NEW ENGLAND HIGHER EDUCATION RISK MANAGEMENT ROUNDTABLE October 22, 2020, 8:00-10:00AM Microsoft Teams by Invite Only CohnReznick LLP AGENDA • Logistics • Introduction • Roundtable Discussion Topics ̶ ̶ ̶ ̶ ̶ ̶ Enterprise Risk Management Business Continuity Planning Information Technology Strategy and Risk Workforce Challenges Board Governance Vendor Management and Third-party Risk • Closing Remarks VIRTUAL ROUNDTABLE LOGISTICS • CohnReznick will act as moderator and admit guests • Mute yourself when not speaking • Use the Chat function for questions and comments ̶ Note that the Chat will be visible to all meeting attendees • Use the raise hand function to indicate you would like to speak ̶ Please unclick it after you’ve been called on PARTICIPATE! INTRODUCTIONS - COHNREZNICK George Gallinger National Director – Governance, Risk, and Compliance Thomas McDermott Director – Cybersecurity, Technology Risk, and Privacy Allison Guttenplan Manager – Governance, Risk, and Compliance INTRODUCTIONS - INVITEES Albertus Magnus College Assumption College Bay Path University Connecticut College Fairfield University Goodwin College Johnson & Wales University Mitchell College Quinnipiac University Rensselaer at Hartford Sacred Heart University Springfield College Trinity College University of Bridgeport University of Hartford University of New Haven University of Saint Joseph Wesleyan University Western New England University Worcester State University Yale University ENTERPRISE RISK MANAGEMENT (ERM) • Formalized program, maturity, and evolution • Current risks ̶ Reduction in enrollment and revenue • Governance and culture • International students • Auxiliary revenue • Risk assessment ̶ ̶ ̶ • Mitigation plans • Use in strategy/objective setting ̶ Various perspectives – financial, regulatory, operational, reputational Identification and prioritization ̶ ̶ ̶ Costs of remote and/or on-campus learning Need for refunds Change in government funding programs and/or regulations Liquidity scenarios Fundraising levels BUSINESS CONTINUITY PLANNING (BCP) • Lessons learned • Shared ownership and execution • Business impact analyses • Importance of testing/tabletop exercises • Alignment with Disaster Recovery Planning (DRP) INFORMATION TECHNOLOGY STRATEGY AND RISK • Management and governance • Incorporating into ERM • Remote learning • Cybersecurity ̶ Remote environment • User access • Data privacy WORKFORCE CHALLENGES • Remote workforce models ̶ Effect on interim internal controls • Changes in organizational structure or roles/responsibilities • Real estate footprint impact ̶ Impact on technology strategy and risk BOARD GOVERNANCE • Proper division of oversight • Board’s role in ERM and strategy setting • Engagement and communication 10 VENDOR MANAGEMENT AND THIRDPARTY RISK • Maintaining internal controls • Conflicts of interest checks • Vendor financial vetting and monitoring ̶ ̶ Key vendors New vendors • Anti-fraud controls in procurement and AP 11 CLOSING REMARKS • Risk management • Internal audit • Communication with all stakeholders • What you want to hear more about in future programming? 12