Effective boards have always been mindful of risks facing the enterprises they serve, and as I wrote in an article in early 2020 just before the onset of the COVID-19 pandemic, risk oversight is an essential aspect of strategic board leadership. Since then, however, it has become even more imperative that board members understand not only the most important risks facing their institution, but also the processes by which the board will assess its appetite and tolerance for risk and remain informed regarding the management of these risks.
In this update, I highlight three specific risks (governance, cyber, and business model risk) affecting institutions and describe how boards can fulfill their fiduciary duty to oversee management of these risks.
Governance Risk
Although governance risk cannot be quantified on a balance sheet, a consequential governing board is intrinsic to the institution’s capacity to carry out its mission. To oversee and help mitigate your board’s governance risk, we suggest using the AGB Principles of Trusteeship as a guide. These nine principles are designed to help ensure that each board member understands governance, leads by example, and thinks strategically.
Relatedly, I want to share with you a recent legal development. On November 2, 2021, The United States Supreme Court is scheduled to hear oral arguments in a case involving the Houston Community College (HCC) System. The presented question is whether the First Amendment restricts the authority of an elected body to issue a censure in response to a member’s speech. Earlier this year AGB submitted an amicus brief supporting HCC and its board, which had chosen to censure one of its members. In AGB’s view, the case goes to the heart of the right of a board to self-govern. The Supreme Court is expected to issue an opinion by June 2022.
Cyber Risk
Unfortunately, colleges and foundations have become a frequent target for cyber criminals. To help inform and inspire boards to oversee cyber risk in collaboration with their chief executives and leadership teams, AGB published Cyber Risk Oversight for Higher Education Boards: Key Principles and Practical Guidance for Foundation and Institution Board Members.
The components of this resource include five key principles and an associated toolkit to outline what boards need to review and discuss regarding cyber risk with their chief executives and senior staff, without overstepping into the purview of management. My hope is that boards will discuss this publication with their chief executives and appropriate senior staff to develop a shared vocabulary and strengthen oversight of cyber risk as a component of the overall risk portfolio.
Business Model Risk
Even prior to COVID-19, it was well-understood that many college and university business models are challenged. Many presidents and their boards have been rethinking strategic initiatives from the ground up not only to ensure that budget priorities are aligned with anticipated mission-driven outcomes, but also to ensure that their business models are sustainable in the face of potential changes in enrollment and external funding.
Higher Education Business Models Under Stress: Achieving Graceful Transitions in the Academy identifies potential metrics and indicators that can help board members and executives monitor the health of their institutions. Such dashboards provide the context in which boards and executives can explore potential strategic partnership opportunities such as affiliations, consortia, and public-private partnerships. Further, we at AGB especially urge that as boards and chief executives contemplate their institutional business model, they do so in the context of their commitment to student success—for all students.
The board’s responsibility for risk oversight is a significant undertaking, and it can be difficult to understand all the facets of an institution’s enterprise risk management strategy. AGB published Risk Management: An Accountability Guide for University and College Boards to help you and your colleagues deepen their understand of this topic. You may also wish to peruse the AGB Knowledge Center’s risk management topic center.
Questions for board and committee chairs:
- What are the risk oversight responsibilities of the board, and what responsibilities are delegated to the executive team?
- Have you recently reviewed and discussed your institution’s risk appetite and tolerance? Have you potentially updated the institution’s ERM policies with the chief executive and leadership team, as a board, and across committees?
- How does your board operationalize oversight of enterprise risk? What committees are involved?
Questions for board members:
- How can you, and collectively as a board, identify emerging risks and stay ahead of the curve, especially for perpetually evolving risks like cybersecurity?
- To help anticipate potential risks, have board members discussed the AGB Board of Directors’ Statement on Justice, Equity, and Inclusion and the need for inclusive boards, leadership teams, and campus communities?
Questions for chief executives and leadership teams:
- How frequently do you engage with staff, faculty, and the board to discuss risk management?
- Are you sharing key metrics with various stakeholder groups to help inform them of progress related to your strategic priorities?
As always, thank you for your leadership and commitment to effective and strategic board governance. I welcome your input and feedback, and please know AGB is available to empower your efforts to discuss and strengthen your institution’s long-term vitality.