2.4 Review of Related Literature
2.4.10 Aspects of ERM Adoption in Higher Education Institutions
normal of perpetual discomfort. According to Deloitte.com, taking an enterprise approach to risk management for universities can be more proactive and prepared avoiding, accepting, mitigating, sharing, or exploiting risk where possible, or responding to higher education issues and challenges more effectively when they arise. As such, higher education institutions, in the view of Deloitte, are under increasing pressure from government authorities, the public, and members of the universities communities to manage risks.
In summary, in the early 21st century years most of the academic works and research on risk management covered only profit organizations or businesses, not universities. In this sense, the greater the uncertainty, the greater the risk. Since risk is everywhere, there is a need for risk management everywhere, but we need to start by identifying it. Crane et al. (2013) argue that the first step in the risk management process is to identify and classify the potential risks. As concluded by Hillson (2016), because there is no doubt risk is present and recognized as inevitable and unavoidable in every lane of the human venture, so there is an equal need to handle risk in the best possible manner.
is being, or at least should be, adopted by an HEI as an effective management and decision-making instrument. Some recent educational researchers view the adoption of ERM in HEIs as a requirement and defend it based on organisational change and institutional theoretical and empirical perspectives (Lindquist 2013 and 2015; Deck 2015). This study touches on some of the already established ERM models and concepts and see how they have been adapted to academic institutions. Deck (2015, p. 48) based his research around the notion that “HEIs must manage a diverse set of risks that require different means to assess and control. Moreover, individual backgrounds and perceptions on risks and the organizational environment influences how an HEI evaluates and responds to risk”.
One of the most prominent studies conducted in the area of ERM adoption in HEIs is by Huber and Rothstein’s (2013). The study they conducted in a university setting explained the reasons why HEIs would or should adopt ERM. These reasons include 1) their willingness to manage organizational complexity, 2) to meet the demands of their respective government to justify decisions on risk, and 3) to account for social and political prerequisites for accountability. However, over the past few years beginning of 2010, a myriad of studies has been conducted to cover the existence, implementation and feasibility of ERM in higher education. Berge (2010) argues that all academic institutions are subject to exposure of different types of risks. Therefore, this necessitates the need for a solid risk management plan. The management panel in any academic institution must endeavor to explore their risks and provide an estimation of their solutions and management.
Hillson (2003) concluded that, in terms of risk, all institutions are defined as projects whose successfully execution and completion rely not only on defined Work Breakdown Structures (WBS), known to the enterprise project management experts, but also on the basis of Risk Breakdown Structure (RBS). Risks in projects need to be controlled and managed in what Hillson (2003, p. 87) calls RBS, which he defines as “A source-oriented grouping of risks that organises and defines the total risk exposure of the project or business. Each descending level represents an increasingly detailed definition of sources of risk” (p.
87). For universities, such as in the UAE context, it is generally accepted that different formats and models of risk management adoption can be found which suit each given university’s corporate governance structure and academic and enterprise mission. RBS, however, can be utilised by UAE HEIs for the benefit of boosting their academic processes and performance, but evidence to implementation of RBS is not found. However, and as stated by Hillson (2003), “it is therefore necessary for any organisation wishing to use the RBS as an aid to its risk management to develop its owntailored RBS”
(pp. 89-90). He also concluded that “RBS is a powerful aid to risk identification, assessment and
reporting, and the ability to roll-up or drill-down to the appropriate level provides new insights into overall risk exposure” (p. 95). In this sense, therefore, applying a specific model for ERM in HEIs is not really the issue, but it is how applicable and feasible such a model is and how fruitful and effective it is.
It is only through a defined risk management structure, such as the example of RBS, that administrators and stakeholders of UAE HEIs can not only understand and manage their risks but also take benefit out of them and use them as the basis for their assessment and evaluation processes.
In her study, Lundquist (2015) adopts a general conceptual framework that would demonstrate possible areas of adoption of ERM into higher education and would ideally suit not only higher education institutions in the US, but in many other countries in the world. She based her conceptual framework of ERM adoption on a maturity level ranging from formation, moving to development, establishment and finally reaching into integration.
Figure 2.6 – ERM Conceptual Framework (Adopted from Lundquist 2015, p. 10)
However, Lundquist’s conceptual framework of ERM adoption seems justifiably simplistic and would tend to change according to the culture, politics and setting of the targeted academic institution.
Internationally acknowledged aspects of HEIs’ adoption of ERM are extensively made reference to by Lundquist (2013). In her presentation of the experience of HEIs in England (Referring to the Quality Assurance Agency /QAA of the UK), she makes a reference to the risk management framework mandated by the HEFCE back in 2000. Additionally, she points out to the Australia case, where an HEI “must provide a statement from the governing body about its primary responsibilities, including risk management” if that HEI is willing to receive government funding (p. 147). Lundquist (2013) further states that all Australian universities have some type of ERM process being implemented. A third example provided by Lundquist (2013) is the United States of America. United States HEIs are required to exert some risk management efforts and adopt some ERM programs as a requirement by accrediting agencies or even by the federal government. The State of ERM Report 2008 by the Risk Management
and Insurance Society (RIMS) suggested that “new government regulation formally enforcing enterprise risk management [for higher education] can be expected” (p. 147). Lundquist (2013) also argues that rating agencies started to pay more attention to risk management and governance issues in higher education. From the researcher’s reading of the research done in the topic in the UAE, similar findings can be drawn. For example, Al-Jundi and Ahmad (2016, p. 69) defended the statement that “it is crucial to consider the risk that is an inherent part of market activity. Consequently, risk analysis and identification of remedies to minimize them are a couple of the pressing problems of today”.
However, in the UAE, few if any studies have been conducted to the effect of examining the implementation of more sophisticated models of ERM in higher education and how they could contribute to the quality of HEIs academic processes. Examples are El-Refae and Belarbi (2015) and Al-Jundi and Ahmad (2016). El-Refae and Belarbi (2015) managed to develop a working risk management model at Al-Ain University of Science and Technology (AAU). They relied on the CAA (2019a & 2019b) Standards in their adoption of this model. In doing so, they found that the CAA Standards can be utilised as suitable guidelines to control the governance of all academics and non-academic units of the Al Ain University (AAU). In a similar manner, Al-Jundi and Ahmad (2016) worked on a risk management model in the AAU, justifying their action by the statement that “so far none of the authors has taken up this in the perspective of UAE higher education institutions” (p. 68). Additionally, in the UAE, higher education ERM research has been limited to HEIs corporate governance and its relationship to the implementation of ERM as a systematic top-down corporate centered process. Examples are Mansour (2009), Al-Jundi (2012), Soomro and Ahmad (2012), El-Refae and Belarbi (2015), and Warner and Burton (2017), CAA (2019a and 2019b), and CAA (2020). All these studies have used small samples or relied on a case study research approach to understand risk management as an organizational practice and model within a limited institutional context. They did not focus on ERM as an effective and essential process which provides solutions, not only to the risks identified in HEIs, but also to the academic process at large. In this sense, in the view of this study, this adoption is by far very limited and lacking given the rich repository of other aspects which can be utilised through ERM adoption.