risk management a primer andrews - september 2015
TRANSCRIPT
RISK MANAGEMENT
A PRIMER
Ron Andrews OSHRM - MIT
September 2015
CONTEXT - GOM FOCUS AREAS
WHY RISK MANAGEMENT?
GOALS...
o Make uncertainty tolerable
o Meet regulatory compliance
o Organizational survival
o Continuity of critical functions & services
o Stability of earnings
o Reduce costs
o Profitability and growth
o Preserve reputation
o Social Responsibility
WHAT IS RISK?
o 1621
o Exposure to the possibility of loss, injury, or other adverse or unwelcome circumstance; a chance or situation involving such a possibility
...and after nearly four hundred years...
o 2009
o The effect of uncertainty on objectives (ISO 31000)
TRADITIONAL RISK MANAGEMENT
HAZARD
• Personnel • Property • Loss Exposure • Legal
ORGANIZATION
ENTERPRISE RISK MANAGEMENT
HAZARD
OPERATIONAL
STRATEGIC FINANCIAL
• Personnel • Property • Loss Exposure • Legal
• Market • Credit • Price • Liquidity
• ICT Systems • Staffing • Business Processes • Critical Functions • Infrastructure A.K.A. Business Continuity
• Economy • Political Environment • Business Strategy • Demographic Shifts
ORGANIZATION
Larry Stevenson Safety & Risk Control
Jodi MacDonald
Business Continuity
• ICT Systems • Infrastructure
• Safe Work • Critical Functions
Chris Sahaidak Claims & Risk Control Rob Starodub Supportive Employment
•Personnel • Property • Loss Exposure • Hazard Assessments • Legal
OSHRM & MIT RISK MANAGEMENT
HAZARD
OPERATIONAL
STRATEGIC FINANCIAL
• Market • Credit • Price • Liquidity
• Economy • Political Environment • Business Strategy • Demographic Shifts
MIT
OSHRM & RISK ASSESSMENT Claims & Risk Control Program – Chris Sahaidak
o Claims investigations, processing and risk management measures
o Risk Assessment concerning Exposure, Vulnerability, Frequency, Severity
Safety & Risk Control Program – Larry Stevenson
o Safety Management System development
o Safe work practices
o Partnership with Safe Work as a Partner in Prevention
Business Continuity Program – Jodi Macdonald
o Claims investigations and risk management measures
o Exposure and vulnerability
Supportive Employment Program – Rob Starodub
o Assessments concerning employee functional abilities & return to work arrangements
GOM & RISK MANAGEMENT Insurance & Risk Management Branch (Finance) helps to establish the Risk Management Policy
for GOM and its departments. Branch also establishes and maintains insurance programs for
GOM that recognize ability of government to self-insure
Risk Identification and Risk Assessment
o Assists departments in conducting risk assessments
o Arranges for loss prevention specialists to conduct loss control inspections of facilities
Risk Transfer
o Staff review contracts for insurance, bonding and indemnity provisions
o Assists with Certificates of Insurance and other proof of insurance documents
Risk Financing
o Establishes and maintains commercial and self-insurance programs on behalf of GOM and agencies
o Administers the Agency Self-Insurance Fund (coverage for loss within commercial deductibles)
o Oversee Intentional Damage Compensation Plan
Claims Administration
o Administers liability claims and property damage incidents on behalf of GOM and agencies
o Uses independent adjusters to investigate and adjust major loss
CONTEMPORARY RISK MANAGEMENT
Lead & Establish
Accountability
Communicate & Report
Align & Integrate
Allocate Resources
Scan Environment
Identify
Risks
Analyze & Measure
Risks
Treat
Risks
Monitor &
Assure
FRAMEWORK PROCESS &
RISK MANAGEMENT PROCESS
RISK APPETITE Determining Organizational Risk Appetite RISK APPETITE
Risk Profile The current level and distribution of risks across the organization and across the risk quadrants
The amount or risk,
on a very broad level, that the organization is
willing to accept in pursuit of value (V)
V = Quality + Service Cost
V = Benefits
Costs
Risk Capacity The amount of risk that the organization is able to support in pursuit of its objectives
Risk Tolerance The acceptable level of variation that a unit of an organization is willing to accept regarding the pursuit of its objectives
Attitudes toward Risk
The attitudes toward growth, risk and return
RISK IDENTIFICATION
Techniques to identify risk...
o Checklists
o Interviews and workshops
o Escalation and threshold triggers
o Process flow
o Audits
o Computer software
o Hazard Assessments
o SWOT or PESTEL
o Risk Registers
o Risk Maps
RISK ANALYSIS
o Conducted in support of a potential event, a process, a project or a consequence
o Dependent on data and preference, risk analysis may be qualitative, quantitative, or both
o Analysis considers the 4 dimensions of loss exposure; o Frequency, Severity, Total Dollar Losses and Timing
o Tools include o Probability – mean, standard deviation, normal distribution
o Trend Analysis and Regression Analysis
o Decision and Event Tree Analysis
o Prouty approach
GROUP EXERCISE
Quiz - Risk Management in Government
o Two competing teams will now complete the Risk Management in Government Quiz, comprised of True and False questions
o Scores will be shared at the end of the presentation
o Could be some good prizes
20 minutes
RISK MEASURES – CRITERIA
o Exposure
o Volatility
o Correlation
o Likelihood x Consequence
o Probability x Impact
o Time Horizon
o Frequency (Hazard Risks)
o Severity (Hazard Risks)
...”If you can’t measure it – you can’t manage it”...
Defective Product
Fire
Earthquake
Flood
Tornado
Hurricane
$
Frequency
Lowest Risk
Highest Risk
Exposure
Power Outage
Terrorism
RISK MEASURE - EXAMPLE
RISK MAP - QUALITATIVE
RISK MAP - QUANTITATIVE
RISK TREATMENT
o Avoid the risk o Modify the likelihood and/ or impact of the risk o Transfer the risk o Retain the risk o Exploit the risk
Risk Financing
RISK REGISTER - PUT IT TOGETHER
Scenario Description Risk Owner Risk Quadrant Probability (Likelihood)
Impact (Consequence)
Improvement Actions
Windstorm > Category 3 -Managers -Operations -IT -HR
Hazard -Loss of property -Liability
40 $0 – 100m - Review Insurance
Operational - Interruption
- Review BCP - Emergency Plan
Financial - Customer Credit
- Assess accounts - Assess cash flow
Strategic -Reputational Risk
- Communication Plan
RISK MONITORING & ASSURANCE
o Board, management and supervisory oversight
o Designated risk managers with risk responsibilities
o Risk Audits and Risk Auditors
o Risk Committees
o Risk management reporting policies & procedures
o Internal controls o Qualitative and quantitative data reporting
o Financial accountability tools – budgets, projections, etc.
o Dashboards
o Balanced Scorecards
SOURCE & RESOURCES Resources o OSHRM SharePoint
http://cserv.internal/sites/mitorg/oshrm/SitePages/Home.aspx
o GOM – Finance – Insurance & Risk Management Branch http://gww.internal/finance/irm/index.htm
o Risk and Insurance Management Society, Inc. (RIMS)
www.RIMS.org
o RIMS Canada Council http://rimscanada.ca/
o RIMS Manitoba Chapterhttp://manitoba.rims.org/home
o Committee of Sponsoring Organization of the Treadway Commission (COSO) http://www.coso.org/
o ISO 31000 – Risk Management http://www.iso.org/iso/home/standards/iso31000.htm
GROUP EXERCISE Risk Register
o Reassemble into your two teams
o Identify and agree upon a known risk from one of your business areas for group discussion
o Discuss several possible risk mitigation and management strategies concerning this risk
o Create your own Risk Register with customized headings
o Document your Register results on the flipchart
o Appoint a spokesperson to share your results with all
30 minutes
GROUP DISCUSSION o Manitoba, through the Clerk of the Privy Council and
Finance, is presently working on an organization-wide risk management initiative
o MIT wishes to work closely with this initiative and develop a department-specific solution
o Your group is asked to offer recommendations on; o What to focus on o Developing a risk management framework o Developing a process for the framework o Staff to implement and use this risk management
framework
o Offer some of your recommendations to the MIT DM