to download the presentation

15BSD17\28610A

JOHN MCLAUGHLIN, MANAGING DIRECTOR, ARTHUR J. GALLAGHER

& CO.

A New Framework for

Risk Management

2

15BSD17\28610A

© 2015 ARTHUR J. GALLAGHER & CO. | BUSINESS WITHOUT BARRIERSUNITED EDUCATORS INSURANCE, A RECIPROCAL RISK RETENTION GROUP

“Without guidance an organization’s risk strategy will

be made – and repeatedly redefined accidentally – by

dozens of everyday financial and business decisions.”

McKinsey Survey

Traditional Risk Management

3

15BSD17\28610A


• ERM is a process that seeks to preserve and create value

– Protection of Assets

– Effective Utilization of Resources

– Optimization of Results

• Risk is defined as the effect of uncertainty on objectives

• Ultimate goal is to create a risk aware culture where

consideration of risk is part of the decision making

process

Enterprise Risk Management Approach

4

15BSD17\28610A


• Tone at the top matters; Champions are essential

Principles and Mandate (SAMPLE)

The University is committed to developing and supporting an ERM policy that:

a) incorporates a consistent approach to risk management into the culture and strategic planning

processes of the university that supports decision making and resource allocation at both the strategic

and operational levels.

Or

b) applies a consistent approach to risk management to support the college’s governance responsibilities

for innovation and responsible risk-taking, policy development, programs and objectives. In all cases,

appropriate measures will be put in place to address unfavorable impacts from risks and favorable

benefits from opportunities.

• Understand and embrace specific roles, while building bridges across campus

• Question sacred cows

• Incorporate RM into planning

– Annual, strategic and project planning

– Ask questions, require annual updates, establish accountability

Commitment

5

15BSD17\28610A


A business process that expands the core (traditional)

concepts of risk management:

• Identify risks and opportunities across the enterprise

• Assess the impact of the risks to the plans and mission

• Develop and test mitigation plans

• Monitor identified risks and consistently scan for emerging

risks

• Repeat and improve

Framework

6

15BSD17\28610A


Risk Management

Process (ISO 31000)

Communication

and

consultation

Monitoring and

review

Establishing the context

Risk assessment

Risk identification

Risk analysis

Risk evaluation

Risk treatment

7

15BSD17\28610A


Roles

• Owns ERM

• Department heads involved in operational risks

Senior Administration

• Sets tone, addresses strategic and governance risks and fills in gaps

Full Board/Executive Committee

• Understand programs and risks

Standing Committees

• Owns specific risks and process

Audit Committee

8

15BSD17\28610A


1. Reputational Risk:

a) Assessments and outcomes not meeting expectations

b) Governance

c) Effective crisis planning/communication

2. Strategic Risk:

a) Aging workforce, lack of succession planning

b) Misalignment between operations and strategic plans

c) Expanding mission to four year degree programs

d) Uncertain economic environment

e) IT infrastructure investments

f) Changing regulatory environment

g) Implement Program to support “Full Spectrum Learning”

College Risk Register

9

15BSD17\28610A


3. Operational Risk:

a) Lack of disaster preparedness and BCP

b) Minors on campus

c) Outside violence coming to campus

d) Title IX and sexual assault

e) Cyber Security/Breach Response

f) International risks

College Risk Register

10

15BSD17\28610A


1. Establish Organizational Principles and Mandate -COMMITMENT

2. Establish leadership Structure and Discussion of ermcontext - FRAMEWORK

3. Conduct risk assessment and assign of Risk Owners –RISK ASSESSMENT/OWNERS

4. Begin risk treatment and Organizational integration –RISK TREATMENT

5. Follow Consistent Process to MONITOR and IMPROVE

In To Action (5 STEP PROCESS)

11

15BSD17\28610A


1. Commitment

Building the case for ERM

Discussion of mandate & commitment

Definition of roles

• Begin meeting with ERM leaders to discuss

organizational goals and objectives

• Develop description of benefits and reasons to

implement ERM

• Discuss broad roles of senior administration, risk

management, legal, internal audit, and compliance

• Establish advisory group composition, meeting

schedule and initial agenda

12

15BSD17\28610A


2. Leadership, Framework & Context

ERM leaders and advisory group

establish framework, describe context,

stakeholders, roles and responsibilities,

and implementation plan

• Facilitation of ½-day workshop focused on development

of framework, description of context, identification of

internal/external stakeholders, discussion of risk criteria

and performance measures

• Establish roles and responsibilities of administrators

and other key stakeholders

• Develop implementation plan

13

15BSD17\28610A


3. Risk Assessment & Ownership

Begin risk assessment including scope

and process, assignment of risk owners,

planning for data management, reporting

and communication

• Consult and advise, or facilitate, the risk assessment

process through surveys, interviews, and/or workshops

• Oversee development of risk register in relationship to

organizational objectives

• Facilitate the risk analysis and evaluation/prioritization

process

• Assist in the assignment of risk owners

• Sample reports developed for advisory group, senior

admin, and governing boards

14

15BSD17\28610A


4. Risk Treatment & Integration

Development and approval of risk

treatment plans, training of supervisors,

integration into position descriptions,

reviews, and employee onboarding

• Beginning of work on risk treatment plans including risk

owner training

• Leadership approval of priority risk treatment plans

• Supervisor training materials drafted

• Position description wording drafted and approved

• New employee orientation materials developed

15

15BSD17\28610A


5. Monitor & Improve

Development and incorporation of

continuous improvement model, monitoring

and review of progress, and assessing

communication and engagement

• Review existing ERM program

• Report on congruence with best practices and suggest

improvements

• Evaluate performance management objectives and

outcomes

• Assess progress of risk treatment plans

• Evaluate accountability and reporting chains

• Incorporate lessons learned

16

15BSD17\28610A


Culinary Adventures

College A at the height of the

Arab Spring is invited to a

culinary arts symposium in

Dubai. 2 faculty members and

5 stds. are invited.

Symposium concludes with an

Int’l “cook off’ competition!

College wants to attend but

concerned about safety and

cost.

College B is considering

opening a high end restaurant,

staffed by professionals as

means to attract community

members, support functions at

Performing Arts Center,

expose students to classic

restaurant operations.

Major financial investment

that does not directly

support educational mission.

USE THE ERM PROCESS TO HELP MAKE INFORMED DECISION

17

15BSD17\28610A


Culinary Adventures

College A

• Mission Consistent

• Risk Owner

• Financial

• Reputational

• Strategic

• Compliance

• Hazard/life safety

• Risk Treatment

College B

• Mission Consistent

• Risk Owner

• Financial

• Reputational

• Strategic

• Compliance

• Hazard/life safety

• Risk Treatment

18

15BSD17\28610A


• Focus on high-impact risks

• Focus on mitigation/continuity plans

• Take on the tough issues and sacred cows

• All risks must have owners

• Involve other departments in risk register and responses

• It’s a process and business tool, not a project

• Set yourself up for some near terms wins

Lessons learned from others:

19

15BSD17\28610A


Stay Connected

mailto:[email protected]

Documents

to download the presentation