Higher education institutions do not need to have all the answers to all the risks they face, but they can be more aware of the increasingly wide spectrum of threats affecting them and thus more proactive. Institutions should also consider developing an “enterprise” approach to risk management, as opposed to siloed plans that exist within specific divisions or units to deal with risks specific to their function or mission.
Many colleges and universities are re-thinking how they look at risk. Whereas risk management has historically been confined to specific domains (compliance, internal audit, safety, insurance) and often managed in siloes, higher education institutions today are realizing their risk portfolio is inherently interconnected. Greater visibility helps but is often not enough. Colleges and universities are finding they need the infrastructure—governance, data, processes, and culture—to be prepared for the threats (and opportunities) that will determine whether they can survive or thrive.