Enterprise Risk Management and the 2010 Winter Olympic and Paralympic Games Presentation to:Casualty...
-
Upload
augustus-green -
Category
Documents
-
view
213 -
download
1
Transcript of Enterprise Risk Management and the 2010 Winter Olympic and Paralympic Games Presentation to:Casualty...
Enterprise Risk Management and the 2010 Winter Olympic and Paralympic Games
Presentation to: Casualty Actuaries of the NorthwestDate: September 28, 2012Presenter: Ron Holton
Chief Risk Officer, University of British Columbia
1
VANOC Mission, Vision and Values
Mission
To touch the soul of the nation and inspire
the world by creating and delivering an extraordinary
Olympic and Paralympic experience with lasting legacies
Vision
A stronger Canada whose spirit is raised by
its passion for sport, culture and sustainability
Values
Team | Trust | Excellence | Sustainability | Creativity
3
Scope of the Games
What’s involved in organizing the Games? Some of the many areas VANOC was responsible for planning include:• Accommodation
• Accreditation
• Construction
• Culture and Ceremonies
• Food Services
• Medical Services
• Press Operations
• Security
• Sport
• Ticketing
• Transportation
• Venue Operations
• Volunteer Recruitment and Training
• Waste Management
4
Scope of the Games
Stakeholders include: •Government of Canada
•Government of British Columbia
•Local governments
•International Olympic Committee
•International Paralympic Committee
•Canadian Olympic Committee
•Olympic Paralympic Committee
•Sponsors
•Broadcasters
•Spectators
•Athletes
5
2010 By the Numbers
• Olympic athletes and team officials 6,500
• Paralympic athletes and team officials 1,350
• Participating countries—the Olympic Games 82
• Participating countries—t he Paralympic Games 42
• Tickets available for 2010 events 1.6 million
• Accredited media 10,800
• Games volunteers 26,000
• Television viewers (estimated) 3.5 billion
• Visits to vancouver2010.com 275 million
6
VANOC Board Committee Responsibilities
• Audit Committee– The overall VANOC Risk Management framework and
elements, including Enterprise Risk Management (ERM)
• Finance Committee– Budget risk, including foreign exchange risk
8
Enterprise Risk Management (ERM)
A general definition: ERM is a systematic, comprehensive and ongoing approach to identifying
and managing all types of risk on an organization-wide or enterprise basis
Standard definition:ISO, COSO, AU / NZ
ERM signifies: 1. the adoption of risk management throughout the organization;2. the management of exposures to loss not only in conventional hazard
categories, but the full spectrum of strategic, operational and administrative risk. It is essentially a decision process for managing uncertainties and effectively allocating resources.
9
Key Features of ERM
• Generic and applicable to diverse lines of business• Holistic; addresses all types of risk (strategic, financial,
operational, hazard, reputational) in all parts of the organization• Continuous process• Addresses both risks and opportunities• Effected by people at every level of an organization• Aims to enhance value for stakeholders• Considers established disciplines, such as contingency
planning, disaster recovery planning or emergency response planning, insurance, internal audit, loss prevention, to be specific treatments within the wider ERM process.
10
Key Elements in Implementing ERM
• No single best approach• Strong, visible and communicated support from the top of the
organization• Each organization must develop an approach which best fits its
values, objectives, culture and constraints• Build it into existing business processes and practices• Bottom-up as well as top-down• Incremental approach• Rigorous, but not overly complicated• Dynamic and responsive• Collaborative and not too prescriptive• Demonstrate value
11
Key ERM Implementation Steps
• Strong, visible and communicated commitment from the board and senior management
• Establishment of context and objective setting• Risk identification• Risk analysis (probability or liklihood of occurrence, severity of
impact, quantification, prioritization)• Risk tolerance and risk treatment or mitigation development• Ongoing control, monitoring, review, adjustment
12
VANOC ERM• Robust
– All 53 functions– All 14 construction venues– All 24 operating venues, competition and major non-competition– All 20 sport (test) events– Global or corporate
• Integrated
– Functional interdependences identified & communicated– Direct partner risks identified for construction venues– Shared risks (Olympic / urban domain)
• Holistic
– Strategic– Financial– Operational– Reputational– Hazard
13
VANOC ERM
• Dynamic
– Regular Risk Register review & updating– Risk retirements– New reporting
• Top Down and Bottom-up
– Executive, Senior Leadership, Board– Functions and venues
14
Definitions
• A RISK is something that might happen which could have a negative impact on VANOC
• An ISSUE is something that has happened or is happening which could have a negative impact on VANOC.
15
VANOC Risk Identification
• Risk Statement: cause and effect
• Internal and external
• Various sources
16
VANOC Risk Measurement
• For each identified risk:– Probability of Occurrence
→ Scale of 1 (very unlikely) to 5 (almost certain)
– Severity of Impact
→ Scale of 1 (minimal) to 5 (massive)
→ Common measures established
– Overall Risk Rating
→ Probability of occurrence X severity of impact
→ Scale of 1 to 25
→ Ratings of 12 and above = Top Risks
17
Risk Quantification and Prioritization
• Financial risks tend to be more easily quantified
• Subjective ranking may be all that can be done for some risks – don’t overly complicate!
• Quantifying can be particularly difficult for low probability / high severity risks
18
Risk Tolerance and Risk Treatment
• Risk tolerance often defined in terms of impact on earnings or budgets; revenue loss and/or cost increase relevant for VANOC, also reputation and operational readiness
• With VANOC’s risk tolerance as a guide; evaluate risks and decide to:– Monitor– Treat or mitigate
• Reduce probability of occurrence
• Reduce severity of impact
• Transfer
– Avoid• Develop strategies and action plans to treat the risks
19
VANOC Risk Register
Risk Dependencies
Risk ID Division Functional Area Risk Statement
Dependencies / Coordination
with other Functional
Areas Op
era
tio
na
l
Fin
an
cia
l
Ha
zard
Str
ate
gic
Pro
ba
bili
ty o
f O
cc
urr
ing
Se
ve
rity
of
Imp
ac
t
Ov
era
ll R
ati
ng
(O
ut
of
25
)
Re
ve
nu
e L
os
s
Co
st
Inc
rea
se
Ga
me
s-t
ime
Re
ad
ine
ss
Ath
lete
Pe
rfo
rma
nc
e
Re
pu
tati
on
Lo
ss
Su
sta
ina
bili
ty o
r O
the
r Im
pa
ct
Pre
-Ga
me
s
Ga
me
s
Po
st
Ga
me
s
Glo
ba
l
Co
mp
eti
tio
n
No
n-C
om
pe
titi
on
Existing Controls and Risk Mitigation Measures
(e.g. insurance, contingency plans)
Ex
isti
ng
Co
ntr
ol R
ati
ng
(O
ut
of
5)
Risk Tolerance / Acceptance (M: monitor, T: treat, A:
avoid)
Additional Risk Mitigation
Recommendations
Risk Mitigation
Owner
Target Completion
Date
Risk Identification Risk Class
VANOC Risk Register
Risk ControlsPrimary Type of Impact Timing Extent of RiskFunctional Area
Risk Rating
• Ongoing risk identification, treatment tracking and monitoring tool
20
Risk Register Review
• Major Risk Report– The “Global” or corporate risks – Reviewed monthly with the Executive Team and updated as
required
• Top Risks Summary Report– By division/function– Risks with an overall rating of 12 or higher– Include low probability/high severity risks– Reviewed monthly by each EVP for his/her division
21
Risk Register Review
• Function and Venue Construction Risk Register
– For all 53 Functional Areas and each construction venue– Plus a Global Risks section– In-depth review and updating with Functional Areas and division
heads on a six-month rotating divisional schedule
• Venue Operating Risk Registers created in tandem with Venue Operating Plans
22
Risk Register Review
• Overdue, Current and Pending Risk Mitigation Actions Report– Reviewed monthly by Executive Team– Executive Team sees the report for all divisions
• Register of Retired Risks– Reviewed with each division during six-month in-depth reviews– Indicates date and reason risk was retired, and by whose
authority
23
VANOC Assurance Services
• Internal Audits - Annual Audit Plan—approved by Audit Committee
- Regular in camera meetings with Audit Committee
• Consulting Reviews- Proactive reviews initiated at the request of Management
24
VANOC Business Continuity
• Loss Control/Prevention
• Crisis Management Plan
• Disaster Recovery Plan
• Contingency Plans
• Emergency Response Plans
– for all venues, for both construction and operational phases
25
VANOC and Risk Management
• This was a complex and risky project– Many moving parts– Many stakeholders– Many external and shared risks
• How to handle?– Emphasis on identifying all types of risks and mitigating / managing
them– Monthly meetings with Executive Team to review major risks– Rotating monthly in-depth reviews with functions—every six months– Monthly reporting of top risks, and overdue/current/pending mitigation
actions to all divisions and functions– Risk-based approach for internal audit and business continuity planning– Plans for managing risks which could not be fully mitigated
26
ERM Challenges, Successes
– In a fast-paced, very diverse organization, keeping ERM current, relevant, and useful at all levels.
- Some risks became issues.
- VANOC was the first OCOG to fully implement and sustain an ERM framework. This has been recognized by the IOC and other OCOGs, and the VANOC model has become the standard to be followed.
- The 2010 Games are regarded as having been highly successful—ERM and the strong risk management culture which was pervasive in VANOC contributed to this outcome.
27