Strategies to Treat and Mitigate Risks Effectively
Once your institution has selected which institutional risks it will tackle this year in Step 2 of the enterprise risk management (ERM) process, manage them collaboratively in Step 3.
Your ERM committee might start by assigning risk owners to oversee risk management efforts for each institutional risk. The committee will work with risk owners to set goals and track progress. The risk owner will further break down the institutional risk into more manageable sub-risks, tasks, or projects and assign task owners to oversee those more specific risk management efforts.
The risk owner is also responsible for tracking all efforts related to this risk in a risk treatment plan and will share this plan and status updates with the committee chair regularly. Ultimately, the ERM committee chair will compile the information from all risk owners for incorporation in the Step 4: Risk Summary Report.
To bring this step to life, consider the following example: An institution identifies workplace harassment as an institutional risk. As a result, the committee assigns the Human Resources (HR) Director as the risk owner to set goals and identify specific tasks or projects to enable managing this risk or perhaps start a workplace harassment working group to ensure a cross-functional approach. The HR Director assigns additional task owners to implement these specific strategies, like establishing a policy, facilitating training, or purchasing additional insurance. The HR Director also tracks all efforts related to this risk in a risk treatment plan and regularly shares this plan and status updates with the ERM committee.
To succeed, the ERM committee and risk and task owners must understand the options available for managing risks, which include risk treatment and mitigation strategies.
Select Risk Treatment Strategies
Risk owners should determine which treatment strategies apply, such as whether to avoid, transfer, mitigate, accept, and/or exploit a risk.
Consider the following strategies:
- Avoid: Reject the risk.
- Transfer: Shift responsibility to another party, such as through contracting or insurance.
- Mitigate: Implement measures to reduce the risk.
- Accept: Take no further action and agree to the consequences of the risk occurring.
- Exploit: Pursue opportunities related to this risk.
You may combine these strategies. For example, for study abroad programs, your K-12 school, college, or university may transfer a portion of the risk to a third-party transportation vendor with a contract and third-party insurance, and also may mitigate risks by crafting safety policies and training faculty and students. Your institution also may exploit opportunities related to this risk through a marketing strategy given that the unique nature or location of study abroad programs may attract students to your institution.
Select Risk Mitigation Strategies
Next, risk owners will work with task owners to identify and lead more concrete risk mitigation strategies, such as updating policies or overseeing training efforts.
Consider these risk mitigation strategies:
|
Strategies |
Examples |
|
Policies and Procedures |
Student and employee handbooks, grievance complaint procedures, safety standards, and investigation policies |
|
People
|
Training, awareness campaigns and posters, updated job descriptions and responsibilities, personnel experience, expertise, and time |
|
Property |
Facility upgrades, new equipment, maintenance schedules, and inspections |
|
Processes |
Incident reporting and tracking, reference checks, contracting, insurance, or technology platforms |
|
Practice |
Lockdown testing, evacuation drills, crisis response, and tabletop exercises |
By combining risk mitigation strategies, you ensure they will be most effective.
For example, the Counseling Services Director overseeing the institutional risk of student mental health also might be the task owner for implementing a wellness initiative and training. The director may assign general counsel to implement a telehealth process and may partner with Communications and Admissions to communicate about your institution’s wellness goals to manage prospective student and parents’ expectations.
Define Goals, Set Deadlines, and Share Status Updates
Throughout the year, risk owners should define goals and set deadlines for all risk strategies. Additionally, risk owners are responsible for reporting status updates, progress, and next steps to the ERM committee.
Continue onto UE’s blog Report on Risks to Set Goals, Gain Buy-In, and Document Efforts or use our ERM Process Tracker to track risk management efforts. View UE’s vast library of risk management resources to inform your risk treatment and mitigation plans, including some suggested resources below to assist leaders with implementing policies, training and other activities for some institutional risks institutions may face.
Additional Resources
About the Author
-
Liza Kabanova, Esq.
Risk Management Consultant, United Educators (Former)
Liza serves K-12 schools, colleges, and universities by discussing campus-specific risk management questions. Her areas of focus are enterprise risk management (ERM), COVID-19 response, change management, and training facilitation. She creates practical resources, leads education-specific ERM workshops, and co-authored Risk Management: An Accountability Guide for University and College Boards. Prior to joining UE, Liza served as Assistant Director for Safety and Learning at Pepperdine University. There, she worked to centralize campus safety programs, implement the first employee learning management system (LMS) platform, and serve on the university’s threat assessment team and its workers’ compensation and hazardous waste committees.