Board Reviews Its Risks

Risk management

Maybe it’s appropriate that it’s annually presented at the October meeting, just days before Hallowe’en, because the Risk Management Report is the scariest document that is tabled every year before the college’s Board of Governors (BofG).

This year’s edition was reviewed by the Board during its meeting on October 25.

Presented by Senior Vice President Waseem Habash, Associate Vice-President of Communications and Information Technology Amar Singh, and Associate Vice-President of Safety, Security and Facilities Management Rebecca Demchuk, the report explains that:

Senior management ensures that appropriate steps are taken to identify, assess and manage risk and potential hazards associated with the organization, its activities and services. The college’s Risk Management strategy provides a structured and coherent approach to identifying, assessing, monitoring and managing risk.

A cross-functional Risk Management Committee has been established and meets on a monthly basis to regularly review, assess, and update new developments or actions taken. The Risk Register is reviewed monthly to ensure plans are progressing appropriately. Any delays or difficulties are brought to the attention of the appropriate Sector Head for assistance and escalation purposes.

Two years ago, an entirely new risk-evaluation structure was put in place. It is now “bottom-up” – with front-line departmental staff identifying risk situations, then evaluated by a committee made up representatives of departments throughout the college, with recommendations reviewed and implemented by senior administration, and (finally) regular reports made to the BofG.

The associated new system of reporting and tracking risks also added a new facet to the annual report: a section on "Future Risk Prioritization" - how to balance college initiatives with potential risks: whether the former can/should proceed in light of the latter.

Now and in the future, the aim is to instill a college-wide mindset “that is risk-aware without being risk-averse, pursuing opportunities that further strategic and operational priorities while effectively managing risk. Senior management ensures that appropriate steps are taken to identify, assess and manage risk and potential hazards associated with the organization, its activities and services. The college’s risk management strategy provides a structured and coherent approach to identifying, assessing, monitoring and managing risk. A Risk Management Committee has been established and endeavours to meet on a monthly basis to regularly review, assess, and update new developments or actions taken.”

The report nutshelled:

The risk management strategy has included four basic questions:

1. What can go wrong?

2. What can we do to prevent it from happening?

3. What will we do if it happens?

4. If something happens, how will we pay for it?

As usual, based on a template developed by college President Patti France over a decade ago, the two-dozen pages of the report were colour-coded, based on the perceived level of risk of the various scenarios, dealing with every single departmental operation of the school. Here’s a sample page of the report:

risk management

Left to right, the columns are: Risk/Topic, Specific Risk Identified, Probability Of Occurring, Impact If It Occurs, Risk Priority, Current Controls, Preventative Strategies, Lead Person, Sector Head, Expected Timeline To Have Preventative Strategies In Place, Status (Of Plan Development/Implementation):

Red highlights a high-probability risk that a risk-scenario may arise, orange-yellow a medium-probability risk, and green a low-probability risk.

This year, the college is currently dealing with 12 high-risk issues, 27 of medium-risk, and four low-risk matters.

Also contained in the report is a rating of the impact-to-the-college's-well-being: whether a problem would severely affect the school's operation or financial status, moderately affect it, or affect it in a minor manner.

The final section of the chart details existing and proposed policies and procedures designed to eliminate or reduce the likelihood of the risk occurring, or to lessen its impact.

Not surprisingly, since 2020, an entire section - in red - has been added to the report under the Health and Safety departmental heading, dealing with pandemic planning and procedures.

An epidemic/pandemic has always been included in the Risk Management Report, but in very general terms, and not designated as being of a high-probability likelihood of occurring.

How times have changed.

Now, in addition to a lengthy section about the implementation of policies dealing specifically with COVID-19, several other areas of the report make reference to how the current pandemic has posed a threat to the college's operation (student and staff wellness, enrolment, international admissions, etc.).

Other interesting odds-and-ends noted in the report include:

• Created, for the most part, by the budgetary surpluses generated by the college during the past several years, the school's financial stability risks are now somewhat mitigated by reserve funds in excess of $40 million. Let's say, for instance, that the pandemic worsened (or new one occurred) and caused a severe decline in enrolment. The college could "break open that piggy bank" of set-aside money, and inject it into its revenue-stream for a year or so to partially offset the tuition-losses until admissions rebounded;

• Also currently in a reserve fund is several million dollars for deferred maintenance: to deal with an emergency repair to a campus roof or furnace boiler or some other architectural catastrophe;

• Two years ago, the college engaged a law firm to act as an independent investigator of harassment, bullying and sexual violence complaints on campus;

• Meeting enrolment projections and retaining existing enrolment have become more high-priority items, as evidenced by the creation of a department concentrating on student retention and academic advising, the hiring of an analyst to monitor enrolment trends, and bolstered marketing for recruitment. The increased priority level is associated with the provincial government’s intention to, within the next year or two, make the achievement of enrolment targets into a dollars-and-cents factor in its funding of each college;

• I.T. security (vandalistic hacking, cyber attacks, “electronic ransom” attempts) have been a major risk factor for several years.

As part of the effort to mitigate those threats, the college’s I.T. Department will engage an in-house security manager (in addition to the personnel it shares with a consortium of colleges and universities).

Other measures put in place this year include bolstered spam filters and restrictions on embedded links in emails. It’s “better safe than sorry/zero-trust” stance has become so rigid that some “valid” emails are now being temporarily blocked from receipt. Staff and students are, also, constantly reminded about safe and secure computer usage, and the potential danger of improper usage.

Also in the works is an effort to duplicate the college’s server room and its contents at an off-site locale, to allow for back-up and immediate return-to-service should a catastrophe occur on-campus. Some of that new infrastructure should be operational by the end of August, 2023.

Singh also told the Board that, during the past year, the college’s I.T. Department had assisted “a local organization” to rebuild its system after a cyber-attack. That provided valuable experience and insight for this staff.

• Demchuk used her portion of the presentation to the Board to describe how the college has concentrated on enhancing its “active emergency/active attacker” policies and procedures during the past year.

That had included a thorough review of such procedures by retired Windsor Police Chief Al Frederick, amendments based upon his recommendations, and regular “table top” meetings and mock scenario exercises with emergency personnel.

As well, a new video describing effective reactions to an violent attacker on campus has been created and designated as “mandatory viewing” for staff and students.

Demchuk said the college is also reviewing its room numbering system, and may amend it to help emergency responders locate crisis sites more readily.

OTHER STORIES FROM THE BOARD OF GOVERNORS MEETING

• The midyear financial numbers are looking good: https://news.stclair-src.org/need-know-news/budget-track-according-mid-year-actuals

• Apprentices voice their opinion of the college: https://news.stclair-src.org/need-know-news/fluctuating-apprenticeship-surveys-reviewed-board

• Recap of the past year’s marketing efforts: https://news.stclair-src.org/need-know-news/enrolment-and-revenue-depend-marketing-and-recruitment

• Contract/Corporate Training has rebounded: https://news.stclair-src.org/need-know-news/contract-training-rebounds-pandemic

• College prepares for impact of new enrolment-related funding formula: https://news.stclair-src.org/need-know-news/college-prepares-change-funding-formula