Blogs

After assessing risks, what next steps should school officials consider after making a report to the audit committee of the board of trustees? It is helpful to establish a cross-functional team to administer next steps because identified risks, in many instances, have direct or indirect enterprise-wide consequences. Also, a cross-functional risk response team can provide an impartial due process forum to help ensure an appropriate, consistent and structured evaluation is applied to “go or no go” decisions to refer risk issues for further consideration. So, establishing a risk response team can provide a valuable staff-level governance function.

The first step in the evaluation process involves a high-level preliminary assessment of identified risk issues. The high-level preliminary assessment serves as a filter or gate-keeper concerning initial courses of action including:

• Approve referral without further risk analysis
• Request a more detailed risk assessment
• Disapprove referral due to insignificant risks

After the preliminary initial assessment of a recommended course of action, next steps will include sufficiently quantifying or measuring the likelihood of events that may be associated with identified risks, if not already identified in the risk assessment report. Quantification involves calibrating risk assessments, which removes the tendency of humans to rely on relatively simple guess-estimates as to the potential significance of identified risks. This may involve building a business case or conducting detailed studies about the potential monetary and non-monetary impacts or worse-case scenarios associated with specific risks. Additional steps to quantify and measure risks may be helpful to better understand single points of failure, linkages across the school system, and the probability or likelihood of financial and non-financial impacts as a result of specific potential events.  

After quantifying the likelihood of events associated with identified risks, the next step in the process involves identification of risk treatment options that may be considered. Appropriate considerations of risk treatment options involve more than simple “Do we pursue or don’t pursue?” decisions. The evaluation of risk treatment options will result in various recommendations including:

• Removing the source of or factors associated with specified risks
• Changing the likelihood specific risks may occur
• Changing the consequences associated with specified risks, if they occur
• Taking or increasing specified risks in order to pursue desired opportunities
• Avoiding or discontinuing activities or programs associated with specified risks
• Outsourcing activities or programs to move risks to other organizations or entities
• Making informed decisions to retain specified risks

After applying a series of informed and data-driven decisions, the risk response team will have made significant progress, if they are in agreement on a relatively short list of major risks. It is understood that decisions about treatment options may introduce risks. However, not applying a consistent and structured process is more likely to introduce risks. Lastly, additional potential risks may be the result of ineffective response plans or corrective action plans. So monitoring progress in accomplishing corrective actions is inherently important. Continual progress assessments need to be communicated to the risk response team, executive management, and the audit committee of the board, in addition to an end-of-project completion report.