Assessing Reputational Risk
An industry expert discusses the importance of protecting your institution’s name—and how to do so.
By Frank Kurre
“It takes 20 years to build a reputation and five minutes to destroy it.”
Many higher education trustees and administrators would agree with this statement, attributed to Warren Buffet. The most important asset for any college or university is its good name. Lose that and an institution jeopardizes its capacity to attract students, faculty, trustees, and donors. While many colleges and universities have been engaging in enterprisewide assessments to evaluate numerous types of risk—environmental, regulatory, governance, financial, and programmatic—more recently, institutions have added reputational risk to that list. Determining the factors that may undermine stakeholder perceptions requires a comprehensive review of the systems in place to protect and enhance reputation. Conversely, actions that the institution may be taking—in fact or in appearance—that may threaten or damage its good standing must also be identified.
Reputational risk assessment can focus on any number of practices and policies. Here are 10 of the most important areas for practice/policy review.
1. Governance. Effective governance is based on well-conceived bylaws and board policies. Of particular importance are conflict-of-interest statements, which guide and restrict board members in ways that reduce the likelihood that conflicts will arise in fact or in appearance. Consider requiring that board members sign a conflict-of-interest statement; it will clarify that members must always act in the best interests of the institution and refrain from actions that promote self-benefit. Many boards have added morals or ethics clauses to their bylaws or trustee policies, which call for automatic suspension of trustees indicted of a crime and their removal in the event of conviction. Such measures preclude convicted felons from continuing to serve on the board and the damage to the institution’s reputation that would likely result.
2. Executive compensation. Improper handling of executive salary and benefits continues to damage the reputation of institutions. Pay attention to two particularly problematic areas: failure to comply with IRS Intermediate Sanctions regulations and improper reporting of executive compensation on the institution’s Form 990. Other improper practices include hiding or masking payment totals by spreading amounts across numerous affiliated organizations and not fully disclosing all executive bonuses and severance agreements.
3. Employee practices. In general, an institution’s work environment should further the institution’s mission and demonstrate proper social responsibility. Be aware that certain human resources practices may result in a hostile work environment or cause poor staff morale, which can affect your university’s reputation. Implementing a whistle-blower policy and creating a system that allows for upward feedback to management can help minimize problems in this area.
4. Fiscal transparency. Open access to financial operations and their results foster trust and confidence in the institution’s viability. As stewards of the resources entrusted to the college or university, board members have the responsibility to ensure that the financial condition and results of operations are presented in as transparent a manner as possible. Here are some actions that your board can take that will lead to greater fiscal transparency.
- Present financial statements and footnotes clearly and concisely.
- Ensure full compliance with generally accepted accounting principles and seek best-practice disclosures that enhance financial presentation.
- Provide financial narratives in plain language so that the content can be understood by someone with the equivalent of a high school education. These narratives—sometimes referred to as management’s discussion and analysis—could include pie charts, bar graphs, and other illustrations.
- Develop frequently asked questions (FAQs) regarding the financial statements of the institution and provide the appropriate answers.
- Establish a section on the institution’s Web site that includes the audited financial statements, management’s discussion and analysis, FAQs, IRS Form 990s, and other relevant financial documents.
- Provide key constituencies with important financial information in a timely manner.
- Make this financial information available to the general public upon request via public access and e-mail.
5. Compliance with donor restrictions. Honoring donor guidance is imperative to protect the reputation of the institution and safeguard compliance with federal, state, and local laws. To ensure compliance, make sure that proper communication is taking place between your institution’s development and accounting functions. Donor funds should be closely tracked and spent in accordance with the donor’s intent.
Some development departments have expanded the documentation on pledge forms to avoid confusion as to a donor’s intent. Pledge forms may also include a “morals clause” that may stipulate either or both of the following:
- For name-signing opportunities (schools, buildings, halls, etc., named after the donor), the institution reserves the right to remove the donor’s name with no requirement to return the funds to the donor should that individual be convicted of a crime.
- If contributions were paid from illegally obtained funds, the university reserves the right to return those funds to their rightful owner or to an appropriate governmental authority.
6. Internal controls and procedures. Effective internal controls and procedures are essential for protecting assets and ensuring accurate financial reporting. Closely monitor and document key controls, including sufficient segregation of duties, appropriate fraud prevention and detection controls, and adequate backup and training of personnel.
7. Board responsibility related to monitoring of fraud prevention and detection controls. In recent years, trustees have become more focused on identifying and monitoring these areas. Fraud prevention controls protect an institution by deterring individuals from committing deceitful acts, while fraud detection controls identify possible instances of malfeasance for investigation.
Audit committees have primary responsibility for reviewing and monitoring procedures designed to prevent and detect fraud. These include policies and practices governing:
- transactions with trustees and employees, including conflicts of interest;
- transactions with affiliated entities;
- use of corporate credit cards;
- travel and entertainment expenses;
- vendor approval and competitive bidding process;
- personnel/payroll authorization;
- controls over cash receipts and centralized cash functions;
- codes of conduct; and
- segregation of duties over the preparation, authorization, and posting of journal entries.
As a best practice, consider seeing to it that your audit committee requests a series of informational briefings to review internal controls. Such briefings permit audit committees to become more knowledgeable about financial operations and to ask appropriate oversight questions. Audit committees engaged in these discussions tend to enhance an institution’s controls by the very nature of their questions and the related management responses.
8. Asset protection. Institutions must track and closely manage expensive equipment, such as computers, printers, and copy machines. In addition, maintain adequate insurance coverage, including directors and officers liability insurance, as an important safeguard.
9. External communications. Messages that are vague, contradictory, inaccurate, or ill-timed can seriously damage an organization. Conversely, carefully crafted communications and effective use of the media are important elements in protecting and enhancing image. “Think straight, talk straight,” is the best motto.
10. Regulatory and tax compliance. Institutions must navigate through a myriad of federal, state, and local laws and regulations. Make it a priority to monitor the details and ensure compliance; both are critical in not only maintaining the institution’s good name but in avoiding penalties and other threats to adequate funding.
The IRS Form 990 is the most public document for the majority of institutions and is available on Web sites such as www.guidestar.com. Board members and institution executives are advised to ensure full compliance with IRS instructions in preparing the Form 990, a document that the general public, IRS, grant agencies, and others use to evaluate institutional effectiveness. You may want to consider outsourcing to an external accounting firm the preparation of Form 990 if your staff does not have the expertise in preparing the return. Finally, it is the role of audit and finance committees to review carefully the Form 990—in advance of filing the form—with the same standard of care they employ in reviewing the annual financial statement audit.
In today’s competitive environment, higher education institutions cannot effectively achieve their missions if their reputations are compromised. An ongoing reputational risk assessment can ensure that an institution’s good name is not only protected but enhanced. Analyzing the results of a comprehensive risk assessment as part of a trustee or management retreat or as a key component of strategic planning is one important way to ensure an institution’s long-term viability.
FRANK KURRE is the national managing partner for higher education and not-for-profit practices, Grant Thornton, New York.
- NACUBO Expresses Concerns with ED Proposal to Expand Federal Financial Responsibility Rules
- IRS Proposes Modifications to 1098-T Reporting
- ED Policy to Require Annual Student Aid Compliance Audits Beginning FY17
- 2016 Intermediate Accounting and Reporting Fall
October 24-25, 2016
- ON-DEMAND: The CBO's Role in Diversity and Inclusion on Campus
- ON-DEMAND: The Clery Act: Strategic Planning to Mitigate Institutional Risk
- ON-DEMAND: Title IX: Key Issues Surrounding Institutional Compliance
- ON-DEMAND: NACUBO Live! Higher Education Accounting Forum
- ON-DEMAND: Responsibility Center Management: Two Different Perspectives