MSU Creates New Office of Enterprise Risk Management in Response to Nassar Scandal

Michigan State University has employed a new Chief Compliance Officer in response to the Larry Nassar scandal. By creating an Office of Enterprise Risk Management within the university, MSU is getting on the right track.

Earlier this year, former MSU doctor and USA gymnastics coach Larry Nassar was charged with sexually assaulting 332 students. Shortly after this story broke, Michigan State was embroiled in two other sexual harassment scandals and has since struggled to escape the spotlight.

MSU’s belated and prolonged response to these incidents left many wondering whether the university would be able to regain the trust of their students, faculty, and staff. Recently, however, an MSU board member called for a new office at the school: the Office of Enterprise Risk Management, Ethics, and Compliance.

Nicholas Wittner, an MSU alumni, is the university’s new Chief Compliance Office tasked with creating the new office. In a statement he said, “I’m a Spartan. My wife is a Spartan. I’m embarrassed (by the university’s response to the sexual assault scandal involving Larry Nassar). I’m heartbroken (for the survivors). We can’t have anything like that happen again. I will do everything in my authority to make sure it never happens again.”

Wittner has a clear sense of mission at his troubled alma mater, as every Compliance Officer and Risk Manager should. As he put it, “I am here to ensure compliance. I’m not here to protect Michigan State’s brand.” Indeed, as much as reputational risk should be accounted for, Wittner understands that risk management is first and foremost a means to creating a better tomorrow, to doing what’s right.

What Is Nicholas Wittner’s Role?

President John Engler describes Wittner’s new role as Chief Compliance Officer as a person to check up on those doing the checking across campus.

He’ll be working with existing compliance officers across the university, and with schools and departments who don’t have compliance officers in place, to make sure regulations are followed.

Wittner is also intensely interested in getting every department and level of the university on the same page. As he says, “There needs to be an office that brings together all the reports and compliance efforts.” He believes that although there are many differences, especially in regulations, between the athletics department and the science department, for example, there is something that binds them.

While Wittner did not explicitly define this “something,” I understand him to mean that every part of a school should be committed to and joined by a common mission to protect the student body, above all.

To this end, he’ll be looking at how MSU can develop one consistent code of ethics that every branch of the university can adopt, which plays into his notion that compliance is only half of his job; it’s about creating a culture. He says, “After a university spends $500 million (in settlements), it needs to stand back and say, ‘What lessons have we learned?’

Compliance with external and internal codes of conduct are of course an important lesson to learn. However, I would hope that Wittner and other future members of their inchoate Office of ERM will come to realize that compliance is only a small part of a robust risk management program.

A successful program requires a balance between enforcement of known compliance issues and prevention of new issues through university-wide risk assessments and mitigation and monitoring activities. Without this balance, MSU could fall into the trap so many have fallen in, that is, creating a fix for a known problem without anticipating what’s ahead.

Is an Office of ERM, Ethics, and Compliance What MSU Needs?

There are, unfortunately, too many scandals to accept these days. For each one, after the dust settles, it’s easy for me to see which companies have made it out of the woods and those who haven’t. Companies who believe their issues were one-off, inevitable incidents and therefore treat them as such, do not make it out of the woods. See Wells Fargo, Uber, Chipotle, etc…

But companies who take a moment to step back and understand the true root cause of their problems have a far greater chance of preventing future scandals. In MSU’s case, some could look at this scandal and conclude something like the university needs to do a better job of hiring. But while background checks and thorough vetting processes may reduce the risk of scandal, every company runs the risk of hiring someone who will commit these offenses for the first time. The true scandal MSU is guilty of is letting the harassment continue by not implementing a system to escalate and remediate these incidents.

MSU itself has realized that a huge part of the issue with the Nassar scandal was that multiple people knew about the complaints, but their reports never made it to the school’s board. Wittner’s position will help mitigate this issue, as he reports directly to the board and is coming from a background of enough experience to know what the board needs to understand.

In addition to Wittner’s new role, the university’s new Office of ERM, Ethics, and Compliance signals a step towards integrated communication and a uniform risk culture. Wittner believes the new office will create consistency across the campus and get rid of silos that could allow various departments to sweep issues under the rug, as happened previously.

Wittner’s employment and MSU’s office of ERM is of course in the infancy stages, but the identification of root-cause risk and the implementation of enterprise risk management practices are always steps in the right direction. From here, it will be incredibly important for MSU to grow their enterprise risk management program beyond compliance to gain overarching foresight into new risks and mitigation tactics.

I look at MSU’s efforts as a proof point that education risk management can be the means to a better tomorrow, when a better tomorrow is defined as one where parents can send their children to school feeling confident they’re safe and cared for.

This article was originally posted on LogicManager.com