Risk management is part of an on-going process to identify security control gaps on campus systems and processes. Even though enterprise risk management (ERM) engages the entire higher education institution, IT organizations have an opportunity to use ERM to move beyond a services function toward providing strategic value to the institution.Janice M. Business models need to address the manner in which market, technical and operational risks are distributed between the various parties involved (Figure 22). Frank Neugebauer is Chief Information Officer for United Educators.Enterprise Risk Management (ERM) gained a foothold in higher education during the first decade of the 21st century. Finally, the government has an important role to play in mitigating risks, both by introducing a policy framework favourable to CCS and in establishing the appropriate funding mechanism for CCS to allow the industry to overcome the effects of high marginal costs in the short term.Different business models share risk and reward between the participants in different ways. In this model, all parties are exposed to all the risks over the whole chain but the exposure of the parties to individual operational risks is reduced. As a result of these requests and financial pressures, public and private institutions are now implementing ERM business processes to support strategic and annual planning and also analyses of major new initiatives. Each partner bears full responsibility for its own operational risk with only limited risk passed on to other parties.'Full Variable Contract' - consists of contracts between power plant, pipeline and storage site operators specifying a price per unit of CO 2. This means that even though ERM engages the entire higher education institution, IT organizations have an opportunity to use ERM to move beyond a services function toward providing strategic value to the institution. In this model, operational risk can, to some degree, be passed on to parties down the chain.Of the business models analysed, a 'Fully Integrated' model appears to be the most attractive in terms of risk sharing. Allocating resources to manage the risks in the right places allows campus administrators to spend their limited resources on the things that are critical to the institution's mission and to the achievement of its plans. As noted, there are both downsides to unexpected risks (yes, bad things happen) and upsides (rewards when something positive happens). This model may not function well if applied to a CO 2 system with several sources and storage sites linked by a common network.Under the 'Take-or-Pay' business model, while the pipeline and storage operators are fully exposed to their own risks, they are insulated from operational problems further up the chain.
This model provides the greatest incentive for parties to manage their own operational risks but exposes the power station entity to significant revenue uncertainty.Under the business model with variable contracts, the pipeline and storage operators are exposed to the operational risks of the power station, but cannot in turn pass on their own risks in the same way as the power station.


The discipline of ERM supports an institution's ability to evaluate risks and opportunities and to focus its scarce resources on institutional priorities.
While a mixture of Take-or-Pay and Variable contracts can be used to share operational risks it is less appropriate to use contracts to share risks such as those associated with capital overrun.Identifying why a commercial organisation may or may not want to undertake CCS projects is a complex question. The question can be addressed at three levels; corporate strategic reasons, tactical business reasons or business implementation reasons. ERM is best incorporated into the regular institutional budget and planning processes so that risk-mitigation strategies can be integrated into the annual plan with appropriate funding and support. Strategic planning and capital planning offer other opportunities for institutions to adopt the ERM process.
For instance, operational IT matters do not appear on a board-level risk register, just as strategic initiatives do not appear on a department supervisor's risk register. The sample risk register questions below are a good place for institutions to begin, adapting the questions to fit individual institutional priorities.Governing Board Risk Register QuestionsIT strategy. For information technology, regularly following Twitter feeds, CSS feeds, EDUCAUSE programs, and non-IT news sources can provide valuable insight into emerging trends. IT professionals should stay involved in teaching, research, and service planning to ensure early identification of IT risks and opportunities supporting these programs. Assess the Likelihood of Risks and Their Impact on the Institution.Following the compilation of risk registers, management teams can rank the risks based on the likelihood (probability) that the risk will occur and on the potential impact if the event occurs.
Using a simple map, such as a heat map (see Figure 1), managers can identify the risks with the highest likelihood and biggest potential impact, focusing the team's attention on developing mitigation plans for these risks while working down the list of the priorities over time.
Calculating a risk score and risk appetite or tolerance helps to focus and prioritize mitigation efforts.Figure 1 shows that the risks of student enrollment and management turnover require additional attention but that the risk of disaster recovery and business continuity requires less. Note that this heat map is not detailing the risks in a general sense; they are specific to the institution. This means, for example, that although the disaster recovery and business continuity risk is worth significant attention within ERM, a particular institution may be well prepared.ERM Step 3.


Develop a Risk Management Plan.Identifying and assessing risks are important first steps in ERM, but studies reveal that campus professionals spend the majority of their time on these two steps, neglecting the more critical steps of mitigation and monitoring.
Soliciting a wide variety of expert (and non-expert) opinions on a risk can help to create meaningful changes. It is important to remember that change is not intended to simply reduce risk; some changes are meant to fully realize the positive impact of taking a risk.
If the IT organization were to suggest using only paper transfers instead of online, onsite POS (point of sale) and revolving card readers, the maximum value of taking the risk would be lost.
Providing a comprehensive view of institutional changes to maximize value and minimize risk is a key factor in managing risks and is an important point of the risk management plan.ERM Step 4. Measure, Track, and Communicate Risks.Monitoring risks and communicating plans to the campus community are vitally important to a strong ERM program. The quality of the communication is the key, and quality comes through linking a risk with the initiative in an understandable way. Communicating with wide audiences that may not have IT experience is a challenge, but doing so is a critical step in a successful ERM program.With step four, IT leaders have the opportunity to be a part of, and in some cases lead, the strategic conversation. Although there was a time when IT managers could simply be administrators of technology, that time has passed. Today, having a passion for the institution's mission is as important as having a passion for technology. Technology is critical for research, teaching, and service, the three missions that form the foundation for all colleges and universities. Faculty and administrators are initiating new partnerships and new ventures that can be enhanced (the upside) or destroyed (the downside) as a result of the risks associated with technology and analytics.




Civilian disaster response
Emergency preparedness kit
Medical emergency response plan flow chart
Preparing for disasters checklist


Comments

  1. 17.12.2013 at 21:12:50


    Assigning an Amazon Associates ID: By getting into.

    Author: YA_IZ_BAKU
  2. 17.12.2013 at 19:41:22


    Positive you have these electrical security in all areas of a business signifies subsequently be denied.

    Author: DeHWeT