Higher Education

University Risk Managers Share Concerns

Higher education risk managers are focusing on ERM, as well as cyber security and compliance risks.
By: | December 10, 2014 • 5 min read
University

Higher education risk managers converged on Louisville, Ky., this fall for the annual conference of the University Risk Management and Insurance Association, where several themes emerged as key areas of focus.

Advertisement




“ERM seemed to be the biggest theme, but there was a enough variety in the sessions to cover all the basics,” said Mark Logel, director, administrative services & risk management at the University of Evansville and a first-time conference attendee.

ERM Implementation

More than six in 10 (61 percent) survey respondents said they have not conducted an enterprise risk management process at their institution in the past two years, or don’t know if such work was done, according to data shown during one session, “Managing Risk Intelligently: A New Normal.”

And yet, nearly three-fourths (73 percent) said they are more focused on institutional risk now than five years ago, and 63 percent reported having more full board discussions about institutional risk.

Paradoxically, only 39 percent of respondents said they were getting enough information about their exposures, down from 43 percent in 2008.

However, according to Gary Langsdale, university risk officer at Pennsylvania State University (PSU) and a session speaker, these statistics are not as negative as they appear. Such conflicting opinions may demonstrate that institutions are growing more aware of the complex web of risks they face and therefore asking for more information, not necessarily receiving less.

“There’s an impetus for thinking more holistically about risk,” said Andre LeDuc, executive director, enterprise risk services at the University of Oregon. “It’s a continual struggle to promote a risk-aware culture.”

Such a culture needs to be built from the top down, with buy-in from board members and more communication between academic and student affairs offices. The publicity surrounding the Sandusky scandal at PSU revealed a need for greater board involvement, Langsdale said.

But, he noted, there is a limit.

“Board members should have their noses in but fingers out,” he said, meaning the board’s role is to be informed but not overly involved in risk management.

Langsdale identified ways risk managers can help set the culture for a true ERM effort:

Advertisement




• Look for leadership opportunities.

• Break down organizational silos.

• Understand the analytical tools and methodologies available.

• Elicit views from across the organization.

“Establishing ERM is an evolution,” LeDuc said. “Check back in two or three years to see what works and what doesn’t. Every institution is unique. … We have to take lessons learned back to our home institutions and help the thematic thread spread.”

Strategic Risk

Changing demographics and enrollment challenges, lack of funding and regulatory compliance are three major strategic risks faced by universities.

According to Christine Eick, executive director, risk management and safety at Auburn University, some schools saw hundreds of millions of dollars’ worth of cuts in government funding during the recession.

That is compounded, Langsdale said, by a lack of funding on students’ end as well. As costs rise, fewer students and their families are able to contribute much from their own pockets.

“We have to make choices about which programs to support,” he said.

Many attendees acknowledged that funding for sports programs, while ultimately accounting for a very small percentage of a school’s overall budget, should be the first to take cuts because of their high visibility.

Enrollment has also fallen as demographics shift. There are simply fewer 18-year-olds in the prospective student pool now than there were a decade or more ago, which increases competition among schools vying to keep classrooms full.

“One help has been recruiting returning military members,” Eick said, “who often come with the support of government funding” and have incentives to obtain a degree as they re-enter the mainstream workforce.

Compliance has also risen as a priority, especially with adherence to Title IX and the handling of sexual assault cases coming under tighter scrutiny.

Along with the increased risk, however, comes the benefit of putting “risk managers at the right tables,” said LeDuc, as universities need to discuss such risks among different offices and with board members.

Cyber Security

Like any other organization that collects personally identifiable information, higher education institutions are more concerned with cyber threats.

“Data, data, data. Are we fully aware of our exposures?” LeDuc asked, picking out cyber security as a risk to watch related to students’ personal and financial records, as well as the potential for theft of intellectual property, especially at research institutions.

“Cyber is an increasing threat,” Eick agreed. “There has to be a shift in culture that mandates security training for all faculty to be completed by a certain date. Schools should be employing more privacy officers and CIOs to handle those challenges.”

Universities may have a higher exposure for data breach, Langsdale said, because networks are “designed to be open” to allow access for prospective and current students, alumni, faculty, and researchers from other facilities.

“You need to be on top of your cloud providers and know where your servers are located,” he said. “There should be no deemed export of information.”

Study Abroad

Along with the increase in study abroad programs comes the increased need for colleges and universities to do more to ensure the safety of students in such programs, including keeping track of their whereabouts and the conditions of the countries they visit.

Advertisement




Until recently, schools have had limited ways to track and communicate with students abroad, and have kept limited records of incidents. Both nonprofit organizations and businesses offer resources to help risk managers expand their efforts.

One way to conduct due diligence is through site visits, which “are not terribly expensive,” according to Eick, but which usually are only done by larger, better-funded schools.

In addition to scoping out the conditions of hosting school and the surrounding communities, site visits allow risk managers an opportunity to analyze local coverage and ensure that the right policies are in place. Language barriers can result in improper coverage.

Katie Siegel is a staff writer at Risk & Insurance®. She can be reached at ksiegel@lrp.com.
Share this article:

Risk Insider: Paula Vene Smith

Risks That Hide Behind Reputation and Compliance

By: | November 3, 2014 • 2 min read
Paula Vene Smith directs the Purposeful Risk Engagement Project (PREP) and is a professor at Grinnell College. She writes and consults on risk in higher education, especially at liberal arts colleges. She can be reached at smithp@grinnell.edu.

After agreeing that an emerging risk calls for action, the next step in risk management is to select the best way to treat the risk. Fears about compliance or reputation loom large, and these risks may be given priority in a climate of rapid disclosure fueled by social media and round-the-clock news.

But beware of overlooking the basic question: “What’s at risk?” Have you clarified what vital process, asset, or outcome is threatened?  Sometimes a group of leaders may not all arrive at the same answer.

Take the recently reported case of academic fraud at the University of North Carolina, where students apparently were advised to sign up for phony “paper courses” that involved no real academic work, yet provided them with grades and credit to preserve their eligibility for athletic participation.

But framing the problem in terms of reputation can neglect more direct issues, like the safety of minor children, or corruption of data relied upon for key decisions.

As this story broke, early news accounts framed the risk in terms of NCAA compliance.  But not long afterward, opinion pieces and articles began pointing out that such fraud can strike at the institution’s academic integrity.

The worth of a diploma is potentially undermined by many years of granting degree credit in the absence of genuine learning effort or academic achievement.

Similarly, when an employee is found to have engaged in unethical or abusive behavior, campus administrators may think first of institutional reputation. Discussion will focus on avoiding litigation, or how to communicate the news in a way that will not cast the school in a negative light.

But framing the problem in terms of reputation can neglect more direct issues, like the safety of minor children, or corruption of data relied upon for key decisions.

In extreme cases, excessive concern for reputation can compound risk by tempting executive leaders to dismiss warning signs, decide not to investigate or report the wrongdoing, or even to engage in cover-up when the situation threatens to become public.

While compliance and reputation are key considerations in choosing how to manage an emerging risk, these issues can mask an underlying risk that is more basic.

Are academic institutions pursuing Title IX compliance primarily to satisfy government officials and look good to prospective students and their families?  Or is the goal an ideal learning environment unclouded by the physical and emotional pain of sexual assault, discrimination, and harassment?

The answer to this question is not just rhetorical.

As recently reported in The Washington Post, a number of well-meaning colleges have found that when they step up efforts to encourage reports under Title IX, the relevant statistics can be expected to rise.

While the increase in reporting allows for appropriate follow-up by the institution, it also creates the need to explain to a startled public that a higher number of assault and harassment reports does not necessarily indicate a more dangerous campus.

If the lower statistics from earlier years were due to under-reporting, what benefited was the institution’s reputation rather than the safety of its students.

What risks hide behind the protection of reputation and compliance?  Let’s be clear on what we most want to achieve when we choose how to mitigate a risk.

Share this article:

Sponsored: Healthcare Solutions

The Promise of Technology

A roundtable in Philadelphia explores the power of technology in WC and its potential to take us where we have never been before.
By: | December 10, 2014 • 7 min read

SponsoredContent_HCS
The field of workers’ compensation claims management seems ideally suited as a proving place for the power of technology.

Predictive analytics in the hands of pharmacy and medical management experts can give claims managers the data they need to intervene in troublesome claims. Wearables and other mobile technologies have the potential to give healthcare providers “real-time” reports on the medical condition of injured workers.

Never before have the goals of quick turnaround and transparency in managing claims appeared so tantalizingly achievable.

In the effort to learn more about technology’s potential, in September, Risk & Insurance® partnered with Duluth, Ga.-based Healthcare Solutions to convene an information technology executive roundtable in Philadelphia.

The goal of the roundtable was to explore technology’s promise and to gauge how advancements are serving the industry’s ultimate purpose, getting injured workers safely back to work.

 

Big Data, Transparency and the Economies of Scale

Integration is a word often heard in connection with workers’ compensation claims management. On one hand, it refers to industry consolidation, as investors and larger service providers seek to combine a host of services through mergers and acquisitions.

In another way, integration applies to workers’ compensation data management. As companies merge, technology is allowing previously siloed stores of data to be combined. Access to these new supersets of data, which technology professionals like to call “Big Data,” present a host of opportunities for payers and service providers.

Through accessible exchange systems that give both providers and payers better access to the internal processes of vendors, a service provider can show the payer the status of the claim across a much broader spectrum of services.

SponsoredContent_HCS“One of the things I see with all of this data starting to exchange is the ability to use analytics to predict outcomes, and to implement workflows to intervene.”
–Matthew Landon, Vice President of Analytics, Bunch CareSolutions.

“Any time that we can integrate with a payer across multiple products such as pharmacy, specialty and PPO services, what it does is gives us a better picture of the claim and that helps us to drive better outcomes,” said roundtable participant Chuck Cavaness, chief information officer for Healthcare Solutions.

Integration across multiple product lines also produces economies of scale for the payer, he said.

Big Data, according to the roundtable participants, also provides claims managers an unparalleled perspective on the cases they manage.

“One of the things that excites us as more data is exchanged is the ability to use analytics to predict outcomes, and to implement workflows to intervene,” said roundtable participant Matthew Landon, vice president of analytics with Lakeland, Fla.-based Bunch CareSolutions, A Xerox Company.

Philadelphia roundtable participant Mike Cwynar, vice president of Irvine, Calif.-based Mitchell International, agrees with Landon.

Jerry Poole, President and Chief Executive Officer, Acrometis

Jerry Poole, President and Chief Executive Officer, Acrometis

“We are utilizing technology to consolidate all of the data, to automate as many tasks as we can, and to provide exception-based processing to flag unusual activity where claims professionals can add value,” Cwynar said.

Technology is also enabling the claims management industry to have more productive interactions with medical providers, long considered one of the Holy Grails of better case management.

Philadelphia roundtable participant Jerry Poole, president and CEO of Malvern, Pa-based claims management company Acrometis, said more uniform and accessible information exchange systems are giving medical providers access to see how bills are moving through the claims manager’s process.

“The technology is enabling providers to call in or to visit a portal to figure out what’s happening in the process,” Poole said.

More efficient data storage and communication is also resulting in quicker turnaround times, which is shortening the duration of claims and driving down the overall cost of risk, according to Cwynar.

 

Going Mobile

Another area where technology is moving the industry forward, according to the Philadelphia technology roundtable participants, is mobile technology, which is being used to support adjustors and case managers and is also contributing to quicker return to work and lower costs for payers.

The ability to take a digital tablet to a meeting with an injured worker or a health care provider is allowing case managers to enter data and give feedback on a patient’s condition in real time.

“Our field-based case managers have mobile connectivity to our claims systems that they use while they’re out of the office attending doctor’s appointments, and can enter the data right there into the system, so they’re not having to wait until they are back at the office to enter critical clinical documentation,” said Landon.

Injured workers that use social media, e-mail and the texting function on their mobile phones are staying in better touch with those that are charged with insuring that they are in compliance with their treatment plans.

Wearable devices that provide in-the-moment information about an injured workers’ condition have the potential to recreate what is known in aviation as the “black box,” a device that will record and store the precise physical state of an employee when they were injured. Such a device could also monitor their recovery process.

But as with many technologies, worker and patient privacy also needs to be observed.

“At the end of the day, we need to make sure that we approach technology enhancement that demonstrates value to the client, while ensuring patient advocacy,” Landon said.

Consolidation

As payers and claims managers set out to harness the power of computing in assessing an injured worker’s condition and response to treatment, the cycle of investment in companies that serve the workers’ compensation space is currently playing a significant role.

The trend of private equity investing in companies that can establish one-stop shopping for such services as medical case management, bill review, pharmacy benefit management and fraud forensics has huge potential.

SponsoredContent_HCS“Any time that we can integrate with a payer across multiple products such as pharmacy, specialty and PPO services, what it does is gives us a better picture of the claim and that helps us to drive better outcomes.”
— Chuck Cavaness, Chief Information Officer, Healthcare Solutions.

The challenge now facing the industry, one the information technology roundtable participants are confident it can meet, is integrating those systems. But doing so won’t happen overnight.

“There’s a lot of specialization in the industry today,” said Jerry Poole of Acrometis.

Years ago there was a PT network. Now there’s a surgical implant guy, there’s specialized negotiations, there’s special investigations, said Poole.

The various data needs to be integrated into an overall data set to be used by the carriers to help lower the cost of risk.

“Consolidating all these providers will take standardization of communication pathways and it will likely be led by the vendors,” Poole said.

 

Securing Sensitive Information

Long before hackers turned the cyber defenses of major national retailers inside out, claims management professionals have focused increased attention on the protection of data shared across multiple partners.

Information security safeguards are changing and apply to what technology pros refer to “data at rest,” data that is stored on a particular company’s servers, and “data in flight,” data that is transferred from one user to another.

Michael Cwynar

Michael Cwynar, Vice President, Mitchell International

Mitchell’s Cwynar said carriers want certification that every company their data is being sent to needs to have that information and that both data at rest and data in flight is encrypted.

The roundtable participants agreed that the industry is in a conundrum. Carriers want more help in predictive analytics but are less willing to share the data needed to make those predictions.

And as crucial as avoiding cyber exposures and the corresponding reputational damage is for large, multinational corporations, it is even more acute for smaller companies in the workers’ compensation industry.

Healthcare Solutions’ Cavaness said the millions in loss notification and credit monitoring costs that impact a Target or a Home Depot in the case of a large data theft would devastate many a workers’ compensation service vendor.

“They’d be done in a minute,” Cavaness said.

The barriers to entry in this space are higher now than ever before, continued Cavaness, and companies wishing to do business with large carriers have the burden of proving that its security standards are uncompromising.

In Reality

Workers’ compensation risk management in the United States is by its very nature, complex and demanding. But keep in mind that those charged with managing that risk get better results year after year.

Technology has a proven capability to iron out the system’s inherent complications and take its more mundane tasks off of the shoulders of case adjustors.

The roundtable members agreed that the business goals of a lower cost of risk and an even more productive workforce will follow.
SponsoredContent
BrandStudioLogo

This article was produced by the R&I Brand Studio, a unit of the advertising department of Risk & Insurance, in collaboration with Healthcare Solutions. The editorial staff of Risk & Insurance had no role in its preparation.




Healthcare Solutions serves as a health services company delivering integrated solutions to the property and casualty markets, specializing in workers’ compensation and auto liability/PIP.
Share this article: