Risk Management at the Community College

Risk management is everyone’s job as each of us manages various professional and personal risks in our lives every day. Risk Management at the college must be supported from the top down through Presidential support/directives, college policies, and financial support. All employees should receive appropriate level training for their area of responsibility in identifying risks, evaluating the criticality of identified risks, and to whom they should report risk concerns.

Risk Management is defined by the National Insurance Alliance as "the management of the uncertainty of events that may have a positive or negative effect on an organization’s resources and/or financial assets." On a college campus there are many events that occur resulting in uncertainty of what the outcome will be. These events include those both planned, such as Spring Fling, and others that are not planned, such as a celebration riot after a sporting event. These events can affect the college’s reputation, recruitment/retention, and potential donations.

Even negative publicity can affect the college in both negative and positive ways. A small college that is not well known may receive considerable publicity following a negative event. If it has a program that is a field currently in demand, it may end up with more students because it is now in the public eye. On the surface this appears to be a great result, but if there are not enough instructors in the program to handle the influx of students, then it may result in issues for the college. If on the other hand, parents and potential students look at the negative risk and feel that the college should have known or taken better action to minimize a potential risk, then they may go elsewhere for their education. Some students may be reluctant to return to the college following a negative event.

Donors may rally behind the college when something bad happens to assist it with rebuilding, or the opposite may occur. If donors feel that the college should have been better prepared or aware of potential risks then they may not be as generous with their donations. Donors want to feel that their donations are being used with risk management principles at the forefront of decision making.

In order to be successful, the Risk Manager must collaborate with each area on campus to ensure that risks are identified and appropriate measures are taken to minimize any potential negative outcomes (communication, verbal, written, electronic – a multitude of constituencies). Student clubs should be encouraged to seek guidance for their planned activities whether it is an on-campus event or travel. By attending Student Government Association (SGA) and other club meetings, the Risk Manager can get to know the students, develop an open dialogue, and work with them when they are planning activities to ensure that everyone has a great educational experience.

Travel, whether domestic or international, presents many risk challenges for the institution from transportation to illness. A risk identification plan for travel should be developed to identify inherent risks for the individual travelers as well as for the college. Ebola, terrorism, earthquakes, volcano eruptions, airline strikes, animal bites, legislative changes and Title IX issues are just a few of the possibilities that may present uncertainty or concerns regarding college trips. The locale doesn’t have to be exotic.

The Risk Manager needs to be available to speak to students and educate our students regarding appropriate means of handling risks. This is particularly important when a group of students plans to travel. Often, students have not been on trips without their parents or have never been to the big city. Emphasizing the importance of awareness of one’s surroundings is important in minimizing risk. Students also need to be reminded of college policies regarding drinking and unacceptable behavior.

Cyber risks at colleges consist of a variety of issues including email, social network bullying, infrastructure, data breaches, and several regulatory mandates. A hacker may be able to obtain a large amount of personal data such as social security numbers, college ID numbers, addresses, dates of birth, and transcript information which could be used for any number of criminal activities. The college is required to notify the individuals affected, may have to hire a consultant to fix the problem, provide credit monitoring services, and fight a negative publicity battle. In addition, the college may have to pay fines for violating regulatory mandates. The cyber breach can affect both employees and students at the college. In addition to the usual technical methods of attempting to mitigate cyber-crimes, colleges can also provide training to faculty, staff, and students regarding passwords, phishing, viruses, etc. Policies and procedures should be developed and explained to everyone. An annual update should be conducted as technology is rapidly changing and so are the methods being used by the hackers.

Student internships or faculty sabbaticals also present unique risks which need to be part of the internship/sabbatical plan. The working environment of the proposed internship/sabbatical should be examined for potential risks prior to the assignment. Areas of concern include: type of clients/employees the individual will be working with; the type of facility (office, manufacturing, hospital, etc.), location of the worksite (high crime area), and the type of work being performed (student teaching or working in a lab).

Being involved in the Request for Proposal (RFP) process allows the risk manager to assist in the development and review of proposals to ensure that certain risk items are addressed. Ensuring that a contractor has sufficient and appropriate levels of insurance is critical to the college. Including provisions related to response to critical events and the contractor’s role will help to ensure the overall return to normalcy. Often contractors will have subcontractors that they work with or have experts that can offer assistance when events occur. Knowledge of who the subcontractors are, what type of work they are performing, and their insurance coverage is important. For example, a contractor may have a relationship with a company that specializes in chemistry lab clean-up following a fire.

For insurance contracts, it is important that the Risk Manager look at not only the policy costs, but also what other services such as training can be provided by the successful vendor. Insurance companies may provide physical inspection services, recommendations and specific training for their clients. Propriety issues must also be considered in case of a vendor change in the future.

Threat Assessment Teams (TAT) are now used on most college campuses to review behavioral issues from campus constituents as well as vendors or visitors that raise concerns about safety of the individual exhibiting the concerning behavior as well as the safety of others. The Risk Manager should be involved in this process as high level risks may involve campus members, the college and the adjacent community. The Risk Manager can assist the TAT with acquiring related training, being a part of the team, and working with the college’s insurance plans to develop related policies and procedures. Many colleges have an Employee Assistance Plan as part of their healthcare insurance policies which can assist in obtaining behavioral health professionals when needed or during a crisis.

The college should have a risk committee comprised of various representatives from across campus that meet on a regular basis to review risk concerns and provide input into the overall risk management plan. This committee should include at a minimum: Risk Manager, Safety Manager, Campus Police/Security Chief, Environmental Health & Safety Manager, SGA President, Maintenance Manager, Buildings and Grounds Supervisor, Public Relations Manager, Human Resources Manager, Finance Manager, and Counseling Manager. As concerns are discussed, other college members/student club representatives may be called to assist the committee.

In addition, a Crime Prevention through Environmental Design (CPTED) should be conducted by a certified CPTED individual. This may be a faculty member from the Administration of Justice Program, Campus Police Officer, or a local law enforcement official. CPTED will identify areas where improvements need to be made such as lighting and/or trimming of shrubs or trees to increase visibility. Local law enforcement will usually do CPTED evaluations free of charge. Additionally, external resources that may assist with CPTED or related programs include area company, local governmental, utilities and hospital risk managers.

A system should be in place to allow campus constituents to submit risk concerns electronically, and allow for the concerns to be anonymous if the individual does not want to give their name. Some individuals are not comfortable in voicing their concerns in an open environment. It is important to make everyone feel comfortable so that we obtain information to mitigate our risks.

Investing in Risk Management Information System (RMIS) software provides the opportunity for combining information from several sources into one system where loss trends can be identified, risk objectives can be measured, and claims information can be developed. The ability for the Risk Manager to be able to develop various reports is essential if long-term risk objectives and financial planning are going to be successfully achieved. Managing risk is a part of doing business and it should be a part of the budgeting process. Identified risk must be analyzed to determine if the chance of occurrence is high or low; and if the occurrence is considered to be low or high impact. A shooting on campus has a generally low probability of occurring, but a very high impact if it does occur. A campus member falling in the snow has a high chance of occurrence if you are located in an area susceptible to snow, but may have a low impact. Not everyone that falls in the snow breaks a bone.

Risk management is continuing to evolve as a profession, and its importance is being understood more each day as more all hazard (natural and man-made) events occur. Being involved in professional risk management groups provides opportunities for networking with peers and professional development. The changes in government regulations require continuous updating of knowledge. Understanding insurance policies, current trends, and various coverages is essential in purchasing accurate coverage.

Being a college risk manager is similar to the old "Whack the Mole" game that many of us played at amusement parks. When you push one head down, three more pop up. You have to bring your "A" game each day. If you think you have heard it all just wait – another issue will pop up. That’s what makes risk management challenging and interesting.