In-House Counsel s Role in Risk Management. Melanie Osborne - Stoel Rives LLP Lynne Seville, Parker Smith & Feek

Transcription

1 In-House Counsel s Role in Risk Management Melanie Osborne - Stoel Rives LLP Lynne Seville, Parker Smith & Feek

2 What is Risk?

3

4 Risk Management Components Articulate the organization's objectives Identify the risks Assess their impact and likelihood Decide appropriate course of action Communicate effectively Take a strategic view

5 Risk Framework Board Policy Company Strategy Stakeholder Constraints Key Metrics Capital Management Framework and Group Board Policy Align Objectives, Policies and Procedures and Processes Enable Application and Underlying Infrastructure

6 Risk Management and Strategic Processes Risk Identification Risk Measurement Risk Management

7 Internal Environment Risk Management Philosophy Risk Appetite Risk Culture Board of Directors Integrity and Ethical Values Commitment to Competence Value Communicate in words and actions Value Qualitative Quantitative Linked to strategy Independent Active Involved Independent Active Involved Standards of behavior Prerequisite CEO example Incentives Knowledge Skills Trade-offs Management Philosophy and Operating Style Organizational Structure Assignment of Authority and Responsibility Human Resource Policies and Practices Differences in Environment Formal vs. Informal Conservative vs. Aggressive Aligned Reporting lines Centralized/ Decentralized Matrix/Function/ Geography Empowerment Accountability Qualified Training Compensation Incentives and Discipline Management preferences Value judgments Management Styles

8 Objective Setting Strategic Objectives Related Objectives Selected Objectives Risk Appetite Risk Tolerance High-level goals Support mission/ vision Strategic choices Operations Reporting Complianc e Safeguarding of assets Align and support Management decision Growth, risk and return Resource allocation People, process and infrastructur e Acceptable variance Unit of measure of objective

9 Event Identification Events Factors Influencing Strategy and Objectives Methodology and Techniques Event Interdependencies Event Categories Risks and Opportunities Incident Positive and/ or negative impacts Internal External Ongoing Periodic Past and future Supporting tools Triggering events Interrelate Common groupings Negative impact: risks Positive impact: opportunity; offsets to risks

10 Risk Assessment Inherent and Residual Risk Likelihood and Impact Qualitative and Quantitative Methodologies and Techniques Correlation Before management actions After management actions Expected and unexpected Expected, worstcase, distribution Time horizons Unit of measure Observable data Qualitative Quantitative Inherent and residual basis Sequence of events Categories Stress testing Scenarios

11 Risk Response Identify Risk Responses Evaluate Possible Risk Responses Select Response Portfolio View Avoid Impact Management Entity level Reduce decision Share Accept Impact Likelihood Cost versus benefit Innovative responses Entity level Business unit level Inherent and residual basis

12 Control Activities Integration with Risk Response Types of Control Activities General Controls Application Controls Entity- Specific Build directly into management processes Interrelate Policies Procedures Preventative Detective Manual Automatic Information technology (IT) management IT infrastructure Security management Software development & maintenance Completeness Accuracy Authorization Validity Entity specific strategies and objectives Operating environment Complexity of the entity

13 Information and Communication Information Strategic and Integrated Systems Communication Internal External Manual Computerized Formal Informal Information systems architecture Strategic Operational Past and current Level of detail Timeliness Quality Internal External Entity-wide Expectations and responsibilities Framing Means of transmission

14 Monitoring Ongoing Separate Evaluations Reporting Deficiencies Real-time Built-in Day-to-day operations Scope Frequency Self-assessments/ internal auditors Extent of documentation Ongoing External parties Protocols Alternative channels

15 Systematic Risk Management Process

16 Risk Matrix Severity Extreme Very high Moderate Low Negligible Lilkelihoo od Almost certain Severe Severe High Major Moderate Likely Severe High Major Significant Moderate Moderate High Major Significant Moderate Low Unlikely Major Significant Moderate Low Very low Rare Significant Moderate Low Very low Very Low

17 Risk Matrix Manage Risk through Control: Management, monitoring, elimination Almost certain Extreme Very high Moderate Low Negligible Severe Severe High Major Moderate Manage Risk through Processes, Procedures, Technology Likely Severe High Major Significant Moderate Moderate High Major Significant Moderate Low Unlikely Major Significant Moderate Low Very low Rare Significant Moderate Low Very low Very Low Transfer Risk Absorb Risk

18

19 Sample Corporate Risk Management Structure Board of Governors President s Executive Committee Vice Provost President and Vice (Finance -President & Resources) Academic and/or Risk Management Steering Committee Information Technology Operational Risk Management Committee Audit Audit Services Security Services Health, Health, Research Safety & Environment Services Risk Risk Management and Insurance Services Risk Information and Metrics ERM Policies Colleges Operational & Units Units Legal Financial Services Services Facilities Facilities Management Management Services Others

20 Total Cost of Risk Consider the Costs Internal (ex. staff) Service providers (ex. attorneys) Insurance premiums Losses Example -- safety incident resulting in discipline Internal Safety Review: $20,000 (est.) Internal HR/Disciplinary Review: $10,000 (est.) Outside Attorneys: $15,000+ Good will with customers: priceless EPLI Premium: $10,000 (prorated est.) Losses: $35,000 (settling HRC claim) TOTAL: $90,000

21 Role of the Legal Department Contract Management Compliance Templates Contract Review Transfer liability Insurance provisions Safety requirements Identify need for other contracts (ex. NDA) Due Diligence Identify exposures

22 Role of the Legal Department cont d Corporate Governance Policies Organizational Structure Ethics Legal/regulatory Internal Code Contractual In-House role Compliance Legal/regulatory Internal policies Contractual Investigations

23 Role of the Legal Department cont d Potential Risk Management Roles Insurance / Self-Insurance Workers Compensation Safety Loss Control Risk Engineering Business Continuity Disaster Planning Business Continuation Business Recovery

24 Role of the Legal Department cont d Records Management Vital records Disaster recovery plan Litigation holds Retention/destruction Electronic records Litigation / Claims Oversight Insured Uninsured

25 Reviewing Your Relationships Three-legged stool Company/Staff Broker Insurance Carriers Broker/Carrier Role Understand Your Business Understand Value of Risk Management not just insurance

26 Tips for In-House Counsel Closing Tips Understand Risk Management Concepts Not All Risks Are Insured Know Your Insurance Contracts Insured Risks -- Claim Reporting is Key Business Considerations Total Cost of Risk Manage Uninsured Risks Legal Department Role

27 QUESTIONS?