.jpg)
URMIA Matters
URMIA Matters
Episode 14: 2020 Eastern Regional Conference, Condensed
Listen to the fascinating time-capsule version of the 2020 Eastern Regional Conference recorded on site with some of the presenters just as the initial impacts of the coronavirus pandemic were being felt in the United States. Whether the topic is travel, cyber security, health, or something else, common themes emerge as URMIA president Chauncey Fagler interviews Steven Dunham (UNC-Charlotte), John McLaughlin (Gallagher), Meghan Fisher and Evan Small (Elon University), Tammy Downs and Bryce Porter (UNC-Greensboro), James Keller (Saul Ewing Arnstein & Lehr LLP), and Lynne Sanders (UNC-System).
Show Notes [member-only content, login required]
Connect with URMIA & URMIA with your network
-Share /Tag in Social Media @urmianetwork
-Not a member? Join ->www.urmia.org/join
-Email | contactus@urmia.org
Give URMIA Matters a boost:
-Give the podcast a 5 star rating
-Share the podcast - click that button!
-Follow on your podcast platform - don't miss an episode!
Thanks for listening to URMIA Matters!
Jenny: Hi welcome to URMIAmatters I'm Jenny Whittington, your host. So, this is a special episode because on February 27th and 28th we reported live at the Eastern Regional Conference in Raleigh North Carolina. There were a lot of great sessions and great speakers and although we weren't able to talk to each one of the presenters, our president Chauncey Fagler was able to sit down with some of them. Chauncey first spoke to Steve Dunham, who gave a great pre-conference session called Risky Business-How ERM Supercharges Organizational Performance Management.
Chauncey: I’m Chauncey Fagler, President of URMIA this year and with us this afternoon we have Steven from the University of North Carolina-Charlotte Campus and we're going to let him introduce himself and if he could explain what his role is, that’ll be great.
Steven: That’s right. My name is Steven Dunham and I'm actually from the University of North Carolina at Charlotte and my role there is our Chief Risk Officer, which is specifically, only related to implementing, designing, implementing and maintaining a Enterprise risk management framework at that University. I think of particular note I've only been there one year. This is my first stint in the public sector; my previous 21 years of experience in risk management involved in the private sector, so it's certainly been an eye-opening experience changing industries.
Chauncey: So, why don’t you talk about that just a little bit also, the transition.
Steven: You know, the transition really comes to light the most as being solely responsible for Enterprise risk management. One of the first steps that I've always been successful at in implementing an ERM program is connecting almost immediately with the strategy setting, it’s organizational performance management folks, and my experience in the private sector, at least in the fortune 500 companies I’ve worked for, that’s been pretty intuitive. You just hear the people that clearly define each year what their top objectives are, the things we need to achieve from a strategic point of view, here's how we measure success and I go in and try to bring that risk informed intelligence in and enhance our ability to make decisions using risk information. In the public sector it seems like that strategy setting and organization performance really takes a backseat more to make sure we're in compliance and we maintain accreditation. Those have been my experiences. So, I think today I have a larger responsibility about demonstrating the role enterprise risk management plays in organizational performance and really introducing that for the first time.
Chauncey: That's wonderful, thank you. So, as you look back on your one year, 10 years ERM, what would be your most gratifying step source that you've been able to take today?
Steven: That's a good question alright. I would say that the most gratifying experience is being able to unveil, to try to reveal, the very nature of what we just talked about, which is helping the cabinet, helping the board, helping even the Chancellor understand what is the role for enterprise risk management. We were particularly granted a mandate from our system, the UNC system said you should have enterprise risk management implemented. So, but it wasn’t really an organic request from the organization itself. So, I carry the burden not only of executing, but also selling the value of it and I think it was over the last year I've been able to unpack successfully for both our cabinet and our Chancellor, here is what ERM is, here is how it adds value and getting a seat at that table to be able to bring that risk intelligence so they can make better decisions.
Chauncey: Thank you, so I'm going to change direction and go to the opposite side of that question. So, what's keeping you up at night?
Steven: You know I think every university or institution set of key risks will be unique and I think they should be. I think anyone that comes in and says here's universally what the risks are I think is probably less informed. I would say at our institution one of the things work we're having to deal with, and it’s has a holistic impact across all the divisions is we don't have a state budget passed, and we’re in a unique situation where we’re trying to finish and start projects that were forecasted to meet certain enrollment growth and to be able to implement new programs. We’re trying to figure out how to make operational budget happen, we're trying to figure out how to retain key personnel without being able to give raises and so one of the unique things here in the North Carolina system is that our North Carolina legislature has not passed a state budget. So that’s something that’s universal with everybody I work with. Obviously, I think you know I don't need to steal anything from the headlines dealing with a very unique situation with the coronavirus, has certainly gotten a lot of attention, it requires cross-disciplinary, cross-divisional interaction, and I think enterprise risk management has a role to play there, not to get in the way but rather to make sure all the right people are at the tables. Cyber-security, I think, has been on everybody's radar for a while but I think that it's just, you don't want to become a new normal where it's just yeah it is a matter of win rather than F and so I think there's a drum to be beating there that certainly would keep me up at night. Finally, we have a unique situation you know at our University where we have a long time Revered Chancellor who is turning over after 13 years and looking for and the implications of a new Chancellor, what that role may look like, their vision, how it may affect strategy. All of those things are definitely at the forefront of our minds at the University of North Carolina at Charlotte.
Chauncey: Great thank you. And the last question will be, with your extensive career on the public side or the private side, excuse me, tips of the trade for anyone that's coming in to the public side, higher ed particularly?
Steven: Certainly. I think it’s, you have to believe that you have a seat at the table. Again, I was responsible for operational risk management in the past with enterprise risk management as well. But for those enterprise risk management professionals, those that specialize in the discipline of enterprise risk management, especially if you're.. that’s at your sole responsibility, I think it's critical to not be apologetic about your role. I think it's critical that you have a vision and that you have a brand for enterprise risk management that support you having a seat at the leadership table, has a seat at the strategy setting at the highest level of organizational performance management, and making sure that that you're not just an afterthought and honestly I just hate to say it again being apologetic about your role but rather you need to have a clear vision and you need to know that your role can truly value added to that level of the organization.
Chauncey: That's a fantastic answer, thank you Steven.
Steven: Thank you.
Jenny: Next Chauncey spoke to John McLaughlin with Gallagher the name of that session was Managing a Hard Insurance Market and it was very very well-received.
Chauncey: Alright, hello everyone this is Chauncey Fagler and with me I have John McLaughlin from Arthur J Gallagher and John we're going to ask you a few questions and we appreciate you being here at the first regional this year the eastern regional here in Raleigh, North Carolina.
John: Glad to be here.
Chauncey: So, give us a little bit of background about yourself, please.
John: Chauncey, as you said I am the Managing Director of Gallagher’s Global Higher Education Practice. I’ve been with Gallagher, let's just say a number of years.
Chauncey: So, thank you for that, John. So a couple questions for you, you know obviously you've been in the business for a long time and when you look at what's going on in our world right now, if you had to pick one or two lines of coverages, what are the two that are keeping you up most at night right now?
John: General liability and educators legal liability have me up at night.
Chauncey: And can you explain that just a touch, please?
John: I will explain that in comparison to the property. While the property rates are definitely going up, it's somewhat understandable based on loss experience, geographic issues, convective storms. The liability side is we're being painted with a very broad brush in higher education because of losses in a select few institutions that are really driving claims experience and driving underwriters’ concern across the broad base, I read. So, the challenge in front of us today is differentiating ourselves in the market. “Ourselves” being individual institutions, need to be able to differentiate their approach to managing risk in the industry.
Chauncey: I noticed during your presentation there was a comment about how underwriters are starting to view higher ed as a high-risk or, you know, something wrong with a different tolerance we've had in the past. Could you talk to that just for a moment?
John: That's probably the biggest development that we've seen in the last two years is this sense that higher education is not an industry that we want to write, that some of this some of that lost experience has developed a pattern. It involves sexual abuse and molestation. It involves coverage disputes between insured's and their carriers that make it challenging for underwriters to look at that at the business. Again, it it it really points to the need to truly differentiate yourself in the market- what are you doing that sets you apart, why will you be a good partner, why is this a reasonable underwriting position to take.
Chauncey: Where are you spending the most time, you know, from a broker’s viewpoint, with your clients right now as part of education on how to know, manage the market. What are you doing now with the relationship between the broker and the client?
John: I would say I’m dividing my time with, at least 50% is actually working with markets, trying to maintain solutions, and build solutions for our client base but working with clients our focus is really on helping people broaden their thinking about risk management within their their institution, engaging different departments, you know, law facilities, HR about all the steps, going to campus police, the things we undertake everyday to manage risk. Being able to communicate, communicate that to the market.
Chauncey: So, are there any additional tips of the trade you'd like to share for the URMIA membership at this point?
John: Our mantra for 2020 is the need to strengthen your risk management narrative. We think it's so critical that you can tell a good story, that there is a message throughout the institution of the importance of managing risk, the steps you have taken to address specific exposures like sexual abuse, molestation and steps you're planning to take. I think it’s critical to tell a story.
Chauncey: Thank you. So, John you know Gallagher has been a long time URMIA partner and we just if there's anything that you would like to share about that long-term relationship and the benefits that Gallagher's gained from that relationship and also potential benefits that obviously the URMIA membership has gained.
John: Our URMIA membership has been a fundamental part of Gallagher really getting on the map in higher education. Just being a part of what URMIAs growth is mirrored somewhat the growth Gallagher has seen working in higher education and we've been longtime supporters and plan on being continued long time supporters. It’s been a great organization to be partnered with.
Chauncey: Well, that will certainly put a smile on Jenny’s face and my face. You know as we conclude, when you look back on the career and even the relationship that you've had with URMIA, what one or two circumstances or incidents or events might be the most gratifying to you?
John: That's a tough question, Chauncey.
Chauncey: Well, I saved the best question for last.
John: You know, really just the chance to become friends with risk manager colleagues. Just really get to know them not only on a business level, but a personal level. I think some of the rewarding opportunities was doing some of the General Sessions and having panel discussions with colleagues on big issues at the time has been rewarding and fun to be a part of.
Chauncey: Thank you very much, and I appreciate your time and I hope you continue to enjoy our conference.
John: Thank you.
Jenny: Chauncey then sat down with Megan Fisher and Evan Small from Elon and they did a session titled Creating a Risk Network in Experiential Education.
Chauncey: Hello everyone. With me today I have Meghan and Evan from Elon University in North Carolina and we're going to ask them a few questions after they introduce themselves.
Megan: Hi everyone, this is Megan Fisher. I’m the Assistant Director of Administrative Services at Elon University. I have been in higher-ed for about 10 years, I've been in risk management for six, a member of URMIA for five of those andI find a lot of value in the regional conferences and love attending and love presenting.
Evan: Hey folks, my name is Evan Small, and I also work at Elon University. I'm a faculty member in the School of Education and I oversee all of our outdoor and adventure based programming on campus. Like Megan, I have been involved in higher education for a number of years on both on the faculty and on the student life side. I’m newer to the URMIA world, and so this is my second Regional Conference. My background is in risk management in a lot of other contexts, so it’s been nice for me to connect into a network like URMIA and experience risk management in sort of a more focused way.
Chauncey: Wonderful, thank you, Megan and Evan. So, the first question we’ll start with: are there any emerging risks that are keeping you guys up at night?
Megan: I think for sure one of the emerging risks for all higher-ed institutions is travel. Students going abroad obviously with this coronavirus which seems to be the buzzword that everyone's talking about now, we have a ton of resources that were throwing at bringing our students from around the globe back to campus or home but just being aware of of where students are when they're not operating out of Elon University Proper and knowing that things are going on globally that are out of our control.
Evan: I’ll echo that and add a little more from my outdoor and adventure based context- as you know the popularity of outdoor education continues to grow and we engage in riskier and riskier activities, skydiving, ziplining, bungee jumping, all of those kinds of things, that next thing in outdoor education is likely going to be inherently risky, and so managing and navigating that conversation with students who are looking for activities like that.
Chauncey: So, if you had to look at what's in front of you tomorrow, I mean obviously we have the coronavirus in front of us if is that really what’s going to be your time consumer over the next few weeks you believe?
Evan: I am taking students to Belize for our spring break which is in two weeks and so that's going to be a mix of ecotourism and adventure based learning in Belize and I mean in general as any sort of international travel these days is, coronavirus a part and parcel of that conversation, and so we had a long conversation with a mother yesterday on the phone about you know what are we doing to protect her child and making sure that our travel plans are safe and having to reassure parents and also University staff that what we're doing is legitimate is based in you know CDC knowledge and state guidance and all of those kinds of larger resources that we can point folks back to say we’re not just taking students to Belize to go play in the woods. There is intentionality, there is meaning, and there is risk management behind that, which helps to ease those fears a little bit, hopefully. Knock on wood.
Chauncey: Megan, I’m going to turn the question on you just a little bit. Is there anything you guys have started on campus already for like pre-planning, any adding extra hand sanitizer stations around campus or things on that line? Could you talk to that little bit, please?
Megan: So, we have we have our EOC on campus, our Emergency Operation Center that's actually activating tomorrow while I will be here so that's going to be interesting to try and manage from a distance. Some of the precautions that we put into place for our folks on campus is obviously we've ordered face masks, I think there's a lot of folks are doing not just for our students before a physical plant staff who are in areas and are more exposed to certain things that are students don't necessarily encounter in their day-to-day. We have students who were studying abroad in Florence when they had their recent outbreak and we've determined needed to leave and so we've arranged travel for those folks back to their homes. We don't have, they're not currently enrolled on campus so we don't have places for them to come back, but we are coordinating with families and students and faculty to get those folks out of the area. So, I think we're just right now boots on the ground trying to manage the best that we can with the information that I think everyone has which has been sensationalised I think to a degree, and so trying to read through what the media is presenting versus what's actually factual and what we can do and and hopefully our EOC activation will give more information tomorrow and moving forward on what our plan is.
Chauncey: So, when you look back on your careers and if you have to think about what was one of the most gratifying events or moments that you could share with us?
Megan: As a relatively new risk manager, having been in this field for about 6 years, I think one of the most gratifying experiences that I had was starting being involved in the process to start implementing ERM on our campus. It allowed us to get to a place with our folks were we could show everyone that risk management is important that it's not something that you should be afraid of that we are people too and we want to work with you and bringing campus together and bringing partners and creating those relationships of value that we can say we value what you're doing we're interested in what you're doing me want to help you do it better and I think we've had great success with that over the last two-and-a-half ish years since we started implementing and we now have people proactively calling us and asking if things are okay rather than finding out about it weeks later and being like “oh my gosh I can’t believe you did that” but I think just having that relationship has been really great and a source of pride that we've been able to instill that in our campus.
Chauncey: That’s wonderful. I think one of the points from your presentation you said you like to approach difficult situations from the viewpoint of curiosity and that gives everyone room and the chance to settle in and move forward in the conversation. Evan, do you have anything you would like to share?
Evan: Yeah, I work primarily with students, and so a recent example from this past weekend, a student on our challenge course, long story short, had a minor accident ended up falling and hitting her head and I found out about it a day and a half later and there's that conversation about why I wasn't told originally but it was this really point of pride moment for me of my students that were able to feel comfortable and confident handling that incident without me there. And that’s really cool, to involve students in risk management and crisis response. I mean there’s lots of those moments, but that was the most recent one, having that conversation with my staff you know, yall did a great job. You handled it well, you provided great care, you provided great follow up, and then you looped me in a little later than I would have preferred, but at least I knew, That moment where they were able to say I've got this was really really cool.
Chauncey: That’s a great story. So, last question. Any tips of the trade you like to share?
Evan: I’m sort of a nontraditional entry point into urmia so I've gone to study abroad conferences and outdoor education conferences and we all talk about risk management but we don't talk about it really in the right way and so I would encourage folks to broaden their lens and think about applying the concepts and topics and terms to their specific world, making it relevant, again by getting by and getting champions like we talked about in our session but helping really contextualizing it into your space and really own and then make sense of it in your world
Megan: Yeah, and going off of that I think as a risk manager it's so important to insert yourself into conversations and experiences where I don't want to say you're not welcome but where folks might not see the value of having risk management be involved, so I think for anyone knew or seasoned it showing up and saying I'm here and I need to be a part of this and this is what we're going to do regardless of whether you think I should be here or not it is instill some sense of expertise that you do have the answers but then also going back you are a person and you can have that relationship and it doesn't have to just be the date that you know shutting down no but let's have a conversation I'm coming to these meetings I'm showing up to these events let's make it worth while for everyone. It's okay to be a little bit pushy if you're pushy in the right way.
Chauncey: And then this is the one more last question: have you tried the new URMIA app yet?
Megan: I have! I’ve downloaded the URMIA app, so download it, everyone!
Evan: I haven’t, but I need to.
Chauncey: Good answer, good safe answers. Thank you both for your time, we appreciate it, thank you.
Jenny: Next Chauncey spoke to Tammy Downs and Bryce Porter and the name of their session was Time for a Check-up- 20/20 Higher Education Cyber-security Risks.
Chauncey: All right, good afternoon. And with me now I have Tammy and Bryce and they have just finished a presentation here at the eastern regional on Cyber or this world of cyber and we're going to let them introduce themselves and ask them each to give us a little explanation about their membership and the value of being a member of URMIA
Tammy: I’m Tammy Downs, Im’m with the University of North Carolina at Greensboro. I'm the risk manager. I've been with the university for almost 10 years now and I don't remember how many years I've been with URMIA, my very first or me a conference was in Phoenix, I do remember that so I have volunteer to do quite a bit of participation at the conferences or sometimes planning for the conference's. I haven't quite jumped in for board members or any of that yet but maybe down the road, we'll see. And I drug Bryce along today, he is our cyber security Guru at the University of North Carolina at Greensboro and he just did an amazing job at the presentation.
Bryce: That’s really kind, Tammy, thank you very much. I don't think the word guru probably applies but I am Bryce Porter and the Chief Information Security Officer and I wear a few other hats as well. University Records officer, DMC compliance officer, HIPAA security officer, not enough space my business card for all those things but they’re there whether I like them or not. So, I’ve been at UNCG for about 19 months now, so it’s still somewhat new, but absolutely passionate about the topic that I tend to speak about which is cybersecurity, information security information risk and compliance all those sorts of things. I think the talk went pretty well, we talked about the state of cybersecurity in higher education some of the current threats, the current trends technology trends as it relates and honestly information security is the number one in that space and IT in higher ed, information security, and security strategies, security technologies, they’re all at the top of the list, so it’s an easy thing to talk about because it is very important, and information security is something that needs to be covered otherwise your University doesn’t belong to you anymore, right. The idea if you don't check your network, it’s not your net work for long. We’ve got lots of different instances of ransomware, lots of different instances of data breeches at major universitites, Yale, Butler, places like that that make the headlines. Niagara University three days ago finished their investigation into an event that caused them to close classes for an entire work day, Thursday two weeks ago they closed classes because of ransomware, so it’s a big issue. And, obviously I’m passionate about it. I'm very fortunate to have a great relationship with Tammy and for our risk management activities we’re pretty well coordinated.
Chauncey: Tammy shared with me earlier, Bryce, you actually have a risk management headcount within your group. If you could explain that because that's actually the first time that I've actually heard that being separated or specialized within the IT department.
Bryce: Sure, so I come from not higher ed intrinsically, like natively you know I’ve spent a lot of time in other businesses, other types of commercial industries, defense, communications, internet e-commerce, I’ve worked for a lot of different companies and so I've had the benefit of seeing how different it teams are organized and how different information security teams are organized and focused exclusively on information security for 18 years, and so I’ve been a part of many different teams in many different industries, and so I’ve sort of assembled a thought and a process and a mechanism for how the work that gets done in my area is best supported by different types of organizations and so I introduced to my team, so I was very fortunate to get some funding for special team members I will say I probably have nearly twice as many people per capita on my team than some of my peers in still need to see seats did institutions in North Carolina, so I’m very fortunate in that perspective. But I implemented an organizational construct that split the activities into sort of the assessment and design architecture and then supported screen technology engineering and then the daily defense in the University which is cyber security operations but then I have a fourth leg at that table which is risk and compliance management. The truth is that risk and compliance activities are integral activities because you have to be able to assess your risk in order to understand where the weak spots are and what needs most attention. You have to be able to be compliant with regulations nowadays. There are regulations at every institution so if you're not compliant chances are you’re out of a job somewhere and if you're not assessing where that is from a risk perspective, chances are you’ll never know. And so I created a headcount and was successful in seeking funding for, which doesn’t get said very often in my position for a risk and compliance manager compliance analyst who executes a lot of our daily compliant activities related to copyright violations and things like that but also is making sure that we're creating mechanisms and leveraging them for assessing compliance with regulations with even contractual obligations from different companies including our cyber liability provider.
Chauncey: That’s great. That sounds like a really great model for people to look at and maybe think about for the future.So, Tammy, on a broad basis, what are the things that are keeping you awake at night at your institution?
Tammy: Is it on the broad bases? Are we talkin cyber-wise or are we talking just in general.
Chauncey: I'm going to ask you just in general.
Tammy: It’s funny I was at the pre-conference earlier this morning and it seems like your top risks don't vary that much it seems like cross the board they seem to stay pretty much the same with everyone, but I think a few of the things that are worrying me are that we are in the middle of our youth programs and what we have going on and we’ve gotten approval for a policy and it’s getting implemented, getting in place, getting somebody in charge of it. We haven’t been as lucky as Bryce getting the approval for that position quite yet. We’ve hired a compliance officer and she’s been there about six months.
Bryce: No, about a year now.
Tammy: She’s been a huge asset and she’s been great with helping with a lot of these types of issues. It kind of scares me on our campus getting control of our vehicles and what kind of vehicles and who actually operates those vehicles has not been as easy as you would think it should be, being the type of environment that higher ed is. I guess it makes sense because no one wants to be told what they can do and when they can do it, so getting a grasp of the vehicles and if they actually have drivers licenses and if they should be driving and that type of thing. It sounds like a simple thing but everyone has their own way of doing it so trying to get everybody under the same umbrella and getting them all to make sure. I just found out recently, and of course it was because of an accident that happened, people that had a vehicle assigned to him had actually lost his license six years ago. So that’s probably the biggest one that keeps me awake right now. It’s one that we’re working on.
Chauncey: It’s always interesting in risk management right.
Tammy: Never a dull moment.
Chauncey: So, Bryce, I’m going to ask you the same question, but are there one or two things in your world of cyber that you could say just really are nagging at you at this moment?
Bryce: There’s quite a few things but probably the top two if I was to put them in a stacked rank order… We have a lot of dependence on vendors. A lot of things that happen in the IT space in higher education rely on vendors. We use three different companies for our IT services as vendors. Now, it varies what we’re doing with each vendor, obviously. In some cases we are just buying software from them. In other cases we are integrating our university’s enterprise resource data students, faculty, things like that. We’re integrating that with these cloud vendors and different service providers where they have access to our stuff and that’s scary because if their posture is not strong, I can be assured of my posture to a certain degree, but it’s harder to be assured of their posture, and they’re not going to disclose to you that they have a bad posture. The truth is they may not and it's something that's a part of my program for UNC Greensboro. The other thing I would say is data proliferation in higher ed, especially in a cloud forward or Cloud first institution like UNC Greensboro. Many of our new technologies are out in the cloud in Microsoft Azure in the Google Cloud platform in places like that. The cloud sounds like a cool term and so really it's somebody else's computer that they have people over you don't generally and so part of the concept of security that you know who can get to it what they can do with it where I can go and the more we proliferate our data into Cloud Connections in Integrations the harder it is to guarantee that control in this guarantee that security so the thing that keeps me up at night is data breach, quite honestly. The students and the families who trust us to protect that data said to the group a while ago that I have a responsibility to protect student’s experience at the university. And if you were an undergraduate student and one of your first experiences was that your identity got stolen because of bad data management at the university, chances are you don’t really have a great experience, and you might not want to continue at that university. No one wants to be data breach university, and the least of all do we want affect the chances of a young mind in completing their degree and going on to successful career in a life, especially UNCG focuses on first time or first generation college students, we certainly don't want to corrupt that legacy, so protecting the student experience protecting our staff and faculty protecting that data, that's the thing that I'm most concerned about.
Chauncey: Great, wonderful answer. Last question-most gratifying solution you've come up with as a risk manager or what your current role is, your most gratifying solution. We’ll start with Tammy.
Bryce: Is it because she has that blank look on her face, you’re starting with her.
Chauncey: Yes, or Bryce if you want to step in.
Bryce: Honestly, I’ll sort of seed the field for Tammy. One of the best things we've done is partner with our Risk Managers. From my perspective, I believe that security is facilitated not just by the defense and the policing of things but by I don't want to be a firefighter and make sure that we are coordinated on what we can do to lower it. We got a good strong partnership to a point where I was going to come out here.
Chauncey: Tammy, what would you like to add?
Tammy: I guess I would have to say just developing the Enterprise risk management program altogether. I came in I was fortunate enough to come in at the very beginning of it and watch it grow into what it's become so far and it's a constantly changing process which is what it is supposed to exciting watching a change in watching it because it’s become more and more important building the relationships across campus and how receptive everybody is across campus learning how to work together at such as Bryce said yeah and building those relationships so it's it's productive for the entire University of the whole to me I guess that would have to be the most gratifying part.
BryceL I'll second that by saying that if it weren't for the Enterprise risk management approach in use at UNCG I wouldn't be able to effectively manage risk just in it. I’m built on top of foundation that Tammy just described.
Chauncey: Wonderful, you guys did a super job, thank you very much.
Tammy: Thank you.
Jenny: The last session of the day, the first day of the conference was named viruses vaccines and mold stopping the spread and managing legal risk and Chauncey spoke to Jim Keller of Saul Ewing.
Chauncey: Hello everyone, with me this afternoon I have Jim Keller and I'm going to let him introduce himself and he's going to take a few moments to tell us what he does in his relationship with URMIA
Jim: Thank you. So, I'm Jim Keller co-chair of the higher education practice at Saul Ewing Arnstein & Lehr or a law firm of about 400 lawyers and I've been the chair of our about 15 years now we have about 30 lawyers in the higher education practice and one of my very first tie-ins to the higher education world was through URMIA and I think we concluded 2007 in Chandler, Arizona and I've spoken I would say 8 times with the national and Regional conferences.
Chauncey: Thank you for that ,Jim. Let's just start with this afternoon in a second here at the eastern regional and there are a lot of questions that came out of that session and is there any high point or a couple high points that you would like to reiterate for the podcast.
Jim: Sure, so our session was on viruses and this session was actually accepted before coronavirus was a thing so the discussion revolved primarily around coronavirus. I thought the highlights were twofold one it was really interactive people are sharing best practices with one another and which is always great in my mind and I'm not embarrassed by this at all folks thought of things that we hadn't prepared so for example someone asked about business interruption coverage and it just of course it's a factor when there could be a pandemic but I thought that dialogue was particularly good.
Chauncey: That's interesting to we have a situation like a pandemic or a coronavirus come around how you Risk Managers all the sudden start to think about what's really in my insurance contracts are how do I get back if I have to find the coverage where I'm going to find it but I thought that was a really good question also. So, as we move forward in your career and as you can relate it to higher ed, what's may have been your most gratifying moment so far?
Jim: So, I would say if my most gratifying moment can be moments or higher education practice group in fact we're here in Raleigh, North Carolina the general Council of North Carolina state is a former associate who worked with me at Saul Ewing so we now have 8 former members of our higher education practice who are general counsel at institutions of higher education and so I'm very proud of that.
Chauncey: That's a great accomplishment, thank you. We’ll move the question in the opposite direction and ask you what is keeping you up at night?
Jim: Well, the coronavirus literally because it's on everyone's mind. More broadly I would say the thing that's keeping me up at night because it’s keeping my clients up at night without actually pulling it in loco parentis so in most states there is no in loco parentis for risks that befall your students on campus but it is certainly it feels like the duties of colleges and universities to their students are expanding and it's very hard for me as outside counsel to give advice on where the line is right now, and that’s what keeps me up at night.
Chauncey: Great, thank you. So, any tips of the trade that you'd like to offer to the URMIA membership?
Jim: Well, if it's for the URMIA membership I would say you should get involved you should speak I did write I've never minded I wrote an article for the URMIA journal when it was still in hard copy and it's it's a great organization it's really good people it's it's helpful to me but as compared to NACUAl which is also an outstanding organization but that's all lawyers it's actually helpful for me to have the insurance input the risk management input the student affairs in put in other industry input is it gives just like I said in the session today gives me different perspectives, it helps my practice.
Chauncey: And I'll leave you with a open-ended question: is there anything you'd like to add?
Jim: There is nothing I would like to add.
Chauncey: Okay good. Thank you very much, appreciate it.
Jenny: The last interview of the day was with Lynn Sanders Lynn was the co-chair of the conference and we got her perspective on chairing the conference and her thoughts about URMIA as an organization.
Chauncey: With us this afternoon we have Lynn Sanders from the University of North Carolina system. We’re going to let her further introduce herself and her title and give her a few minutes to tell us about her.
Lynn: Thank you. My name is Lynn Sanders. I’m the vice president for compliance and audit services at the University of North Carolina system my current role is to assist our 17 campuses with compliance and audit matters, also I work in the area of Enterprise risk management with our institutions.
Chauncey: Great. So, just a little while ago we're talking about a relationship that we have with ACUA and would you speak to that just for a moment also.
Lynn: I sure will. Luckily, ACUA and URMIA have an agreement a partnership per say where we both are interested in promoting internal auditing and higher education through risk management and auditing functions and so we are able to attend each others workshops and provide training expertise to each other's conferences so that we can share information that all of our experts have.
Chauncey: It’s great and it’s been a wonderful relationship over the past years also.
Lynn: We appreciate it very much, thank you.
Chauncey: So, Lynn, what's keeping you up at night from your viewpoint.
Lynn: Well, some of the viewpoints as I said in my office at the University of North Carolina System from an Enterprise risk management standpoint, of course cybersecurity is always of utmost concern as is campus Safety and Security. Specifically this year's in election controversial speakers on campus, we have to be respectful of free freedom of speech but also have to make sure that our Campus Community is safe and a time when there is a lot of political tensions across the United States, so that is something that is very important to us also from health and safety concerns as we know right now the coronavirus is getting a lot of attention in the media and certainly higher ed is responding as well and we want to keep our campus communities safe, also just from an enrollment standpoint we need to make sure we understand the demographic of our students so that we can offer the programming that is of interest of our students there's a lot of competition out there.
Chauncey: Great. So, you just mentioned several items that were sort of top of your list, so is your one that you're spending the most time on or is there another item that you're really spending a lot of time on?
Lynn: I think right now the top three are the campus Safety and Security, cyber security and of course Health concerns. I don't know that there's one that's getting more attention from our perspective at the system level, these are all very important across our institutions so we're spending a lot of time in these areas and addressing real very interested in how we’re addressing risk as well.
Chauncey: Great. So, also as you look back on your career with the system what's been the most gratifying moment?
Lynn: I think the most gratifying moment or a part of my career with the university system is the collaboration that we have built across the university system. All of our institutions are coming together in many ways. We have a number of affinity groups that have been formed around topics of Interest across the university around topics of concern across the university so we can share information and Learn from each other so that we can be better in the whole.
Chauncey: Great, thank you. And the last question is going to be tips of the trade you’d like to share with their audience.
Lynn: I think in this line of work, if I could give of one big piece of advice is to always work on building relationships. I think that is key an important in moving forward building the collaboration and being a trusted partner to leadership and to others that you work with.
Chauncey: Fantastic, and thank you for your time.
So thank you for listening to our podcast today to URMIA matters on the road we were very pleased with the attendance at the regional I'd like to give a special shout-out to our sponsors they were AIG AON FM Global Gallagher Marsh McGowan active shooter program and United Educators it was a wonderful event in Raleigh thanks everybody.
