Charting Your Way Through Risk Assessment?Linda Conrad, Director of Strategic Business Risk, Zurich Global Corporate

Loren Nickel, Google Inc., Director of Analytics

Ward Ching, Aon, Managing Director T

Learning Objectives

• Break down the three components of a risk assessment.

• Contrast techniques based on the risk type, analysis purpose, resource limitations and available information.

• Explore different types of qualitative and quantitative risk assessment methods: Safeway and Zurich case studies

2

Risk Assessment

• Risk assessment is the heart of the risk management process

• It examines the causes and consequences of undesired events, and may provide pointers on how they could be avoided...or optimized!

• The information generated by risk assessment informs or validates the decisions and resource allocations your organization makes.

• Determine which method(s) are suitable for your organization and integrate them in your risk management framework

3

Business life cycle costs

4

RIMS Risk Maturity Model

5

ISO 31000: seven components

Internal Environment / Establishing Context

Objective Setting & Risk Criteria

Risk Identification  

Risk Evaluation

Risk Treatment

Communication & Consultation

Monitoring and Review

6

Assessment components

• Per ISO 31000, the three components of a risk assessment are:

1. Identify– conduct a ‘gross hazard analysis’, a large scope overview of risk

exposures– timing can be critical: before project kickoff, strategy plan or budget

2. Analyze – The appropriate analysis tool is essential to be efficient and effective– prioritize exposures that require further attention and analysis

3. Evaluate – Look at risks with an independent and interconnected approach– Revisit results at different times during a project or business lifecycle

7

Enhance enterprise resilience

• Risk assessment can help you to understand resilience challenges :– emerging issues– market dynamics– supply chain risk management– business continuity– crisis response and more.

• Identify support needed to reduce business disruption risks and costs

• Develop actions and takeaways to help protect your profitability.

• An Enterprise Risk Management (ERM) approach can be very helpful 8

Learning Objectives

• Break down the three components of a risk assessment.

• Contrast techniques based on the risk type, analysis purpose, resource limitations and available information.

• Explore different types of qualitative and quantitative risk assessment methods: Safeway and Zurich case studies

9

Scope perspective• Type of industry / process• Inherent hazard• Breadth of risks• Size and complexity of scope• Depth of analysis• Inductive/deductive

Scope perspective• Team vs. single approach• Documentation required• Time required• Team leader expertise

Selecting a methodology

10

11

• Overview– Fault tree analysis is a ‘top‐down” approach that focuses on a particular undesired event or 

failure (the top event) and aims to determine all the ways in which it could occur.  The fault tree graphically displays the different combinations of base events (causes), which could include equipment failures or human errors that may lead to the top event.  With suitable skill and data, it can be used to quantify the likelihood of the top event.   

• Strengths and weaknesses– A top down deductive technique identifying events or combinations of events that can lead 

to an undesired event– Structured and methodical– Assists in identifying critical elements that can lead to a loss– Time consuming and potentially complex, therefore should only be used in very specific 

circumstances– A skilled analyst is required– The value of the study will be limited if data are of poor quality.  A fault tree cannot provide 

a precise prediction from imprecise data.• Why FTA?

– To identify the root causes and combinations of causes of a major hazard/event that has previously been identified.  Identify and quantify improvements and the value of those improvements to the system.

FTA

12

• Overview– Bow tie analysis provides a simple diagrammatic way of illustrating and analyzing 

an event from the causes to the consequences.  The event is represented in the center (the knot of the bow tie) with the causes and preventative controls to the left and the mitigation controls and consequences to the right.  The technique, whilst not as comprehensive as fault tree analysis or event tree analysis is often easier to understand than these more complex techniques.

• Strengths & weaknesses– Simple to understand– Useful for training and auditing purposes– Focuses attention on barriers (controls) and the links between the causes, 

consequences and controls– Another hazard analysis is normally needed to provide an input to the study– Does not depict where multiple causes are required to occur to cause the event– May oversimplify some more complex scenarios

• Why Bow Tie Analysis?– To provide a clear, visual diagram illustrating the main failure pathways and the 

barriers in place to prevent or mitigate the undesired events. 

Bow Tie Analysis

13

• Overview– Failure Modes and Effects Analysis (FMEA) is a systematic process to identify the failure 

modes of individual plant items (how can this component fail?) and the effects of the failure on the item and rest of the system (what will happen if it does fail?).  The analysis, conducted by a small team, is thorough but time consuming and is most often applied to physical systems such as electrical and mechanical systems, although it can be applied to human failure modes and effects.  

• Strengths and weaknesses– It identifies component failure modes, their causes and effects – Identifies single point failure modes– Can include semi quantitative risk ranking– Not effective in identifying combinations of failures– Can become costly and time consuming unless well controlled– Can become difficult for complex multi layered systems

• Why FMEA?– To identify which failures in systems can lead to undesirable situations, particularly in 

electrical and mechanical processes. 

FMEA

14

• Overview– Hazard and Operability (HAZOP) study is one of the most widely used hazard identification 

methods used within the chemical and many other industries.  It is a structured analysis of a system, process or operation, conducted by a multi‐disciplinary team.  The team proceed on a line by line, step by step based using a firm design, typically at the detailed design stage.  A combination of guidewords (no, less, more etc.) combined with parameters (temperature, pressure, level etc.) are used to identify deviations from normal operation and the associated causes, consequences, safeguards and recommendations.  

• Strengths and weaknesses– Provides a systematic and thorough examination of a system– A range of hazards can be assessed, both physical systems and procedures– The team gains a deep understanding of the system, potentially with better operating 

procedures, faster start‐up and fewer operating problems– High resource requirements, both in personnel and data– Needs to be conducted during a ‘specific’ window in the project lifecycle– Can focus on design rather than wider external issues

• Why HAZOP?– To conduct a detailed analysis of hazards and operational issues, typically during the 

detailed design stage of a project.  Particularly suited to chemical, pharmaceutical, petrochemical and other higher hazard industries. 

HAZOP

15

• Overview– Sometimes referred to as SWIFT (Structured What‐if), it was originally developed 

as a simpler alternative to HAZOP. It is a systematic team‐based study using ‘what‐if’ phrases to investigate how a system, item of plant, organization or procedure will react.  Structure is provided through the use of question categories and a checklist used by the facilitator to prompt further discussion or ‘what‐if’s’.  The technique can be applied to a wide range of scopes at varying stages in the project lifecycle.

• Strengths and weaknesses– Very flexible and can be used at any part of a project lifecycle– A simple technique and relatively quick to conduct– Requires minimal preparation by the study team– It requires an experienced and competent team leader to be efficient– Careful preparation is required by the team leader– The results are qualitative and less detailed than some other techniques

• Why What‐if / Checklist?– To perform a flexible, wide‐ranging, efficient analysis at a higher level and/or 

lower level of detail that an HAZOP or similar technique.  – The technique can include risk rating and risk ranking.

What if / Checklist

16

• Overview– Hazard Analysis and Critical Control Points (HACCP) was developed to ensure 

quality in the food, beverage and more recently the pharmaceutical and medical industry.  It provides a structure to identify hazards and ensure controls are in place at relevant parts of a process to maintain the quality, reliability and safety of a product.  It focuses on the minimization of risk though controls, rather than inspection of the end product.  

• Strengths and weaknesses– A structured process aiding quality control– Focuses on how hazards can be prevented and risks controlled– Many need to be combined with other tools to identify the hazards, risks and 

their significance– The focus of action when control parameters are exceeded may miss gradual 

changes• Why HACCP?

– To perform a detailed hazard analysis on food, beverage, pharmaceutical and medical processes and identify critical process limits that require monitoring.

HACCP

17

• Overview– Event tree analysis is a technique to graphically represent the different possible 

outcomes from a single, selected initiating event.  The event tree represents the various factors such as responses from people or protective systems and presents the possible outcomes clearly.  The approach can be used qualitatively and quantitatively to determine the likelihood of the different consequences.  

• Strengths and weaknesses– It presents a clear picture of the potential outcomes from an initiating event– Structured, methodical yet relatively easy to understand and use– Can account for timing, dependence and domino effects which are more complex 

to represent in fault trees– Needs to be combined with other forms of hazard analysis techniques (identifying 

initiating events)– The path is conditional on the events that occurred at previous branch points

• Why ETA?– To model sequences of events and their potential outcomes.

ETA

18

• Overview– Layers of Protection Analysis (LOPA) is an analytical process normally conducted 

by a small team to review the adequacy of the safeguards for each hazard identified.  It identifies whether additional control or mitigation measures are required by comparing the risk against pre‐determined criteria.  An initial hazard analysis such as HAZOP or ZHA is required to provide an input to the LOPA study.  

• Strengths and weaknesses– It helps focus resource on critical controls (layers of protection)– It requires less time and resource that a fault tree analysis, but us more rigorous 

than some other qualitative techniques.– Can be useful when preparing a ‘safety case’ and a ‘demonstration of adequacy’– Another hazard analysis is needed to provide an input to the study– To be quantified, all layers of protection must be independent (no common mode 

failure)– Aspects of the assessment and quantification can be subjective

• Why LOPA?– To assess the adequacy of controls, particularly where ‘safety instrumented 

systems’ are being used or considered as one of the means of risk reduction. 

LOPA

19

• Overview– ZHA is a team based methodology which encourages analysis of the 360 degrees 

of ‘Total Risk.’  Hazard scenarios are developed and illustrated on a ‘Risk Profile’, the core of the methodology, which graphically highlights risk priorities in the analysis.  The analysis team cover a given scope, applying ’Pathways’ and ’Ticklers’ to ensure a thorough and systematic assessment is realized.

• Strengths and weaknesses– Can be applied to any stage of the product or system lifecycle– Wide ranging analysis scope from occupational safety to product liability– Risks can be quickly prioritised without quantification– It requires an experienced and competent team leader to be efficient– The results are qualitative and can be less detailed than some other techniques

• Why Zurich Hazard Analysis?– To identify hazards in almost any area, including property, liability, employee 

safety, company image, environmental issues and overall financial performance.  • Total Risk Profiling

– A derivative of the ZHA called Total Risk Profiling (TRP) can identify a wider range of vulnerabilities that can impact a company’s balance sheet and brand.

ZHA and TRP

20

Risk analysis tools

21

Bridging the gap: corp. and ops.

22

Learning Objectives

• Break down the three components of a risk assessment.

• Contrast techniques based on the risk type, analysis purpose, resource limitations and available information.

• Explore different types of qualitative and quantitative risk assessment methods: Safeway, Google and Zurich case studies

23

What is Risk – The Safeway Perspective

24

Safeway at a Glance – Pre Albertsons Acquisition

Safeway is One of the largest Food and Drug Retailers in North America

2013 Sales $44.17 Billion1,350 Retail Locations (approx.) Recently exited Canada and

IllinoisAbout 75% of Stores have Pharmacy Operations400 Fuel Stations 12 Distribution Centers20 Manufacturing Facilities:

- Milk - Beverage- Bread - Ice Cream

Approximately 171,000 Employees

25

Pre January 2015 Safeway Footprint

26

Post Albertsons Acquisition Profile

Definitive Agreement for Albertsons Acquisition LLC to purchase Safeway – February 2014

Private Equity sponsored purchased completed January 2015.

– Combination – Albertsons Holdings LLC (Legacy Albertsons and Safeway Assets)

– Combination – New Albertsons Inc., with Safeway Eastern Division

Assets:– 1845 Stores

– 345 Fuel Stations27

Safeway Enterprise Risk Management at a Glance

Corporate Structure:

– Risk Management Operations

• Culture of Safety ‐ Platform

• Property Risk Engineering

• Corporate Safety

• Insurance 

• Environmental

• Regulatory Compliance

– Finance/Accounting

– Claims Management

• SWY is Self‐Insured and Self‐Administered for WC, CGL, AL 28

Albertsons Holdings Risk Finance - Philosophy

Enterprise Risk Perspective

Three Captives:  – Hawaii Domicile – Lehua

– Bermuda Domicile – Milford

• Both captives are well capitalized 

• Underwriting, Investments, Claims Management, Audit, Executive Management structures

– Vermont ‐ Runoff

Moderate to high Retentions on all major lines of coverage.

29

30

31

ExMods applied to retail

32

Zurich’s “EROM” wheel

33

Zurich ERM Diagnostic: benchmark ISO 31000, COSO

34

Zurich enterprise resilience tools

Total Risk Profiling

Risk Room

Nat Cat -Location risk

Profit risk exposure

Business Continuity Planning Disruption understandingBusiness interruption

modeling analysis

Supplier risk assessment

Provides macro country insights, e.g. political stability, economic status, labor situation

Provides exposure information for supplier locations in respect of e.g. floods, earthquakes, windstorm, related transport infrastructure

Helps in the understanding of the level and nature of disruptions in the particular industry or a certain location from a unique database

Enables a company to understand its total supply chain profit exposure in terms of a particular location, country or region

Helps a company model its relevant BI and CBI exposures

Formalised assessment of relevant areas which are part of the due diligence

process within the sourcing activity

Structured approach to defining risk appetite and

prioritisation for dealing with risks in the supply

chain

Value Chain Risk and Profit understanding

35

Zurich Risk Room on the goA simplified, demo version of the full app

Contains 7 predefined scenarios on:

Macroeconomic Imbalances

Political Volatility

Nat. Cat. and Disaster Management

Supply Chain Disruption

Demographic Shifts

Sustainable Growth

Human Capital

Easy to navigate, intuitive interface

Provides the ability to model changes in individual risks to see how they impact other, interconnected risks

Available free of charge to the general public as part of Zurich’s thought leadership innovations and initiatives

Visit www.zurich.com/riskroom or download a free demo for Apple or Android 36

TRP and ZHA methodology

What is Total Risk Profiling and Zurich Hazard Analysis?

a team-based, forward-looking process tool to identify hazards and manage risks.a systemic, repeatable risk identification, quantification and prioritization process

What is its purpose? primary objective is to mitigate risk, but opportunities can be included too.harnesses the collective knowledge of in-house personnel for risk prioritization

When should you use it? scope can be as broad as Board-level strategic issues to the narrow factory floorfor operations, safety, new ventures or project, to help achieve targets or timeline

What is the outcome? help ensure risk “ownership” for solutions and supports budgeting for treatmentteams manage risks proactively to avoid losses to people, property, profit.

37

TRP vs. ZHA: the difference?…just the application. It depends the issues you are addressing. Generally, TRP is used at corporate level, ZHA on the plant floor• TRP is top-down at board /corporate level for broad, long term risks

• focus on risks and opportunities, to embed positive risk culture • used for strategic decisions, opportunities, execution of projects or

plans that could have material effects on the entire business• used internally by all of Zurich Insurance 200+ times per year

• ZHA is a bottoms-up, more detailed analysis.• often shorter term and specific, following “pathways” of risk• Applied in heavy engineering, electronics, chemical / pharma, food and

beverage, banking and insurance, and public sector• For systematic analysis of potential hazards of new or existing:

products, systems, business operations, manufacturing sites, procedures, project management, safety, processes, etc…

38

TRP and ZHA for cyber risk

39

How the methodology works

Visit www.ZurichERM.com and www.SupplyChainRiskInsights.com40

The process

1

2

3

4

5

6

7

Preparation: Define purpose and scope

Preparation: Select the team

Identify/Assess: Define risk scenarios, quantify severity and probability

Rank: Build the risk profile, set risk tolerance boundary and plot each risk

Improve: Develop risk improvement actions and plot target risks

Improve: Implement the risk improvement actions

Review the analysis41

Prob

abili

ty

Severity

A

B

C

D

E

F

IV III II I

Target Risk Profile

Improving risk profiles

Prob

abili

ty

Severity

A

B

C

D

E

F

IV III II I

Current Risk Profile

1

4,6

8 3 7

2,5

1

5

6 4

3

8 7

2

42

The proof is in the results

• Using Total Risk Profiling, Zurich moved from an asset-based approach to risk-based approach for operational risk quantification and capital allocation

• One Zurich business unit reduced operational risk-based capital (RBC) consumption by 21.7 percent

• The business unit then identified high risk exposures, performed a deeper assessment and developed mitigation

• They had an additional reduction of 28.9 % in operational RBC consumption

• Capital not consumed was then available to fund profitable growth for Zurich.

43

2010 – E&O Current23 covers

$ in

milli

ons

Imi grows up

44

Deciding what to keep, what to transfer

Seve

rity

Frequency

Retain

Share

Transfer

Tax benefits

Administrative costsTax benefits

Control and flexibility

Access to capacity

Administrative costs

Capital

45

Risk Challenges

● Risks not contemplated by insurance companies

● Beta/test periods before smaller live launches

● Quick to market solutions which doesn’t match slow regulatory environment

● Some products are seen as beneficial to insurance companies and others are not, so not all insurance companies are supportive of product potential

● Wide variety of risks, many new and emerging are difficult to handle for any one insurance company

46

Moonshot Culture

47

48

Captive Solutions

● Allow for greater freedom of terms, better pricing and availability

● Allow for beta testing and smaller launches, do not need immediate scale

● Very quick to market solutions, faster than any insurance company

● Partner with insurance companies on fronting, where needed or desired

● Wide variety of risks are beneficial for the captive, as it allows for a portfolio effect and is a better use of capital

● On‐staff actuarial resources ensure risk taking is not excessive and is in line with capital requirements

49

Questions?

50