Information Management of The Risks at the Level of the Education Unit

Abstract

Disturbing the projected activities proposed for reaching the objectives of the managerial program will for sure lead to the unfulfillment of set objectives. In order to manage these events, which lead to losses, the studies conducted by the entities and organizations in the private sector have demonstrated the necessity of an existing risk manager. Giving the fact that at the educational units level there cannot be created such positions, the duty of organizing a risk management task force falls on the leaderships of each them. The directors and principals of educational units must pay extra attention in identifying, describing and evaluating risks that schools are exposed to. In order to monitor the risks which may interfere with the activities that are being developed at the level of each educational unit, The Regulation of organizing and functioning of pre-university educational units requires the existence of a commission with permanent duties known as the Commission of Internal Managerial Control. By implementing an IT application adapted for the specific of each school may represent an efficient and easy way through which the leadership of such unit can assess and fulfil risk management

Keywords: IT application, risk, risk management

Introduction

Organizational management can be seen as a complex process of actions carried out in order to ensure the normal, efficient functionality of organized human communities (economic enterprises, political organizations, educational institutions, etc.) in their entirety, as well as of each component structural link (Cornescu et al., 2001).

Considering the fact that a project of study of management is "the study of management processes and relationships, in order to discover the links and principles that govern them, to conceive of new systems, methods, techniques and ways of management, capable of ensuring the lifting of efficiency" (Nicolescu & Verboncu, 1999), it follows very clearly that management modern is a complex human activity that requires creativity and scientific research, practice and innovation.

C. A. Williams, M. L. Smith, and P. C. Young proposed a model of organizational management that includes risk management, called the strategic, operational, and risk management model (Williams et al., 1998).

If through strategic management, "the management of the organization determines its long-term evolution and performance, ensuring the rigorous formulation, proper application and continuous evaluation of the established strategy", (David, 2000) through the management of risks, the management of the organization through the use of their various analytical and operational methods and means, designs the most appropriate strategy for identifying and monitoring risks, with the aim of identifying, prioritizing and adopting the right measures to avoid losses and achieve the organization's objectives. In this context, the strategy is "a choice of decision criteria called strategic because they aim to guide in a decisive and long-term manner the activities and structures of the organization (Bryson, 1995).

According to the literature, risk is a "probable event, generating losses" (Marcu, 2000), a phenomenon encountered in everyday life, in all fields of activity, it is associated with the term loss. Also, the risk is seen as a "chance to suffer a loss” (merriam-webster.com, 2022).

Risk can be defined as "the likelihood that a threat will capitalize on a system vulnerability to produce a serious adverse effect that distorts the expected outcome" (Briceag, 2014).

Currently, there are a multitude of international approaches to risk management that seek to identify the best and most effective analytical and operational methods and means, with the help of which the management of the organization can keep under control the losses generated by the risks (Bookstaber, 1997; Coolins & Fabozzi, 1999; Hillson, 2004; Hunter & Smith, 2000).

Also, and internally a number of specialists in the field of economics and information security, but not only, have developed a series of theoretical approaches to risk management (Cosea & Nastovici, 2000; Ilie et al., 1996; Ilie, 2006).

In the case of the school, seen as an organization, the loss may be related to the degree of disruption of the organization and development of the educational process, of the degree of security, safety and health of the pupils and of the school staff in the premises and perimeter of the school unit. All these material, organizational and informational elements that have a chance to suffer a loss can be considered as forming an infrastructure of sensitive functions, specific to the school.

Risk analysis at the level of the school is important for its management, as it provides support in the process of adopting the risk strategy. It is also the basic support in adopting and implementing strategies for intervention in critical situations by warning the management about the deterioration of the educational climate in the school.

The purpose of risk management in a school is to help understand the risks to which the school is exposed and to manage them, so as not to disturb the proposed objectives. The disruption of the activities designed to achieve the objectives proposed by the managerial program will certainly lead to the non-fulfilment of these objectives.

The main advantage of a risk management information system is given by the efficiency with which the managers are aware of the risks to which the school is exposed, by the way of their proper administration, so that these risks do not materialize or, if they have materialized, to minimize the losses generated.

Problem Statement

For the aforementioned reasons, the head of the school has to take into account the risk management when developing the management strategy, this being considered as an important component of the organizational management (Williams et al., 1998).

As an important component of organizational management, risk management takes into account risk management, management carried out with the help of analytical and operational methods and means in order to identify, evaluate, prioritize and adopt the most appropriate measures to avoid or minimize losses and to achieve the objectives set at the level of the organization.

Taking into account the above, the head of the school, when elaborating the management plan, must consider not only the elaboration and design of the strategic plan, but also the elaboration of a plan on the management of possible risks related to the activities carried out at school level.

According to the literature, the general process of risk management at the level of an organization provides for the following steps to be taken:

identification of sensitive functions (causes of risk);

• risk identification;
• analysis of the risks identified;
• assessment of the risks identified;
• the prevention or treatment of the risks identified;
• monitoring the risks identified;
• information and communication of the risks identified.

Code of internal management control of public entities, approved by the Order of the General Secretariat of the Government no. 600/2018, published in the Official Gazette, Part I, no. 387 of 07 May 2018 is a tool that allows the management of the school to identify and analyse the threats to which the school is exposed, as well as the vulnerabilities existing at its level.

The Commission for Internal Management Control, as defined in Article 79, para. (2), letter e) of the Regulation for the organization and functioning of pre-university education institutions has the role of monitoring and coordinating the implementation and development of the internal control management system at the level of any school.

The reports and measures proposed by this commission allow the management of the school to carry out analyses on the identification of vulnerabilities existing at school level, vulnerabilities that in the presence of threats can lead to the production of risks generating possible losses.

In order to be able to manage these loss-making events, studies carried out in private sector entities and/or organizations have demonstrated the need for a risk manager (ASRO).

Given that such positions cannot be set up at the level of educational establishments, the task of achieving risk management lies with their management. The heads of educational establishments must pay special attention to identifying, describing and assessing the risks to which schools are exposed, which implies a considerable material, financial and intellectual effort.

Given that there are three fundamental elements that should be included in any risk management strategy: organizational culture, documented procedures and the information system, the IT approach to risk management is a way that can be implemented at the level of any school (Holton, 1996).

This paper, in my opinion, represents an innovative approach to organizational management through the prism of using new information technologies in the management of risks that can affect the development of activities in the school.

Also, the implementation of such an information system provides quick and impartial access to information on the specifics of the activities carried out at the level of the departments of the school, the modification of the objectives and/or of the performance indicators, the monitoring of the performances at the level of the school.

Thus, I believe that the IT risk management at the level of the school is a modern alternative regarding the general process of managing the risks generating possible losses.

Research Questions

If the organizational culture implies the individual responsibility in detecting, signalling and taking responsibility of the risks, and the documented procedures systematize the risk management process by formalizing the process through written documents, the information systems allow the recording and storage of all the information on the unfavourable events that took place in the past of the school's activities.

Today's new IT technologies allow most of these tasks to be accomplished automatically, which greatly reduces the time and cost of making decisions.

The development and implementation of an IT application that uses these new information technologies in the risk management process can be an effective tool within the reach of the director that he can use in terms of the management of the school.

In order to do this, two sets of specific indicators must be designed within the IT application, namely: a set of indicators allowing the establishment and system analysis of the sensitive functions existing at the level of the learning unit and another set of specific indicators intended for the identification and analysis of risks that may affect the objectives set by the misuse of human resources, material, financial and informational.

The two sets are correlated in such a way as to allow a clear relationship between the sensitive functions identified at the level of the school and the significant risks that may arise in the future, in which case the achievement of the previously set objectives is threatened.

By implementing these indicators, the IT application will ensure the automatic monitoring, representation and signalling of the risks that can disrupt the activities carried out at the level of the school, of the risks treated, of the stage of implementation of the control measures and of the possible risk reviews.

I believe that the IT application allows members of the Commission for internal management control access to information on identifying the causes generating risks, on identifying the material, organisational and informational elements that have the chance to suffer a loss, as well as on the information necessary for the analysis of the identified risks and their monitoring.

Also, through the IT application, the members of the committee can exchange information, ideas, working hypotheses leading to the identification of the most effective risk prevention or control measures, develop strategies for monitoring the risks.

Purpose of the Study

In this context, I believe that the implementation at the level of the school of its IT application is adapted to the specifics of the school can represent an efficient and easy way through which the management of the school performs the risk management.

The proposed IT application will contain a number of five integrated modules, designed to carry out the tasks of the people involved in the implementation of risk management.

The first module concerns the activity of the risk managers at the level of the compartments of the school. This module ensures the operation of the application by entering and validating data or related to:

• identifying threats that can disrupt the development of activities at the level of the school;
• identification of vulnerabilities existing at the level of the school;
• identification, evaluation and collection of risks related to the activities carried out;
• elaboration of the Risk Register at the level of the school;
• identification of risk prevention or control measures;
• access to predefined reports viewing the collected data.

The second module concerns the activity of the heads of the compartments by entering and validating data related to:

• monitoring threats that may disrupt the performance of activities at the level of components;
• monitoring the vulnerabilities existing at the compartment level;
• monitoring the risks identified at the level of the compartments;
• monitoring the implementation of risk prevention or control measures at the level of compartments;
• Access to predefined reports viewing the collected data.

The third committee concerns the work of the Commission for internal management control related to the operation of the application through:

• defining, identifying and analysing information on sensitive functions at the level of the educational establishment;
• validation of the risks identified at the level of the compartments and their centralization in the Risk Register of the school;
• monitoring the risks identified at the level of the school;
• establishing the risk profile and the risk tolerance limit for each identified risk;
• drawing up a plan for the implementation of prevention or control measures, as appropriate, for the risks identified;
• monitoring the implementation of risk prevention or control measures;
• access to predefined reports viewing the collected data.

The fourth module of the application targets the activity of the director of the school by:

• participation in wider processes of information and collaboration with the heads of the compartments and with the members of the Commission for Internal Management Control;
• permanent evaluation of the results of the activity of the Commission for Internal Management Control, with the possibility to compare with various statistical, historical and / or related situations to other educational establishments, in order to be able to make the best decisions at strategic level.
• approval of the Register of risks at the level of the school;
• monitoring the risks identified at the level of the school;
• approval of the risk profile and the risk tolerance limit for each identified risk;
• approval of the plan for the implementation of control measures for the identified risks;
• Access to predefined data visualization reports.

The fifth module is designed to aim at compiling predefined reports for viewing data related to:

• monitoring of sensitive functions;
• monitoring the threats to which the school is exposed;
• monitoring vulnerabilities in the school;
• monitoring the risks identified;
• Monitoring the implementation of risk prevention or control measures.

The computer application must be designed in such a way as to allow real-time access to the operational data stored, as well as their uniform processing from any location and from any electronic medium. For this, all the functionalities of the application will be provided through a web browser to ensure the possibility of using the application from any kind of desktop device or mobile devices such as laptop, tablet or smart-phone type.

Thus, the computer application will be able to ensure access to the database, in electronic format, through mobile devices and other portable or fixed computing equipment in the endowment of the educational or personal unit, with the help of adequate mechanisms to secure the access and communication of stored data.

Also, the application can be designed in such a way as to take into account the possibility of interoperability with other existing IT applications that are used in the school and which concern, inter alia, the management of students, teaching and non-teaching staff, payroll, etc. or with other information systems implemented by local public administrations aimed at the management of public administration.

Research Methods

Through specific tools for statistical analysis of the data collected by the two sets of indicators, mechanisms can be defined and implemented for reporting and monitoring the situations that require the intervention of the school management in order to take the most appropriate measures to prevent the occurrence of risks.

With the help of the set of specific indicators used in establishing and analysing the system of sensitive functions, it will be identified those human, material, organizational and informational elements that have a chance to suffer a loss during the activities carried out. Once these sensitive functions have been established and analysed, one can identify the vulnerabilities to which the school is exposed, vulnerabilities that can lead to the materialization of the risks.

The measurement of the degree of exposure to risk of the school is determined using the set of specific indicators intended for the identification and analysis of risks. This set allows for each identified risk to measure the probability of occurrence and the impact produced by its occurrence.

By identifying and measuring all risks, the application allows the automatic realization of the risk profile, that is, the realization of a documented and prioritized centralizer of the risks that the school faces. The achievement of the risk profile allows the management of the school to establish a response strategy for each identified risk, while also establishing the risk tolerance that the school is willing to tolerate, if at some point the risk materializes.

Findings

Through the five integrated modules, designed to carry out the tasks of the people involved in the implementation of risk management, the IT application allows the real-time reporting of any disturbance of the activities carried out, allows the management of the school to intervene quickly with measures to remedy these disturbances so that the effect produced by the disturbances is minimal and does not affect the quality of the educational process.

With the help of the data provided by the two sets of specific indicators, the IT application ensures the identification, monitoring, representation and automatic signalling of vulnerabilities as well as of the risks that can disrupt the activities carried out at the level of the school.

Also, with the help of the IT application, based on the data collected, the Commission for Internal Management Control can establish the most effective actions for the management and monitoring of materialized risks.

Conclusions

Through the information managed and the analyses carried out, we believe that such an IT application will create a framework for collaboration and permanent and efficient communication between the director of the school and the Commission for internal management control regarding the development of the projected activities, respecting the deadlines for achievement and the performance indicators, in order to achieve the proposed objectives.

The IT application offers the possibility of producing information, reports and analyses that would constitute support for the decision-making and strategic activity at the level of the school as a result of access to information for stage and historical analyses.

Also, the computer application allows real-time access to the operational data stored, as well as to its unitary processing from any location and from any electronic medium through a web browser to ensure the possibility of using the application from any kind of desktop device or laptop-type mobile devices, tablet or smart-phone.

At the same time, the computer application ensures access to the database, in electronic format, through mobile devices and other portable or fixed computing equipment in the endowment of the school or personal, with the help of adequate mechanisms to secure the access and communication of the stored data.

Also, the application can be designed in such a way as to take into account the possibility of interoperability with other existing IT applications that are used in the school and which concern, among others, the management of students, teaching and non-teaching staff, payroll, etc. or with other information systems implemented by local public administrations aimed at the management of public administration.

References

• ASRO, A. d. (n.d.). Asociaţia de Standardizare din România. Retrieved on February 14, 2022, from https://www.asro.ro/wp-content/uploads/2018/07/Ghid-ISO-31000-Risk-management-EN_RO.pdf

• Bookstaber, R. (1997). Global Risk Management: Are We Missing the Point? The Journal of Portfolio Management, 23(3), 102-107.

  Google Scholar

  Crossref

• Briceag, C. A. (2014). Elemente fundamentale în managementul riscurilor. Studiu de caz: managementul riscurilor asociate infrastructurilor critice [Fundamentals of risk management. Case study: risk management associated with critical infrastructures]. Retrieved on January 22, 2022, from https://intelligence.sri.ro/categorie/dosare/infrastructuri-critice/

• Bryson, J. (1995). Strategic Planning for public and non profit organization: A guide to strenghthening and sustaining organizational achievments. Jossey Bass.

• Collins, B. M., & Fabozzi, F. J. (1999). Derivatives and Risk Management. The Journal of Portfolio Management, 25(5), 16-27.

  Google Scholar

  Crossref

• Cornescu, V., Mihăilescu, I., & Stanciu, S. (2001). Management general [General management]. București: Ed. Actami.

• Coșea, M., & Nastovici, L. (2000). Evaluarea riscurilor. Ed. Economică.

• David, F. (2000). Stategic Management, Eight edition. Prentice Hall.

• Hillson, D. (2004). Project a Risk Management: Future Developments. Retrieved on January 14, 2023, from www.riskdoctor.com.

• Holton, G. A. (1996). Enterprise Risk Management. Retrieved on January 15, 2022, from https://www.exinfm.com/pdffiles/erm.pdf

• Hunter, W. C., & Smith, S. D. (2002). Risk management in the global economy: A review essay. Journal of Banking & Finance, 26(2-3), 205-221.

  Google Scholar

  Crossref

• Ilie, G. (2006). Securitatea mediului de afaceri [Business security]. București: Ed. UTI Press.

• Ilie, Gh., Stoian, I., & Ciobanu, V. (1996). Securitatea informațiilor [Security of information]. Ed. Militară.

• Marcu. (2000). Marele dicționar de neologisme. Saeculum.

• merriam-webster.com. (2022). Retrieved on February 20, 2022, from https://www.merriam-webster.com/dictionary/risk

• Nicolescu, O., & Verboncu, I. (1999). Management. Ed. Economică.

• Williams, C. A., Smith, M. L., & Young, P. C. (1998). Risk management and insurance. Irwin/McGraw-Hill.