This post first appeared on Risk Management Monitor. Read the original article.
Luke Figora, senior associate vice president and chief risk and compliance officer at Northwestern University, was named the RIMS 2019 Risk Manager of the Year today.
With annual revenues of approximately $2.5 billion (reported in 2018) and nearly $700 million in sponsored research annually, Northwestern is among the country’s leading research universities. Figora has risen quickly through the ranks at Northwestern, where his enterprise risk management (ERM) framework has elevated its risk culture across three campuses—two in Illinois and one in Qatar.
Figora spoke with Risk Management Monitor about his experience as one of the youngest stakeholders among Northwestern’s leadership, his process of customizing an ERM matrix and his reaction to the recent college admissions scandal.
Risk Management Monitor: You and your department created an ERM matrix in the past year that united Northwestern’s compliance owners and that may even set a precedent in higher education. What went into its creation?
Luke Figora: We spent a lot of time defining risk appetite statements and tried to make our program a little more outcome-based and actually show how we’re moving the needle on uncertain key risks for Northwestern. And we avoided spending too much time aligning perfectly to one of the ERM frameworks like COSO or ISO. So I think if someone looked at our program from the outside, it might not check all the boxes from a typical model perspective, but it’s driving action here at Northwestern and it seems to be the right level for engagement with our stakeholders.
I think one of the biggest challenges for ERM at Northwestern—and maybe this is true across the industry—is that we don’t necessarily have one strategy right now. We have some pillars and values that Northwestern follows, but we’re ultimately a very decentralized institution that has a number of schools, and a number of units in each one of those have slightly different objectives and goals.
RMM: It seems that there is a degree of transparency, but not full transparency.
LF: Right. For example, athletics and the School of Medicine have very different risk profiles and neither one of them should know the other’s risks or operations. And it would be hard for someone in athletics to speak about the risks of animal research within the School of Medicine. I think that’s where our risk office plays a role in right-sizing the expectations and taking the feedback from all the units, but trying to do some triage through that.
RMM: Many of your colleagues are several years your senior—how has that impacted your work?
LF: I am probably the youngest person on the leadership team across the institution, but it has probably been beneficial. I have tried to bring different ideas and update the ways in which we think about risk. I’m not jaded by the insurance industry, and I think people are receptive because of that.
RMM: Since arriving at Northwestern nearly five years ago, you moved up the ranks relatively quickly, although you’ve maintained that was not your goal. How would you advise young risk professionals as they get their feet wet?
LF: I think all of us at early stages in our careers can’t wait to be a manager and want that vertical growth and the chance to lead a team, but the bigger driving factor for me has been horizontal growth and expanding the portfolio. After that, I believe the other opportunities will come. That is a belief I try to hammer home in my work and when I make industry presentations.
RMM: The college admissions system is a hot topic due to the major scandal that broke in March. How might that have affected where the admissions process is on Northwestern’s risk register?
LF: Last year at this time, fraud in the admissions cycle wouldn’t have been one of our top 10 enterprise risks. But when things like this break, there is a tendency to go into reaction mode and examine whether we have similar issues. I always try to keep people level-headed and remind them that just because this hit doesn’t mean it moves to number one on our crisis management list for the year. It is worth doing a deep dive into the question or topic that’s in the news, but whenever scandals hit, I think we’ve tried to approach them with a rational view.
RMM: It sounds like the knee-jerk reaction is to go into crisis communication mode, even though it’s not your crisis.
LF: We know we’re going to get questions from our trustees, so there’s an initial all-hands-on-deck mentality. You have to make sure you have talking points that outline how we’ve thought about it because we know we’re going to get questions from the media. We do focus on crisis communications, but it becomes more about knowing if we have the right controls that could protect the institution from something like this happening to us.
Figora was also the special guest on this week’s RIMScast, which you can download here.