In a recent survey by United Educators, it is clear that more colleges and universities than ever are implementing ERM as a way to prepare for and respond to risks and opportunities. Preparation for one of the most significant risks to these institutions, unfortunately, is not as prominent. Reputational risk is emerging as a top risk for colleges and universities due to its increasing likelihood, quickness to spread, and the high impact such a risk can have on an institution. This article assesses ERM practices at colleges and universities, describes reputational risk factors, and provides the best practices for identifying, prioritizing, and mitigating reputational risks.

ERM in Higher Education

Higher education institutions have historically been slow to adopt ERM policies and practices. However, over the past few years this has changed with 70% of institutions reporting a formal ERM process and structure in place in 2017. Board integration in the ERM process is also reportedly increasing as 69% of surveyed institutions in 2017 say that they are discussing institutional risk to the full board. Though this increase is promising, much of the responsibility of discussing risk is still falling on the audit committee with only 14% of institutions having board risk committees.

When addressing who is responsible for leading ERM within these institutions, the responses vary. Approximately 40% of respondents believe the responsibility falls on the CFO or the Chief Administrative officer and another 19% believe the responsibility falls on one of these two and is shared with another senior leader. Assigning responsibility for ERM and reputational risk is task that should be taken with great consideration as university leadership is highly scrutinized and individuals in these roles often are connected to the root causes of reputational risk events.  

Reputational Risk in Higher Education

The top four reputational risks in the past three years are identified, and described by their risk factors, in descending order.

  1. Campus Climate
    1. Diversity and inclusion of student body
    2. Diversity and inclusion of senior management
    3. Controversial speakers
  2. Sexual Assault/Title IX
    1. Prevention and response to student-on-student sexual assault
    2. Title IX compliance
  3. Academic Programs
    1. Quality and integrity of academic programs
    2. Quality of students and faculty
    3. Faculty conduct
    4. Integrity of researchers and federal grant administrations
  4. Student Behavior
    1. Greek organizations
    2. Campus safety
    3. Student mental health
    4. Inclusion of international students

Going forward, the top three reputational risks of the future were identified as:

  1. Business Model
  2. Sexual Assault/Title IX
  3. Campus Climate

Interestingly, the top reputational risk that institutions believe they face in the future is sustaining the business model of universities and colleges. High tuition, large tuition discounts, and diminishing state support are all factors that test the viability of the current business model.

Managing Reputational Risks in Higher Education

When managing reputational risks, it is essential to take guidance from the ERM framework, especially the governance and culture aspects. To successfully manage their reputational risks, higher education institutions must build their governance and culture to set the tone at the top, engage leaders in risk management, enforce accountability, and demonstrate desired behaviors surrounding reputational risk. Identifying, assessing, and managing reputational risks can help ensure that when reputational risk events occur, the impact is less devastating.

Institutions can take steps to promote the identification of reputational risks by allocating resources and developing capabilities relating to the specific management of these risks. The connection between managing reputational risk and high performing institutions is a key indicator that spending energy and resources on reputational risks is more than worth the costs. High performing institutions are more likely to have a formal ERM process and structure, to proactively manage reputational risk, to know when a reputational risk event has occurred, and have a better understanding of reputational risk outcomes. However, despite this preparedness, only 57% of high performing institutions believe that they can withstand a major reputational risk event.

Best Practices for Managing Reputational Risks

There are seven key practices to best manage reputational risks.

  1. Understand the institution’s current reputation through social media mentions and rankings in guidebooks.
  2. Assess the culture of the institution and make clear the mission and values of the institution.
  3. Assigned ownership of the institution’s reputational risks and create specific line of communication between leaders.
  4. Consider the institution’s programs, people, or areas that are highly esteemed and perceived to be above the rules.
  5. Obtain a collection of all risks and understand how non-reputational risks may affect reputational risks.
  6. Communicate the risk portfolio and mitigation plans with the Board on a regular basis, conveying the resilience of the institution should a risk event occur.
  7. Create and maintain a risk monitoring system to proactively identify potential risk events. 


While colleges and universities are making progress in terms of establishing ERM policies and practices, there is still a gap in the preparedness of institutions and the probability of reputational risk events occurring. Even more concerning is the devastating impact that reputational risk events have on institutions. To improve their preparedness for such events, and promote long-term success, institutions should move toward governance, culture, and practices that help identify, prioritize, and manage reputational risks.

Link: United Educators “ERM and Reputational Risk: More Talk Than Action?”

Subscribe to ERM Insights

The latest research, insights and opportunities from the NC State ERM Initiative to help
you and your organization lead with confidence.

ERM Enterprise Risk Management Initiative 2019-02-21