Services

Risk & Compliance

How do institutions continue to protect their most valuable assets while consistently meeting the ever-growing demands of a high-risk global environment? Whether your challenge is cyber, transactional, regulatory, or internal controls, we can help you manage risk and increase accountability through highly customized solutions that will allow your institution to preempt risks; define what’s vital; and continue to protect and grow your institution so that you can keep pace, focus on your mission, and move on what matters.

Risk & Compliance

Cyber Third Party Risk Management Internal audit and controls Enterprise risk management (ERM) Compliance

Cyber

The modern campus is more interconnected, providing seamless access to university resources, collaboration, and research. In parallel, adversaries are advancing cyberattack campaigns to disrupt university operations. Our cyber services include cyber assessment, strategy, design, implementation, and operations.

Digital Identity secures access to high-valued assets with our services for Identity & Access Governance, Advanced Authentication, Privileged Access Management, Identity Analytics, Directory Services, and Consumer Identity
Strategy & Assessments identify security gaps and assess compliance against industry standards (e.g., DFARS/NIST 800-171) and design modern cyber programs
Application, Infrastructure, & Cloud services include network and application (e.g. ERP, SIS) security controls implementation and adversarial simulation capabilities like penetration testing and red-teaming
Detect & Respond services include 24/7 monitoring of security events, including triage, incident escalation, attack surface management, threat intelligence, threat analytics, and threat hunting

Third Party Risk Management

Third-party threats have become relatively commonplace in our increasingly complex environment, heavily targeting both public and private entities. As a result, universities (regardless of size) are taking an enhanced security stance as cyber-attacks continue to increase both in size, scale, and frequency. Additionally, boards/trustees have a desire to get a better handle on the evolving risk landscape beyond cyber, including financial, geopolitical, anti-bribery & corruption, health & safety, etc. and how operations can be impacted.

To adequately respond and protect the multitude of stakeholders within universities, numerous functions (IT, Risk, Compliance, Internal Audit, Procurement, Legal, etc.) are becoming more proactive by using preventative measures via the establishment of Third Party Risk Management Programs, which can help reduce the cost of impact resulting third-party related events.

Specifically, we support our clients through:

Cost Recovery & Compliance, review contract terms to identify high risks, understand root causes and conditions that focus on cost recovery/containment
TPRM Program Assessments, evaluate current TPRM practices and risks against Deloitte TPRM framework and mature TPRM capabilities
TPRM Program Design, design TPRM governance, policies & procedures, operating model, communication strategies, etc. as well as procedures to help identify and manage third party risks
TPRM Managed Services, assist institutions with screening, assessing, reporting, and monitoring their third parties while offering support and training for stakeholders
Technology Implementations, define TPRM technology needs and implement solutions to manage TPRM programs (standalone TPRM or GRC)

Internal audit and controls

Established structures in higher education institutions often struggle to keep pace with rapidly evolving demands and emerging risks. We help universities assess their controls and processes that address key risk areas and functions such as research management, admissions, and endowments, as well as risks and controls related to evolving IT systems, applications, and cyber and digital risks. We assist organizations in innovating and modernizing to bring deeper insights, provide advice to inform business decisions, and anticipate emerging risks to have greater impact and influence within the institution. Through innovative methods, advanced analytics, and labs, we can help you bring greater value to the institution from assurance, compliance, and controls advisory activities.

Enterprise risk management (ERM)

The higher education landscape is rapidly changing, leading institutions to rethink their approach to risk management with an enterprise-wide lens. ERM encompasses the processes, tools, and culture-building activities that can help uncover risks to your institution’s ability to deliver on your core mission.

We help our higher education clients:

Creating risk frameworks through the development of risk taxonomies, assess the maturity of their ERM programs, develop risk appetite, tolerance and key risk indicators
Implementing ERM programs through proactively identifying, assessing, prioritizing and respond to risks, enabling informed decision-making through a risk-based framework
Assessing strategic risks through risk deep dives, strategic risk assessments and predictive risk sensing
Designing risk governance to promote risk awareness across academic and administrative factions of the institution

Collectively, our approach and methodology aids institutions in building a more risk-aware institution.

Learn more about our solutions to develop a risk intelligent institution

Compliance

In a complex and dynamic regulatory environment where compliance matters, we recognize that a strong compliance record can become a differentiator and a competitive advantage. Simply put, institutions with strong enterprise compliance programs can focus their strategic priorities and provide evidence-based assurances to their stakeholders.

We adhere to leading marketplace practices (as identified by a variety of regulatory and other frameworks, compliance and ethics professional associations, and thought leaders) in delivering our services.

Specifically, we support our clients through:

Assessing the current state of compliance program and development of enterprise-wide strategies to mature the compliance program
Designing sustainable compliance programs that include governance, processes, tools and capabilities to strategically manage compliance risks
Conducting compliance risk assessments to identify risks facing institutions in relation to regulatory compliance
Developing mitigation strategies to respond to specific compliance risks

Client success stories

Working with a diverse range of institutions positions us to contribute actionable insights and analysis to the dialogue on enhanced financial and educational outcomes.

title=Client success stories
Working with a diverse range of institutions positions us to contribute actionable insights and analysis to the dialogue on enhanced financial and educational outcomes.

Compliance with data regulations

Helping a higher education institution comply with protected data regulations

Download the PDF

IAM Implementation

Identity and Access Management (IAM) implementation at a leading US university

Download the PDF

Bringing a risk and controls lens to a Higher Ed Workday implementation

By involving our Internal Audit specialists, the university obtained customized recommendations to implement along its journey

Download the PDF

${column4-title}

${column4-text}

${column4-button-text}

Explore proprietary research, news, and analysis from our Higher Education specialists.

Webinar

Preparing Higher Education for Cybersecurity Model Maturity Certification (CMMC): How IT and Risk Leaders Should Prepare Now

Listen in on our insightful discussion with Deloitte’s Higher Education Cyber and Risk practice leaders to explore the Cybersecurity Maturity Model Certification (CMMC) program rule that went into effect in late 2024. As higher education IT and risk leaders unpack what this rule means to their institutions, this webinar explores how CMMC became a requirement and why, how it applies to higher education and why colleges and universities should care, requirements to comply, and areas that IT and Risk leaders should be thinking about to ensure readiness.

Watch now

Article

Balancing Cybersecurity and Innovation

Read about our work with the Georgia Tech Supply Chain and Logistics Institute on the topic of balancing cybersecurity and innovation, featured in Technology Magazine.

Article

Risk Gets Schooled: Educators Discuss Value of ERM

Higher education leaders discuss how enterprise risk management (ERM) has grown dramatically in importance across industries. Insights shared on how to create an effective ERM function, the correlation between ERM and corporate performance, and the leadership commitment needed to support ERM efforts.

Article

ERM Informs Post-Pandemic Path in Higher Education

Colleges and universities are starting to see past the difficulties and costs of the last two years to focus on their post-pandemic futures. As they do, they are being challenged to manage a collection of reputational risks. A proactive ERM program may help academic leaders to keep pace with the rapidly evolving risk landscape in the higher education sector.

Tool

Considerations for Maturity Model Selection

When selecting a maturity model to benchmark and assess the progress of your enterprise risk management program, there are a variety of considerations that will make this a useful tool and an accelerator for program growth and maturity.

Download the PDF

Article

Higher Education Responds to Environmental, Social, and Governance Risk

Managing risk has become an intrinsic part of leading a higher education institution. Preparing for potential consequences of geopolitical risk; keeping up with the rapid evolution of emerging technologies; and addressing environmental, social, and governance (ESG) issues have also been on leaders’ radars.

Article

Campus Security Leaders: ‘Champions of Culture’

Colleges and universities are increasingly the targets of ransomware, phishing, and other attacks, highlighting the importance of collaboration across campuses to bolster protection.

whitepaper

Significant risks facing higher education: Volume 2

The COVID-19 pandemic exacerbated and accelerated many of the longer-term challenges existing in the higher education sector. Institutions that utilize an enterprise-level approach to risk management may be better positioned to proactively respond to the evolving risk landscape.

Download the PDF

whitepaper

Significant risks facing higher education: Volume 1

As higher education continues to rapidly evolve, new risks will emerge, and universities must be comfortable with a “new normal” of perpetual discomfort. In response, many schools are re-thinking how they look at risk and taking an “enterprise” approach to risk management.

Download the PDF

Article

Back-to-School Planning: Funding Strategies for Higher Education

Relief funds for colleges and universities can enable recovery from the pandemic, but they come with operational and administrative requirements to scrutinize and investment opportunities to consider.

Whitepaper

An integrated approach to risk management

With admissions scandals, athletic violations, and other reputation-damaging matters dominating the headlines, many institutions are reflecting on their capability to identify and mitigate risks. We explore how institutions are implementing risk management structures and capabilities to enhance the visibility of emerging risks and identify key strategies for mitigating risks.

Download the PDF

Whitepaper

Concise guide to help higher education address compliance

The changing regulatory landscape will require institutions to remain vigilant. It’s important for institutions to be strategic in the adoption of compliance activities by understanding their particular set of requirements and expectations. We can help higher education institutions understand this dynamic regulatory landscape, and promptly help them achieve compliance, by implementing the required compliance activities that can become sustainable and integrated with day-to-day operations.

Download the PDF

Podcast

Higher Education ERM

Deloitte’s Cynthia Vitters chats with Rob Clark, Chief Compliance Officer at Howard University, about Enterprise Risk Management (ERM) in higher education and other risks that are specific to the university system.

Listen now

Article

Campus Leaders Rethink Education, Business Models

After taking significant measures to respond to COVID-19, higher education leaders are bracing for another phase of change. Hybrid learning models are likely here to stay, but how can the pandemic-prompted experience be improved and made sustainable?

Read now

Article

Higher Education Leaders Tackle Slate of New Risks

Faced with an uncertain future amid a global pandemic, leaders at many academic institutions are rethinking numerous aspects of their traditional educational and business models.

Read now

Article

ERM, Internal Audit Elevate Risk Solutions at Case Western Reserve

A formal approach to enterprise risk management promotes broad and deep understanding of risk shared across the university.

Cynthia Vitters

Risk & Financial Advisory Leader

cvitters@deloitte.com

+1 571 858 0857 | LinkedIn

Dawn Jones

Managing Director

dawjones@deloitte.com

+1 703 251 1871 | LinkedIn

Subhasish Mitra

Managing Director

submitra@deloitte.com

+1 385 239 9252 | LinkedIn

Jake Braunsdorf

Senior Manager

jbraunsdorf@deloitte.com

+1 571 858 1285 | LinkedIn

Insert Custom CSS fragment. Do not delete! This box/component contains code needed on this page. This message will not be visible when page is activated.
+++ DO NOT USE THIS FRAGMENT WITHOUT EXPLICIT APPROVAL FROM THE CREATIVE STUDIO DEVELOPMENT TEAM +++

Viewing offline content

Risk & Compliance

Risk & Compliance

${second-image-title-copy}

Cyber

Third Party Risk Management

Internal audit and controls

Enterprise risk management (ERM)

Compliance

Client success stories

title=Client success storiesWorking with a diverse range of institutions positions us to contribute actionable insights and analysis to the dialogue on enhanced financial and educational outcomes.

Compliance with data regulations

IAM Implementation

Bringing a risk and controls lens to a Higher Ed Workday implementation

${column4-title}

Meet the Higher Education team

Recommendations

title=Client success stories
Working with a diverse range of institutions positions us to contribute actionable insights and analysis to the dialogue on enhanced financial and educational outcomes.