enterprise risk management for international schools · enterprise risk management: a strategic...
TRANSCRIPT
Enterprise Risk Management for
International Schools
2014 NESA Business Managers’ Conference
Presented by Michael Rodman & Timothy King
Albert Risk Management Consultants
INTRODUCTION
Michael Rodman Principal Consultant
Timothy King Senior Consultant
Albert Risk Management Consultants Independent Risk Management & Insurance Consultants
No Insurance Sold
Objective Advice
Experienced Consultants with International School Focus
2
OUTLINEI. ERM Overview
II. Interactive Session: Risk Analysis
III. Heat Mapping and Risk Analysis Debrief
IV. Foreign Travel: An ERM Perspective
3
ERM: WHAT WE’RE TALKING ABOUT TODAY
Enterprise-Wide Risks
Operational Risks
Insurable Risks
4
ERM: A DEFINITION
Enterprise Risk Management:
a strategic business discipline that supports the achievement of an
organization’s objectives by addressing the full spectrum of its
risks and managing the combined impact of those risks as an
interrelated risk portfolio.
Source: Risk and Insurance Management Society, Inc.
1. Strategic: inextricably linked to the organization’s mission and strategy, which sets risk appetite
2. Disciplined: consistent and structured approach to assess and manage risks and improve decision making
3. Full spectrum: addresses all forms of risk: strategic, financial, operational, technological, compliance, hazard, ...
4. Interrelated: risks are interrelated and must be managed as a whole
5
VALUE OF ERM1. Resiliency and
Sustainability• Uncovering risk and reducing
catastrophic blindside potential
• Protecting reputation and “brand” value
2. Governance• Better understanding and
articulation of stakeholders’ risk appetite/tolerance
• Improved decision making by encouraging appropriate risk/reward analysis
3. Coordination• Prioritizing risk mgmt. efforts
• Coordinating the handling of risk throughout the org
• Filling gaps and eliminating unnecessary redundancies
4. Optimize Use of Capital• Moving beyond silos
• Transferring risk (insurance) when mitigation or retention is not feasible
• Possibly lowering cost of capital
6
SIMPLIFICATON: RISK SILOS
7
Admissions Facilities HRFinance Foreign
Travel
Risk
DecisionsRisk
Decisions
Risk
Decisions
Risk
Decisions
Risk
Decisions
AN ENTERPRISE RISK APPROACH
8
Risk
Decisions
Centralized
Risk Admin.
Finance
Admissions
HR
Foreign
Travel
Establish Context
Identification
AnalysisEvaluation
Treatment
Monitor and
Improve
9
ERM
PROCESS
ALTERNATE ERM PROCESS & OUTSIDE INFLUENCE
ISO 31000:2009 (built on AS/NZS 4360) Outside Influence
10Source: Committee of Sponsoring Organizations
of the Treadway Commission
• Attorneys
• Audit Firms
• Insurance Brokers
• Consultants
• Community Leaders
• Embassy/Consulate
BEFORE YOU START!
You must receive the
support from Board, and
/or top management.
They must participate in
the process.
11
ESTABLISH CONTEXT
Know Your Organization’s:
Vision
Mission
Competitive Environment
Culture
Decision Making Process
Use:
3/5 Year Strategic Plans
Annual Reports
SWOT Analysis
Who:
Those Responsible for Implementation
12
Establish Context
Identification
AnalysisEvaluation
Treatment
Monitor and
Improve
IDENTIFICATION
Make a List of Risks: Not Just Insurable and Not Just Controllable
Financial, Reputational, Economic
Categorize
Receive Input From All Departments
Receive Input from All Org. Levels
Use: Surveys
Interviews
Workshops
Who: Broad Group of Faculty and Staff
Outside Opinions
13
Establish Context
Identification
AnalysisEvaluation
Treatment
Monitor and
Improve
ANALYZE
Impact-Effect on Reputation, Financials, Health/Safety Velocity-How Quickly Will the Impact Be Felt?
Duration-How Long Will the Impact Last?
Insurance- What It the Effect of Insurance?
Frequency-How Often? Controls-What Is In Place to Lessen Frequency?
Use: Risk Register
Who: Outside Opinions
Risk Committee
School Executives
14
Establish Context
Identification
AnalysisEvaluation
Treatment
Monitor and
Improve
RISK ANALYSIS EXERCISE
Prototype School
Identification Phase Complete
Evaluation
Impact
Likelihood
15
Establish Context
Identification
AnalysisEvaluation
Treatment
Monitor and
Improve
SCORING IMPACT (1-5):DEPENDING ON RISK
16
Score Impact Financial Reputation Safety &
Security
1 Negligible Little/No Impact on
Tuition Income
Short-Term
Internal Impact
No Treatment
2 Marginal 5-10% Drop in
Tuition Income
Long-Term
Internal Impact
Minor Injuries
First Aid
3 Serious 10-30% Drop In
Tuition Income
Short-Term
External Impact
Non-Life
Threatening
Injury/Illness
4 Critical +30% Drop In
Tuition Income
Long Term
Internal Impact
Life Threatening
Injury/Illness
5 Catastrophic Income Drop
Forces School
Closure
External Impact
w/ Permanent
Damage
Multiple Serious
Injuries or Death
SCORING FREQUENCY(1-5):
17
Score Frequency Meaning
1 Impossible No Known Occurrences with Us or Similar
Organizations
2 Rare One Occurrence Every 10 or More Years.
Known to Have Occurred at Similar Schools
3 Occasional One Occurrence Every 5-10 Years
4 Common One Occurrence Every 1-5 Years
5 Frequent One or More Occurrences Per Year
EVALUATE
Effectively Prioritize
Determine What Needs Treatment
Use
Heat Mapping
Who
Risk Committee
School Executives
18
Establish Context
Identification
AnalysisEvaluation
Treatment
Monitor and
Improve
RISK APPETITE AND TOLERANCE
Broad Risk Appetite
What types of risks, are we willing to take to accomplish strategic objectives?
Risk Tolerance
What level of risk are we willing to accept?
May be expressed as a low-high range.
The Target level is somewhere between the high and low.
Tolerance
Target
Too high
Too low
20
TREATMENT: SETUP
Assign Risk Owner
Identify Dependencies
Create Timelines
Use
Expanded Risk Register
Information on Current Controls
Who
Risk Committee
Risk Officer
21
Establish Context
Identification
AnalysisEvaluation
Treatment
Monitor and
Improve
TREATMENT
Use
Create & Document Response Plans
Who
Risk Owner
Field Experts/Outside Experts
22
Establish Context
Identification
AnalysisEvaluation
Treatment
Monitor and
Improve
23
Enterprise Risk Management Is
Continuous
Prioritization Changes Over Time &
New Issues Will Emerge
Commitment Must Be Long Term
SUMMARY: ERM TOOLS/TECHNIQUES
Step Considerations Tools
1. Establish
Context
Mission, Vision, Values, Regulatory
&Competitive Environment, Strategic
Objectives, Decision Making Processes
Strategic Plan,
SWOT Analysis
2. Identify What concerns exist?Surveys, Interviews,
Workshops
3. Analyze Impact, Frequency, Controls, Velocity, etc. Risk Registers
4. EvaluateExceed Tolerance Level?
If Yes, Prioritize and Treat
Risk Heat Maps
(also for Monitoring)
5. TreatmentWho Is Responsible for Follow-Through?
What are the dependencies and timelines?Risk Response Plans
6. Monitor Continuous Process24
AN ENTERPRISE RISK APPROACH
25
Risk
Decisions
Centralized
Risk Admin.
Finance
Admissions
HR
Foreign
Travel
Foreign Travel: An ERM Perspective
ENTERPRISE WIDE CONSIDERATIONS Injury to Students Causes Financial and Reputational Loss
Concentration of Students Off-Campus
Risk “Avoidance” Not an Option
Need to Remain Competitive
Part of Comprehensive Academic Program
26
OPERATIONAL RISK CONSIDERATIONS
Pre Trip Visits by Faculty
Parent Releases
Dedicated Employee for Travel Planning
Dedicated Employee (On Campus) for Emergencies
Vendor/Contract Management
27
INSURABLE RISK CONSIDERATIONS Appropriate Limits for Third Party Liability
Worse Case Scenarios
Appropriate Insurance Coverage for Emergency Evacuation
Appropriate Insurance Coverage for Kidnap and Ransom
28
What Keeps You Up At Night?
Critical Risk Management Issues for
International Schools
2014 NESA Business Managers’ Conference
Presented by Michael Rodman & Timothy King
Albert Risk Management Consultants
COMMON RISK MANAGEMENT PITFALLS
30
Territory and Scope of Coverage
Time Element
Abuse and Molestation
Property Valuation
“Cyber” Risks
Time Element Issues
What Next?
Rebuild
Reopen
Recoup
32
Loss Scenario Major Fire
Sprinkler Failure
Office, Classrooms, & Cafeteria Damaged
School Closes
Time Element
33
Property Damage = Rebuild
Extra Expense =Reopen
Business Income Loss = Recoup
Time Element
34
What We Are Hearing: In-House Loss Mitigation Refund Policy
Emergency Fund
Disaster Planning
We Can’t Shut Down
Time ElementTime Element
35
What We See Emergency Fund Needed Elsewhere
Still Can Be Used In a Loss
Refund Policy for Next Term
Disaster Planning Well Done, But Are All Costs Considered?
Can the Plan Get You to 100% Capacity
Time Element
36
Extra Expense
Online Learning Setup
Alternative Location
Temporary Structures
Income Loss
Tuition
Other Income
Teacher Contracts
Continuing Expenses
How Long?
Time Element
37
Potential Coverage Pitfall 12 Month Period of Restoration
Not Realistic In Many Cases
Look at Policies Carefully
Time Element
38
Putting the Puzzle Together: Territory and Scope of Coverage
Typical Local Required Policies
General Liability
Directors and Officers Liability
Workers Compensation
Property
Automobile Liability
Local Policy Issues Scope of Coverage Insufficient
Limited to Certain Activities
Limited Territory
Inadequate Limits
41
Territory & Scope of Coverage
Difference in Condition Policy Issues What are they?
Often: Lack of Regulatory Compliance
No U.S. and Canada Coverage
Potential Solution
42
Territory & Scope of Coverage
D.I.C.
Local Comprehensive
Program
Territory & Scope of Coverage
Issues w/ Coverage Availability
Coverage Territory: U.S. Suits Excluded
Adequacy of Controls
Driving Limits Purchased
Separate, But Not Equal, Terms & Conditions
44
Abuse and Molestation
Issues w/ Coverage Availability Excluded from General/Public Liability
Limited Markets for Dedicated Coverage
Self Insurance Too Risky
Exposure to “Western” Suits
45
Abuse and Molestation
Coverage Territory: U.S. Suits Excluded Most “Occurrences in U.S. Excluded
What About Jurisdiction?
46
Abuse and Molestation
Adequacy of Controls Training Faculty/Staff
Training Students
Boundaries: In Person and on Social Media
Background Checks
Indirect Causes of Liability (e.g. Contractors)
47
Abuse and Molestation
Driving Limits Purchased Think About A Large Loss
What Could Stress Your Current Limits?
Should Exposure Drive Your Purchasing Habits
48
Abuse and Molestation
Separate, But Not Equal, Terms & Conditions Coverage for Innocent Individuals
Lower Limit and Higher Deductibles/Retentions
Claims-made Coverage
Severability
49
Abuse and Molestation
Choice Valuation
Market Value
Depreciated/Book Value
Replacement Cost (New)
Original Cost+ Trend Factor
50
Property Valuation
51
Property Valuation
Must Assume Total Loss
Coverage Pitfalls Actual Cash Value
Average Clause or Coinsurance
Functional Replacement Cost
Understanding “Cyber” Risks’
Wide Reaching Impact
Wide-Reaching Implications Theft of Funds (Computer Crime and Funds Transfer Fraud)
Damage to Critical Systems from Malicious Attack
Damage or Theft of Data
Breach of Personal Information
53
“Cyber” Risks
Theft of Funds Understanding Your Crime Policy
Computer Crime
Electronic Funds Transfer Fraud
Damage to Systems and Data
Look Carefully at Your Property Policy
What Causes of Loss Are Excluded?
54
“Cyber” Risks
Breach of Personal Information Liability: What Are The Damages
Is A Stand-Alone Policy “Worth” It?
Success of Privacy Suits
Can Coverage be Found Elsewhere?
Expanding Regulatory Involvement Internationally
Statutory Fines and Penalties
55
“Cyber” Risks
TheftMalicious
Attacks
Theft of Personal
Information
Regulatory Fines and Penalties
Comprehensive Cyber Program
56
“Cyber” Risks
57
Questions?