Risk & Compliance

The modern campus is more interconnected, providing seamless access to university resources, collaboration, and research. In parallel, adversaries are advancing cyberattack campaigns to disrupt university operations. Our cyber services include cyber assessment, strategy, design, implementation, and operations.

• Digital Identity secures access to high-valued assets with our services for Identity & Access Governance, Advanced Authentication, Privileged Access Management, Identity Analytics, Directory Services, and Consumer Identity
• Strategy & Assessments identify security gaps and assess compliance against industry standards (e.g., DFARS/NIST 800-171) and design modern cyber programs
• Application, Infrastructure, & Cloud services include network and application (e.g. ERP, SIS) security controls implementation and adversarial simulation capabilities like penetration testing and red-teaming
• Detect & Respond services include 24/7 monitoring of security events, including triage, incident escalation, attack surface management, threat intelligence, threat analytics, and threat hunting

Third-party threats have become relatively commonplace in our increasingly complex environment, heavily targeting both public and private entities. As a result, universities (regardless of size) are taking an enhanced security stance as cyber-attacks continue to increase both in size, scale, and frequency. Additionally, boards/trustees have a desire to get a better handle on the evolving risk landscape beyond cyber, including financial, geopolitical, anti-bribery & corruption, health & safety, etc. and how operations can be impacted.

To adequately respond and protect the multitude of stakeholders within universities, numerous functions (IT, Risk, Compliance, Internal Audit, Procurement, Legal, etc.) are becoming more proactive by using preventative measures via the establishment of Third Party Risk Management Programs, which can help reduce the cost of impact resulting third-party related events.

Specifically, we support our clients through:

• Cost Recovery & Compliance, review contract terms to identify high risks, understand root causes and conditions that focus on cost recovery/containment
• TPRM Program Assessments, evaluate current TPRM practices and risks against Deloitte TPRM framework and mature TPRM capabilities
• TPRM Program Design, design TPRM governance, policies & procedures, operating model, communication strategies, etc. as well as procedures to help identify and manage third party risks
• TPRM Managed Services, assist institutions with screening, assessing, reporting, and monitoring their third parties while offering support and training for stakeholders
• Technology Implementations, define TPRM technology needs and implement solutions to manage TPRM programs (standalone TPRM or GRC)

Established structures in higher education institutions often struggle to keep pace with rapidly evolving demands and emerging risks. We help universities assess their controls and processes that address key risk areas and functions such as research management, admissions, and endowments, as well as risks and controls related to evolving IT systems, applications, and cyber and digital risks. We assist organizations in innovating and modernizing to bring deeper insights, provide advice to inform business decisions, and anticipate emerging risks to have greater impact and influence within the institution. Through innovative methods, advanced analytics, and labs, we can help you bring greater value to the institution from assurance, compliance, and controls advisory activities.

The higher education landscape is rapidly changing, leading institutions to rethink their approach to risk management with an enterprise-wide lens. ERM encompasses the processes, tools, and culture-building activities that can help uncover risks to your institution’s ability to deliver on your core mission.

We help our higher education clients:

• Creating risk frameworks through the development of risk taxonomies, assess the maturity of their ERM programs, develop risk appetite, tolerance and key risk indicators
• Implementing ERM programs through proactively identifying, assessing, prioritizing and respond to risks, enabling informed decision-making through a risk-based framework
• Assessing strategic risks through risk deep dives, strategic risk assessments and predictive risk sensing
• Designing risk governance to promote risk awareness across academic and administrative factions of the institution

Collectively, our approach and methodology aids institutions in building a more risk-aware institution.

Learn more about our solutions to develop a risk intelligent institution

In a complex and dynamic regulatory environment where compliance matters, we recognize that a strong compliance record can become a differentiator and a competitive advantage. Simply put, institutions with strong enterprise compliance programs can focus their strategic priorities and provide evidence-based assurances to their stakeholders.

We adhere to leading marketplace practices (as identified by a variety of regulatory and other frameworks, compliance and ethics professional associations, and thought leaders) in delivering our services.

Specifically, we support our clients through:

• Assessing the current state of compliance program and development of enterprise-wide strategies to mature the compliance program
• Designing sustainable compliance programs that include governance, processes, tools and capabilities to strategically manage compliance risks
• Conducting compliance risk assessments to identify risks facing institutions in relation to regulatory compliance
• Developing mitigation strategies to respond to specific compliance risks