1. Ensure the institution’s enterprise risk management (ERM) program is keeping pace with the rapidly changing environment.
A robust ERM program is crucial for colleges and universities to stay ahead of evolving risks and seize new opportunities. Transforming ERM from a transactional process to a mature program can help institutions achieve operational resilience and create competitive advantages. As organizational crises often stem from inadequate risk oversight, focusing on rigorous risk identification, scenario planning, efficient resource allocation and regular reports on mission-critical risks to the full board are essential.
2. Clarify the oversight of GenAI, cybersecurity and data governance.
Data security is a critical concern for institutions, which are increasingly targeted by disruptive cyber attacks, often compounded by outdated digital infrastructures. Higher education leaders are turning to GenAI as a solution to these challenges. Beyond boosting operational efficiency, GenAI also has the potential to enhance the student experience. However, the advanced technology introduces new risks, as cyber criminals can use it to execute more sophisticated attacks. This makes it all the more urgent for oversight boards to ensure colleges and universities are complying with evolving laws concerning AI, privacy and intellectual property, as well as oversee the integration of GenAI across various administrative functions. By prioritizing data quality, responsible AI use and robust data governance, institutions can effectively manage risks and fully capitalize on the potential of AI.
As federal and state governments increase their focus on higher education institutions, the risks associated with regulatory and legal compliance are growing. To mitigate these risks, institutions must closely monitor recent changes, such as party disclosures related to the U.S. Department of Education, revisions to federal grant regulations, and new federal executive orders and agency announcements. Understanding the potential budgetary impacts on mission-critical activities and operations is essential, and maintaining robust internal controls is crucial. Effective collaboration with general counsel and auditors is vital for navigating these changes. Additionally, staying informed about updates in financial reporting standards and regularly updating policies and procedures can help institutions maintain compliance and avoid potential pitfalls.
4. Stay focused on leadership and talent in finance and other functions.
The COVID-19 crisis and subsequent industry pressures have resulted in widespread burnout among college and university administrators. Recruiting top talent, particularly in finance and other administrative roles, remains a significant challenge due to traditional compensation structures, budget constraints and an aging workforce. Audit committees play a vital role in determining whether institutions have the necessary talent and technical expertise, along with robust succession planning. To address these issues, institutions should focus on attracting, developing and retaining talent in critical areas such as finance, IT, risk management, compliance and internal audit. Offering competitive compensation packages, professional development opportunities, and a supportive work environment can make a substantial difference.
5. Help internal audits stay attentive to the institution’s key risks, and be a valuable resource for audit committees.
At a time when boards and audit committees are tackling weighty agendas and prioritizing risk management, internal audits must serve as a valuable resource and a crucial voice on risk and control matters. The internal audit’s annual plan should be risk-based and flexible, ready to adapt to evolving operational and risk conditions. Collaboration with the chief audit executive and chief risk officer is essential for identifying significant risks and ensuring auditors possess the necessary skills and resources. By addressing critical operational, technology, sustainability and reputational risks, internal audits can be proactive and integral parts of an institution's risk management strategy.
LOOKING AHEAD
Higher education leaders must not only continue being strategic about ongoing challenges, but anticipate new ones. These strategies should help them do that, as well as build resilience, capitalize on opportunities presented by new technology and position themselves for long-term success.
David Gagnon is a partner and audit sector leader for higher education and other not-for-profits at the professional services company KPMG U.S.
