Page 1

Enterprise Risk Management ServiceSource’s Risk Management Program A Plan for Success


Presented by: Scott A. Kuebler, Ph.D. Vice President Safety, Security & Risk Management ServiceSource Email: Skuebler@ourpeoplework.org V Acknowledgement Brad Kuhn – Carnegie Quality http://www.carnegiequality.com For spreadsheet design


What is a risk? Scott’s definition – “The potential for some event to have a significant negative impact on the organization, tangible or intangible, as measured by both its likelihood to occur and its resulting impact.”


What can a risk event impact? A risk event can impact –  Direct cost the organization (loss of revenue, fines, etc.)  Loss of valued physical assets (property loss)  Injury/death to employees or others  Negative impact in the organization’s reputation


Risk impact example Operation: Mail Services Risk Event: Sensitive material lost and potentially exposed to the outside world. Potential Impact: Reputation as it relates to performance. Potential Result: Contract loss; failure to qualify for additional or new.


What is not a risk? • If the event already happened – that’s history and a learning event. • If the event in question is a “certainty” – makes the event part of an existing operational, insurance or similar plan. Example, a scheduled DOL audit is not a “risk” – it is a manageable event. • If the event or issue is generally accepted as “impossible” or “improbable” (a meteor destroying your facility).


Why have a risk management plan? A risk management plan, working in partnership with an organization’s strategic plan, is like upgrading from a paper roadmap to a GPS system. While the roadmap is great at providing needed information to get from point “A” to point “B”, no one would question the wisdom of a GPS system that provides up-to-date directions, with alternatives; real time traffic reports, voice enhanced direction, etc. In short – a proactive risk management plan provides data to allow an organization to identify and then eliminate, mitigate or knowingly accept identified risks; all with the intent on making the organization more adept at success!


What does a risk management plan do? From “Framework for Environmental Health Risk Management�

The Presidential/Congressional Commission on Risk Assessment and Risk Management


Risk management process Steps in the risk management process

Planning

Risk Identification Prioritization

Control & Monitoring

Tracking, Management, Reporting

Closure & Audit


Step One - Planning

• Determine who will be involved in the process (accountability). • Gain management buy-in at every level. • Know how you are going to collect, track, trend and present information. • Align the program with the organization’s mission, vision and strategic goals/objectives.


Step One- Planning Risk Management Process

Planning

Risk Identification Prioritization

Control &

Monitoring

• Responsibilities • Methods • Buy-in • Align with: Mission Vision Strategic Plan

Closure & Audit


Step Two – Identification of Risk • Experience/History • Experts • Brainstorming • Formal Assessments • Surveys


Step Two – Risk Identification Risk Management Process

Planning

Risk Identification Prioritization

• Responsibilities • Methods • Buy-in • Align with: Mission Vision Strategic Plan

• Experience • Experts • Brainstorming • Assessments • Surveys

Control & Monitoring

Closure & Audit


Step Three – Prioritization Two criteria to examine: 1. Probability (likelihood) that the event identified will happen –

Minimal/unlikely to high/very likely

2. Consequence (impact or severity) the event would cause if it happened –

Low or minor impact to high or severe (catastrophic) impact


Step Three – Prioritization

3

Severity of Occurrence

Red 2

Yellow 1

Green 1

2

3

Probability of Occurrence


Step Three – Prioritization

Probability of Occurrence

Consequence of Occurrence Very Low

Low Moderate High Very High

Very Low Low Moderate High Very High Low Risk

Medium Risk

High Risk


Step Three â&#x20AC;&#x201C; Assessment Risk Priority Table Impact Significant Financial loss >$100,000 Impact on organization's reputation Major safety issues w/potential to harm Imposed fines, fraud, crime, etc. Liability exposure & legal actions Significant IT system issues Labor disruption, major contract issues, etc. Moderate Financial loss <$50,000 Safety issues violating OSHA, insurance, etc. Isolated criminal activity/fraud IT issues w/potential to affect ops. Multiple employee grievances Management issues affecting operations Labor & contract issues Minor Financial loss <$10,000 Isolated safety issues w/o potential to harm Non-criminal and non-liability legal issues Minor IT related issues Minor and isolated employee issues Internal audit/inspection issues Misc. issues w/potential to impact ops.

Probability

Impact high likelihood low impact = 7 probability = 3

Impact high likelihood moderate impact = 7 probability = 7

Impact high likelihood high impact = 10 probability = 10

Impact moderate likelihood low impact = 3 probability = 3

Impact moderate likelihood moderate impact = 5 probability = 5

Impact moderate likelihood high impact = 5 probability = 10

Impact low likelihood low impact = 1 probability = 1

Impact low likelihood moderate impact = 3 probability = 5

Impact low likelihood high impact = 3 probability = 10

Likelihood


Step Three – Prioritization Risk Management Process

Planning

Risk Identification Prioritization

• Responsibilities • Methods • Buy-in • Align with: Mission Vision Strategic Plan

• Experience • Probability • Experts • Impact • Brainstorming • Rating System • Assessments Consistent • Surveys Easy Understandable

Control & Monitoring

Closure & Audit


Step Four – Control & Monitoring Four Methods to Control Risk: • Transfer • Mitigate • Accept • Avoid


Step Four â&#x20AC;&#x201C; Control & Monitoring Risk Identification Risk ID

Risk Category

Affiliate/Operation

Risk Description

Owner

Date Raised

Source

1 Operations

Housing boards do not have D&O coverage.

11/01/10

Internal Audit/Review

2 Operations

CARF Certification

11/01/10

Internal Audit/Review

3 Finance

Formalized expenditure and revenue approval process.

11/01/10

External Audit/Review

4 Information Technology

Lack of a readily available method to transmit sensitive data.

11/01/10

Internal Audit/Review

5 Human Resource

Ethics Training Requirements

11/01/01

Internal Audit/Review

6 Operations

Paint booth is out of compliance with NFPA codes

11/01.201External Audit/Review 0

7 Human Resource

Current policy titled "Code of Ethics, Conduct and Corporate Compliance" (300.38) does not contain proper "whistleblower" protection.

11/01/10

Internal Audit/Review


Step Four - Prioritization Impact 5

9

4

Risk Analysis Prob- Matrix ability Score Qualitative Impact 0

3

4

5.00

D&O exposure without coverage and potential risk of losing directors.

12.00

Loss of certification; loss of income streams where this is required; and loss of reputation.

8.00

Lack of a formalized and consistent approval matrix governing expenditures/revenue leaves the organization vulnerable to misuse or misappropriation of funds.


Response Planning Risk Strategy

Response Notes/Plan

Risk Monitoring and Control Status

Notes

Worked with Housing management and our D&O policy in Transfer brokers/carriers to develop Resolved place. and implement an insurance solution. Mitigate

New Quality Manager will be working with each affiliate to ensure CARF compliance.

Mitigate

CFO team is developing a formalized process that will include an authority matrix.

TBD

Issue has been referred to the IT team.

Mitigate

Open

SSRM Team has started safety audits.

Authority matrix Resolved approved and published.

Open

HR developed and implemented a vigorous ethics program with ongoing training. All employees are Resolved now required to receive this training upon hire and then, must take a refresher course annually.


Step Four – Control & Monitoring Risk Management Process

Planning

Risk Identification Prioritization

• Responsibilities • Methods • Buy-in • Align with: Mission Vision Strategic Plan

Control & Monitoring

• Experience • Probability • Experts • Impact • Brainstorming • Rating System • Assessments Consistent • Surveys Easy Understandable

• Categorized • Described • Assigned • Prioritized • Response • Monitored

Closure & Audit


Step Five – Closure Closure or Status Possibilities: • Resolved • Retired • Open • Triggered


Understanding Closure: •

Know in advance what elements are required to “qualify” an issue for closure!

Update the organization’s Risk Management Plan to account for issue closure.

Maintain archives for future reference, auditing and “proof” when required.

External Audit


Step Five – Closure & Audit Risk Management Process

Planning

Risk Identification Prioritization

• Responsibilities • Methods • Buy-in • Align with: Mission Vision Strategic Plan

• Experience • Probability • Experts • Impact • Brainstorming • Rating System • Assessments Consistent • Surveys Easy Understandable

Control & Monitoring

• Categorized • Described • Assigned • Prioritized • Response • Monitored

Closure & Audit

• Understand • Update Plans • Archive • External Review


Resources • Ethics Resource Center - http://www.ethics.org/ • Carnegie Quality - http://www.carnegiequality.com/ • Committee of Sponsoring Organizations of the Treadway Commission (COSO) - http://www.coso.org/ • Nonprofit Risk Management Center - http://www.nonprofitrisk.org/

Scott A. Kuebler Vice President Safety, Security & Risk Management ServiceSource skuebler@ourpoeplework.org


Enterprise Risk Management A Real Life Example Peckham, Inc


Presented By

Jo Sinha Corporate Vice President


Really? Plan for Risk?

• Planning begins with a systematic approach to identification – Simple matrix of potential exposures for various classes of assets/resources • • • • •

Describes the risk Assigns priority level Designates and documents the control mechanism Assigns owners Reporting periods


Risk Identification • Formal Process – Matrix e-mailed to all management staff – Summary of previous year’s events and plan – Facility Team, Safety Team, Cross Team Involvement • Informal Process – Basic question – what keeps you awake at night? – Asked across all levels of the organization – Easier for folks to identify with


Risk Planning • Update the matrix with responses from formal and informal process – example Service Delivery Exposure

Priority

Description

Control

Economic conditions

High

Funding for WIA, PWI, Medicaid, MPRI, JET, SE all at risk

• • • • • • • • •

Visits with elected officials Get out the Vote ACCSES membership Parent group list serve Launch client intranet site for education resources Train more staff in advocacy Train more staff in grant writing Service staff hiring freeze Outcome information available


Internalizing Risk Management • Incorporated into our Business Plan • Integrated into day-to-day operations • Part of our strategy map and balanced scorecard process • Quarterly reporting


Control Mechanisms • Examples Risk = HR identifies national increase in rates of employee lawsuits Controls – Transfer the risk by purchasing Employment Practices insurance – Mitigate the risk by increasing supervisor training


Control Mechanisms • Examples (continued) Risk = High incidences of slip and fall on the apparel floor due to threads and fleece dust Control – Avoid the risk by analyzing cost of slip and fall – New anti-slip floor coating pays for itself, install new floor


Control Mechanisms • Examples (continued) Risk = Misconduct by employees Controls • Mitigate – – – – – –

Annual ethics training Segregation of duties in accounting/strong internal controls Active Board Audit committee EthicsPoint Reporting options Corporate Compliance program Internal audit programs for CARF, ISO standards and MIOSHA

• Transfer – Liability Umbrella

• Avoid – Background and reference checks before hire


Contract/Corporate Compliance â&#x20AC;˘ Know your FAR Clauses


Integrate into Business Systems • ISO Quality Management – – – – –

Supplier performance Contract reviews Document control Standardized processes Internal and external audits

• CARF Accreditation – Standards for Governance, Legal Practices, Risk Management, Corporate Compliance, Quality of programs and services


Strategic Risk Management • Managing risk while maximizing opportunity – Risk inherent in every opportunity – Don’t bet the farm – Take small calculated risks and measure results • Peckham Farms – Purchased extra land for warehouse project – 60 acres available for farming – Planting 3 acres this year – Measure the results against revenue goals – 1-2 year plan, 3-5 year plan, 5-10 year plan


Strategic Risk Management • Last thoughts – – – – –

Share information Look for trends Stay informed Ask questions Build infrastructure to manage risk


Questions? Scott A. Kuebler Vice President Safety, Security & Risk Management ServiceSource skuebler@ourpoeplework.org Jo Sinha Corporate Vice President Peckham, Inc jsinha@peckham.org


Session Evaluation Information

SESSION TITLE: Risk Mgmt SESSION CODE: L-T300

Risk Management Approaches to Enhance CRP Effectiveness-Presentation  

Enterprise Risk Management ServiceSource’s Risk Management Program A Plan for Success Presented by: Acknowledgement Brad Kuhn –Carnegie Qual...

Read more
Read more
Similar to
Popular now
Just for you