Maryland Association of Boards of Education Insurance Programs€¦ · Maryland Association of Boards of ... – ISO 21500 ‐Guidance on Project Management ... Maryland Association

Maryland Association of Boards of Education

Insurance ProgramsENTERPRISE RISK MANAGEMENT

John Magoon, ARM‐(P, E), CBCP, MBCIRisk Management Officer, MABE

[email protected]‐603‐0399

A PERFECT DAY

0

0.2

0.4

0.6

0.8

1

1.2

1 2 3 4 5 6 7 8 9 10

Our Goals

Actual Goal

Maryland Association of Boards of Education 25/11/2015

Your Risk Management Program?

• Do you have a Risk Management Program?• Are Operations Evaluated?• Who Evaluates Proposals?• Who has Authority to Make Decisions?• Is there Leadership?• Management Support?


Traditional Risk Management

• Transfers Risk through buying Insurance• Only Pure Risk not Speculative Risk• Manages Operational and Hazard Risks

– Employee Injuries– Property Losses– Liability Losses– Auto Accidents

• Takes a Defensive Posture



TRADITIONAL RISK MANAGEMENT

• RISK FINANCING– Retention– Contractual Transfer for Risk Financing (Insurance)

• RISK CONTROL– Exposure avoidance– Loss Prevention– Loss Reduction– Segregation of exposures– Contractual Transfer for Risk Control

55/11/2015


Risk Management• What is Risk? • Its about choices – they can be emotional.• Human behavior is driven by “perception of risk”.

• Perception of risk is personal, but often influenced by other forces.

65/11/2015



Risk Management

• ISO31000 defines Risk as….

“The Effect of Uncertainty on Objectives”.

85/11/2015




• 2012 ‐ The institute of Internal Auditors, Inc . and RIMS. Maryland Association of Boards of

Education 125/11/2015

Evolution of ERM• 1987 – ISO 9000 first published• 1992 ‐ COSO publishes Internal Control Framework• 1999

– AS/NZS 4360 ‐ Australian Risk Management Standards

• 2002 ‐ Enron Failed– SOX Section 404 requires companies to provide an assessment of internal risk control measures.

• 2004– Basel II – Established capital requirements for Banks– COSO published ERM Framework


Evolution of ERM

• 2007‐2008 – Financial Crisis –– Dodd Frank requires banks to have Risk Committees– SEC requires companies to disclose board risk oversight activities

– NAIC – “Own Risk and Solvency Assessment”

• 2008 –• BS31100 ‐ British Standard on Risk Management Code

of Practice


Evolution of ERM

• 2009 –– SAS 115 and Solvency II

• SAS 115 ‐ requires public companies to focus on Internal Controls

• Solvency II – EU Regulatory Standard for Insurers

–Basel III• Addresses deficiencies identified after the Financial Crisis


Evolution of ERM

• 2009 – Enterprise Risk Management– ISO 31000:2009 ‐ Principles and Guidelines on Implementation

– ISO/IEC 31010:2009 ‐ Risk Management ‐ Risk Assessment Techniques

– ISO Guide 73:2009 ‐ Risk Management ‐ Vocabulary• 2012 –

– ISO 21500 ‐ Guidance on Project Management – ISO 22301 ‐ Societal Security ‐ Business Continuity Management Systems


ISO’s perspective on Risk Management


Enterprise Risk Management

• For Public Entities?

5/11/2015 Maryland Association of Boards of Education 18

Why ERM?

• The majority of losses are uninsured– Only 20% – 30 % are insurable

• New Global Threats Require a Broad Focus– Pandemics, Cyber Attacks, Global Economy

• We Need all Stakeholders to be Risk Aware– to increase the likelihood of an organization achieving its objectives by being in a position to manage threats and adverse situations and being ready to take advantage of opportunities that may arise.



• Use an ERM Framework during Strategic Planning to align an Organizations risk appetite with inherent risks.

• ERM can: – identify risks and minimize threats– allow an organization to select the most effective methods of deploying Capital

– reduce the cost of Capital – optimize Capital Allocation

• ERM identifies and allows opportunities to be pursued


Peter Drucker, 1963

3 Components of an Effective Manager1. Analyzing available opportunities to produce

results and developing an understanding of their costs.

2. Committing resources to pursue the most promising opportunities.

3. When some lead to results and others do not, deciding which should receive more resources and which should be abandoned.


DIRTFT

• Establish a Culture of:“Do it Right the First Time”





Uninsured Costs (examples)• Employee benefits & wage continuation• Investigation• Supervisory time• Claims handling time• Reports and paperwork• Equipment damage and third‐party liability• Rescheduling staff• Overtime• Retraining• Reduced productivity and morale• Increased workers’ compensation costs• Hiring and selection costs• Reputation


ISO 31000

• A voluntary Standard, not auditable/certifiable• 31000 ‐ Risk Management Principles & Guidelines

• 31004 – Implementation Guide for ISO 31000• 31010 – Risk Assessment Methods• Guide 73 – Risk Management Terminology


ISO 31000 ERM Framework



The Program Needs to be Based on Certain Principles

The Program Needs to be Based on Certain Principles

The Framework requires Support, defines who does what, and provides a continuous process of managing risk

The Framework requires Support, defines who does what, and provides a continuous process of managing risk

295/11/2015

The Process

• After establishing the “Context”, Apply the “Risk Assessment” Process, and continually monitor, review and improve


SWOT Analysis Table

Strengths Weaknesses

Internal List assets, competencies, or attributes that

enhance competivenessPrioritize based on the quality of the strength and the relative importance of the strength

List lacking assets, competencies, or attributes that diminish competiveness.

Prioritize based on the seriousness of the weakness and the relative importance of the

weakness.

Opportunities Threats

External

List conditions that could be exploited to create a competitive advantage.

Prioritize based on the potential of exploiting the opportunities.

List conditions that diminish competitive advantage.

Prioritize based on the seriousness and probability of occurrence.

Note strengths that can be paired with opportunities as areas of competitive

advantage

Note weaknesses that can be paired with threats as risks to be avoided.


http://www.ucop.edu/enterprise‐risk‐management/index.htmlMaryland Association of Boards of

Education 325/11/2015


• It requires Leadership• Collaborate – Use a Risk Committee?• ERM is a Silo Buster! • ERM = “Everyone is a Risk Manager”

• Board, Superintendant, Directors, Staff• Consider “Total Cost of Risk”

– Use: • Key Performance Indicators (KPI’s – Trailing) • Key Risk Indicators (KRI’s ‐ Leading) to measure performance.



Risk and Organizational Goals

• What does “Risk” mean to an Organization?– Governance– Public Perception/Image– Ability to reach goals, or its “Mission”

• Budget efficiency• Ability to provide services ‐ productivity• The quality of services provided• Continuous Improvement?

• Risks are; STRATEGIC – FINANCIAL – OPERATIONAL –COMPLIANCE ‐ REPUTATIONAL

345/11/2015

Questions and Answers

• What can you do?– Elevator speech to sell ERM– Identify and break down Silo’s– Gain Support from Management– Promote the passage of a Policy– Assess Risks– Use measures to track goals and objectives



Insurance ProgramsENTERPRISE RISK MANAGEMENT

QUESTIONS?

John Magoon, ARM‐(P, E), CBCP, MBCIRisk Management Officer, MABE

[email protected]‐603‐0399

Documents

Maryland Association of Boards of Education Insurance Programs€¦ · Maryland Association of Boards of ... – ISO 21500 ‐Guidance on Project Management ... Maryland Association