The COVID-19 pandemic created perhaps the most consequential disruption ever to higher education. Colleges and universities had to make deep and possibly lasting changes to cope with massive budget shortfalls—estimated to be $183 billion nationwide, before considering the effects of the three rounds of federal COVID-19 stimulus relief programs. While higher education is far from the only industry forced to pivot in the face of this unprecedented global public health crisis, it had to do so while also navigating growing regulatory and societal pressures to improve their financial stability while fulfilling the needs and expectations of a complex network of stakeholders.
The stakeholder landscape for higher education is among the broadest of any industry, including students, parents, faculty, board members, alumni and donors, the research community, and even patients of academic medical centers, the federal government and associated regulatory bodies, among others. Navigating the challenges of severe disruption while meeting the expectations of everyone they serve is no small task, but it is also an opportunity to improve business models and ensure sound stewardship of funding.
According to KPMG's pulse survey of more than 100 U.S. audit committee members—including trustees of higher education institutions—60% report that COVID-19 prompted a reassessment of the audit agenda and risk oversight responsibilities. In light of accelerating industry momentum around budgeting, digitization, access, and equity, KPMG earlier this year published On the 2021 Higher Education Audit Committee Agenda to provide important perspectives and resources on a number of emerging committee priorities. Based on this, we have developed a lesson plan for the year-ahead for higher education boards:
Lesson 1: Adapt Budget Models to Provide a Strong and Resilient Financial Future
Amid the pandemic, higher education institutions dealt with significant drops in both tuition revenue and state appropriations, as well as emerging costs related to IT, health, and safety. Suddenly, a historically static budgeting process for many became highly volatile, raising the question of whether the existing budget model is connected to a sustainable financial strategy and external financial reporting. Most universities also contended with how to utilize and recognize revenues from multiple federal stimulus programs, which added another layer of complexity.
A set-and-forget budget model can no longer meet today's challenges. Therefore, some colleges and universities may need to revisit and enhance their approach to budgeting with more sophisticated forecasting, scenario planning, and zero-based budgeting models. A renewed focus on budgeting can facilitate necessary operating and capital investments while maintaining liquidity to absorb volatility. The alignment of budget models and financial strategy is both necessary and possible in this current moment of crisis. Boards, particularly with input from the finance committee, should assess their current budget models and evaluate options that consider the lessons learned over the last 15+ months.
Discussion question: Is the budget process we had before the pandemic still appropriate, or do we need to revisit it to incorporate more flexibility and the ability to forecast and adjust throughout the year?
Lesson 2: Maintain the Focus on Cybersecurity
Amid the pandemic, more devices and users became digitally connected to university IT systems than ever before. Bandwidths and uses of new technologies were pushed to unforeseen limits as institutions pivoted to cater to a wide range of users, naturally giving rise to more cybersecurity concerns. In the past, common cybersecurity tools and resources, such as two-factor authentication and cybersecurity training programs, helped to mitigate their vulnerability, but would those remain sufficient?
The task at hand is large, and the cost of status quo is immense. Even if cybersecurity has been a focus in the higher education industry for some time now, universities and colleges today need to embrace cutting-edge cybersecurity solutions to mitigate the growing volume and sophistication of cyber threats and fully adhere to increased cyber compliance requirements imposed by regulators and grantors and expectations of stakeholders.
To improve cybersecurity posture, universities should compare their current security preparedness against leading practices. A resulting gap analysis can inform the development of a cybersecurity enhancement roadmap. This roadmap should consider the institution’s need for resources and strategies around penetration testing, process automation, and cybersecurity and technology expertise. To elevate cybersecurity resiliency, leadership needs to ensure their institution has a strong cyber insurance and recovery plan in place and continually evaluates their ransom payment strategy to address ransomware exposure.
Cybersecurity is a team sport that relies on specialists of every kind—Audit committees can play a key role in overseeing management’s cybersecurity plan and matching the industry’s ambition for digitization to enhanced cyber protection for all stakeholders.
Discussion question: Do we have the right and ample resources in place to effectively manage cybersecurity threats and fully adhere to compliance requirements? Have we considered the effectiveness and scalability of cyber strategies to achieve better preparedness and smoother recovery should we have an attack?
Lesson 3: Integrate an Approach to Environmental, Social, Governance (ESG) that Considers the Whole Institution
The disruptive events of 2020—both from COVID-19 and the social unrest over racial injustice—have spurred community interest in broadening the focus of ESG and driven higher education institutions to deepen ESG commitments. While most institutions have committed to concrete sustainability and social efforts, how they will track and accelerate progress around these commitments remains an open question for many, particularly as standards continue to emerge and transparency demanded by internal and external stakeholders expands. Administrators and trustees should work to understand and commit to changes and objective measurements that drive long-term, risk-adjusted investment success and positive ESG effects alike.
Given the sheer number of stakeholders and complexities in implementing ESG initiatives across a distributed enterprise, boards are asking difficult questions, like how ESG factors into strategic planning, risk management, operations, endowment management, vendor selection, and other initiatives, how to ensure the appropriateness and integrity of ESG disclosures, and how to obtain assurance (e.g., internal audit or third parties) over ESG reporting.
Discussion question: Are we taking a forward look at emerging trends and risks that help us set and reach our ESG goals?
Looking Ahead: Course Level 201
The pandemic demonstrated that fulfilling various stakeholder expectations for excellence in higher education during a crisis was uniquely challenging. But the higher education industry, emerging from the depths of the pandemic, is presented with a rewarding opportunity to recalibrate its increasingly risk-driven agenda in 2021.
This multifaceted blueprint for higher education illuminates the need for diverse expertise on boards, such as finance, risk, IT, legal, research, and health. To effectively balance different perspectives amid the transformations of higher education institutions, boards must continue the tradition of consensus building and embrace the growing importance of strategic agenda setting.
 Chronicle of Higher Education, Feb. 5, 2021 How Much Has Covid Cost Colleges? $183 Billion (chronicle.com)