Designing and implementing an integrated Corporate Governance Framework
-
Upload
risk-management-institution-of-australasia -
Category
Economy & Finance
-
view
186 -
download
3
Transcript of Designing and implementing an integrated Corporate Governance Framework
Designing and implementing an integrated Corporate Governance FrameworkPresented by Andrea Kanserski, National Risk ManagerGallagher Bassett Pty Ltd
NATIONAL CONFERENCE & EXHIBITION 2014Platinum Sponsor
Silver Sponsor
Bronze SponsorRisk Manager of the Year
Award Sponsor
Conference and Exhibition Partners
Introduction• Who is Gallagher Bassett?
• Company Overview
• Accountability and responsibility framework• Five year risk plan• Risk maturity and assessment• Influencing risk culture• Key business drivers that the RM can influence• Corporate Governance Framework• Business growth• What our clients say
National Conference & Exhibition 2014
Our core products include:
• General Insurance Claims Management – all classes
• Workers Compensation – Statutory and Self-Insured
• Crisis Management
• Consulting & Audit Services
Who is Gallagher Bassett?
Gallagher Bassett – the world’s largest Multi-disciplinary Third Party Claims Administrator
National Conference & Exhibition 2014
Company overview
Gallagher Bassett Services Pty Ltd (GB) is wholly owned by Gallagher Bassett Services Inc. (GBSI), which is in turn wholly owned by Arthur J. Gallagher & Co (AJG).
• Experience – 4,230 employees in 100 sites
• Client Profile – 4,291 clients worldwide (98% retention)
• Financial Stability – US$549 million revenue in 2013
National Conference & Exhibition 2014
Accountability and responsibility frameworkGB
Corporate
Finance & Accounting
Finance & Accounting
Account Management
Information Services
Human Resources
Business Development
Workers’ Comp’General &Self
Insurance
Audit & Compliance
Risk Management
NSW
Victoria
South Australia
General Insurance
SelfInsurance
Infrastructure
Applications
IS Strategy & Architecture
PMO/IT Security
Business Intelligence
HR
L&D
OH&S
Sales & Marketing
Tenders
Claims Operations
Corporate Service Operations
Premium Operations
SI Operations
Account Management
GB Operations
GI Operations Project Risk Registers:
Strategic Risk Register
Operational Risk Register
Contractual Risk Register
National Conference & Exhibition 2014
Five year risk plan
Develop• Corporate Governance Charter• ERM Policy & Framework• Accountability & Responsibility• Risk Assessment Criteria• ERM Training• Reporting framework
Implement• Risk Register Framework & Tool & Reporting• Control Framework and Library• Audit and Compliance framework and process• Strategic & Operational Business Planning • Policy & Process/Procedure Management• Business Continuity and Disaster Mgt Policy & Framework• Incident & Claims Mgt Policy & Process • Customer Feedback Mgt Policy & Process
Integrate• Project Management• Performance Review and Remuneration• Budget and Capital allocation and spend• Learning & Development• Standardised controls with Process management, Incident Mgt. & Customer feedback• COSO (SOX compliance) • Critical processes &Business continuity testing• 3 tier audit framework and process• Contract Management• Information Security Mgt• Asset Management• OHS Management• Management Reporting
Evaluate• Internal audit & compliance • External audit• Risk Maturity Assessment
2007
2012
National Conference & Exhibition 2014
Risk maturity and assessment
Adhoc
Initial
Repeatabl
e
Managed
ERM-based approach
•Level 4 Managed
ERM process management
•Level 4 Managed
Risk appetite management
•Level 3 Repeatable
Root cause discipline
•Level 3 Repeatable
Uncovering risks
•Level 4 Managed
Performance management
•Level 4 Managed
Business resiliency and sustainability
•Level 4 Managed
GB in 2007 GB in 2009 GB in 2011 GB in 2013
During the past six years, GB has matured from a risk maturity assessment rated as ‘Ad Hoc’. This is defined as:
‘Corporate culture has little risk management accountability. Risk management is not interpreted consistently. Programs for compliance, internal audit, process improvement and IT operate independently and have no common framework, causing overlapping risk assessment activities and inconsistencies. Controls are based on departments and finances. Qualitative risk assessments are unused or informal. Risk management is considered a quantitative analysis exercise’.
GB has now moved to a maturity assessment rated as ‘Managed’, defined as:
‘Risk management is clearly defined and enforced at every level. A risk policy articulates management’s responsibility for risk management, according to established risk management processes. An Enterprise Risk Council exists and management develops and reviews risk plans. The ERM Process is coordinated with managers’ active participation. Opportunities associated with risk are part of risk plans’ expected outcome. Authentication, audit trail, integrity and accessibility promote roll-up information and information sharing. Periodic reports measure ERM progress for stakeholders, including the Board of Directors.’
National Conference & Exhibition 2014
Influencing risk culture and internal/external communication
Objective 1 – ensure communication with all employees is undertaken in the most efficient
and effective manner
•Key strategy – Build robust, professional working relationships with the board, executive and business operations to outline risk management plan and strategies. •Key strategy – Develop articles on Risk Management plan, communication and integration strategy and objectives for GB magazine for all GB staff and customers•Key strategy – Review Risk Management intranet website to enable access to information and risk register. •Key strategy – Develop and incorporate standardised Risk Management training into induction and orientation program.•Key Strategy – Develop risk review and reporting framework including meeting schedule – Executive and operation, Compliance and Audit Committee, Risk Management Committee, Ethics Committee
Objective 2 – ensure senior staff share ownership of and are fully aware of
the Risk Management plan, policy and framework and how it relates to
Gallagher Bassett’s vision and values
•Key strategy – Define and implement risk context – Strategic, Operational, Contractual and Project risk management•Key strategy – Risk Policy & Framework & risk register define and implement risk management accountability and responsibility across the enterprise. •Key strategy – Develop Risk Management Documentation: Likelihood, consequence and rating matrices for approval by GB Board , Managing Director and senior executives•Key strategy – develop and implement integrated business management tools to enable & support business information analysis and decision making. •Key Strategy – Incorporate risk, audit & compliance, incident, customer feedback into executive and operational management reporting
Objective 3 – ensure multiple communication and
innovative/creative training mediums to enhance knowledge of
risk management are utilised
•Key strategy – Incorporate Risk Management into staff induction and learning and development program. •Key strategy – Develop and implement self paced, interactive electronic learning modules - risk, control, audit, incident management, Business Continuity, Customer feedback, Ethics and Fraud
Objective 4 – ensure staff remain enthusiastic and committed to the process and demonstrate ongoing
application of it in all business management practices
•Key strategy – Ongoing communication and feedback between National Risk Manager and Executive and senior management staff.
•Key strategy – Lead by example- Board, Executive and management ownership and management of risk identification, assessment, treatment/actions, risk reviews and reporting.
•Key strategy –Remuneration and performance recognition for managing risk and achieving planned business outcomes
National Conference & Exhibition 2014
Corporate Governance Framework
We
belie
ve o
ur p
eopl
e...
Are
our s
tren
gth
We
trus
t... O
ur p
eopl
e
We
lead
... B
y ex
ampl
e
We
are
acco
unta
ble.
.. An
d Ac
cept
resp
onsi
bilit
y
We
take
prid
e...
In w
ho w
e ar
e an
d w
hat w
e do
We
deliv
er...
For
our
cus
tom
ers
Strategic & Operational Business Planning Risk Management Internal Control
Ethics & Fraud Management Client Contract Management
Audit
Incident Management Customer Feedback Management
Policy and Process Management
Our Vision: Gallagher Bassett is recognised as the ‘go to’ business partner in Third Party Administered claims management servicesOur Purpose: To foster long-term relationships with our customers by providing them with solutions that help them meet their goals.
To support our people, allowing them to realise their full potential.To deliver to our owners a sustainable, profitable and growing company.
Business Continuity and Disaster Recovery
National Conference & Exhibition 2014
National Conference & Exhibition 2014
Risk and corporate governance integration
Gallagher Bassett business growth
National Conference & Exhibition 2014
2009 2010 2011 2012 2013 20160
50
100
150
200
250ComCover renewal
Disaster recovery
framework
Risk and compliance integration through
company control framework
IT infrastructure platform
Succession planning
Adhoc Initial Repeatable Managed
ComCover contract VIC WorkCover SA WorkCover
($m)
ISO 27001 IT security management certification New claims
management system APEX
HR Recruitment Framework
MARCOM communications
framework
Grow Beyond career and leadership development
JDE Finance SystemClaims practice
excellence model
National OHS strategy
Internal restructure to align business with product offerings
Policy management
system
Process management
systemElectronic risk register
Client Testimonial – Barbara Stenning
National Conference & Exhibition 2014
‘...GB represented a “no risk” partner for us as far as APRA’s regulatory requirements were concerned, due to their robust corporate governance protocols and disciplines. None of the other competitors that I met with had already got in place processes, procedures, documentation and testing that would meet the APRA standards that a licensed insurer such as W.R. Berkley require from a partner...Their professional and embedded approach to the management of operational and contractual risks, fraud and general business continuity clearly sets them apart from their competitors.’
– Barbara Stenning, National Head of Claims, Solicitor, W.R. Berkley Insurance Australia
Questions
www.gallagherbassett.com.au
National Conference & Exhibition 2014
Thank you.
NATIONAL CONFERENCE & EXHIBITION 2014Platinum Sponsor
Silver Sponsor
Bronze SponsorRisk Manager of the Year
Award Sponsor
Conference and Exhibition Partners