URMIA Matters

Risk management is complex, and your time is limited. This podcast series helps you keep up on emerging issues in higher education and best risk management practices. Join URMIA leaders, peers, and insurance experts twice a month as they explore timely topics, URMIA member resources, and the profession.

All Episodes

URMIA Matters

ERM 101 for Beginners

April 08, 2026 • URMIA - Higher Education Risk Management & Insurance • Season 7 • Episode 5

0:00 | 35:38

In this episode of URMIA Matters, guest host Caitlin Cai from the University of Tennessee is joined by Lavern Miles and Kathy Peeling from the University of Maryland, College Park, and Melanie Bennett from United Educators for a focused, practical conversation on Enterprise Risk Management for those just starting out. The episode presents ERM as a shared, ongoing process for identifying, prioritizing, and managing institution‑wide risks, with strong emphasis on leadership support, clear communication, and campus engagement. Using real‑world experience from the higher‑ed community, our guests discuss how ERM can move beyond compliance to support better decision‑making by connecting risk to strategy, using data and monitoring to guide action, and leveraging peer networks and professional resources to build programs that grow and adapt over time. Whether you are brand new to ERM or looking to strengthen an existing approach, this episode offers clear insights and relatable examples to help you get started with confidence.

Show Notes

Guests

Lavern Miles, Director of Enterprise Risk Management - University of Maryland, College Park
Kathy Peeling, Assistant Director for Risk Management - University of Maryland, College Park
Melanie Bennett, Senior Risk Management Counsel - United Educators

Guest Host

Caitlin Cai, Risk and Insurance Program Manager - University of Tennessee System

Connect with URMIA & URMIA with your network
-Share /Tag in Social Media @urmianetwork
-Not a member? Join ->www.urmia.org/join
-Email | contactus@urmia.org

Give URMIA Matters a boost:
-Give the podcast a 5 star rating
-Share the podcast - click that button!
-Follow on your podcast platform - don't miss an episode!

Thanks for listening to URMIA Matters!

Michelle Smith: [00:00:00] Welcome to Season seven of URMIA Matters, a podcast about higher education, risk management, and insurance, whether you are an URMIA member or supporter. Thanks for listening. Let's jump in.

Caitlin Cai: So, hi everyone. My name is Caitlin. I am the Insurance Program Manager for the University of Tennessee. This is actually the first time that I will be hosting an URMIA Matters podcast. So, it's great to, I guess, hear everyone today. Today I am joined with three guests. I have Lavern Miles. She is with the University of Maryland. She is the ERM Director. I have Kathy Peeling. She's also with the University of Maryland as an Assistant Director of Risk Management, and I'm joined by Melanie from United Educators, UE, as the Senior Risk Management Council. I think it would be great to start the podcast with a little bit of context from everyone about how you, how you got here, who you are, [00:01:00] Lavern, since I started with your introduction, if you would do that just real quickly for us.

Lavern Miles: Sure. Glad to do it. Glad to be here today. I, uh, am new to higher education. I've spent most of my career in the private sector doing some of it, doing enterprise risk management, so very exciting time to learn a new industry. Do something in an industry that really matters. So glad to be here, to be helpful.

Caitlin Cai: Kathy, I will tag you in.

Kathy Peeling: Hi. Let's see. I've been in risk management, traditional risk management for pretty much my entire career. I've been in higher ed for about the past eight years, but I've gone through K 12 risk management, local government risk management, um, and that all came after leaving college into the insurance world as a claims adjuster. That's kind of where I started, but higher ed is definitely a challenge, and so thank you for inviting me.

Caitlin Cai: Thank you. Melanie?

Melanie Bennett: Hi, Caitlin. So happy to be here today. I've been [00:02:00] working at United Educators in the risk management department for 12 years, and some of the issue areas I've gotten to focus on include youth protection, technology accessibility, Title IX, and of course, enterprise risk management.

Caitlin Cai: All right, so I'm glad because we have such a diverse group with us today. As I said, my job really is insurance, so enterprise risk management is the topic today, and it's something that I am. Pretty new at learning the intricacies of, and so I kind of wanna set the scene a little bit for some of our listeners.

I wanna begin with something I call the rapid risk quickfire. So, I want you to give me kind of your first instinctive answer. It's gonna be quick questions, quick answers. I don't want you to overthink it. And this, like I said, will give our viewers a good understanding of maybe what your perspective is. That's the subject matter expert. So, I will go kind of around the table here. We'll start with Lavern, go to Kathy, and then Melanie for all of [00:03:00] these questions. So, for my first question, if you had one word that you had to associate with enterprise risk management with your M, what would that be? Lavern?

Lavern Miles: It would be threats.

Caitlin Cai: Kathy?

Kathy Peeling: I'll take the other side. Opportunities.

Caitlin Cai: Oh, okay. Now I like that, Melanie?

Melanie Bennett: I'll say coordination.

Caitlin Cai: Coordination. Okay. I think all strong words that kind of give us a peek at to what ERM is. My next question. What do you think is the most overrated risk on campus right now? Lavern?

Lavern Miles: Wow. Right now, I would say none of them are overrated. Honestly, there, there really isn't, you know. We're in an environment where there's a lot of scrutiny and change that's happening at a pace that we would've never expected. So, I, I really can't say honestly that there's any one thing that is, you know, over [00:04:00] exposed or overused.

Caitlin Cai: That's fair. That, that was a loaded question on my end. I'm curious, Kathy, do you have any kind of answer to that? What's your first gut reaction to most overrated risk on campus?

Kathy Peeling: I'll say that it depends who you ask and what their own risk tolerance is. Because when we began our adventure, we tried not to prejudice our leaders as we were trying to get them to air their biggest risks or what they perceive to be the biggest risks. And it really depended what part of the university they came from, what they perceive their biggest risk to be. And the other part was they didn't know what they didn't know as far as controls or mitigation strategies that were already in place. So yes, it may be a huge risk, but if you've got a lot of controls in place and you've got it and you've got it under control, in the end it, it's not as [00:05:00] big a risk. So, it really, it depends. I know that's an attorney answer, but it depends.

Caitlin Cai: I feel like it depends as an answer that we see a lot in regards to risk management in general. Melanie, I'm curious, do you have any thoughts on that?

Melanie Bennett: I really like the question. It's not one I've really considered before from my perspective. I also do not have an answer for what risk is overrated. But, oh, I will say I think a lot of schools fear taking on ERM, and it's a fear they don't need to have. It's not quite the same answer to the same question that you asked, but it's a question that came into my head. I think they fear ERM because it's creating a structure that doesn't currently exist, when in the end it will save them time and energy by creating an ERM structure.

Caitlin Cai: No, I think all three of those are really good responses. So, I would like you to finish this sentence. ERM is most successful when. [00:06:00] Lavern?

Lavern Miles: When you have leadership executive sponsorship, if you don't have it from the top, it will not succeed.

Caitlin Cai: Kathy, what about you? What do you think?

Kathy Peeling: Well, she stole my answer, but I think it's, it's most successful when you can build a culture where people consider the risk as they're doing their planning of a program, not after the fact. Not asking question, oh, what risk might come with that, but that it's part of that whole thought process right from the get-go.

Caitlin Cai: Awesome, Melanie?

Melanie Bennett: I agree with both of those, and I'll add to it. When the ERM team doesn't get stuck on creating the ERM system, but practices as they are creating it, it'll mature over time. But ERM is best when it's actually happening.

Caitlin Cai: Okay. And then my last question before we start to get into [00:07:00] details with the University of Maryland, and Melanie, some of your background with UE, what do you all think is the biggest misconception about ERM, Lavern?

Lavern Miles: I would say the focusing on the opportunity side. That doesn't get talked about a lot. And so, when you are looking at threats, which was, you know, my answer to your prior question was, was threats is really that you do have to even look at those threats and see if there are opportunities there. There are many companies, and I'm sure institutions in higher education where something was a threat, but because you had to be creative in how you mitigated that it created an opportunity for you at the same time.

Caitlin Cai: That's something that I like about ERM, it seems to be this kind of mindset shift when in, in looking at risk, 'cause I think a lot of times with being a risk manager, you think, what's the risk here? What's the threat? What is the downside to, if I take a certain opportunity, I think that focus shift is very important. [00:08:00] Kathy, what are your thoughts on the biggest misconception?

Kathy Peeling: That it's something new and outside of what you're currently doing? Because everybody manages risk to a certain degree regardless of whether you call it an ERM program or not. You are, at least at some level, you're looking at risk strategically, whether you know you are or not. So, the biggest misconception is, is really that it's this big outside thing you've gotta create when in fact you really need to look internally as you begin to build it.

Caitlin Cai: I like that. Looking at the tools that you kind of already have. Melanie, what about you?

Melanie Bennett: One misperception sometimes is that you need to take a framework that already exists and use it as it is. Take the COSO framework, take the ISO framework, and that doesn't really work in education. Like Kathy and Lavern [00:09:00] were saying, there are peers who have figured out how to create ERM, and we can work together to create frameworks that work for our institutions.

Caitlin Cai: Great. So, thanks for entertaining some of my risk quickfire questions. So, I definitely do want to lean on your perspective, Lavern, and Kathy, having stood up your own kind of ERM program. I guess just to start with, for some of our listeners who have heard me say, ERM and enterprise risk, this first segment. What is ERM in a higher ed setting? Can you break that down for people that may not be as familiar? I'll turn it over to, I guess you, Kathy, since you did start the program. If you wanna give us some context about kind of how the program got started at the University of Maryland.

Kathy Peeling: Well, we kind of had two starts. One was probably 10, 15 years ago now under a predecessor, and they tried to do a very formulaic approach to it, identifying risks and coming up with risk owners [00:10:00] and strategies to mitigate it like that. But they didn't really have a, um, a champion at the top to keep it moving, and it kind of died on the vine. Then the second go round, we took a different approach, and we knew we needed a framework, but we also, well, let me back up one step. Our system gave us a mandate. Thou shall have a risk management, an enterprise risk management program in place.

We're not gonna tell you how to build it, we're not gonna tell you what we want. You, you need to figure that out. So, you know, then we looked at our peers within our own university system and outside of our university system. And we knew that we needed to think strategically. We didn't wanna get lost in the weeds and get down to every little risk. We needed to look in terms of what our leadership already had in the way of a strategic planning program in place to, to [00:11:00] understand their priorities. So, we knew where to start. And that's essentially what we did. We took a look at what we already had in place because once again, I don't think our leadership really knew a lot about formal risk management, even the traditional kind.

You know, just the process where you identify and then you evaluate your risks. You decide how you're gonna treat them, you put it in place, and you measure the results in the end. That basic thing that you learn as soon as you move into risk management, they, they didn't even understand that part. So, it was really a matter of seeing what we already had in place, finding out where they thought the pain points were. And beginning to build from there to identify their priorities and then build from that. I don't know if that completely answers it or not.

Caitlin Cai: It does. I'm curious because I know you mentioned earlier having, or somebody mentioned earlier, having leadership buy-in and that being [00:12:00] important, and I hear you saying they kind of, they had to identify, so what kind of leadership did you have to bring into this vision?

Kathy Peeling: Oh, all right. I'm sorry. I probably should have started with that. Our cabinet, all our president and all of our vice presidents, that's the way we're organized, and they call 'em the cabinet, you know, vice president of finance, of administration of student affairs, et cetera. You know, they meet all the time and talk about risks amongst a million other things. And so that was where we were gonna start. We had to get that conversation right from the start. And fortunately, or unfortunately, our system that said, thou shall, right before COVID started, but when they said Thou shall have a program in place, they then were coming back and giving us specific questions to answer. So those had, those went to our president. So, we had to begin to supply answers to him. And to the cabinet and have the discussion. So, we really did start [00:13:00] at the top, which was a great way to go about it. It's getting the rest of the campus to understand it. Going forward, that becomes the challenge, but it's top down is the way to go. So that's how we started.

Caitlin Cai: Lavern, I'm curious, since you are the ERM director, how did you get brought into the process?

Lavern Miles: Well, just picking up from where Kathy left off, I think the university made a decision that they needed a resource who was dedicated to it. And that's the case in most organizations, private public sector, because you are gonna have those bits and starts because you don't really have anybody carrying the baton on. Right? So, a lot of organizations will do a number of risk assessments, but perhaps they won't spend as much time as they need on mitigation. And very few people really wanna talk about risk appetite or to define data to support their efforts to monitoring risk. And that takes time. I'm learning that [00:14:00] that takes time. Uh, it takes a lot of commitment and from everyone who's involved in it, not just the cabinet, but risk owners, their teams that help them manage the risk on a daily basis. Then interact with me. So, you do need, need that. So how, that's how I came in. The university was looking for a dedicated resource for it.

Caitlin Cai: So, I've heard some pieces here, threats, opportunities, assessment. What do you all see as core pieces to a solid ERM program? And Melanie, I know that we haven't gotten to you yet, so I'm curious about your perspective being, you know, from the UE side of things, not on the university end.

Melanie Bennett: Sure. We always advise that UE, that an ERM program should have four core parts, the risk identification, the risk assessment phase, the risk treatment phase, and the reporting and monitoring of [00:15:00] risk. Those may look different at different institutions, but typically there'll be an every ERM process and they'll continue. It's a cyclical process, so starting with risk identification, you're going to all your departments. So, they can identify their risks, and then you're pulling them up together to see what risks are happening enterprise wide across the institution.

The whole point of the process is to see what are the big risks that we should be paying attention to, that maybe only individual departments had seen before, but several had, maybe only one department was paying attention. Maybe we were paying attention, but we didn't notice that it was an enterprise wide risk that we need to be paying more attention to as an institution.

Caitlin Cai: Do you have an example of that? Or I'm curious, Lavern, Kathy, at your institution, do you have an example of, of maybe when that might have been the case?

Lavern Miles: I'm sorry, which, which aspect of, 'cause [00:16:00] I'm listening to Melanie and I'm like, Ooh, I can comment.

Caitlin Cai: You're taking notes. Just that example where she said, you know, sometimes there may be risk that you think are just held at a certain department level and then you realize, oh wait, that affects the whole enterprise.

Lavern Miles: Yeah. That I think one of the takeaways that I would hear when I first started was how much leadership appreciated the dialogue for that very reason is because people didn't have a complete perspective on the broader implications of a risk. And one example is around college athletics. You know, a lot of people may think it's sports, you know, they'll, they'll handle it, but they don't necessarily understand what the broader implications that has across operations, reputation, strategy, you know, to current state, future state, what can happen here. So that, that would be one of the examples that stood out to me the most. Because of this process, people [00:17:00] had to think from two perspectives, how do I explain the implications fully? And then others understanding how it not only impacts the institution broadly, but their, each of their areas.

Caitlin Cai: Melanie, I'll have you continue. So, after assessment, you were talking about the other couple of pieces that are part of that.

Melanie Bennett: Oh sure. After you identify your risks, then you're assessing the risks. So, after the big identification where you get a lot of risks and you're doing an assessment, so you can rate the risks against each other to get a better idea of what you're gonna be focusing more on, you are likely have key risk indicators that you're creating, and thresholds associated with those indicators. And then you'll use that even further to even further identify the risks that are gonna be the central risks that you'll create the mitigation program for the year enterprise wide, doesn't mean all the other risks don't get [00:18:00] their own mitigation programs, they just won't necessarily be part of the ERM project mitigation program.

Caitlin Cai: Mm-hmm. And so, I'm curious, does this operate on a certain kind of cycle or is there kind of a cadence at which each of these steps should be occurring?

Melanie Bennett: I like that question because typically in the past, I've advised it to be an annual cycle, but I hear that some schools are doing different cycles depending what works for them, and that makes sense too. Do what works for your institution and allows you to get through the whole cycle. Kathy and Lavern, what are your thoughts on that?

Kathy Peeling: I'd have to say having, you know, tried to do some of the preliminary. By the time you get through the identification phase and you're trying to decide, okay, who deals with what, who are, who are my risk owners, and then they have to do their own assessment and, and what mitigation strategies are gonna be help here. If [00:19:00] you, did it annually, you'd never get to the treatment and monitoring phase. So, you know, you really do have to, you know, once you've identified which ones you're gonna tackle, 'cause obviously you can't tackle 'em all at once. You have to tackle the ones that are the biggest threats upfront to the extent that you can.

And then you're gonna go back and reassess because things are gonna shift in their ranking. I mean, you may look at a risk and say, oh, and we've got all these strategies in place to keep it from going off the rails. You don't need to spend as much time and attention to that one, you know? So as the program progresses and matures, you're gonna need to go back and re-look at everything on a periodic basis. But annually is just definitely too frequent in, in my humble opinion.

Lavern Miles: And picking up on what Kathy has said, this also gets to the nuance of how you approach it, right? What do you mean by annual risk assessment? So, we're, we're [00:20:00] entering a process. We've already begun it where there's an annual review, but what does, what does that mean? So, it's actually a three year cycle. So, within the, those three years, two of them is a risk refresh. So just as Kathy was saying, you want to reevaluate where you are and your progress that you've made within a year on some of those risks. So, I find it interesting coming from the private sector. Oh yeah, you do it annually.

You know, things move a little bit faster in some areas, but. I think it's smart to do that sort of pause, if you will, to ask how are we doing with the risk that we're focused on? And then what we do is introduce some new risks into that, some emerging risks based on external changes and internal environmental changes. A couple of risks may pop up so they'll get added for consideration, but to do a full [00:21:00] blown risk assessment on the annual basis, I think you somewhat. Miss the opportunity for you to learn from the process and, and make changes.

Caitlin Cai: So, I think listening to you all talk about ERM, especially ERM and the cadence that it might fall on, how do you get to a point where you avoid it becoming kind of the check the box kind of exercise? What are some of the tools or strategies that you might have or have come across to make sure that your ERM program doesn't just stall out or fail?

Lavern Miles: I'll say for us, you know, we're introducing new things, new parts of this process, and some of them really do take time for everyone to adapt to. And when you talk about KRIs, which I always envision a pyramid. They're at the bottom of the pyramid. They're most important to getting to the top of the pyramid, which is your overall risk appetite [00:22:00] statement. But when people think about or ask the question in many different ways, what's the value of ERM seems like it's check the box. I'm wasting our time. We're not really seeing the fruits of our labor. It is really having focus on mitigation. It is having focus on how are you monitoring and using data to do that. And those things take time and they also take engagement and people understand it. You know, they understand. Okay, so we're seeing some progress being made each year on different things that you're introducing and how you're working with us.

So, you have to work with people too, right? So, you can't just say, okay, we're gonna do this. Here are the instructions and we'll see you in a couple months. Right? It takes a lot more engagement and having the conversation while you're doing the build that was referenced earlier is [00:23:00] important as well as getting to a point where you can have effective stakeholder engagement, where you're not just introducing a RM, but you're showing how it's working.

So, people can say, oh, yeah. Or, oh, I was a part of that discussion, or, oh, somebody told me they were doing that. You know, you wanna build to that because otherwise, you know, it's just like, like anything. It's like, so what are you gonna tell me that's new? So, we have a, a number of things that are underway that'll be proving themselves out and will help with that engagement over a long, long time. But you need to, I think, be strategic about those conversations.

Caitlin Cai: So, what about metrics in terms of trying to, I guess, quantify the value of ERM? Are there any metrics that you can use? Maybe cost savings, fewer accidents, injuries? What are some thoughts on that?

Lavern Miles: Yeah, what's really neat with, uh, having Kathy on is when you think of enterprise risk management, there's a ERM is the umbrella. [00:24:00] And then there's lots of specialty areas and Kathy is very knowledgeable and experienced around the insurance side and environmental sustainability, all of these things. And what's interesting about this is that when you talk about data, those are those key risk indicators. So, what are those points that you have to track?

They're going to be early warning signals. That something is happening, something's changing, and it could be good. We're not so good. So maybe we need to improve or enhance our mitigation strategy and approach or action items that we're taking, or maybe we're managing so well, we can shift our resources and our focus to some other areas and certain risks fall to being monitored. So that's how you can use that information and because a risk appetite is such a daunting [00:25:00] conversation when you have data to prove out what's actually happening with yours, it becomes a little easier to build upon and have that, because all of a sudden people can say, oh, we're actually kind of doing that, and oh, we've made some assumptions already on thresholds.

So yeah, you know, if we just started with that, we might have said. We're risk averse and we don't wanna take any risk. But when we look at how we have to operate our business and being in higher ed is a business too, we have to think about what's gonna allow us to serve our community and sustain ourselves. And, and to do that, some risk is gonna be needed to do, to be achieved. And now you know how to determine what's really. Your true appetite for making decisions on what you're going to do or not.

Caitlin Cai: What are some of the resources that any of you all have leaned on throughout kind of building your thoughts and building your program [00:26:00] on towards ERM? Kathy, do you have any thoughts? 'Cause I know you, I know you started the program at Maryland.

Kathy Peeling: Well, actually. We leaned on, we went back to what we had done earlier, and we took a look at what all the risks were that were identified back then. And obviously they were unique, well, maybe not unique to the university, but they were put together by the university people, so that was their perception. But we then did go over to URMIA to look at their risk register that they update all the time. We went to UE actually to look at their resources because, you know, we just wanna make sure we didn't miss anything. There were also some trainings that I know I took one on the ISO 31,000 and PRIMA and URMIA both combined to do a training on ERM.

So, I went through that, you know, so you just, you reached out to the community and pulled that [00:27:00] stuff in so that you're not missing any pieces. So those were the resources that I found really useful because you would see where things repeated and then you'd see a few things that were maybe unique to each one of the resources. But that way we felt like we weren't really missing anything that was obvious and out there. Risk map, ERM, is not brand new anymore. Even though it's not as well embraced in higher ed as it is out in the private sector and especially the financial sector, but it's not brand new anymore, so you don't have to reinvent the wheel.

Caitlin Cai: Melanie, do you have any resources that you typically like to point out, maybe to clients of yours?

Melanie Bennett: I agree with what Kathy said, and I often go to URMIA and as part of URMIA I go to the institutions that are part of I and are talking about how they do it at their institutions, which is wonderful. Also, I've done programs at RIMS that I recommend the institutes. Back in the day, they had an ERM add-on to [00:28:00] the ARM program that they don't have anymore. I know they have a new ERM course. Oh man, I've, I've enjoyed their courses historically and I've also heard great things about the PRIMA programs. Oh, and United Educators of course, has our ERM materials. Thank you. Which are front, many of them are front facing, so we have an ERM resource collection.

Caitlin Cai: Alright, so I wanna bring this home with some practical advice. Now we've kind of been talking about. ERM in an abstract kind of way or how it applies maybe to Maryland. So, if someone were to start an ERM program tomorrow, what are the first two to three things that you think they should do?

Lavern Miles: Well, I'll start. One is definitely familiarize yourself with CSO and ISO 31,000. Those are standards, you know, just to give you a place to, to start with. And then also use. URMIA because it has [00:29:00] so much information, not just articles, but webinars, materials that you can reference repeatedly, and then also access to people. The great thing is the network that's in higher ed, where people really are willing to come together and help you no matter where you are in the process, and you can't underestimate that reaching out and asking the questions. How did you get started? Are a couple of the things that I definitely recommend.

Caitlin Cai: Kathy?

Kathy Peeling: Yeah. I can't emphasize that the networking enough, I mean, there are lots of resources out there, but it's learning from your peers what worked. What didn't work, you know, where you get the most traction, where you get the leadership engagement the best. And I know there's, I'm trying to remember what Eria calls 'em, but the, the different groups, you know, you, you can carry on a, an online conversation with your peers specific [00:30:00] to ERM in the ERM group.

Caitlin Cai: The communities.

Kathy Peeling: Yeah, the communities. That's it. Mm-hmm. You know, it's hard to measure the value, but it's kind of priceless when you, you're running into a problem and you have a group of people that you can reach out to and say, all right, I'm running into this brick wall. How did you get over that? And people share in higher ed. I know in my previous life, in local government, we used to say there are no trade secrets in government. You know, so we shared freely. So, I would say that's probably one of the biggest things to take advantage of if you're just getting started.

Melanie Bennett: I agree with Lavern and Kathy. It's so much about networking and then your internal network just. The very, very, at the very, very beginning, just create your allies. Go to your allies, create your little team of people who know the importance of ERM, and think about the leadership and what language they're speaking and what language you can use to get [00:31:00] help. Get their buy-in. Are they more focused on dollars and cents? Are they more focused on big picture risks and potentially emerging risks? What language will be best to. Show them the importance of this project for your university or college.

Caitlin Cai: Alright, and I wanna ask one last question. I think for you, Lavern, and Kathy, especially at the University of Maryland, this is kind of your chance to brag, if you will, in one sentence or maybe two. What do you think has made ERM successful? What makes it actually work?

Lavern Miles: Well, for me, uh, and we touched on this before, is the leadership sponsorship for this, I, I was just informed today that there's a desire to have more discussions around certain things related to enterprise risk management, outside of plan structured discussions. So, I was super excited to hear that. And that's coming from [00:32:00] leadership. So, the second thing I would say is hearing from others, you know, in a meeting we're starting to talk and use some of the language. That is purported by ERM, and that's, this is not just when I start, you know, because I started, it's, it's been there, it's building like with all the work Kathy and others did. It's nice to hear that, you know, people are bringing in some of the language to their, their discussions and decision making. So.

Caitlin Cai: Kathy?

Kathy Peeling: I think it was our biggest success was. By starting at that dialogue at the very top. Now, we did have a consultant that worked with us, but again, that was from another university. So, he was speaking the language, you know, he was bringing in things that all universities face. He was able to engage with our cabinet in a way that, you know, someone from private industry may [00:33:00] not have been able to. And it was a well-respected person as well that spoke the finance language, that spoke the risk language.

He essentially helped us teach leadership. The language and the light bulbs were going off. Left and right for the meetings that I attended. I was very privileged to be able to be part of the discussions that happened early on after we had identified our top risks and we, we, gave our leadership assignments to actually further define the risk and for them to pull a team together and see what we are already doing.

So it was that engagement, and I think that's really why it's successful today because Lavern doesn't have to start from scratch. She didn't have to come in and teach 'em all the language. They were already speaking it and they were like, we can do this. You know, all we [00:34:00] need to do is decide who owns it and give 'em the resources they need. We can fix this problem. And so, I think that's really been. It's the most successful part of it is it started at the top and they had the buy-in and they just changed their outlook on the way they approached the risks and began to see the entanglements and the spider web that went out and how it really did impact, you know, it wasn't just an operational risk. It did have impact on instruction and the academic side of the world, you know, and they were just beginning to see those threads that held everything together, that it was an enterprise wide risk. I think that's the success.

Caitlin Cai: So, I guess to close out, I think this has been incredibly helpful. I think whether someone is just getting started or kind of rethinking their approach to ERM, I think there were some little nuggets of information that you all plugged in there that are really good to just think on. And I [00:35:00] appreciate everyone joining and everyone for listening. And I think we'll be back with more conversations on what's happening in risk management across the campuses of higher ed. But I appreciate everyone for joining me today. Thank you.

Kathy Peeling: Thank you, Caitlin. Thank you.

Melanie Bennett: Thank you.

Narrator: You've been listening to URMIA Matters. You can find more information about URMIA at www.urmia.org. For more information about this episode, check out the show notes available to URMIA members in the URMIA Network Library.

Julie L. Groves, ARM - Director, Risk Services, Wake Forest University

Host

Michelle J. Smith, CAE - Executive Director, URMIA

Co-host