A New Framework for Risk Management
JANICE M. ABRAHAM, PRESIDENT & CEO, UNITED EDUCATORS JOHN MCLAUGHLIN, MANAGING DIRECTOR, ARTHUR J. GALLAGHER & CO. 15BSD17\28610A
Traditional Risk Management “Without guidance an organization’s risk strategy will be made – and repeatedly redefined accidentally – by dozens of everyday financial and business decisions.” McKinsey Survey
UNITED EDUCATORS INSURANCE, A RECIPROCAL RISK RETENTION GROUP 15BSD17\28610A
© 2015 ARTHUR J. GALLAGHER & CO. | BUSINESS WITHOUT BARRIERS
2
Enterprise Risk Management Approach • ERM is a process that seeks to preserve and create value – Protection of Assets – Effective Utilization of Resources – Optimization of Results
• Risk is defined as the effect of uncertainty on objectives • Ultimate goal is to create a risk aware culture where consideration of risk is part of the decision making process
UNITED EDUCATORS INSURANCE, A RECIPROCAL RISK RETENTION GROUP 15BSD17\28610A
© 2015 ARTHUR J. GALLAGHER & CO. | BUSINESS WITHOUT BARRIERS
3
Commitment •
Tone at the top matters; Champions are essential
Principles and Mandate (SAMPLE) The College is committed to developing and supporting an ERM policy that: a)
b)
incorporate a consistent approach to risk management into the culture and strategic planning processes of the College that supports decision making and resource allocation at both the strategic and operational levels. Or applies a consistent approach to risk management to support the college’s governance responsibilities for innovation and responsible risk-taking, policy development, programs and objectives. In all cases, appropriate measures will be put in place to address unfavorable impacts from risks and favorable benefits from opportunities.
•
Understand and embrace specific roles, while building bridges across campus
•
Question sacred cows
•
Incorporate RM into planning – –
Annual, strategic and project planning Ask questions, require annual updates, establish accountability
UNITED EDUCATORS INSURANCE, A RECIPROCAL RISK RETENTION GROUP 15BSD17\28610A
© 2015 ARTHUR J. GALLAGHER & CO. | BUSINESS WITHOUT BARRIERS
4
Framework A business process that expands the core (traditional) concepts of risk management: • • • •
Identify risks and opportunities across the enterprise Assess the impact of the risks to the plans and mission Develop and test mitigation plans Monitor identified risks and consistently scan for emerging risks • Repeat and improve
UNITED EDUCATORS INSURANCE, A RECIPROCAL RISK RETENTION GROUP 15BSD17\28610A
© 2015 ARTHUR J. GALLAGHER & CO. | BUSINESS WITHOUT BARRIERS
5
Risk Management Process (ISO 31000)
Establishing the context
Risk assessment Risk identification Communication and consultation
Risk analysis
Monitoring and review
Risk evaluation
Risk treatment
UNITED EDUCATORS INSURANCE, A RECIPROCAL RISK RETENTION GROUP 15BSD17\28610A
© 2015 ARTHUR J. GALLAGHER & CO. | BUSINESS WITHOUT BARRIERS
6
Roles Senior Administration
• Owns ERM • Department heads involved in operational risks Full Board/Executive Committee
• Sets tone, addresses strategic and governance risks and fills in gaps Standing Committees
• Understand programs and risks Audit Committee
• Owns specific risks and process UNITED EDUCATORS INSURANCE, A RECIPROCAL RISK RETENTION GROUP 15BSD17\28610A
© 2015 ARTHUR J. GALLAGHER & CO. | BUSINESS WITHOUT BARRIERS
7
Community College Risk Register 1. Reputational Risk: a) Assessments and outcomes not meeting expectations b) Governance c) Effective crisis planning/communication
2. Strategic Risk: a) Aging workforce, lack of succession planning b) Misalignment between operations and strategic plans c) Expanding mission to four year degree programs d) Uncertain economic environment e) IT infrastructure investments f) Changing regulatory environment g) Implement Program to support “Full Spectrum Learning” UNITED EDUCATORS INSURANCE, A RECIPROCAL RISK RETENTION GROUP 15BSD17\28610A
© 2015 ARTHUR J. GALLAGHER & CO. | BUSINESS WITHOUT BARRIERS
8
Community College Risk Register 3. Operational Risk: a) Lack of disaster preparedness and BCP b) Minors on campus c) Outside violence coming to campus d) Title IX and sexual assault e) Cyber Security/Breach Response f) International risks
UNITED EDUCATORS INSURANCE, A RECIPROCAL RISK RETENTION GROUP 15BSD17\28610A
© 2015 ARTHUR J. GALLAGHER & CO. | BUSINESS WITHOUT BARRIERS
9
In To Action (5 STEP PROCESS)
1. Establish Organizational Principles and Mandate COMMITMENT 2. Establish leadership Structure and Discussion of erm context - FRAMEWORK 3. Conduct risk assessment and assign of Risk Owners – RISK ASSESSMENT/OWNERS 4. Begin risk treatment and Organizational integration – RISK TREATMENT 5. Follow Consistent Process to MONITOR and IMPROVE UNITED EDUCATORS INSURANCE, A RECIPROCAL RISK RETENTION GROUP 15BSD17\28610A
© 2015 ARTHUR J. GALLAGHER & CO. | BUSINESS WITHOUT BARRIERS
10
1. Commitment
Building the case for ERM Discussion of mandate & commitment Definition of roles
• • • •
UNITED EDUCATORS INSURANCE, A RECIPROCAL RISK RETENTION GROUP 15BSD17\28610A
Begin meeting with ERM leaders to discuss organizational goals and objectives Develop description of benefits and reasons to implement ERM Discuss broad roles of senior administration, risk management, legal, internal audit, and compliance Establish advisory group composition, meeting schedule and initial agenda
© 2015 ARTHUR J. GALLAGHER & CO. | BUSINESS WITHOUT BARRIERS
11
2. Leadership, Framework & Context
ERM leaders and advisory group establish framework, describe context, stakeholders, roles and responsibilities, and implementation plan
•
• •
UNITED EDUCATORS INSURANCE, A RECIPROCAL RISK RETENTION GROUP 15BSD17\28610A
Facilitation of ½-day workshop focused on development of framework, description of context, identification of internal/external stakeholders, discussion of risk criteria and performance measures Establish roles and responsibilities of administrators and other key stakeholders Develop implementation plan
© 2015 ARTHUR J. GALLAGHER & CO. | BUSINESS WITHOUT BARRIERS
12
3. Risk Assessment & Ownership
Begin risk assessment including scope and process, assignment of risk owners, planning for data management, reporting and communication
• • • • •
UNITED EDUCATORS INSURANCE, A RECIPROCAL RISK RETENTION GROUP 15BSD17\28610A
Consult and advise, or facilitate, the risk assessment process through surveys, interviews, and/or workshops Oversee development of risk register in relationship to organizational objectives Facilitate the risk analysis and evaluation/prioritization process Assist in the assignment of risk owners Sample reports developed for advisory group, senior admin, and governing boards
© 2015 ARTHUR J. GALLAGHER & CO. | BUSINESS WITHOUT BARRIERS
13
4. Risk Treatment & Integration
Development and approval of risk treatment plans, training of supervisors, integration into position descriptions, reviews, and employee onboarding
• • • • •
UNITED EDUCATORS INSURANCE, A RECIPROCAL RISK RETENTION GROUP 15BSD17\28610A
Beginning of work on risk treatment plans including risk owner training Leadership approval of priority risk treatment plans Supervisor training materials drafted Position description wording drafted and approved New employee orientation materials developed
© 2015 ARTHUR J. GALLAGHER & CO. | BUSINESS WITHOUT BARRIERS
14
5. Monitor & Improve
Development and incorporation of continuous improvement model, monitoring and review of progress, and assessing communication and engagement
• • • • • •
UNITED EDUCATORS INSURANCE, A RECIPROCAL RISK RETENTION GROUP 15BSD17\28610A
Review existing ERM program Report on congruence with best practices and suggest improvements Evaluate performance management objectives and outcomes Assess progress of risk treatment plans Evaluate accountability and reporting chains Incorporate lessons learned
© 2015 ARTHUR J. GALLAGHER & CO. | BUSINESS WITHOUT BARRIERS
15
Culinary Adventures USE THE ERM PROCESS TO HELP MAKE INFORMED DECISION
College A at the height of the Arab Spring is invited to a culinary arts symposium in Dubai. 2 faculty members and 5 stds. are invited. Symposium concludes with an Int’l “cook off’ competition! College wants to attend but concerned about safety and cost.
UNITED EDUCATORS INSURANCE, A RECIPROCAL RISK RETENTION GROUP 15BSD17\28610A
College B is considering opening a high end restaurant, staffed by professionals as means to attract community members, support functions at Performing Arts Center, expose students to classic restaurant operations. Major financial investment that does not directly support educational mission. © 2015 ARTHUR J. GALLAGHER & CO. | BUSINESS WITHOUT BARRIERS
16
Culinary Adventures • • • • • • • •
College A Mission Consistent Risk Owner Financial Reputational Strategic Compliance Hazard/life safety Risk Treatment
UNITED EDUCATORS INSURANCE, A RECIPROCAL RISK RETENTION GROUP 15BSD17\28610A
• • • • • • • •
College B Mission Consistent Risk Owner Financial Reputational Strategic Compliance Hazard/life safety Risk Treatment © 2015 ARTHUR J. GALLAGHER & CO. | BUSINESS WITHOUT BARRIERS
17
Lessons learned from others: • • • • • • •
Focus on high-impact risks Focus on mitigation/continuity plans Take on the tough issues and sacred cows All risks must have owners Involve other departments in risk register and responses It’s a process and business tool, not a project Set yourself up for some near terms wins
UNITED EDUCATORS INSURANCE, A RECIPROCAL RISK RETENTION GROUP 15BSD17\28610A
© 2015 ARTHUR J. GALLAGHER & CO. | BUSINESS WITHOUT BARRIERS
18
Stay Connected bit.ly/UELinkedIn @UnitedEducators bit.ly/UEYouTube
UNITED EDUCATORS INSURANCE, A RECIPROCAL RISK RETENTION GROUP 15BSD17\28610A
© 2015 ARTHUR J. GALLAGHER & CO. | BUSINESS WITHOUT BARRIERS
19