Unique Programs: Enterprise Risk Management at NC State

Unique Programs: Enterprise Risk Management at NC State
Risk management is a common theme across and within businesses, and at North Carolina State University the Enterprise Risk Management (ERM) program is attracting notice from prospective employers and students alike. Mark Beasley, head of the school's ERM initiative, discusses:

What makes the program unique;
The types of students entering and graduated from the initiative;
How to approach a career in ERM.

Beasley is the Deloitte Professor of Enterprise Risk Management at the College of Management at North Carolina State University in Raleigh, North Carolina. The Enterprise Risk Management (ERM) Initiative at NC State provides thought leadership about ERM practices and their integration with strategy and corporate governance. As founding director, Dr. Beasley leads the ERM Initiative's efforts to help pioneer the development of this emergent discipline through outreach to business professionals, with its ongoing ERM Roundtable Series and ERM Executive Education for boards and senior executives; research, advancing knowledge and understanding of ERM issues; and undergraduate and graduate business education for the next generation of business executives (www.erm.ncsu.edu). He frequently works with boards of directors and senior management teams to assist them in strengthening their risk oversight processes.

TOM FIELD: Hi, this is Tom Field, Editorial Director with Information Security Media Group. We are talking today about enterprise risk management and with us is Mark Beasley, the Deloitte Professor of Enterprise Risk Management at North Carolina State University. Mark thanks so much for joining me today.

MARK BEASLEY: Thank you. Glad to be here.

FIELD: Mark, tell us a little bit about yourself and this Enterprise Risk Management Program that you have at North Carolina State.

BEASLEY: I am, as you mentioned, the Deloitte Professor of Enterprise Risk Management, which means I am on the academic side of the university here at North Carolina State University as a Professor in the College of Business.

We launched a center that we refer to as our Enterprise Risk Management Initiative about six years ago, largely as we looked out and saw what was happening not only in the United States but in Europe, of a growing trend which thought differently about how organizations manage risk. As we began to look for an enterprise view of looking at risk from that top-down sort of portfolio perspective, we realized that it had implications for our business school training the next generation of individuals who will hopefully aspire to be business leaders, chief executives, chief financial officers and chief strategy officers.

I run this ERM Initiative as a Center within our College of Management and the real mission of our ERM Initiative is to be a thought leader on the emerging topic of enterprise risk management with a particular focus on how enterprise risk management fits into strategy of an organization and its governance, particularly from a board of directors' perspective.

FIELD: So what are some of the things that you are doing that makes your program or your initiative unique?

BEASLEY: When we launched our ERM Initiative we were one of the few universities from a business school perspective that had identified this as an emerging topic. What I think makes us unique is we have a very explicit focus, not only in graduate education of our students but also in our research. NC State is a land grant university, which means we have a mission towards reaching out to the business community broadly defined in an extension. We are touching all angles of that. When you look at a typical business school, they tend to hire professors who are narrow experts in their field. Typically a business school will have experts of finance, accounting, economics, etc., but they don't really encourage people or sort of help students connect the fields together like a CEO level person has to do. What is unique is we are trying to help our students see how all these parts of an organization come together and actually create risk for an organization that we then need to manage.

FIELD: That's a good point. Who are your core students and what type of a background do they typically bring to your initiative?

BEASLEY: Our target students currently are graduate students, primarily graduate students in the business school. That would be MBA students, as well other graduate programs that we have here, which are our Masters of Accounting, Masters of Economics, as well as a graduate Ph.D. program in economics.

We also have students that are coming from outside the College of Management who are here at NC State in a graduate program that is referred to as our Financial Mathematics Program. It is a more quantitative kind of training for students who are in the math, physics and industrial engineering fields graduate programs and they are actually participating in some of these courses as well. They are bringing multiple perspectives. Because of some of our students, particularly the MBA students, we have both a part time program and then a full time. The part timers are usually older students who have worked for several years in organizations that are doing an MBA program on a part time basis.

And then some of the other graduate programs are people who are going back to school after having worked for a while, as well as a more traditional program like the Masters of Accounting program that might have someone almost in a fifth year of a college degree, undergrad/masters combined, which then means we are bringing a lot of different perspectives. The students are coming in from lots of different experiences and ages.

FIELD: That's exactly what I wondered. It sounds like an interesting class. You have a mix of academic background with real business background.

BEASLEY: Absolutely. Again, the topic is enterprise risk management and in particular what we are working on to help them to see is if I am leading an organization from the top of a leadership position, whether on management side or on a board, I need to think about the integration of marketing strategy, reputation risk, information technology risk, confidentiality and legal. It comes from all angles.

By bringing these students with these multiple perspectives together, it enriches the class because they are bringing those perspectives into the classroom and I think they are able to see the reality that trying to manage risk from an enterprise view can be quite challenging. You need that diversity.

FIELD: After the students leave the Initiative, how are they using their skills?

BEASLEY: With enterprise risk management, particularly in the corporate sector, I want to make sure people understand it is not just a "for profit" public traded company issue; it applies to "not for profits," governments, all sizes of organizations. The typical situation is in an organization that is really trying to think about its risk differently from a more holistic enterprise view. Generally the person leading that in today's organization has some experience, what I would refer to as "gray hair" more from an analogy perspective, a seasoned kind of professional.

Part of the challenge we have is helping students who are not looking at taking a course in enterprise risk management realize that this is not going to lead to a job right after school. What we are hoping they are seeing is this is becoming an expected core competency of any person aspiring to be in a management/leadership role that it is laying a foundation that has a long-term benefit.

Having said that, we do find that some of our students are finding opportunities because they have been through this coursework, which is in essence a series of three different courses, and they are being hired by organizations that could be fairly large, that could for example be a CFO group within an organization that might be trying to build infrastructure. They need some people to launch and train on a risk management process, helping do risk identification tasks. With internal audit in large organizations and companies, they are heavily involved in this as well as a lot of the consulting firms who are particularly interested in hiring students that have this kind of perspective because they are being asked by a lot of organizations to help them launch a more enterprise view of risk.

We try to help our students realize this is like taking a core business course. For example you would take finance course or an economics course as a part of any graduate program. It is just an expected competency that will round them out and make them more attractive to go into a variety of roles.

FIELD: A few minutes ago you talked about developing this program in response to current business needs. How do you see enterprise risk management education evolving to meet changing demands?

BEASLEY: Business schools are going to feel the pressure more and more as we go, particularly in the current economic crisis that we are experiencing. There is a tremendous amount of focus, particularly in expectations being placed on senior leadership of all kinds of organizations, including government and not for profit to be more effective in how they manage risk.

When you think about the reality of the world we live in today, most would argue that the volume and complexity of risk that organizations deal with are tremendously higher in volume and more complex than they were say ten years ago. I would expect that trend to continue. As we advance as a society we are going to get more complex in how we do business. Look at technology advances and how that has changed the way we think and do business; it allowed for business globalization, outsourcing and that kind of thing.

The demands to be better at risk oversight are only going to go up and business schools are then going to be expected to be thinking about how that should affect their curricula as they not only do graduate education but undergraduate education. Are we exposing students to better ways of thinking about how to go about managing risk?

FIELD: A follow up question then. What do you need from the private and the public sectors to help you grow effectively and keep pace with the changing needs?

BEASLEY: Part of one of the things we are trying to do is look to the private and public sectors just to see their thought leadership. As part of our initiative we have a very robust Web site where we are trying to be a portal of information for people. We learn a lot by seeing the issues that the public and private sectors are facing, and then how they are tackling enterprise risk oversight.

It is helpful to us to hear some of the experiences from organizations that are trying to change how they deal with risk and some of the techniques they are using so we can then bring that back to students. We work directly with organizations to try to do that which helps in our learning. As organizations begin to think about how they want to organize risk, it is helpful for us to better understand what they see as a skill set needed for tomorrow's business school graduate. Think of an MBA graduate. What would a person in the public or private sector that is at a more senior level say are the issues that they deal with daily? That would help educate the university side with some of the challenges they face and the realities of their jobs so that we are more in tune with how the world is shifting. I think that kind of information flow is very helpful. Practical ways to do that are to be willing to share the story through presentations, workshops, classroom instruction and periodically having someone come, tap into a nearby university and be willing to speak as well as just meet with faculty and help them understand the issues.

A lot of it is in information flow. From a university perspective it is realizing that we are doing things like this initiative and other universities have other centers like this. They are not necessarily done freely and there are costs associated with it. If an organization says this is a valid issue and we need help, can they help support that financially to allow us to push the envelope further?

FIELD: Sure. Mark, one last question for you. If you were going to give advice to someone that is looking to start a career or build a career through enterprise risk management now, what advice would you give to them?

BEASLEY: There is an emerging sort of position that a lot of organizations are embracing at a very senior level position that is referred to as a Chief Risk Officer, CRO position. It would be on par with a Chief Operating Officer or Chief Financial Officer kind of position. We interact with these individuals frequently because we have them come in and speak at events that we host.

One of the questions I always have for them is what is the skill set needed for someone aspiring to do the kind of work they do. Clearly technical training and understanding of the basics like understanding how business works, financial as well as strategy, those kinds of fundamental concepts are critical. But what we often hear, regarding advice for a student, is to open their blinders beyond what they see as their specialty.

For example, I often am working with accounting graduates for Master's in Accounting. An accountant can tend to look at things from more of an accounting point of view, what we refer to as the "debits and credit perspective." What we try to help our students realize is that they need to open their horizons. While you are not trained necessarily to be a marketing expert, attorney or information technology expert, you want at least be able to understand that world, be knowledgeable and be able to see the business as a whole.

Enterprise risk management is enterprise-wide and you have to be willing to embrace and understand what is the role of legal, what is the role of IT, how does it fit our strategy and where is the organization going long-term. It is that open-mindedness.

The other skill that we hear CROs ask for is just the common good people skill. We often hear the concept of being a good diplomat, a good communicator, someone who can work well with people, because as they are advising and trying to get risk information across an organization, there is a people element skill that is pretty critical. They have to work with a diverse set of people that are coming at it with a specialty knowledge that maybe the CRO doesn't have. But they have to be able to work with them.

It is that diplomatic kind of ability to lead, communicate and articulate their thoughts in an understandable way. Those are the skills we hear most.

FIELD: That is sound advice. Mark I appreciate you time and your insight today.

BEASLEY: Glad to talk to you.

FIELD: We have been talking with Mark Beasley at NC State. For Information Security Media Group, I'm Tom Field. Thank you very much.

About the Author

Tom Field

Tom Field

Senior Vice President, Editorial, ISMG

Field is responsible for all of ISMG's 28 global media properties and its team of journalists. He also helped to develop and lead ISMG's award-winning summit series that has brought together security practitioners and industry influencers from around the world, as well as ISMG's series of exclusive executive roundtables.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.