Ten Essential Rules of Risk Management for Educational Institutions
Updated: Nov 16, 2020
By Charles Soucy, CPCU, CLU, ARM
We are often asked what are "best practices" for Risk Management in Educational Institutions. We thought we would share a copy of the key points addressed by Albert Risk Management in a seminar, “When Bad Things Happen to Good Institutions.”
Sometimes bad things happen to good institutions. The key to surviving and recovering is up-front identification and preparation for known and likely risks. Below are ten attributes that we consider best practices in developing and managing an effective Risk Management Program.
1. Formalize and centralize your institution’s risk management function and include your risk manager in strategic decision making and in all areas of operation. Constant communication is key!
2. Establish a Risk Management Mission Statement to guide specific mitigation strategies for risks you identify. Risk Management Mission Statements touch on safeguarding the lives of students, faculty, staff, visitors and neighbors; mitigating personal injuries; protecting assets of institution from damage; preserving the ability to continue ongoing operations and protecting the institution’s reputation and goodwill.
3. Establish and implement an Enterprise Risk Management process that is right-sized, practical and sustainable for your institution and its operations.
4. Establish effective communication channels with all of your institution’s departments/divisions to identify risk sources. The first step in Enterprise Risk Management is risk identification and it should be an ongoing process.
5. Distinguish between emergency preparedness and crisis management. They differ in scale and complexity, requiring responses that vary in detail and resources. Although having effective plans for both are important, many institutions place too much focus on emergency planning, creating a false sense of security.
6. Risk avoidance may be the most prudent risk management technique. Take risk implications into account in establishing programs or protocols. Certain activities that have more risk than institutions would ever find tolerable, despite the best set of policies and procedures, should be avoided, such as international programs in unsafe and unstable countries or regions.
7. Verify and monitor the adequacy and reasonableness of your insurance coverage breadth and limits. Insurance should not to be considered your first line of defense against losses. Nonetheless, your insurance program is a vital and valuable asset. Your various policies, such as general liability, directors' & officers' liability and cyber liability, should be properly structured and coordinated to give you appropriate protection.
8. Evaluate the risk implications of your operational contracts and provider agreements. Choose vendors carefully and evaluate their track records. Endeavor to transfer risk and financial responsibilities whenever possible. Verify that the responsible party has the financial wherewithal, either through insurance or otherwise, to protect itself and to indemnify your institution.
9. Take advantage of the risk analysis and mitigation resources available to you, such as insurance company/broker loss control expertise. In many cases, you are paying for these services through your insurance premiums. In some cases you may choose to use outside consultants to get information or unbiased analysis of your program.
10. Continuously monitor your institution’s programs and operations and make modifications to address new risks. Learn from the experiences of other institutions, both good and bad, in handling emergencies and crises.