2012 ARTHUR J. GALLAGHER & CO. Linking Risk To What Matters
Most Dorothy M. Gjerdrum, ARM-P, CIRM Executive Director & Risk
Consultant
Slide 2
2012 ARTHUR J. GALLAGHER & CO. Agenda Linking Risk to What
Matters Most How Risk Management is Evolving Attributes of Enhanced
Risk Management Key Outcomes: Understanding your risks Managing
risks within set criteria Linking Risk to Decision Making
Consideration of Strategy, Mission, Objectives and What Matters
Most
Slide 3
Traditional Risk Management Purchase insurance to cover risks
Hazard-based risk identification and controls Compliance issues
addressed separately Safety & emergency mgmt handled separately
Silo approach risk mgmt is not integrated across the organization
Risk Manager is the insurance buyer Advanced Risk Management
Greater use of alternative risk financing techniques More proactive
about preventing and reducing risks Integrates claims mgmt,
contracts review, special event RM, insurance and risk transfer
techniques Cost allocation used for education and accountability
More collaboration as depts are willing Risk Manager may be the
risk owner Enterprise-wide Risk Management A wide range of risks
are discussed and reviewed, including reputational, human capital,
strategic and operational Aligns RM process with strategy and
mission May include upside risks (opportunities) Helps manage
growth, allocate capital & resources Risks are owned by all
& mitigated at the department level Many risk mitigation &
analytical tools available Risk Manager is the risk facilitator and
leader Transactional Strategic Risk is bad focus is on transferring
risk Risk is an expense focus is on reducing cost-of-risk Risk is
uncertainty focus is on optimizing risk to achieve goals Integrated
Risk Management is Evolving
Slide 4
2012 ARTHUR J. GALLAGHER & CO. Attributes of Enhanced Risk
Management Measuring Success! Key Outcomes The organization has a
current, correct and comprehensive understanding of its risks The
organizations risks are within its risk criteria Attributes
Continual improvement Full accountability for risks Application of
risk management in decision making Continual communications Full
integration into governance structure Page | 4 Annex A
ANSI/ASSE/ISO 31000:2009
Slide 5
2012 ARTHUR J. GALLAGHER & CO. Attributes of Enhanced Risk
Management Measuring Success! Key Outcomes The organization has a
current, correct and comprehensive understanding of its risks The
organizations risks are within its risk criteria Attributes
Continual improvement Full accountability for risks Application of
risk management in decision making Continual communications Full
integration into governance structure Page | 5 Annex A
ANSI/ASSE/ISO 31000:2009
Slide 6
Financial Risks Strategic Risks Bank failures Stock market
performance Unemployment Interest rates Budget cuts Investment
limitations Tax caps Bond rating Retirement funding Capital
availability Credit markets stability Currency & foreign
exchange rate fluctuations Unexpected loss of revenue Health care
costs Revenue & grant $$ management Counterparty risk Financial
reporting Mergers & Acquisitions of key partners or vendors
Ethics violations Negative media coverage Stakeholders interests
Strategy & initiatives Meeting public expectations Union
relations Long-term planning vs. budget limitations Public-private
partnerships Health & safety violations HR & personnel
actions Utilities failure Workplace violence Public support Theft
Govt sanctions Accounting or internal controls failures Facilities
maintenance Aging infrastructure IT system failure Business
interruption Loss of key suppliers Mandated public services Code
violations Operational Risks Workers comp Building security Public
safety Lawsuits War Natural events & catastrophes Terrorism
Fraud Governance Disease & epidemics Mold exposure Asbestos
exposure Student activities Public Official & D & O
liability Geopolitical risks Animal or insect infestation Pollution
Contractual liability Building subsidence or collapse Hazard &
3rd Party Risks Labor practices Procurement Unfunded mandates
Internal Risks External Risks Energy costs Typical purview of RM
Code of Conduct Reputation
Slide 7
2012 ARTHUR J. GALLAGHER & CO. www.fox4kc.com/news
September 14, 2010 Suspect in Custody Following Knife Attack The
Penn Valley Dean of Student Instruction was attacked and slashed in
the throat by a mentally ill student. The attacker meant to stab
the governor of Missouri.
Slide 8
Financial Risks Strategic Risks Bank failures Stock market
performance Unemployment Interest rates Budget cuts Investment
limitations Tax caps Bond rating Retirement funding Capital
availability Credit markets stability Currency & foreign
exchange rate fluctuations Unexpected loss of revenue Health care
costs Revenue & grant $$ management Counterparty risk Financial
reporting Mergers & Acquisitions of key partners or vendors
Ethics violations Negative media coverage Stakeholders interests
Strategy & initiatives Meeting public expectations Union
relations Long-term planning vs. budget limitations Public-private
partnerships Health & safety violations HR & personnel
actions Utilities failure Workplace violence Public support Theft
Govt sanctions Accounting or internal controls failures Facilities
maintenance Aging infrastructure IT system failure Business
interruption Loss of key suppliers Mandated public services Code
violations Operational Risks Workers comp Building security Public
safety Lawsuits War Natural events & catastrophes Terrorism
Fraud Governance Disease & epidemics Mold exposure Asbestos
exposure Student activities Public Official & D & O
liability Geopolitical risks Animal or insect infestation Pollution
Contractual liability Building subsidence or collapse Hazard &
3rd Party Risks Labor practices Procurement Unfunded mandates
Internal Risks External Risks Energy costs Typical purview of RM
Code of Conduct Reputation
Slide 9
2012 ARTHUR J. GALLAGHER & CO. Why should we take a broader
approach to risk? Only 20-30% (?!) of all risks are insurable
Global interconnectedness forces us to think more broadly for
example: Pandemic flu Cyber attacks World economy & supply
chain risks Now more than ever, we need all stakeholders to be risk
aware
Slide 10
2012 ARTHUR J. GALLAGHER & CO. What Can You Do Starting
Right Now? Educate yourself ISO, CSA trainings, PRIMA Develop your
elevator speech about taking a broader approach to risk and find
supporters Interviews and discussion opportunities Compile an
inventory of risks and think beyond insurable and beyond local
could you take this to the next level? 10
Slide 11
2012 ARTHUR J. GALLAGHER & CO. Attributes of Enhanced Risk
Management Measuring Success! Key Outcomes The organization has a
current, correct and comprehensive understanding of its risks The
organizations risks are within its risk criteria Attributes
Continual improvement Full accountability for risks Application of
risk management in decision making Continual communications Full
integration into governance structure Page | 11 Annex A
ANSI/ASSE/ISO 31000:2009
Slide 12
2012 ARTHUR J. GALLAGHER & CO. Risk Criteria As Defined in
ANSI/ASSE/ISO 31000 Risk Criteria the terms of reference against
which the significance of a risk is evaluated Notes: Risk criteria
are based on organizational objectives and external and internal
context Risk criteria can be derived from standards, laws, policies
and other requirements Page | 12
Slide 13
2012 ARTHUR J. GALLAGHER & CO. Defining Risk Criteria One
axis will be likelihood The other will be consequence It doesnt
have to be a 5x5 grid (3x310x10) You define the values in the grid
Likelihood Consequence or Severity
Slide 14
2012 ARTHUR J. GALLAGHER & CO. Sample Impact Service
Disruption, Affect Upon Funds or Process Reputation Failure to Meet
Legal Obligations People 5 Extreme Total failure of service,
extremely expensive $$$$ National publicity >3 days,
resignations Multiple civil & criminal suits. Claim or fine
above $5m Fatality of 1+ employees or citizens 4 Very High Serious
disruption to service, high $$$ National public or press interest
Litigation, claim or fine of $500k-5m Serious injury or disability
of 1 + people 3 Medium Disruption to service, will cost $$ Local
public and press interest Litigation, claim or fine $100k-500k
Major injury to people 2 Low Some minor impact on service, minor $
impact Contained within the dept but known by entity Litigation,
claim or fine $10k 100k Minor injuries to people 1 Negligible
Annoyance, small or no $ impact Contained within the dept
Litigation, claim or fine < $10k Minor injury to individual
Slide 15
2012 ARTHUR J. GALLAGHER & CO. Sample Likelihood How
Likely?% of TimeHow often?Frequency 5 Certain or Almost Certain
>75% Expected to occur in most circumstances Daily, weekly 4
Likely50 75% Will likely occur in most circumstances Monthly 3
Possible25 50% Fairly likely to occur at some time Once a year 2
Unlikely5 25% Could occur at some time Once a decade 1 Rare0 5%
Will occur only under special circumstances 10 years or >
Slide 16
2012 ARTHUR J. GALLAGHER & CO. Low Moderate Significant
Serious Severe Remote Unlikely Possible Likely Certain Consequence
Likelihood 1 23 4 6 7 8 9 10 5
Slide 17
2012 ARTHUR J. GALLAGHER & CO. Low Moderate Significant
Serious Severe Remote Unlikely Possible Likely Certain Consequence
Likelihood 1 23 4 6 7 8 9 10 5 Risk Tolerance Level
Slide 18
2012 ARTHUR J. GALLAGHER & CO. Why Do It? Risk Maps Guide
Risk Mitigation Efforts Low/Remote ModerateHigh/Certain Minor
Moderate Significant Considerable management required Must manage
and Monitor risks Extensive management essential Risks may be worth
accepting with monitoring Management effort worthwhile Management
effort required Accept risks Accept, but monitor risks Manage and
monitor risks Consequence Likelihood
Slide 19
2012 ARTHUR J. GALLAGHER & CO. Developed by a Major
University
Slide 20
2012 ARTHUR J. GALLAGHER & CO. Risk Register Straw Man
Human Resources Institutional RisksUnit-Level Risks Failure to
prevent significant lawsuits and claims relating to professional
liability, discrimination or equal opportunity noncompliance
Failure to prevent inappropriate alcohol or drug use by employees
Inability to recruit and retain top faculty, staff and senior
administrators Incidences of sexual harassment or misconduct by
faculty or staff Inability to meet targets in staff and faculty
diversity Inadequate procedures or controls re background checks
Inability to offer a competitive benefits package Failure to comply
with overtime and minimum wage regs (FLSA) Inability to retain
faculty and staff due to employee dissatisfaction Failure to
establish mediation or conflict resolution channels Failure to
secure favorable collective bargaining outcomes Arduous promotion
or tenure policies University Business Executive Roundtable A
Practical Approach to Institutional Risk Management The Education
Advisory Board, 2012
Slide 21
2012 ARTHUR J. GALLAGHER & CO. What Can You Do Starting
Right Now? What inventories of risk exist right now? Could they be
integrated expanded? How is information about risk communicated? If
youre going to build it get help! Recognize where risk is being
managed well as important as problems or threats A quick note about
risk appetite attitude 21
Slide 22
2012 ARTHUR J. GALLAGHER & CO. Attributes of Enhanced Risk
Management Measuring Success! Key Outcomes The organization has a
current, correct and comprehensive understanding of its risks The
organizations risks are within its risk criteria Attributes
Continual improvement Full accountability for risks Application of
risk management in decision making Continual communications Full
integration into governance structure Page | 22 Annex A
ANSI/ASSE/ISO 31000:2009
Slide 23
2012 ARTHUR J. GALLAGHER & CO. Example from a Community
College ERM Supports Opportunities A Potential International
Culinary Competition: A key ingredient in a culinary arts training
program An important opportunity for students, but the event
occurred during uprisings in Egypt
Slide 24
2012 ARTHUR J. GALLAGHER & CO. The Middle East and Northern
Africa During the Arab Spring
Slide 25
2012 ARTHUR J. GALLAGHER & CO. Results of the Discussion of
the Opportunity and Key Risks The college decided to support the
trip Six students & one faculty member participated Plans were
developed to minimize the threats, including training on the
appropriate code of conduct and cultural context, supervision by an
experienced traveler & the purchase of travel abroad insurance
Result: Awarded silver medal!
Slide 26
2012 ARTHUR J. GALLAGHER & CO. RAP Tool Outline
1.Preparation a.Consistent language, risk criteria, context
b.Involve appropriate stakeholders c.Facilitator & recorder,
consistent process 2.Discussing the Project, Risk or Opportunity
a.Goals & strategy for entity & for decision b.Context
& stakeholders c.Opportunities & benefits d.Threats 26
SAMPLE
Slide 27
2012 ARTHUR J. GALLAGHER & CO. RAP Tool 3.Assessing the
Risks a.Using risk criteria b.Consideration of connected risks
4.Decision Making a.Can you effectively treat the threats? b.Can
the opportunity be supported and enhanced? c.Assign risk owners
5.Next Steps a.Communication, monitoring & review 27
SAMPLE
Slide 28
2012 ARTHUR J. GALLAGHER & CO. Risk Workshop Agenda Purpose
of the workshop Overview of risk Linking to strategy & key
goals Context and stakeholders Key definitions Brainstorm and rank
key risks Whats next SAMPLE
Slide 29
2012 ARTHUR J. GALLAGHER & CO. Questions re Effectiveness
Principle c) Risk Management is Part of Decision Making Risk
management helps decision makers make informed choices, prioritize
actions and distinguish among alternative courses of action. Page |
29 How are decisions made? Who is involved? Who should be involved?
What knowledge and skill do decision makers need in order to
incorporate risk management in the process? How would
external/internal stakeholders be affected by decisions? Is there
consistency re metrics and values? How are decisions communicated
and implemented?
Slide 30
2012 ARTHUR J. GALLAGHER & CO. What Can You Do Starting
Right Now? Answer the questions re effectiveness Are there
opportunities to incorporate risk into decision making in your
organization? How could you apply this to your decision making or
your department? A pilot project? Online tools?
(www.ucop.edu/enterprise-risk- management/
)www.ucop.edu/enterprise-risk- management/ 30
Slide 31
2012 ARTHUR J. GALLAGHER & CO. APQC Best Practices re ERM
Clarity of purpose ERM increases and protects value Understand that
pursuit of strategy carries risk ERM assists in making good choices
and managing risk Effective risk management is a competitive
advantage American Productivity & Quality Center
Slide 32
2012 ARTHUR J. GALLAGHER & CO. What Best Practice
Organizations Do Risk assessment process is robust, with clear
criteria, guidelines for escalation, inclusion of dissenting
opinions & thinking the unthinkable Use standardized language
and processes Use simple, user friendly tools to encourage adoption
Integrate ERM with strategic planning and existing processes
Embrace continuous improvement & communication
Slide 33
2012 ARTHUR J. GALLAGHER & CO. Page | 33
Slide 34
2012 ARTHUR J. GALLAGHER & CO. Brainstorm Mission
statement? Strategic goals? Management initiatives? New projects or
programs? 34
Slide 35
2012 ARTHUR J. GALLAGHER & CO. Specific Action Plan For You
Educate yourself, develop your elevator speech, build your network
of peers Create an inventory of risk management practices across
all operations; can you build support for integration? Seek
opportunities for a broader approach to risk; can you help with
decision making? Develop tools and resources and develop your
leadership skills Be patient its a journey, not a destination!