Q&A: A conversation with Rick Moyer, Stanford’s chief risk officer

Rick Moyer portrait

Rick Moyer (Image credit: Courtesy of Rick Moyer)

Rick Moyer, who joined the Stanford community in 2006 as chief audit executive, was recently named senior associate vice president and chief risk officer in the Office of Audit, Compliance, Risk and Privacy. Moyer is the first person to hold that position. The Stanford News Service talked with Moyer about his new role.

With its residential neighborhoods, sports stadium, hospitals, concert halls, research laboratories, offices, power plant and miles of roads, Stanford is like a small city. What types of unique and/or complex risks does a university face?

Universities faces all types of risks: financial, operational, regulatory, reputational and strategic. At Stanford, our risk management programs are focused on a variety of issues, including sponsored research compliance, campus safety and security, information privacy and security, student conduct and well-being, intercollegiate athletics, global activities, earthquakes, and disaster recovery and business continuity.

In recent years, Stanford has placed increasing emphasis on enterprise risk management, a strategic business discipline that helps senior leaders identify, assess, mitigate and monitor risks that could keep university entities from achieving their missions or key objectives.

In addition to establishing the Enterprise Risk Management program at Stanford, we have helped establish or enhance enterprise risk management programs at Stanford Health Care, Lucile Packard Children’s Hospital and the SLAC National Accelerator Laboratory. Each program is tailored to the unique needs of each organization.

By way of example, what has Stanford done to identify, manage and monitor the potential risks posed by earthquakes, including life safety, emergency preparedness and financial well-being?

Stanford has taken strong and decisive actions to address those risks. The university has updated the earthquake model of likely facility damage, designed new buildings and retrofitted old buildings to ensure they meet stringent seismic standards, established emergency communications tools and protocols, established an auxiliary data center and identified financial resources for major emergencies.

Who does the Office of Audit Compliance, Risk and Privacy serve?

We serve the entire campus community – all the schools and units at Stanford, as well as the two hospitals, SLAC, and the Stanford Management Company. We work with senior leaders to ensure that we have effective risk management, policies, procedures and controls. Because we provide support to all Stanford entities, we get to be involved in a wide variety of projects, which is what makes our jobs very interesting.

Our vision as an organization is to be a valued partner and advisor and to work with senior leadership, Stanford’s Board of Trustees, the boards of directors of the hospitals and the SLAC Board of Overseers to protect the best interests of Stanford. Within the next month, I will be meeting individually with the deans and vice provosts, as part of our enterprise risk management program, to try to better understand their view of key risks and any concerns about the program, as well as clarify the goals and objectives of the program.

As chief risk officer, what are your primary responsibilities?

As the chief risk officer, I design and implement the enterprise risk management process, and ensure that the university’s senior leaders and Stanford’s Board of Trustees are apprised of the most critical risks to achievement of its mission and objectives.

I oversee the great team that comprises the Office of Audit, Compliance, Risk and Privacy, which includes a team of about 50 employees.

Overseeing that breadth of functions – internal audit services, compliance and ethics, enterprise risk management, risk management and privacy – is unique for a chief risk officer in higher education. But Stanford has recognized the benefits of having all of them under one leader, because all of those functions have a common focus on risk management and strong controls. My leadership team includes Henry Gusman, chief audit executive; Sonal Shah, chief ethics and compliance officer; Christina Dobleman, assistant vice president for risk management; Wendi W. Wright, chief privacy officer; Ellie Ricketts, associate director of enterprise risk management; and Sonya Pais, program manager, enterprise risk management.

What did you do before coming to Stanford?

After graduating with a bachelor’s degree in business and accounting from San Diego State University I became an auditor at General Dynamics, a global aerospace and defense company. Later, I worked for Lockheed Martin, another Fortune 500 company. Since that early start in auditing, I rotated through many other positions, including tax, treasury, ethics, and process and productivity improvement. Just prior to coming to Stanford, I served five years as chief audit executive and chief compliance officer at the California Institute of Technology and the Jet Propulsion Laboratory, which Caltech manages on behalf of the National Aeronautics and Space Administration.