Risk management in a private higher education institution: Awareness, attitudes, and practices as bases for the development of a risk management plan

Abstract

This study aimed to determine the risk management awareness, attitude, and practices in a private institution of higher learning in Iloilo City as assessed by the employees. It likewise aimed to ascertain whether these variables would relate to one another.

The study employed the survey- co-relational method of research. Formerly known as descriptive research, survey research involves collecting data to test hypotheses or to answer questions about the opinions of people about some topic or issue (Gay & Airasian, 2003). Co-relational research, on the other hand, involves collecting data to determine whether and to what degree a relationship exists between two or more variables (Gay & Airasian, 2003).

The dependent variable was the employees’ assessment of the practices related to risk management in the institution. The independent variables were the employees’ awareness of and attitude towards risk management. Certain personal characteristics-sex, age, educational background, position, years in current position, and years in service were the antecedent variables. As an offshoot of the study, a risk management plan was developed.

The results of the study revealed the following:

1. Generally, the employees were fully aware of risk management in the institution.

2. They generally manifested a very positive attitude towards risk management.

3. The most predominant practices related to risk management as assessed among the participants were: assets (cash, equipment, tools, machinery, software licenses, etc.) are properly safeguarded; only authorized individuals have access on classified/confidential information; and accountabilities are identified.

Least predominant practices related to risk management were: presence of a University Risk Register; presence of a “Risk Champion” or a “Risk Management Leader” in the institution; and trainings are provided to manage risks. Generally, the risk management in the institution was assessed highly practiced among the participants.

4. The participants did not differ significantly in their awareness of risk management when they were classified according to sex, age, educational background, position, years in current position, and years of service.

5. Significant differences existed in the attitude towards risk management among the participants when classified according to educational background. No significant differences existed in the attitude towards risk management among the participants when classified according to sex, age, position, years in current position, and years of service.

6. The participants differed significantly in their assessment of the extent of practices related to risk management when they were classified according to age and years in current position.

No significant differences were noted in the participants’ assessment of the extent of practices related to risk management when they were classified according to sex, educational background, position, and years of service.

7. Positive and significant relationships were noted between the participants’ awareness of risk management and attitude towards risk management; between awareness of risk management and assessment of practices related to risk management; and between attitude towards risk management and assessment of practices related to risk management.

8. As an offshoot of the study, the researcher developed a Risk Management Plan for a private institution of higher learning.

Conclusions

In view of the findings, the following conclusions were drawn:

1. The employees in a private institution of higher learning in this research appear to completely comprehend how risks are being managed in the institution. They seem to totally understand how the institution identifies, assesses, and prioritizes risks followed by a coordinated and economical application of resources to minimize, monitor, and control the probability and/or impact of unfortunate events.

Perhaps, they are very familiar with the systematic application of management policies, procedures and practices to the tasks of establishing the context, identifying, analyzing, assessing, treating, monitoring, and communicating the key areas of concern or threat, which could bring about negative impact to the institution.

In addition, they tend to understand how the institution highlights areas in which objectives are unclear or fail to link with corporate strategies, improved awareness of risk and control, empowerment of individuals through placing their activities in the context of strategy and risk, designating them as risk owners and by eliminating unnecessary controls, improved compliance with external requirements, and internal policy.

As Isaac (2016) aptly says:

“The cornerstone of risk management is firstly an awareness of what the risks are. The first step in the method is thus sensitizing corporations about hazards to persons, property, the environment, assets, or profits. The risk management process begins when safety becomes an integral part of corporate policy and second nature to management and the workforce. ’’

2. The employees in a private institution of higher learning tend to project a mental state of readiness learned and organized through experience, exerting a specific influence on their response to risk management initiatives of the organization. They seem to precisely affirm the established notion that risk management is an extension of good management practice and maintaining focus on key areas of concern or threat.

Perhaps, they are appreciative of the potential benefits, which include increased focus on the achievement of specific strategies that risk management highlights through the identification of risks/uncertainties, analysis of implications, response to minimize risk, allocation of appropriate contingencies.

3. It seems apparent that risk management practices such as:(1) proper safeguards on assets (cash, equipment, tools, machinery, software licenses, etc.); (2) only authorized individuals have access on classified/confidential information; and (3) identification of accountabilities are most evident in a private institution of higher learning. As Manalo, Madriaga & Abustan (2009) emphasize, risks can come from uncertainty in financial markets, project failures, legal liabilities, credit risk, accidents natural causes and disasters as well as deliberate attacks from an adversary.

However, it was emphasized in the results of the investigation that (a) presence of a University Risk Register; presence of a “Risk Champion” or a “Risk Management Leader” in the institution; and (b) trainings are provided to manage risks are not evident in the institution. Although practices on risk management are evident, it seems rational that the private institution of higher learning should institutionalize risk management.

Perhaps difficulties in implementing risk management could no longer be considered an obstacle or as mental blocks among administrators and employees to circumvent some resistance to change or the inability to coordinate within and across departments in the institution among the stakeholders. Moreover, it can fairly encourage the use of various tools of risk identification and analysis, which require extensive risk management training.

Risk management was assessed highly practiced in a private institution of higher learning among the employees. It appears that the potential benefits that risk management may bring are clear to the employees. As it is, risk management will highlight areas in which objectives are unclear or fail to link with institutional strategies.

4.Sex, age, educational background, position, years in current position, and years of service are factors that do not significantly influence the employees’ awareness of risk management.

In other words, regardless of whether one is a male or a female; 40 years old and less or over 40 years old; doctorate, master’s, or bachelor’s degree holders, or with high school or elementary diploma; an administrator, a manager, a supervisor, a faculty, or a staff; had 5 years and less, 6-15 years, or16-25 years stint in current position; or had 5 years and less, 6-15 years,16-25 years, or over 25 years in service to the institution, one’s awareness of risk management remain comparable.

5. Educational background is a factor found to significantly influence one’s attitude towards risk management. As noted in the study, those with elementary diploma had significantly lower mean attitude score compared with those with doctorate, master’s and bachelor’s degrees and high school diploma.

It seems to imply that one’s mental state of readiness learned and organized through experience, exerts a specific influence on one’s response to people, objects, and situations with which it is related, is a product of one’s education, as in the case of risk management. As Ivancevich and Matteson (2002) explain, attitudes are determinants of behavior because they are linked with perceptions, personality, feelings, and motivation which may have been brought to fore through learning. Hence, it can be construed that the higher one’s education is, the more one can relate to certain institutional strategy as exemplified by risk management in this research.

Sex, age, position, years in current position, and years of service are factors that do not significantly influence the employees’ awareness of risk management.

In other words, regardless of whether one is a male or a female; 40 years old and less or over 40 years old; an administrator, a manager, a supervisor, a faculty, or a staff; had 5 years and less, 6-15 years, or16-25 years stint in current position; had 5 years and less, 6-15 years, 16-25 years, or over 25 years in service to the institution, one’s attitude towards risk management remain comparable.

6. Age and years in current position are factors found to significantly influence one’s assessment of the extent of practices related to risk management. In terms of age, it was revealed that younger employees (40 years old and less) had higher assessment of the extent of practices related to risk management compared with their older (over 40 years old) counterparts. These young people tend to appreciate the mechanics or the actual application of risk management in the institution.

As to years in current position, it was revealed that those with 6-15 years stint in their current position had significantly lower assessment of the extent of practices related to risk management compared with those with 5 years and less. Complacency due to longer exposure to their designated tasks somehow creates an attitude of “all is well”. This means that being steadfast, left alone in the mindset is that anything could happen even if it is not expected. As the saying goes, “for every undertaking one undertakes, it is always coupled with a risk.” Besides, most often than not, these are calculated risks.

On the part of those with shorter stint in their positions, their being new seems to justify their curiosity of the world around them. As such, they tend to give the benefit of their doubts.

Sex, age, educational background, position, and years of service are factors found not to significantly influence the employees’ awareness of risk management.

Hence, regardless of whether one is a male or a female; a doctorate, master’s, or bachelor’s degree holders, or with high school or elementary diploma; an administrator, a manager, a supervisor, a faculty, or a staff; had 5 years and less, 6-15 years, or16-25 years stint in current position; had 5 years and less, 6-15 years, 16-25 years, or over 25 years in service to the institution, one’s attitude towards risk management remain comparable.

7. The participants’ awareness of, attitude towards and assessment of practices related to risk management were positively and significantly related. Perhaps it is safe to say that one’s assessment of practices related to risk management could be a product of one’s awareness of and attitude towards risk. As the theory of reasons action (Ajzen and Fishbein, 1980) explain, people are rational and will make predictable decisions in specific circumstances. They often rationally think about the consequences of their behavior prior to acting and their intention to perform a certain action is the primary determinant of their action.

Likewise, the systems theory tells us that the activity of any segment of an organization affects, in varying degrees, the activity of every other segment. Following this argument, it appears that, risk management in a private educational instruction or any institution for that matter could be understood in terms employees’ identification, assessment, and prioritization of risks followed by coordinated and economical application of resources to minimize, monitor, and control the probability and/or impact of unfortunate events.

8. It appears that risk management is one of the most essential components of an organization, like a private higher education institution in this research. With the Risk Management Plan, the institution can forge a systematic application of management policies, procedures and practices to the tasks of establishing the context, identifying, analyzing, assessing, treating, monitoring, and communicating the key areas of concern or threat, which could bring about negative impact to the institution.

Perhaps, the institution can now link risk management with corporate strategies. As a matter of reference, at Kent University, risk management is an extension of good management practice and maintains focus on key areas of concern that pose as threats to the institution.

With the Risk Management Plan, strategic initiatives will highlight increased awareness of risk and control by empowerment of individuals through placing their activities in the context of strategy and risk. Designating risk owners to eliminate unnecessary controls; improved compliance with external requirements and internal policy; increased assurance that there are ‘no surprises’; and greater institutional awareness of the benefits of safe risk taking seem imperative.

Recommendations

In view of the findings and conclusions, the researcher recommends the following:

1. Informed of the findings, higher education institutions can refer to the findings to design their own institutional risk management plan. This will enable them to evaluate the risks based on the probability that the risk events will occur and the potential loss associated with the events-by developing an understanding of which potential risks have the greatest possibility of occurring and can have the greatest negative impact on the institution.

The researcher recommends few essential items to be included in a risk management plan. These include a list of individual risks, a rating of each risk based on likelihood and impact, an assessment of current controls, and a plan of action.

Building on the identification of the risks, educational institutions should see to it that each risk event is analyzed to determine the likelihood of occurring and the potential cost if it did occur. The Risk Management Plan, therefore, should integrate the development of alternative plans to respond to the occurrence of a risk event.

2. The administrators and heads of units of a private institution of higher learning considered in this research should take cognizance of the importance of the move to institutionalize risk management. By promoting a risk aware culture within the institution, the researcher recommends that, the administrators or heads of units should consider the following as identified by Isaac (2017). These are: (a) inclusion of knowledge of risk management issues as one of the selection criterion when recruiting staff; (b) form a safety committee that reviews complaints, accidents, injuries and other safety incidents; (c)conduct risk audits and involving as many people as possible in the organization in the risk auditing process; (d) stage workshops on risk management (preferably with an expert in risk management present); (e) display posters that promote safety and risk management around the organization’s premises; (f) benchmarking - learning about "best practice" from other organizations that have implemented risk management; and (g) sending organization personnel to attend industry seminars on risk management.

3. Employees of a private institution of higher learning are encouraged to participate on management-sponsored risk management training. The main purpose of the training is to raise basic awareness of risk management concepts and mechanisms, to enable the employees to identify and manage risks in their own units and to strengthen management operations through adequate forward planning of potential risks.

The suggested topics should include but not limited to understanding the institution’s approach to risk management; understand how risk management affects decision-making in the institution; conduct a risk analysis by drawing up a risk profile and using a risk matrix; identify risks/uncertainties to achieving a set of objectives and expected results; prioritize uncertainties; and decide how to act on the uncertainties within the framework of organizational planning.

4. Future researchers may refer to the findings as their guide in research endeavors concerning institutional risk management. They may undertake studies to analyze the impact of risk management on good governance and recognizing and managing risks through effective knowledge management. They may likewise endeavor to study how organizations manage internal risks strategic, programmatic, operational operations/business process, management and information, organizational/general administration, human capital/people risks, integrity, information technology, and financial; and external risks impinging upon institutional functioning-political, economic, socio-cultural, technological, legal or regulatory, environmental, and security.

5. The UNESCO’s Risk Management Handbook (2010) provides that; “The organization can be successful only if risks are anticipated; carefully measured and adequately managed against set objectives.” Educational institutions, therefore, may adapt the Risk Management Plan prepared by the researcher. The Plan provides an entry point and basis for managing risks effectively in an institution, more specifically for a private institution of higher learning.