliance programmes, accurate risk data, and processes that cultivate communication from the top-down and bottom-up. These stringent processes will prepare them to face new risks as they unfold, and to exploit opportunities that will inevitably surface in the future.
Top Risks Facing the Education Sector
According to a recent Deloitte article – following the recent onslaught of brand and financially damaging events in the education sector – more risk categories are emerging. In addition to traditional risks like; compliance risk, strategic risk, enterprise risk, and operational risk, organisations must also consider: reputational risk, technological risk, and business model risk as well. Schools, colleges and universities, must look to manage and de-rail these risks before they have a significant impact. In addition to this they must look at risk outcomes, not all risk outcomes are bad, taking risks can also lead to opportunities.
This has justifiably presented new areas of risk for education institutions and their principals, many of whom are querying what changes they should be making to their risk registers to understand these emerging risks and their impact.
While most school bodies address a relatively finite number of operational risks regarding; technology failures, lack of staff, risk of non-compliance, audit failure, or risk of accidents & injury, the complexity of addressing these risks is growing due to the large number of staff involved, and the need to address the impact of each risk on different departments and exploit opportunities when they arise.
From a strategic risk perspective, school governing bodies are now having to deal with a whole range of strategic risks – as they work towards achieving their strategy. Tackling obstacles, like changes in legislation, changes to funding, and fluctuations in the financial economy. Any factor that could derail the strategic plans set out by the governing body of the educational institution must be considered as part of a strategic risk management programme.
On the other hand, cyber security and information governance are the top risks identified by schools, colleges and universities in the study. The increase in the number of cyber-attacks and attempts to penetrate university systems during the pandemic was predictable given the number of students learning remotely and teachers and school staff working from home.
According to recent reports by Microsoft Security Intelligence, the education sector is far and away the most susceptible industry, accounting for 62% of all malware encounters over the past 30 days. While this vulnerable sector has been concentrating on heightening cyber security and information governance for some time, the pandemic has given it renewed impetus.
These risks begin to highlight why the sector has been increasingly investing in systems, people and capabilities to survive in the new normal of perpetual discomfort and existential cyber threats.
Managing Risk in the Education Sector
There is little doubt that all aspects of the education sector have a bespoke set of risks. And while establishments are subject to extensive regulations and audits by respective inspection bodies, all have a responsibility to safeguard their students and ensure their education can continue to the high standards expected. All regulators expect school leaders and Boards to have in place an effective and robust framework of risk management to exercise good governance.
The reality is that cybersecurity threats are bound to increase in sophistication. On-campus scandals such as health risks, alcoholism, drug use, sexual assault and school shootings will continue to keep senior administrators and Board directors up at night. Risk management teams will continue to be busy and on-call as the need to classify, assess the impact, and plan to mitigate risks increases over time.
The good news is that schools, colleges and universities are seeking to strengthen their risk management processes, and this, along with a broader control environment that is effective and robust, will be important factors for success in the future. The pandemic has certainly shown the need to be more agile and forward-thinking when managing risk, and it is encouraging to see how the education sector is stepping up and making use of Risk management technology to ensure risks remain at a tolerable level.
When it comes to unforeseen and emerging challenges, risk management technology is a relatively new concept for most education institutions. And while there are many ways of considering and reacting to risk, it remains true that utilising software provides the structure needed to build a best-practice risk management programme. Software facilitates the building of comprehensive risk registers, it offers templates for risk assessments, it allows you to set KPI’s & risk tolerances, and to set controls to flag when a certain level of risk is reached.
The automation of the risk management process allows real-time reporting that will assist the Board to ensure that its risk appetite is fully adhered to throughout the organisation. It fosters a collaborative approach, helping staff to understand the part they play in mitigating risk, and allowing them to feed into the process in a timely way. Using risk management technology ensures that risks across all areas of the enterprise are identified and evaluated – in order to ensure appropriate risk mitigation controls are in place. It provides oversight for managers – enabling them to detect problems early and provide and audit trail of proof to regulators – demonstrating that the institution is doing all it can to mitigate risk and operate in line with the pre-agreed risk tolerance. Software also supports organisations to detect and maximise opportunities and guides risk-based decision-making – enabling leaders to plan budget and resources.
As your institution faces increasing threats, a proactive risk management programme can help you rest easier, avert potential crises and lessen the impact of those that do occur. In a nutshell, effective risk management goes unseen. There are no headlines when organisations are able to deal with issues proactively.
Adam Collins
Chief Product Officer, Camms
Staying on top of new and emerging risks requires a powerful and flexible risk management solution. And when it comes to enterprise risk management, we are a safe pair of hands. Camms can be configured to meet the needs of your unique and dynamic industry. Request a demo to see our industry recognised, comprehensive risk management solution in action. Discover more about how the Camms platform is supporting organizations in the education sector.