大學(xué)風(fēng)險管理文獻(xiàn)翻譯

1、原文：University Risk ManagementOrganizations around the world are facing challenging times due to continuing economic volatility and facing new risks that cause them continuously to assess the potential impact, financial and otherwise, of market conditions on the performance of their operations. And u

2、niversities are no exception.Institutions of higher education have significant compliance requirements, and many have invested greatly in response to heightened expectations from stakeholders to stay competitively viable among other universities. However, many continue to approach risk and control r

3、equirements in silos, which leads to the creation of multiple frameworks for governance, infrastructure, and processes;fragmented risk and control activities; potential gaps in overall risk coverage; and duplication of effort.Understandably, there is a resulting concern about compliance breaches.Wit

4、hout a common basis for evaluation, audit committees struggle to determine the adequacy of risk and control efforts, and boards and executives want assurance that investments are appropriately focused, consistent with peers, and aligned to the institution s ' unique risk issues.Universities are

5、also facing increased scrutiny from stakeholders regarding issues such as investments and spending, privacy, conflicts of interest, IT availability and security, fraud, research compliance, and transparency. Students, faculty members, staff, donors, and other interested parties are looking not only

6、at what is being done, but how it is being done.Although the approach to risk management varies from institution to institution, there are clearly some common challenges and trends. Overall, a growing number of universities are integrating a risk management framework into their strategic planning an

7、d decision-making processes, but sustaining formal risk management and reporting process is a challenge. The board of governors, president, and other senior management members are often involved in ongoing risk identification and assessment, and are taking part in efforts to develop and implement bo

8、th internal and external risk management processes and controls. The establishment of risk champions (members of the university beyond the university s a'dministration who can champion risk management) within the university is also increasing, which raises the awareness of risk, fosters better u

9、nderstanding of risk management programs and practices, and increases communication to relevant stakeholders.Applying ERT to universitesEnterprise risk management (ERM) can be described as a strategic process affected by a university s g'overnance structure, management, administration, and facul

10、ty, designed to: ? Help identify risks that may affect the institution.? Manage identified risks within theuniversity s r'isk appetite.? Provide assurance that the universitcyan achieve its objectives.The values of the university influence how risk is perceived, and it is important that the cult

11、ure reflects a risk management philosophy. Having a strong ERM framework can provide a common understanding of risk across the organization and help it achieve its strategic and academic objectives through focusing on the interrelated risks that could have the most significant impact. It drives the

12、organization to integrate risk into its everyday planning and budgeting/forecasting process and operations, and strengthens its ability to deal vent unexpected or stealth risks.As in other organizations, a university s r'isk management approach must grow and change with the environment in which

13、it operates. An embedded, sustainableERM approach allows management to assess, improve, and monitor consistently the way the university manages its evolving risks.A university risk management maturity modelThere are three stages of maturity that can be applied to universities. The risk management ma

14、turity model can be used as a roadmap for evaluating an institution's current state and defining next steps. The Baseline Practices stage typically consists of fundamental compliance activities. Typically, there are no established risk management roles, responsibilities, processes, or documentat

15、ion, and most efforts are madein “ silos.Th”en, as the university improves its understanding of ERM and alters its practices accordingly, it progresses to an Improved Practices state. In thisalignment p”hase, the organization s' ERM efforts have moved beyond mere compliance. There is a certain l

16、evel of risk ownership by the board of governors, but at this point the roles, responsibilities, and process have not been defined clearly and completely. Finally, in the Optimized Practices state, the university has reached a stage in which ERM processesand responsibilities are fully established an

17、d have become integrated into the organization s s'trategy and day to- day operations. The focus during this “ integration pha”se is now on continuously re-evaluating risk and performance, and adjusting its response accordingly.Universities without a robust risk management framework are increasi

18、ngly exploring and implementing new ERM processes,and making risk managementan integral part of their planning and decision- making processes, while universities that have already adopted ERM are altering their approach accordingly to reach an optimal state. Current trends include raising awareness

19、through activities such as seeking internal and external stakeholder input, increasing communications of relevant risk management initiatives such as campus emergency communications, identifying risk champions to foster and develop new programs and processes, and involving university executives and

20、the board in risk identification and assessment.Who's responsible for risk management?Risk management is everyone's responsibility, and the roles and responsibilities of stakeholders must be defined clearly. The board of governors, senior administration, and risk management and internal audi

21、t teams are responsible for understanding principal risks in their areas, and for making effective risk management decisions.Board of governorsThe board s'overall risk management mandate is to assessand recommend improvements on how the principal risks of the university are being managed through

22、 an effective risk management and internal control system that VSTU help the university achieve its mission. Board members arere?sponsible for: ? Determining a risk-adjusted strategy.? Facilitating and encouraging a riskmanagement culture.? Approving risk measurements, riskappetite, and tolerance le

23、vels.? Ensuring the university s s'enior administrators have an approach to identifyingemerging issues and possible impacts on university operations and business risks.? Reviewing controls and compliance with the university s ad'ministration and auditteams, and seeking input on university an

24、d administrative best practices.? Understanding and providing oversighton the quality of the university s o'verall riskmanagement program implementation and execution.In determining its risk oversight structure, the board should identify where within its governance practices it addresses risk ma

25、nagement matters from an enterprise wide perspective. In most cases,the audit committee and the finance and administration vice presidents assume responsibility for risk oversight, including: ? Providing the necessary checks andbalances so that they are operating in an activeoversight capacity.? Con

26、tinuously reevaluating risk monitoringprocesses.? Reviewing and approving governancepractices, policies, priorities, and proceduresagainst best practices.? Ensuring that audit committee and executing members have instituted processes toidentify and inform the board of key strategic, reputational, op

27、erational, compliance,and financial risks the organization faces.? Advising and counseling the deans, professors, and functional unit heads.The board 's role is to focus on the overall approach to risk management, rather than on the administrative details. The more tactical aspectsof the risk st

28、rategy are generally the r esponsibility of the university s 'team of senior administrators.Senior administrationOverseeing the university s 'compliance with generally accepted accounting principles, practices, and requirements, and evaluating the university s f'inance and accounting pra

29、ctices, risk management, and internal controls to ensure that they are appropriate and adequate is the responsibility of senior administration. Their other responsibilities can include: ? Encouraging the right risks to drivebusiness performance.? Identifying and prioritizing key risks and aligning u

30、niversity resources accordingly.? Improving alignment and coordination among risk and control activities.? Leveraging best practices on managinagnd controlling key risks.? Maintaining appropriate oversight ofkey controls.? Monitoring and escalating risks.The university s s'enior administrators a

31、re responsible for the management of the day-to-day functioning of the university, including strategic, financial, operational, and compliance activities.Risk management and internal auditingThe risk management and internal audit teams play an important role in university risk management. In general

32、, internal audition's responsibilities can include: ? Understanding the university s c'hallenges and key objectives, and establishing anappropriate, detailed internal audit plan.? Helping the university s mana'gement and board understand, assess. and manage theorganization s ri'sk th

33、rough consistent communication and reporting.? Ensuring that processes are addressing changes and the associated risks adequately,and working as intended, especially during times of change.In general, risk management's responsibilities can include: ? Facilitating the completion of an enterprise

34、risk assessment (ERA) and identifyingrisk mitigation and monitoring practices required for the university.? Developin g an ERM framework, approach, and program that will sustain riskmanagement activities and better coordinate them where appropriate.? Ensuring sufficient transparency of relevant risk

35、 management practices residing atthe university either by way of training, awarenessprograms, or communication.In addition to the board and senior administrative members, internal auditors play a crucial role in a university risk management strategy regardless of whether the risk management group re

36、ports directly to the internal audit function.Improving risk management practicesThe steps required to improve a university s r'isk managementpractices can be broken down into three general phases. The core risk management group should start by assessingthe current situation to defame and priori

37、tize the key risks that could prevent strategic objectives from being achieved. The group should then review the design and operation of the risk management and internal control framework to determine the areas where incremental enhancementswould provide the greatest benefits. Once the necessary imp

38、rovements and processes are in place, they must be monitored and modified, if necessary, to ensure that they are relevant and effective and that risks are being managed appropriately.One of the most important elements of a successful risk management function is ongoing and involves creating and main

39、taining a strong risk management culture and incorporating the implications of risk management into regular, everyday decision making. This type of environment can be facilitated through visible executive support for risk management programs, clear expectations, transparent communication and reporti

40、ng, clearly defined roles and responsibilities, strong governance, and regular self-assessments to review risk exposure.Phase1:defining and prioritizing the risk that matter for the universityBefore undertaking efforts to enhance the way risk is managed, it is important to understand the institution

41、 s key ris'ks by conducting an ERA. Defining the risks that matter is a critical step to understanding the key controls and decision-making processes, and developing an enterprise wide view of risk. The ERA is conducted as a facilitated self assessment, provides insight regarding the significant

42、 risks faced, and links them to the objectives, initiatives, and business processes. Although the approach is performed using standard tools and processes, the output must be validated and prioritized by senior management and the board. The risk assessment methodology assists with: ? Providing an in

43、sightful point of view on significant risks inherent to institutes ofhigher education.? Efficiently capturing insight from across the university using a combination ofsurveys and structured interviews.? Validating and prioritizing key risks for monitoring and testing.? Defining opportunities for imp

44、rovements to internal controls and managementactivities.? Developing the foundational elements of a process that can be embedded andsustained within existing processes.The four risk pillars that a university should consider during the ERA include: strategic risk, operational risk, financial risk, an

45、d compliance risk. These four categories should all be reviewed at the university, faculty, and functional level.Seeking external perspectives on university risk can also be useful. For example, groups such as the National Association of College and University Business Officers, the Association of C

46、ollege and University Auditors, and other sector-specific organizations are good resources.Phase2:evaluating the university 's competencies to manage riskThe “Risk Management Performance Assessment ph”ase builds upon the results of the assessmentcompleted in the first phase and provides a snapsh

47、ot of the university s r'isk managementcompetencies. It is designed to identify opportunities for alignment and coordination across traditional organizational boundaries, as well as determine how well the functional and business operational areas manage risks. In general, this phase offers an ov

48、erall review of: ? Responsibilities for key risks across functional activities and business processes.? The degree of alignment and coordination across the organization.? The maturity of risk management foundational components such as governance,infrastructure, operations, and people.While performin

49、g the review, the following elements should be considered: ? Risk strategy risk tolerance and appetite, alignment of risk management touniversity objectives, and risk-related policies and procedures.? Risk management and assurance processes risk assessment, riskcommunication,and reporting(e.g., dash

50、boards).? Governance structure sponsorship by the board of governors; risk ownership,accountability, and related roles and responsibilities; appropriate technology (e.g.,institution s in'tranet and databases); early warning systems; and analytical andmodeling tools.? Culture and capability measu

51、rement, reward, training, and behavior.This phase helps management recognize how to make incremental enhancements to the existing infrastructure to embed and sustain risk management activities within the normal course of operations.Phase3:building an enterprise approach to riskThe last phase involve

52、s defining and prioritizing opportunities for improvement, developing specific plans toimprove and monitor significant risks, and then enforcing adherence to the established policies and procedures. All efforts to expand risk management competencieshould be practical, be embedded within existing fun

53、ctions and processes where possible, support coordination and alignment for risk management and internal control, incorporate leading practices, becoordinated across the entire organization, support effective decision making, and align to industry standards and publishedframeworks.Established contro

54、l activities are only effective if they are implemented and monitored. Once the initial direction for risk management is set, it is important to verify that everyone is complying with the processes and that the changing exposures to risk are assessed consistently and modifieads required.Benefits of

55、ERMThe decentralized nature of universities and the increasing competition over faculty, students, and funds amplifies their requirement for adopting an integrated risk management fame work. Universities must build on their present risk management culture, identify internal and external forces that

56、could limit the ability to achieve strategic objectives, assessrisks using the appropriate tools, develop an appropriate risk plan, implement the necessary controls and communications, and monitor ongoing risk management activities.Regardless of a university s curre'nt risk management philosophy

57、 and practices,reviewing the risk managementframework and adopting an embedded approach to the ERM process and culture will help the university s bo'ard and administration make informed decisions that are aligned with its risk tolerance and strategy, remain confident of compliance with regulator

58、y requirements, and achieve the transparencySource: Carol.Wilson,2010.and outcomes desired by stakeholders.Univerrsisitky management”.Internal Auditor,vol.67Issue 4 ,pp.65-68.譯文：大學(xué)風(fēng)險管理由于經(jīng)濟(jì)的持續(xù)波動， 各地有關(guān)組織正面臨著挑戰(zhàn)， 使他們不斷地評估金融、市場條件和其它方面對執(zhí)行自己業(yè)務(wù)有潛在影響的情況。而大學(xué)也不例外。高等教育機(jī)構(gòu)有顯著的合規(guī)性要求， 許多投資者回應(yīng)了利益相關(guān)者期望留在 大學(xué)的競爭力是可行的。然

59、而，由于風(fēng)險控制的要求，導(dǎo)致建立了多個框架，治 理、基礎(chǔ)設(shè)施、流程；分散風(fēng)險控制活動；對潛在分歧進(jìn)行采訪報道；整體風(fēng)險 和重復(fù)努力。 可以理解的是， 違反有關(guān)規(guī)定造成了關(guān)注。 沒有共同的基礎(chǔ)進(jìn)行評 估，審計委員會斗爭， 確定風(fēng)險控制措施是否足夠， 以及管理人員要保證投資的 適當(dāng)集中，與同行一致，是機(jī)構(gòu)所在的獨(dú)特的風(fēng)險問題。大學(xué)也將面對更多的檢驗(yàn)有利益相關(guān)者的問題， 如投資和消費(fèi)， 隱私，利益 沖突，資訊科技可用性和安全、 欺詐、研究順應(yīng)性和透明度。 學(xué)生、教師、職員、 捐贈者，及其他利益相關(guān)者注重的不僅是現(xiàn)在所做的，更注重的是它是怎么做。雖然機(jī)構(gòu)的風(fēng)險管理方法各有差異，然而還有一些常見的挑戰(zhàn)和趨勢?？?的來說，越來越多的大學(xué)把風(fēng)險管理框架納入他們的戰(zhàn)略規(guī)劃和決策程序中， 其 中維持正式風(fēng)險管理和過程報告是一個挑戰(zhàn)。 董事會總監(jiān)、 主席和其他高級管理 人員常常涉嫌正在進(jìn)行的風(fēng)險識別和評價， 并且努力參與制定和實(shí)施內(nèi)外部風(fēng)險