by Gael O’Brien
Recent crises at University of California Davis (UCD), Syracuse University and Penn State University – from campus police using pepper spray on peaceful protesters, to sexual molestation allegations, to child sex abuse charges – raise questions about the role of risk management on campuses.
Not surprisingly, a recent survey by the Association of Governing Boards (AGB) indicates comprehensive risk assessment – a fairly standard practice at large companies – is not an automatic function of university governance. Only about one-third of the boards surveyed had a formal process for risk assessment. AGB says further improvement is needed.
The issue isn’t just how widespread risk management is on campuses but whether the standards for effective programs are adequate to the challenges inherent in their mission. Penn State was early to the party with what was considered a comprehensive risk management function and yet it failed to protect the university’s reputation. It is a failure that impacts every aspect of the institution, the measurable and the unquantifiable. Moody’s has placed Penn State’s revenue bond rating on review for possible downgrade in the midst of its $2 billion campaign.
College leaders are facing an ever-growing list of emerging issues not in their playbook, as well as challenges posed by insular sports departments that are economic drivers in their own right. The more narrowly risk is defined, the greater the likelihood that managing it can ignore or minimize the powerful role an institution’s culture plays in preventing, creating, or escalating crises. Culture risk is organic, given texture by those in power and those being led. And in the viral world in which we live, local missteps take on global footprints in seconds.
The pepper spraying of Occupy Davis protesters November 18, 2011 was immediately captured on YouTube. Eleven students were treated at the scene or taken to a hospital; 10 were arrested. The president of the University of California system has said he was “appalled” and will do an assessment of law enforcement procedures on all 10 UC campuses.
After seeing the video, UCD Chancellor Linda Katehi, said the use of pepper spray was “chilling” and “raises many questions about how best to handle situations like this.” She announced the creation of a task force to look into encampments. Meanwhile, the UCD Faculty Association has called for her resignation citing “a gross failure of leadership.”
Should university presidents have anticipated that the Occupy Wall Street protests would quickly move to college campuses? For that matter, should university leaders with star power football or basketball programs, TV rights, and wealthy boosters anticipate problems with transparency, fiefdoms, and where loyalty is owed? Even when the problem is anticipated, knowing how to address it to circumvent unintended consequences becomes the key.
AGB, a leading source of information for trustees and presidents, identifies four risks institutions might face: operational (fire, weather, strike, power plant accident), legal and regulatory, (compliance failures), financial, and political and reputational.
In 2007, AGB co-hosted a summit on Enterprise Risk Management (ERM) to begin to develop a sustainable ERM model with roles for presidents and others. UCD and Penn State were among the 40 leaders participating, including several people responsible for Penn State’s risk management and recently-fired President Graham Spanier. In this forum, culture was pegged to one of eight tactical components (like event identification) that should be looked at in its strategic, operational, financial, and compliance aspects.
Culture needs a much bigger focus in university risk management. That point will undoubtedly become clear in the findings of the avalanche of investigations planned at Penn State (from one led by trustees to others by the U.S. Department of Education and the National Collegiate Athletic Association).
Acting President Rodney Erickson made clear he was trying to usher in a culture change, when he announced a commitment to transparency and hiring an ethics officer to report directly to him. In the process, risk management is bound to broaden and perhaps find a new home there. Under Spanier, risk management was housed in the Privacy Office, reporting to the corporate controller, who reported to the former Sr. VP for Business and Finance, now accused of perjury in the scandal.
The more risk management is about compliance and not also about raising the difficult questions when competing values come into play (like issues of perceived safety versus right to dissent), the less a university is protected. The problem is that in juggling 100 balls, leaders often don’t have practice thinking through how their values, and those of the institution, will come into play in a variety of different potential situations.
It is the nature of universities that we expect them to figure out how to handle dissent without pepper spray, engage in dialogue, and create teachable moments that often occur outside classrooms.
What better setting than a learning environment to apply a variation of the Giving Voice to Values approach created by consultant and educator Mary Gentile for teaching business ethics to students – and to use it for administrators? (Over 100 universities from Harvard to Penn State to University of Cape Town use the approach in classrooms.) The approach is easily adapted to leaders – creating a safe environment to practice how to address “what would I say and do if I were to act on my values?”
Answering that question would have the greatest possible impact on risk management and protecting the university.
Gael O’Brien is a Business Ethics Magazine columnist. Gael is a thought leader on building leadership, trust, and reputation and writes The Week in Ethics.