Inside Risk: Patrick Hughes
Oregon State University's chief risk officer prepares for 30,000 students and the continued run of this 148-year-old institution.
By Eric Gilkey
OSU’s fall term starts September 21, and with a total enrollment of nearly 30,000 students, the college is in high gear preparing not only for the class of 2020, but also for all those who work for the 148-year-old institution. CLM Fellow Patrick Hughes shares his secrets for success, and his test results speak for themselves.
Q. Give us a glimpse into your career progression.
A. I “cut my teeth” in the insurance world by resolving bodily injury and property claims out of college, doing it for over a decade. When I graduated law school, I formed my own practice and served insurance companies both for defense and plaintiff-orientated functions. Risk management became relevant when my local K-12 school district was seeking a risk manager and approached me to interview. I did, and happily discovered that my experience was foundational to risk management. After six years, OSU opened a chief risk officer position, which brought me to this great institution.
Q. What is your risk management philosophy?
A. I approach risk management in a holistic way, in that I strive to make any action, event, or organizational undertaking possible. For too long, risk has been viewed as the organizational function that ultimately stops new activities.
Q. How do you fight the perception of being a “no-risk” department?
A. While many risks may at first appear insurmountable, understanding exactly what the risks are, transferring them via contract or insurance appropriately, and placing safety measures or control limitations to ensure minimization of the exposure will ensure success. There is significant opportunity, both financial and reputational, in being the leader of new and innovative ideas for an organization. OSU’s mission as a research institution allows for the creation of opportunity nearly daily. We have amazing faculty that are on the cutting edge of many topics.
Q. What is your day-to-day life like as chief risk officer?
A. My daily job life is best described as a constant ebb and flow of managing both ongoing and advancing risks. Inputs, queries, and confirmations arrive at my office from all points of the university, covering all topics. In addition, our office manages all university claims, insurance requests, travel insurance, workers’ compensation, and volunteer service.
Q. Do you employ ERM strategies?
A. OSU has enacted an enterprise risk management strategy that includes identifying institution-wide, high-priority risks that could hamper the fulfillment of our mission. These are assigned for assessment and monitoring in order to lessen or eliminate their impacts. Additionally, our risk office utilizes risk assessments daily, and has devised a risk assessment tool that has spread to university leaders, department heads, and small groups to assist in risk-based decision making. This allows additional risk management strategies to become effective, such as transfering of risk, identifying appropriate risk controls, and enacting and monitoring such controls. It is exciting to hear results from such a step-wise approach across the campus, as these internal customers have learned significant positive methods to ensure the safety of students and staff, protect the assets of the university, and allow new, innovative ideas to come to fruition with lessened exposure.
Q. What risks worry you the most?
A. Typical risks managed for our office include the variety of property, automobile, and liability claims. However, topics quickly expand with a university, as we assist the functions of research (lab safety), an ocean research fleet, significant agricultural holdings, international travel of students and staff, and the vast plethora of compliance regulations that affect higher education. With that said, I worry most about possible catastrophic loss from earthquake exposure, a serious international travel event involving our students or staff, and harm from a significant cyber breach.
Q. Do you think the world is becoming more or less risky?
A. I cannot say that I feel the world is becoming riskier. What I do believe is that our society and its workings are undergoing extremely rapid change. Delivery of goods, services, education, and organizational undertakings are evolving in ways not imaginable even a decade ago. The traditional risk management approach of reacting to an occurrence is no longer a valid application; our field now is expected to be on the forefront of managing the future and being prepared for it when it arrives.