2012 ARTHUR J. GALLAGHER & CO. Managing Risk Every Day
OPENING SESSION: Dorothy M. Gjerdrum, ARM-P, CIRM Executive
Director & Risk Consultant
Slide 2
2012 ARTHUR J. GALLAGHER & CO. Agenda What is risk ?? Why
we need to expand our perspective Implications for your operations
A new framework for managing risk Managing Risk Every Day
Slide 3
2012 ARTHUR J. GALLAGHER & CO. Page | 3 Definition of risk
(n) Bing Dictionary Risk [ risk ] 1.Chance of something going
wrong: the danger that injury, damage or loss will occur 2.Hazard:
somebody or something likely to cause injury, damage or loss
3.Chance of loss to insurer: the probability of loss to an insurer
or the amount that an insurer is in danger of losing Synonyms:
danger, jeopardy, peril, hazard, menace, threat
Slide 4
2012 ARTHUR J. GALLAGHER & CO. Page | 4 Risk (n) Concise
Encyclopedia In economics and finance Trading or variability risk
is the amount that the return may vary, up or down, from the
expected return on investment.
Slide 5
2012 ARTHUR J. GALLAGHER & CO. Page | 5 Risk (n) Concise
Encyclopedia In economics and finance Trading or variability risk
is the amount that the return may vary, up or down, from the
expected return on investment.
Slide 6
2012 ARTHUR J. GALLAGHER & CO. Page | 6 Risk (n) Concise
Encyclopedia In economics and finance Trading or variability risk
is the amount that the return may vary, up or down, from the
expected return on investment. And what happens when you take a
risk?
Slide 7
2012 ARTHUR J. GALLAGHER & CO. Risk, in one form or
another, is present in virtually all worthwhile endeavors. 7 We
recognize that not all risk is bad, and our goal is not to
eliminate all risk, for by doing so we would cease all productive
activity. Rather, our goal is to assume risk judiciously, mitigate
it when possible, and prepare ourselves to respond effectively and
efficiently when necessary.
Slide 8
2012 ARTHUR J. GALLAGHER & CO. What is risk? Risk = the
effect of uncertainty on your objectives Objectives = the outcomes
you seek, the highest expression of intent and purpose Uncertainty
= the state of not knowing, a deficiency of information
ISO/ANSI/ASSE 31000:2009 Risk management Principles and
Guidelines
Slide 9
2012 ARTHUR J. GALLAGHER & CO. Page | 9 A closer look at
Uncertainty Makes a clear connection to the environment, the world
and your context There are many causes and sources, internal and
external It recognizes that some/much is out of your direct control
Its a broader view implying both positive and negative consequences
are possible
Slide 10
2012 ARTHUR J. GALLAGHER & CO. Global Uncertainties
Economic Environmental Technological Societal Geopolitical Budget
crises Unfunded mandates Aging infrastructure Banking &
investment failures Supply chain interdependencies Climate change
Natural catastrophes Global pollution Extinction of species
Deforestation Use of natural resources Access to clean water
Political uprisings & changes in governments Terrorism Cyber
warfare Information infrastructure Public data protection Privacy
versus security New/emerging technology Religious conflicts Access
to education Pandemics Speed of change Migration
Slide 11
2012 ARTHUR J. GALLAGHER & CO. Page | 11 World Economic
Forum Global Risks Landscape 2013
Slide 12
2012 ARTHUR J. GALLAGHER & CO.
Slide 13
Page | 13
Slide 14
2012 ARTHUR J. GALLAGHER & CO. Global Uncertainties
Economic Environmental Technological Societal Geopolitical Budget
crises Unfunded mandates Aging infrastructure Banking &
investment failures Supply chain interdependencies Climate change
Natural catastrophes Global pollution Extinction of species
Deforestation Use of natural resources Access to clean water
Political uprisings & changes in governments Terrorism Cyber
warfare Information infrastructure Public data protection Privacy
versus security New/emerging technology Religious conflicts Access
to education Pandemics Speed of change Migration
Slide 15
2012 ARTHUR J. GALLAGHER & CO. Risk is NOT just An event A
consequence A likelihood A vulnerability An exposure A risk source
A hazard, threat or opportunity But rather, the effect of these
upon your objectives
Slide 16
2012 ARTHUR J. GALLAGHER & CO. What is risk? Risk = the
effect of uncertainty on your objectives Objectives = the outcomes
you seek, the highest expression of intent and purpose Uncertainty
= the state of not knowing, a deficiency of information Anything
that could harm, prevent, delay or enhance your ability to achieve
your objectives = risk ISO/ANSI/ASSE 31000:2009 Risk management
Principles and Guidelines
Slide 17
2012 ARTHUR J. GALLAGHER & CO. An opportunity for grant
money for a new curriculum Traditional RM review the contract
(indemnification, hold harmless, waiver, etc.) and place insurance
ERM (or a broader approach to risk) gather stakeholders, assess
risks, make decision, then manage risks An Example a New Way to
Consider Risk
Slide 18
2012 ARTHUR J. GALLAGHER & CO. A Fictitious Scenario re
School Facility Use Page | 18 After several years of their varsity
football team winning state, high school coaches create a series of
summer camps for both players and other coaches Will use school
facilities for sleepovers, food service and sports fields Camp will
include an outing to visit the professional team facility Teaching
coaches will be paid by camp fees and school contract District will
receive some money for facility use Risk Assessment Process
Slide 19
2012 ARTHUR J. GALLAGHER & CO. Reasons to Pursue the
Activity Page | 19 Good exposure of the school and district to
prospective students and parents Revenue generator (and could bring
increased enrollment) It will enhance the athletic program Good for
kids; a good summer activity Support kids athletic development
Increased school activity would reduce vandalism and graffiti
opportunities Opportunities/Benefits
Slide 20
2012 ARTHUR J. GALLAGHER & CO. Potential Damage to School
& Program Objectives Page | 20 Unqualified drivers Who will
chaperone? Food allergies What if canceled? 504 and IEP issues
Student injury Whos responsible? Reputation risk (if bad) Insurance
coverage? Threats Equipment & facility ready for this? District
will get blamed if something bad happens Potential damage to
facility Custodial & logistics support Conflicts with facility
use, scheduled repair, construction What if school was needed for
an emergency purpose?
Slide 21
2012 ARTHUR J. GALLAGHER & CO. Risk Management helps you
discover both threats and opportunities
Slide 22
2012 ARTHUR J. GALLAGHER & CO. (Or a Broader Approach to
Managing Risk) To manage risk more effectively to support
opportunities To identify, assess and prepare for what could go
wrong To focus on whats most important to the organization and its
stakeholders and link key risks to key goals & objectives The
intent of ERM
Slide 23
2012 ARTHUR J. GALLAGHER & CO. Why we need to manage risk
The purpose of managing risk is to increase the likelihood of an
organization achieving its objectives by being in a position to
manage threats and adverse situations and being ready to take
advantage of opportunities that may arise. National Guidance on
Implementing ISO 31000:2009 From NSAI in Ireland
Slide 24
2012 ARTHUR J. GALLAGHER & CO. ISO (International
Organization for Standardization) is the world's largest developer
and publisher of International Standards. Established in 1947, ISO
is a network of the national standards institutes of 159 countries,
one member per country, with a Central Secretariat in Geneva,
Switzerland, that coordinates the system. Framing the Process ISO
31000:2009 International Standard on the Practice of Risk
Management ISO 31004: 2013 Technical Report on the Implementation
of ISO 31000
Slide 25
2012 ARTHUR J. GALLAGHER & CO. Adopted as the US Standard
by ANSI Available from ASSE at www.asse.orgwww.asse.org 25
Slide 26
2012 ARTHUR J. GALLAGHER & CO. ANSI/ASSE/ISO 31000 Risk
Management Principles and Guidelines Introduction Organizations of
all types and sizes face internal and external factors and
influences that make it uncertain whether and when they will
achieve their objectives. The effect this uncertainty has on an
organizations objectives is risk. All activities of an organization
involve risk Page | 26 Managing Risk Every Day
Slide 27
2012 ARTHUR J. GALLAGHER & CO. Making Risk Management
Effective Benefits to Implementing ISO 31000 You engage
stakeholders (internal & external) You focus on objectives or
key strategies You consider opportunities as well as threats
Communication is consistent and constant You continually learn and
improve Everyone is a risk manager! Page | 27
Slide 28
2012 ARTHUR J. GALLAGHER & CO. Components of the ISO
standard The framework manages the overall process and its full
integration into the organization The process for managing risk
focuses on individual or groups of risks, their identification,
analysis, evaluation and treatment Monitoring & review,
continual improvement and communication occur throughout The
principles provide the foundation and describe the qualities of
effective risk management in an organization
Slide 29
2012 ARTHUR J. GALLAGHER & CO. Principles Mandate &
Commitment Design framework for managing risk FrameworkRM Process
Implement risk management Monitor and review the framework
Continually improve the framework Establish the context Communicate
and consultMonitor and review Risk identification Risk analysis
Risk treatment Risk evaluation Risk assessment Creates value
Integral part of organizational processes Part of decision making
Explicitly addresses uncertainty Systematic, structured &
timely Based on best available info Tailored Takes human &
cultural factors into account Transparent & inclusive Dynamic,
iterative & responsive to change Facilitates continual
improvement & enhancement of the org From ANSI/ASSE/ISO
31000
Slide 30
2012 ARTHUR J. GALLAGHER & CO. Why ISO Specifies the
Framework Maps out how the management of risk will be integrated
across the organization Assures that the corporate-wide process is
supported, iterative and effective Details how risk management will
be an active component in governance, strategy and planning,
management, reporting processes, policies, values and culture
Provides for reporting & accountability
Slide 31
2012 ARTHUR J. GALLAGHER & CO. The Framework Includes: The
organization & its context Risk Management Policy
Accountability Integration into organizational processes Resources
Communication & reporting internal Communication &
reporting - external
Slide 32
2012 ARTHUR J. GALLAGHER & CO. Components of the Framework
Understanding the organization & its context Establishing RM
policy Accountability & Authority Integration into
organizational processes Determining appropriate resources
Establishing internal communication & reporting mechanisms
Establishing external communication & reporting mechanisms ISO
31000:2009 Risk management Principles and guidelines
Slide 33
2012 ARTHUR J. GALLAGHER & CO. Framework Example: Context
External Context Social, cultural, political, legal, regulatory,
financial, technological, economic, natural and competitive
environment Key drivers and trends that will have an impact on your
organization Relationships with and perceptions & values of
external stakeholders Internal Context Governance, organizational
structure, roles & accountabilities Policies, objectives &
strategy Capabilities & resources Info systems Organizational
culture Contractual relationships Relationships with, perceptions
& values of internal stakeholders ISO 31000:2009 Risk
management Principles and guidelines
Slide 34
2012 ARTHUR J. GALLAGHER & CO. Example of Framework -
External Uncertain funding sources Affluent county but revenue is
low New state mandates (re students and teachers) but no new
funding Teacher associations & NEA are strong Diversified
geography State politics: a purple state Large exodus of knowledge
with retirements Active and aggressive community population PERA
Poverty vs wealth lots of variation by district Emerging trend: fee
for service Influence of the media Increase in construction A
pro-charter school state
Slide 35
2012 ARTHUR J. GALLAGHER & CO. Example of Framework -
Internal Each school district is different Districts compete with
each other for teachers, students, etc. NEA The pool has both very
large and very small districts Decision making is affected by
public perception (e.g. reactions after Sandy Hook) When budgets
get tight, safety & maintenance get cut Constant leadership
changes Only some districts do strategic planning; we need more
strategic thinking Long-term planning is difficult A push for
innovations re learning lots happening Unpredictable school boards
Keeping up with changing technology is a challenge (both
infrastructure & skills)
Slide 36
2012 ARTHUR J. GALLAGHER & CO. The Risk Management Process
Applies to portfolio of risks and individual risks Begins with the
context always tailored to the organizational environment
Emphasizes continual: Communication & consultation Monitoring
& review Establish the context Communicate and consultMonitor
and review Risk identification Risk analysis Risk treatment Risk
evaluation Risk assessment
Slide 37
2012 ARTHUR J. GALLAGHER & CO. Select Definitions Risk
management = the coordinated activities to direct and control an
organization with regard to risk Risk owner = the person with the
accountability and authority to manage the risk Stakeholder =
Person or organization that can affect, be affected by, or perceive
themselves to be affected by a decision or activity.
Slide 38
2012 ARTHUR J. GALLAGHER & CO. Risk Mgmt & Other
Initiatives RM supports strategic initiatives, mission and goals
and links to them RM can support management processes (e.g.
balanced scorecard, performance management measures) RM will help
build success of key initiatives by identifying barriers and risks
and ways to mitigate them Managing Risk Every Day
Slide 39
2012 ARTHUR J. GALLAGHER & CO. Key concepts of ISO 31000
Risk Management is about supporting opportunities as well as
preventing problems It is tied to business objectives &
strategies and supports them It works within the entitys culture
and will become integral to decision making It will ensure that
Risk Management applies to all levels of the organization and to
all activities
Slide 40
2012 ARTHUR J. GALLAGHER & CO. The Benefits of (Enterprise)
Risk Management Increase likelihood of achieving objectives
Encourage proactive management Be aware of the need to identify and
treat risk throughout the organization Improve the identification
of opportunities & threats Effectively allocate and use
resources Comply with relevant legal and regulatory requirements
and international norms Improve mandatory and voluntary reporting
Improve operational effectiveness & efficiency Improve
stakeholder confidence and trust Establish a reliable basis for
decision making & planning Improve controls Improve governance
ISO/ANSI/ASSE 31000:2009 Risk management Principles and
Guidelines
Slide 41
2012 ARTHUR J. GALLAGHER & CO. In a nutshell All
organizations exist to achieve their objectives. The purpose of
risk management is to manage the barriers to those objectives and
support their achievement.
Slide 42
2012 ARTHUR J. GALLAGHER & CO. Questions? Dorothy Gjerdrum,
ARM-P, CIRM Executive Director Arthur J. Gallagher & Co. Public
Sector 651.642.2999 [email protected]
Slide 43
2012 ARTHUR J. GALLAGHER & CO. SEPTEMBER 12, 2013 Page |
43