Enterprise Risk Management for International Schools

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Enterprise Risk Management for International Schools"

Transcription

1 Enterprise Risk Management for International Schools 2014 NESA Business Managers Conference Presented by Michael Rodman & Timothy King Albert Risk Management Consultants

2 INTRODUCTION Michael Rodman Principal Consultant Timothy King Senior Consultant Albert Risk Management Consultants Independent Risk Management & Insurance Consultants No Insurance Sold Objective Advice Experienced Consultants with International School Focus 2

3 OUTLINE I. ERM Overview II. III. IV. Interactive Session: Risk Analysis Heat Mapping and Risk Analysis Debrief Foreign Travel: An ERM Perspective 3

4 ERM: WHAT WE RE TALKING ABOUT TODAY Enterprise- Wide Risks Operational Risks Insurable Risks 4

5 ERM: A DEFINITION Enterprise Risk Management: a strategic business discipline that supports the achievement of an organization s objectives by addressing the full spectrum of its risks and managing the combined impact of those risks as an interrelated risk portfolio. Source: Risk and Insurance Management Society, Inc. 1. Strategic: inextricably linked to the organization s mission and strategy, which sets risk appetite 2. Disciplined: consistent and structured approach to assess and manage risks and improve decision making 3. Full spectrum: addresses all forms of risk: strategic, financial, operational, technological, compliance, hazard, Interrelated: risks are interrelated and must be managed as a whole 5

6 VALUE OF ERM 1. Resiliency and Sustainability Uncovering risk and reducing catastrophic blindside potential Protecting reputation and brand value 2. Governance Better understanding and articulation of stakeholders risk appetite/tolerance Improved decision making by encouraging appropriate risk/reward analysis 3. Coordination Prioritizing risk mgmt. efforts Coordinating the handling of risk throughout the org Filling gaps and eliminating unnecessary redundancies 4. Optimize Use of Capital Moving beyond silos Transferring risk (insurance) when mitigation or retention is not feasible Possibly lowering cost of capital 6

7 SIMPLIFICATON: RISK SILOS Finance Admissions Facilities HR Foreign Travel Risk Decisions Risk Decisions Risk Decisions Risk Decisions Risk Decisions 7

8 AN ENTERPRISE RISK APPROACH Centralized Risk Admin. Admissions Foreign Travel Finance HR Risk Decisions 8

9 Monitor and Improve Establish Context Treatment ERM PROCESS Identification Evaluation Analysis 9

10 ALTERNATE ERM PROCESS & OUTSIDE INFLUENCE ISO 31000:2009 (built on AS/NZS 4360) Outside Influence Attorneys Audit Firms Insurance Brokers Consultants Community Leaders Embassy/Consulate Source: Committee of Sponsoring Organizations of the Treadway Commission 10

11 BEFORE YOU START! You must receive the support from Board, and /or top management. They must participate in the process. 11

12 ESTABLISH CONTEXT Know Your Organization s: Vision Mission Competitive Environment Culture Decision Making Process Use: 3/5 Year Strategic Plans Annual Reports SWOT Analysis Who: Treatment Those Responsible for Implementation Monitor and Improve Evaluation Establish Context Analysis Identification 12

13 IDENTIFICATION Make a List of Risks: Not Just Insurable and Not Just Controllable Financial, Reputational, Economic Categorize Receive Input From All Departments Receive Input from All Org. Levels Use: Surveys Interviews Workshops Who: Broad Group of Faculty and Staff Outside Opinions Treatment Monitor and Improve Evaluation Establish Context Analysis Identification 13

14 ANALYZE Impact-Effect on Reputation, Financials, Health/Safety Velocity-How Quickly Will the Impact Be Felt? Duration-How Long Will the Impact Last? Insurance- What It the Effect of Insurance? Frequency-How Often? Controls-What Is In Place to Lessen Frequency? Use: Risk Register Who: Outside Opinions Risk Committee School Executives Treatment Monitor and Improve Establish Context Identification Evaluation Analysis 14

15 RISK ANALYSIS EXERCISE Prototype School Identification Phase Complete Evaluation Impact Likelihood Monitor and Improve Establish Context Treatment Identification Evaluation Analysis 15

16 SCORING IMPACT (1-5): DEPENDING ON RISK Score Impact Financial Reputation Safety & Security 1 Negligible Little/No Impact on Tuition Income Short-Term Internal Impact No Treatment 2 Marginal 5-10% Drop in Tuition Income Long-Term Internal Impact Minor Injuries First Aid 3 Serious 10-30% Drop In Tuition Income 4 Critical +30% Drop In Tuition Income Short-Term External Impact Long Term Internal Impact Non-Life Threatening Injury/Illness Life Threatening Injury/Illness 5 Catastrophic Income Drop Forces School Closure External Impact w/ Permanent Damage Multiple Serious Injuries or Death 16

17 SCORING FREQUENCY(1-5): Score Frequency Meaning 1 Impossible No Known Occurrences with Us or Similar Organizations 2 Rare One Occurrence Every 10 or More Years. Known to Have Occurred at Similar Schools 3 Occasional One Occurrence Every 5-10 Years 4 Common One Occurrence Every 1-5 Years 5 Frequent One or More Occurrences Per Year 17

18 EVALUATE Effectively Prioritize Determine What Needs Treatment Use Heat Mapping Who Risk Committee School Executives Treatment Monitor and Improve Establish Context Identification Evaluation Analysis 18

19

20 RISK APPETITE AND TOLERANCE Broad Risk Appetite What types of risks, are we willing to take to accomplish strategic objectives? Risk Tolerance What level of risk are we willing to accept? May be expressed as a lowhigh range. The Target level is somewhere between the high and low. Too high Tolerance Too low Target 20

21 TREATMENT: SETUP Assign Risk Owner Identify Dependencies Create Timelines Use Expanded Risk Register Information on Current Controls Who Risk Committee Risk Officer Treatment Monitor and Improve Establish Context Identification Evaluation Analysis 21

22 TREATMENT Use Create & Document Response Plans Who Risk Owner Field Experts/Outside Experts Monitor and Improve Establish Context Treatment Identification Evaluation Analysis 22

23 Enterprise Risk Management Is Continuous Prioritization Changes Over Time & New Issues Will Emerge Commitment Must Be Long Term 23

24 SUMMARY: ERM TOOLS/TECHNIQUES Step Considerations Tools 1. Establish Context Mission, Vision, Values, Regulatory &Competitive Environment, Strategic Objectives, Decision Making Processes Strategic Plan, SWOT Analysis 2. Identify What concerns exist? Surveys, Interviews, Workshops 3. Analyze Impact, Frequency, Controls, Velocity, etc. Risk Registers 4. Evaluate 5. Treatment Exceed Tolerance Level? If Yes, Prioritize and Treat Who Is Responsible for Follow-Through? What are the dependencies and timelines? Risk Heat Maps (also for Monitoring) Risk Response Plans 6. Monitor Continuous Process 24

25 AN ENTERPRISE RISK APPROACH Centralized Risk Admin. Foreign Travel Foreign Travel: An ERM Perspective Admissions Finance HR Risk Decisions 25

26 ENTERPRISE WIDE CONSIDERATIONS Injury to Students Causes Financial and Reputational Loss Concentration of Students Off-Campus Risk Avoidance Not an Option Need to Remain Competitive Part of Comprehensive Academic Program 26

27 OPERATIONAL RISK CONSIDERATIONS Pre Trip Visits by Faculty Parent Releases Dedicated Employee for Travel Planning Dedicated Employee (On Campus) for Emergencies Vendor/Contract Management 27

28 INSURABLE RISK CONSIDERATIONS Appropriate Limits for Third Party Liability Worse Case Scenarios Appropriate Insurance Coverage for Emergency Evacuation Appropriate Insurance Coverage for Kidnap and Ransom 28

29 What Keeps You Up At Night? Critical Risk Management Issues for International Schools 2014 NESA Business Managers Conference Presented by Michael Rodman & Timothy King Albert Risk Management Consultants

30 COMMON RISK MANAGEMENT PITFALLS Time Element Territory and Scope of Coverage Abuse and Molestation Property Valuation Cyber Risks 30

31 Time Element Issues

32 What Next? Rebuild Reopen Recoup 32

33 Time Element Loss Scenario Major Fire Sprinkler Failure Office, Classrooms, & Cafeteria Damaged School Closes 33

34 Time Element Property Damage = Rebuild Extra Expense =Reopen Business Income Loss = Recoup 34

35 Time Time Element Element What We Are Hearing: In-House Loss Mitigation Refund Policy Emergency Fund Disaster Planning We Can t Shut Down 35

36 Time Element What We See Emergency Fund Needed Elsewhere Still Can Be Used In a Loss Refund Policy for Next Term Disaster Planning Well Done, But Are All Costs Considered? Can the Plan Get You to 100% Capacity 36

37 Time Element Extra Expense Online Learning Setup Alternative Location Temporary Structures Income Loss Tuition Other Income Teacher Contracts Continuing Expenses How Long? 37

38 Time Element Potential Coverage Pitfall 12 Month Period of Restoration Not Realistic In Many Cases Look at Policies Carefully 38

39 Putting the Puzzle Together: Territory and Scope of Coverage

40 Typical Local Required Policies General Liability Directors and Officers Liability Workers Compensation Property Automobile Liability

41 Territory & Scope of Coverage Local Policy Issues Scope of Coverage Insufficient Limited to Certain Activities Limited Territory Inadequate Limits 41

42 Territory & Scope of Coverage Difference in Condition Policy Issues What are they? Often: Lack of Regulatory Compliance No U.S. and Canada Coverage Potential Solution 42

43 Territory & Scope of Coverage Local D.I.C. Comprehensive Program

44 Abuse and Molestation Issues w/ Coverage Availability Coverage Territory: U.S. Suits Excluded Adequacy of Controls Driving Limits Purchased Separate, But Not Equal, Terms & Conditions 44

45 Abuse and Molestation Issues w/ Coverage Availability Excluded from General/Public Liability Limited Markets for Dedicated Coverage Self Insurance Too Risky Exposure to Western Suits 45

46 Abuse and Molestation Coverage Territory: U.S. Suits Excluded Most Occurrences in U.S. Excluded What About Jurisdiction? 46

47 Abuse and Molestation Adequacy of Controls Training Faculty/Staff Training Students Boundaries: In Person and on Social Media Background Checks Indirect Causes of Liability (e.g. Contractors) 47

48 Abuse and Molestation Driving Limits Purchased Think About A Large Loss What Could Stress Your Current Limits? Should Exposure Drive Your Purchasing Habits 48

49 Abuse and Molestation Separate, But Not Equal, Terms & Conditions Coverage for Innocent Individuals Lower Limit and Higher Deductibles/Retentions Claims-made Coverage Severability 49

50 Property Valuation Choice Valuation Market Value Depreciated/Book Value Replacement Cost (New) Original Cost+ Trend Factor 50

51 Property Valuation Must Assume Total Loss Coverage Pitfalls Actual Cash Value Average Clause or Coinsurance Functional Replacement Cost 51

52 Understanding Cyber Risks Wide Reaching Impact

53 Wide-Reaching Implications Theft of Funds (Computer Crime and Funds Transfer Fraud) Damage to Critical Systems from Malicious Attack Damage or Theft of Data Breach of Personal Information Cyber Risks 53

54 Theft of Funds Understanding Your Crime Policy Computer Crime Electronic Funds Transfer Fraud Cyber Risks Damage to Systems and Data Look Carefully at Your Property Policy What Causes of Loss Are Excluded? 54

55 Cyber Risks Breach of Personal Information Liability: What Are The Damages Is A Stand-Alone Policy Worth It? Success of Privacy Suits Can Coverage be Found Elsewhere? Expanding Regulatory Involvement Internationally Statutory Fines and Penalties 55

56 Cyber Risks Theft Malicious Attacks Theft of Personal Information Regulatory Fines and Penalties Comprehensive Cyber Program 56

57 Questions? 57

Analyzing Risks in Healthcare. February 12, 2014

Analyzing Risks in Healthcare. February 12, 2014 Analyzing s in Healthcare February 12, 2014 1 Content What is Enterprise Management (ERM) ERM Benefits ERM Standards / ISO 31000:2009 ERM Process Register ERM Governance Model s Q&A 2 What is Enterprise

More information

Risk Management Policy and Framework

Risk Management Policy and Framework Risk Management Policy and Framework December 2014 phone 1300 360 605 08 89589500 email info@centraldesert.nt.gov.au location 1Bagot Street Alice Springs NT 0870 post PO Box 2257 Alice Springs NT 0871

More information

Risk Management: Coordinated activities to direct and control an organisation with regard to risk.

Risk Management: Coordinated activities to direct and control an organisation with regard to risk. POLICY CG01 RISK MANAGEMENT Document Control Statement This Policy is maintained by the Governance and Organisational Strategy. Any printed copy may not be up to date and you are advised to check the electronic

More information

POLICY. Number: 7311-10-005 Title: Enterprise Risk Management. Authorization

POLICY. Number: 7311-10-005 Title: Enterprise Risk Management. Authorization POLICY Number: 7311-10-005 Title: Enterprise Risk Management Authorization [ ] President and CEO [ X] Vice President, Finance and Corporate Services Source: Director, Enterprise Risk Management Cross Index:

More information

POL ENTERPRISE RISK MANAGEMENT SC51. Executive Services Department BUSINESS UNIT: Executive Support Services SERVICE UNIT:

POL ENTERPRISE RISK MANAGEMENT SC51. Executive Services Department BUSINESS UNIT: Executive Support Services SERVICE UNIT: POL ENTERPRISE RISK MANAGEMENT SC51 POLICY CODE: SC51 DIRECTORATE: Executive Services Department BUSINESS UNIT: Executive Support Services SERVICE UNIT: Executive Support Services RESPONSIBLE OFFICER:

More information

ERM Program. Enterprise Risk Management Guideline

ERM Program. Enterprise Risk Management Guideline ERM Program Enterprise Management Guideline Table of Contents PREAMBLE... 2 When should I refer to this Guideline?... 3 Why do we need a Guideline?... 4 How do I use this Guideline?... 4 Who is responsible

More information

Enterprise Risk Management

Enterprise Risk Management 2013 Government Accounting and Auditing Update Enterprise Risk Management Understanding and Implementing an ERM Framework Mike Sargent, Director- CliftonLarsonAllen May 2013 cliftonlarsonallen.com Discussion

More information

Zurich Public Sector Solution

Zurich Public Sector Solution Zurich Public Sector Solution Solutions for an Evolving Public Sector Managing risk for a Public Sector entity has taken on an unprecedented level of complexity. Consider for a moment the evolving risks

More information

Enterprise Risk Management Handbook. June, 2010

Enterprise Risk Management Handbook. June, 2010 Enterprise Risk Management Handbook June, 2010 Table of Contents Overview... 4 What is Enterprise Risk Management?... 5 Why Undertake Enterprise Risk Management?... 6 Draft UW System ERM Vision, Mission,

More information

The Lowitja Institute Risk Management Plan

The Lowitja Institute Risk Management Plan The Lowitja Institute Risk Management Plan 1. PURPOSE This Plan provides instructions to management and staff for the implementation of consistent risk management practices throughout the Lowitja Institute

More information

Risk Methodology. Contents. Introduction... 2. The Risk Management Structure... 2. The Risk Management Cycle... 2. Methodology...

Risk Methodology. Contents. Introduction... 2. The Risk Management Structure... 2. The Risk Management Cycle... 2. Methodology... Risk Methodology Contents Introduction... 2 The Risk Management Structure... 2 The Risk Management Cycle... 2 Methodology... 3 Appendix 1...5 Definition of Controls... 5 Appendix 2...6 Definition of Impact...

More information

WHS Risk Assessment and Control Form

WHS Risk Assessment and Control Form WHS Risk Assessment and Control Form Step 1: Who has conducted the Risk Assessment Risk Assessment completed by (name): Staff / Student Number: Signature: Date: Step 4: Documentation and initial approval

More information

Managing Cyber Security as a Business Risk: Cyber Insurance in the Digital Age

Managing Cyber Security as a Business Risk: Cyber Insurance in the Digital Age Managing Cyber Security as a Business Risk: Cyber Insurance in the Digital Age Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: August 2013

More information

Policy 10.105: Enterprise Risk Management Policy

Policy 10.105: Enterprise Risk Management Policy Name: Responsibility: Complements: Enterprise Risk Management Framework Coordinator, Enterprise Risk Management Policy 10.105: Enterprise Risk Management Policy Date: November 2006 Revision Date(s): January

More information

Hanover Human Services Advantage. Professional Liability, General Liability, and Abuse & Molestation Coverage

Hanover Human Services Advantage. Professional Liability, General Liability, and Abuse & Molestation Coverage Hanover Human Services Advantage Professional Liability, General Liability, and Abuse & Molestation Coverage HANOVER HUMAN SERVICES ADVANTAGE Avoid being blind-sided by the unforeseen. Your job is to help

More information

The Changing Landscape for Trade Compliance Enterprise Risk (and Opportunity) Management

The Changing Landscape for Trade Compliance Enterprise Risk (and Opportunity) Management The Changing Landscape for Trade Compliance Enterprise Risk (and Opportunity) Management API International Trade and Customs Conference H. Michael Leightman, Partner Customs and International Trade Practice

More information

Risk Assessment & Enterprise Risk Management

Risk Assessment & Enterprise Risk Management Risk Assessment & Enterprise Risk 1 Healthcare Corporate Governance Today s environment requires building a culture of risk awareness and management of risk across the organization, while formulating less

More information

Risk Management - Board & Management Responsibilities Murray Short, MBA, CPA CA Not-for-Profit Partner RLB LLP

Risk Management - Board & Management Responsibilities Murray Short, MBA, CPA CA Not-for-Profit Partner RLB LLP Risk Management - Board & Management Responsibilities Murray Short, MBA, CPA CA Not-for-Profit Partner RLB LLP 2 AGENDA About RLB / About Our Not-for-Profit Team Defining Risk Types of Organizational Risk

More information

Maryland Association of Boards of Education Insurance Programs

Maryland Association of Boards of Education Insurance Programs Insurance Programs ENTERPRISE RISK MANAGEMENT John Magoon, ARM (P, E), CBCP, MBCI Risk Management Officer, MABE jmagoon@mabe.org 443 603 0399 A PERFECT DAY Our Goals 1.2 1 0.8 0.6 0.4 0.2 0 Actual Goal

More information

Coverage Options. Setting the Standard for Church Insurance since 1972

Coverage Options. Setting the Standard for Church Insurance since 1972 Coverage Options Over 6,000 churches and Christian charities from coast to coast in Canada choose the comprehensive protection, premium savings and complete confidence provided by Church Protection Plus.

More information

How to Develop Successful Enterprise Risk and Vendor Management Programs

How to Develop Successful Enterprise Risk and Vendor Management Programs Project Management Institute New York City Chapter January 2014 Chapter Meeting How to Develop Successful Enterprise Risk and Vendor Management Programs Christina S. Kite Senior Vice President Corporate

More information

Distributor Liability Contract Risk Management THOMAS DOUGLASS APRIL 15, 2015

Distributor Liability Contract Risk Management THOMAS DOUGLASS APRIL 15, 2015 Distributor Liability Contract Risk Management THOMAS DOUGLASS APRIL 15, 2015 Today s Agenda What are we talking about today? What is Risk Evolution of risk management Understand the importance of Risk

More information

Risk Based Internal Auditing & Enterprise Risk

Risk Based Internal Auditing & Enterprise Risk Risk Based Internal Auditing & Enterprise Risk Management PRESENTERS: JUDITH NELSON, UNIVERSITY MANAGEMENT AUDITOR DWIGHT WALTERS, MANAGER, PROJECTS & COMMERCIAL OPERATIONS What we will cover today: 1.

More information

FlyntGroup.com. Enterprise Risk Management and Business Impact Analysis: Understanding, Treating and Monitoring Risk

FlyntGroup.com. Enterprise Risk Management and Business Impact Analysis: Understanding, Treating and Monitoring Risk Enterprise Risk Management and Business Impact Analysis: Understanding, Treating and Monitoring Risk 2012 The Flynt Group, Inc., All Rights Reserved FlyntGroup.com Enterprise Risk Management and Business

More information

Mitigating and managing cyber risk: ten issues to consider

Mitigating and managing cyber risk: ten issues to consider Mitigating and managing cyber risk: ten issues to consider The board of directors is responsible for managing and mitigating risk exposure. A recent study conducted by the Ponemon Institute 1 revealed

More information

Sample Enterprise Risk Management Work Plan Fiscal Years 20XX and 20YY Revised June 2009. Internal Environment / Objectives Setting

Sample Enterprise Risk Management Work Plan Fiscal Years 20XX and 20YY Revised June 2009. Internal Environment / Objectives Setting STRATEGIC OPERATIONS REPORTING Internal Environment Objective Setting Event Identification Risk Assessment Risk Response Control Activities Information & Communication COMPLIANCE DEPARTMENT SCHOOL CAMPUS

More information

THE UNIVERSITY OF CALIFORNIA ERM PROGRAM REDUCES THE COSTS OF RISK AND BORROWING

THE UNIVERSITY OF CALIFORNIA ERM PROGRAM REDUCES THE COSTS OF RISK AND BORROWING THE UNIVERSITY OF CALIFORNIA ERM PROGRAM REDUCES THE COSTS OF RISK AND BORROWING BY JOHN BUGALLA AND KRISTINA NARVAEZ In December 2005, the University of California s Department of Risk Management was

More information

University of St. Gallen Law School Law and Economics Research Paper Series. Working Paper No. 2008-19 June 2007

University of St. Gallen Law School Law and Economics Research Paper Series. Working Paper No. 2008-19 June 2007 University of St. Gallen Law School Law and Economics Research Paper Series Working Paper No. 2008-19 June 2007 Enterprise Risk Management A View from the Insurance Industry Wolfgang Errath and Andreas

More information

Strategic Risk Management for School Board Trustees

Strategic Risk Management for School Board Trustees Strategic Management for School Board Trustees A Management Process Framework May, 2012 Table of Contents Introduction Page I. Purpose....................................... 3 II. Applicability and Scope............................

More information

Enterprise Risk Management (ERM) & Compliance

Enterprise Risk Management (ERM) & Compliance Enterprise Risk Management (ERM) & Compliance Mid Atlantic Regional Meeting, May 1, 2015 Society of Corporate Compliance and Ethics Jason Lunday, consultant Compliance Opportunities in ERM Increase compliance

More information

The PNC Financial Services Group, Inc. Business Continuity Program

The PNC Financial Services Group, Inc. Business Continuity Program The PNC Financial Services Group, Inc. Business Continuity Program 1 Content Overview A. Introduction Page 3 B. Governance Model Page 4 C. Program Components Page 4 Business Impact Analysis (BIA) Page

More information

The College of New Jersey Enterprise Risk Management and Higher Education For Discussion Purposes Only January 2012

The College of New Jersey Enterprise Risk Management and Higher Education For Discussion Purposes Only January 2012 The College of New Jersey Enterprise Risk Management and Higher Education For Discussion Purposes Only Agenda Introduction Basic program components Recent trends in higher education risk management Why

More information

The promise and pitfalls of cyber insurance January 2016

The promise and pitfalls of cyber insurance January 2016 www.pwc.com/us/insurance The promise and pitfalls of cyber insurance January 2016 2 top issues The promise and pitfalls of cyber insurance Cyber insurance is a potentially huge but still largely untapped

More information

Professional Liability Protection

Professional Liability Protection Professional Liability Protection Brian Anzellotti Business Development Manager Chartis Private Client Group Average agency E&O claim through June 2008 was $50,000; defense cost average $11,000 6 out of

More information

Coping with a major business disruption. Some practical advice

Coping with a major business disruption. Some practical advice Coping with a major business disruption Some practical advice Coping with a major business disruption What is business continuity? Business continuity planning (BCP) is a management process that helps

More information

Welcome to the call! We ll be starting shortly.

Welcome to the call! We ll be starting shortly. Welcome to the call! 2 nd time; our NEW PLATFORM Please ask questions! We will end on time but you might still have more questions We ll stay on for another 15 minutes if you have additional questions

More information

Guide to Commercial Insurance

Guide to Commercial Insurance Guide to Commercial Insurance Introduction Operating a successful business today requires knowledge in many different areas, and one of the most important things to consider are the types and amounts of

More information

Managing business risk

Managing business risk Managing business risk What senior managers need to know about business continuity bell.ca/businesscontinuity Information and Communications Technology (ICT) has become more vital than ever to the success

More information

SINGAPORE HEALTHCARE ENTERPRISE RISK MANAGEMENT CONGRESS 2014 - Data Breach : The Emerging Threat to Healthcare Industry

SINGAPORE HEALTHCARE ENTERPRISE RISK MANAGEMENT CONGRESS 2014 - Data Breach : The Emerging Threat to Healthcare Industry SINGAPORE HEALTHCARE ENTERPRISE RISK MANAGEMENT CONGRESS 2014 - Data Breach : The Emerging Threat to Healthcare Industry DATA BREACH A FICTIONAL CASE STUDY THE FIRST SIGNS OF TROUBLE Friday, 5.20 pm :

More information

Enterprise Risk Management

Enterprise Risk Management Cayman Islands Society of Professional Accountants Enterprise Risk Management March 19, 2015 Dr. Sandra B. Richtermeyer, CPA, CMA What is Risk Management? Risk management is a process, effected by an entity's

More information

Position Description Cover Sheet. Executive Director, Risk Management and Compliance Division/department: GCO/Risk Management & Compliance

Position Description Cover Sheet. Executive Director, Risk Management and Compliance Division/department: GCO/Risk Management & Compliance Position Description Cover Sheet In order to make an objective and accurate evaluation of a position, it is very important that the position description (PD) contain specific data. Therefore, please provide

More information

TAC RMP Coverage Enhancements Presented by: TAC RMP Risk Management Consultants

TAC RMP Coverage Enhancements Presented by: TAC RMP Risk Management Consultants TAC RMP Coverage Enhancements Presented by: TAC RMP Risk Management Consultants Mike Strawn Victor Uvalle Robert Ruiz Todd Kisel Agenda Review coverage changes Auto Liability & Physical Damage Coverage

More information

CITY OF MONTEREY RISK MANAGEMENT POLICY STATEMENT

CITY OF MONTEREY RISK MANAGEMENT POLICY STATEMENT THE RISK MANAGEMENT FUNCTION CITY OF MONTEREY RISK MANAGEMENT POLICY STATEMENT Risk management is an administrative process that applies modern professional methods of loss identification, loss control,

More information

Operational Risk Management Table of Contents

Operational Risk Management Table of Contents Operational Management Table of Contents SECTION 1 Operational The Definition of Operational Drivers of Operational Management Governance Culture and Awareness Policies and Procedures SECTION 2 Operational

More information

Certified Identity and Access Manager (CIAM) Overview & Curriculum

Certified Identity and Access Manager (CIAM) Overview & Curriculum Identity and access management (IAM) is the most important discipline of the information security field. It is the foundation of any information security program and one of the information security management

More information

Enterprise Risk Management in a Highly Uncertain World. A Presentation to the Government-University- Industry Research Roundtable June 20, 2012

Enterprise Risk Management in a Highly Uncertain World. A Presentation to the Government-University- Industry Research Roundtable June 20, 2012 Enterprise Risk Management in a Highly Uncertain World A Presentation to the Government-University- Industry Research Roundtable June 20, 2012 CRO Council Introduction Mission The North American CRO Council

More information

INSURANCE. A paper discussing the types of insurance relevant to museum professionals, including building, permanent

INSURANCE. A paper discussing the types of insurance relevant to museum professionals, including building, permanent INSURANCE A paper discussing the types of insurance relevant to museum professionals, including building, permanent collection, public liability, workers compensation, temporary loans and tours and contents.

More information

What You Need to Know Before Your Business Insurance Renews

What You Need to Know Before Your Business Insurance Renews What You Need to Know Before Your Business Insurance Renews by Scott Kirby Shopping for commercial insurance is easy when prices are falling. Need to save money? Need broader coverage? Get another quote.

More information

ISO 31000 and Risk Management

ISO 31000 and Risk Management ISO 31000 and Risk Management August 19, 2010 What is risk? All management is risk management! Risk Management Boot camp Threat + Vulnerability = Risk Risk Controls = Residual Risk Residual Risk Probability

More information

Risk & Opportunity Management Framework

Risk & Opportunity Management Framework Risk & Opportunity Management Framework January 2010 Version 1.0 Table of Contents 1 Preface... 14 1.1 Risk and Opportunity Management What is it?... 14 1.2 Purpose... 15 2 Risk Management Process... 15

More information

Bridgend County Borough Council. Corporate Risk Management Policy

Bridgend County Borough Council. Corporate Risk Management Policy Bridgend County Borough Council Corporate Risk Management Policy December 2014 Index Section Page No Introduction 3 Definition of risk 3 Aims and objectives 4 Strategy 4 Accountabilities and roles 5 Risk

More information

Opportunity. for Greater Relevance LEVERAGING ENTERPRISE RISK MANAGEMENT: By Janice M. Abraham, Robert Baird, and Frank Neugebauer

Opportunity. for Greater Relevance LEVERAGING ENTERPRISE RISK MANAGEMENT: By Janice M. Abraham, Robert Baird, and Frank Neugebauer LEVERAGING ENTERPRISE RISK MANAGEMENT: Opportunity for Greater Relevance By Janice M. Abraham, Robert Baird, and Frank Neugebauer Enterprise Risk Management (ERM) gained a foothold in higher education

More information

Collective Liability Insurance Cooperative

Collective Liability Insurance Cooperative Program Overview for: Meridian Community Unit School District #223 PRESENTED BY: Arthur J. Gallagher & Co. January 23, 2014 CLIC Executive Summary/Program Highlights CLIC Implemented with Gallagher Bassett

More information

The New International Standard on the Practice of Risk Management A Comparison of ISO 31000:2009 and the COSO ERM Framework

The New International Standard on the Practice of Risk Management A Comparison of ISO 31000:2009 and the COSO ERM Framework The New International Standard on the Practice of Risk Management A Comparison of ISO 31000:2009 and the COSO ERM Framework Dorothy Gjerdrum, ARM-P, Chair of the ISO 31000 US TAG and Executive Director,

More information

Tailoring enterprise risk management strategies to the Main-Street insurer

Tailoring enterprise risk management strategies to the Main-Street insurer Tailoring enterprise risk management strategies to the Main-Street insurer Prepared by: Jay Golonka, Partner, McGladrey LLP 816.751.1830, jay.golonka@mcgladrey.com Discussions of Enterprise Risk Management

More information

ISO? ISO? ISO? LTD ISO?

ISO? ISO? ISO? LTD ISO? Property NetProtect 360 SM and NetProtect Essential SM Which one is right for your client? Do your clients Use e-mail? Rely on networks, computers and electronic data to conduct business? Browse the Internet

More information

Coverage Gaps, Deficiencies & Suggestions Report

Coverage Gaps, Deficiencies & Suggestions Report Your Company Logo Here Coverage Gaps, Deficiencies & Suggestions Report Today s Date ABC Enterprises 311 West 36th Street Kearney, NE 68847 Authored By: International Risk Management Institute, Inc. (IRMI)

More information

The Essentials of Enterprise Risk Management. Steven C. Tourek, Senior Vice President, General Counsel & Secretary, The Marvin Companies

The Essentials of Enterprise Risk Management. Steven C. Tourek, Senior Vice President, General Counsel & Secretary, The Marvin Companies The Essentials of Enterprise Risk Management Steven C. Tourek, Senior Vice President, General Counsel & Secretary, The Marvin Companies Introduction How should an organization think about the management

More information

Enterprise Risk Management: Taking the First Steps

Enterprise Risk Management: Taking the First Steps Enterprise Risk Management: Taking the First Steps TN PRIMA, 2012 DOROTHY GJERDRUM, ARM, CIRM NOVEMBER 15, 2012 Agenda Goal: To understand how to begin to implement a broader approach to risk management

More information

Enterprise risk management: A pragmatic, four-phase implementation plan

Enterprise risk management: A pragmatic, four-phase implementation plan Enterprise risk management: A pragmatic, four-phase implementation plan Prepared by: John Brackett, Managing Director, Risk Advisory Services, RSM McGladrey, Inc. 704.442.3820, john.brackett@mcgladrey.com

More information

Enterprise Risk Management VCU Process

Enterprise Risk Management VCU Process VCU Process What is Enterprise Risk Management? An organization-wide systematic approach to identify and tactically manage risk. A best practice to prioritize risk and implement processes to monitor risk.

More information

Risk Analysis and the Security Survey

Risk Analysis and the Security Survey Risk Analysis and the Security Survey Fourth Edition James F. Broder Eugene Tucker ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEWYORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO Butterworth-Heinemann

More information

The Texas A&M University System Enterprise Risk Management Reference. To be used as a reference by Members when developing respective ERM Program

The Texas A&M University System Enterprise Risk Management Reference. To be used as a reference by Members when developing respective ERM Program The Texas A&M University System Enterprise Risk Management Reference To be used as a reference by Members when developing respective ERM Program Developed by System Risk Management Contact: Henry D. Judah,

More information

Integrated Risk Management:

Integrated Risk Management: Integrated Risk Management: A Framework for Fraser Health For further information contact: Integrated Risk Management Fraser Health Corporate Office 300, 10334 152A Street Surrey, BC V3R 8T4 Phone: (604)

More information

Business Continuity Management

Business Continuity Management Business Continuity Management Factsheet To prepare for change, change the way you prepare In an intensely competitive environment, a permanent market presence is essential in order to satisfy customers

More information

QUANTITATIVE MODEL FOR INFORMATION SECURITY RISK MANAGEMENT

QUANTITATIVE MODEL FOR INFORMATION SECURITY RISK MANAGEMENT QUANTITATIVE MODEL FOR INFORMATION SECURITY RISK MANAGEMENT Rok Bojanc ZZI d.o.o. rok.bojanc@zzi.si Abstract: The paper presents a mathematical model to improve our knowledge of information security and

More information

RISK MANAGEMENT POLICY AND PROCEDURE

RISK MANAGEMENT POLICY AND PROCEDURE RISK MANAGEMENT POLICY AND PROCEDURE SCOPE CONTEXT PURPOSE RISK MANAGEMENT FRAMEWORK Governance and Reporting Risk Statement RISK MANAGEMENT PROCESS Communicate and Consult Establish the Context Risk Identification

More information

3/2/2015. Why do we buy Insurance? Protecting our Schools

3/2/2015. Why do we buy Insurance? Protecting our Schools Tom Boobar MBA, MS, CSP The Business of Protecting Charter Schools Through Insurance Why do we buy Insurance? Transfer risk Protect our Schools, Students, Staff, Board Members, the Community Lender requirements

More information

Linking Risk Management to Business Strategy, Processes, Operations and Reporting

Linking Risk Management to Business Strategy, Processes, Operations and Reporting Linking Risk Management to Business Strategy, Processes, Operations and Reporting Financial Management Institute of Canada February 17 th, 2010 KPMG LLP Agenda 1. Leading Practice Risk Management Principles

More information

Enterprise Risk Management Process Improvement. Secure Banking Solutions, LLC

Enterprise Risk Management Process Improvement. Secure Banking Solutions, LLC Enterprise Risk Management Process Improvement 2 Contact Information Contact Information Chad Knutson Senior Information Security Consultant CISSP, CISA, CRISC Phone: 605-480-3366 chad.knutson@protectmybank.com

More information

IT Trends and the Cyber Security Agenda

IT Trends and the Cyber Security Agenda State of the States: IT Trends and the Cyber Security Agenda Executive Policy Forum on Cyber and Electronic Crime NGA Center for Best Practices September 9, 2008 Doug Robinson Executive Director NASCIO

More information

GAINING CONTROL: Building Your Existing Framework into an ERM Model

GAINING CONTROL: Building Your Existing Framework into an ERM Model GAINING CONTROL: Building Your Existing Framework into an ERM Model RIMS Northeast Ohio Chapter Education Day Carol Fox, ARM RIMS Director of Strategic and Enterprise Risk Practice November 19, 2013 Copyright

More information

Risk IT A set of guiding principles and. the first framework to help enterprises identify, govern and effectively manage IT risk.

Risk IT A set of guiding principles and. the first framework to help enterprises identify, govern and effectively manage IT risk. Risk IT A set of guiding principles and the first framework to help enterprises identify, govern and effectively manage IT risk. In business today, risk plays a critical role. Almost every business decision

More information

Redefining Clean Tech s Global Risk. Featuring Findings From The Chubb 2012 Clean Tech Industry Survey

Redefining Clean Tech s Global Risk. Featuring Findings From The Chubb 2012 Clean Tech Industry Survey Redefining Clean Tech s Global Risk Featuring Findings From The Chubb 2012 Clean Tech Industry Survey Introduction About This Report In 2012, Chubb commissioned Hansa/GCR, a national market research firm,

More information

RISK MANAGEMENT FOR INFRASTRUCTURE

RISK MANAGEMENT FOR INFRASTRUCTURE RISK MANAGEMENT FOR INFRASTRUCTURE CONTENTS 1.0 PURPOSE & SCOPE 2.0 DEFINITIONS 3.0 FLOWCHART 4.0 PROCEDURAL TEXT 5.0 REFERENCES 6.0 ATTACHMENTS This document is the property of Thiess Infraco and all

More information

Business Continuity Management Governance. Frank Higgins Abu Dhabi March 2015

Business Continuity Management Governance. Frank Higgins Abu Dhabi March 2015 Business Continuity Management Governance Frank Higgins Abu Dhabi March 2015 Different Names Same Concept BCM (Business Continuity Management) BSI 25999 IPOCM (Incident Preparedness & Operational Continuity

More information

An Introduction to Risk Management. For Event Holders in Western Australia. May 2014

An Introduction to Risk Management. For Event Holders in Western Australia. May 2014 An Introduction to Risk Management For Event Holders in Western Australia May 2014 Tourism Western Australia Level 9, 2 Mill Street PERTH WA 6000 GPO Box X2261 PERTH WA 6847 Tel: +61 8 9262 1700 Fax: +61

More information

Introduction to Enterprise Risk Management at UVM DRAFT

Introduction to Enterprise Risk Management at UVM DRAFT Introduction to Enterprise Management at UVM 1 Enterprise What is Enterprise Management? Enterprise risk management is a structured, consistent, and continuous process across the whole organization for

More information

Understanding the Mysteries of International Risk and Insurance. Theresa Ulbricht, CPCU George Corde, CPCU Marcia Reynolds, CPCU

Understanding the Mysteries of International Risk and Insurance. Theresa Ulbricht, CPCU George Corde, CPCU Marcia Reynolds, CPCU Understanding the Mysteries of International Risk and Insurance Theresa Ulbricht, CPCU George Corde, CPCU Marcia Reynolds, CPCU Agenda Risk Management Overview The World Vision Organization International

More information

Enterprise-Wide Risk Assessment

Enterprise-Wide Risk Assessment Enterprise-Wide Risk Assessment Agenda 1. Definition of risk. 2. Risk drivers in higher education today. 3. Implementing an enterprise-wide risk management (ERM) program to effectively assess, manage,

More information

Capital Market Services UK Limited Pillar 3 Disclosure

Capital Market Services UK Limited Pillar 3 Disclosure February 2013 Capital Market Services UK Limited Pillar 3 Disclosure Contents 1.0 Overview 2.0 Frequency and location of disclosure 3.0 Verification 4.0 Scope of application 5.1 Risk Management objectives

More information

A tool for small-to-medium sized businesses. Anti-Money Laundering and Counter-Terrorism Financing Act 2006

A tool for small-to-medium sized businesses. Anti-Money Laundering and Counter-Terrorism Financing Act 2006 Australian Government Australian Transaction Reports and Analysis Centre Risk management A tool for small-to-medium sized businesses Anti-Money Laundering and Counter-Terrorism Financing Act 006 Contents

More information

SECURITY RISK MANAGEMENT

SECURITY RISK MANAGEMENT SECURITY RISK MANAGEMENT ISACA Atlanta Chapter, Geek Week August 20, 2013 Scott Ritchie, Manager, HA&W Information Assurance Services Scott Ritchie CISSP, CISA, PCI QSA, ISO 27001 Auditor Manager, HA&W

More information

Business Continuity and Crisis Management

Business Continuity and Crisis Management Business Continuity and Crisis Management Crisis Management, Business Continuity and The Incident Command System Understanding Differences and Putting it all together? by Max Ckonjevic FBCI, CBCP 1 Objectives

More information

Manual of Accounting and Financial Reporting for Pennsylvania Public Schools CHAPTER 9 TABLE OF CONTENTS. Chapter 9 9.1

Manual of Accounting and Financial Reporting for Pennsylvania Public Schools CHAPTER 9 TABLE OF CONTENTS. Chapter 9 9.1 Manual of Accounting and Financial Reporting for Pennsylvania Public Schools CHAPTER 9 TABLE OF CONTENTS 9.1 9.1 ENTERPRISE FUNDS 9.2 Nature And Purpose 9.2 Food Service Fund 9.2 Basis Of Accounting And

More information

San Francisco International Airport Enterprise Risk Management

San Francisco International Airport Enterprise Risk Management San Francisco International Airport Enterprise Risk Management Mike Warren Airport Risk Manager WHAT IS ENTERPRISE RISK MANAGEMENT (ERM) It is a comprehensive program that focuses on a continuous and sustainable

More information

THE ROLE OF FINANCE AND ACCOUNTING IN ENTERPRISE RISK MANAGEMENT

THE ROLE OF FINANCE AND ACCOUNTING IN ENTERPRISE RISK MANAGEMENT THE ROLE OF FINANCE AND ACCOUNTING IN ENTERPRISE RISK MANAGEMENT Let me begin by thanking Baruch College for giving me the opportunity to present this year s prestigious Emanuel Saxe Lecture in Accounting.

More information

Risks and uncertainties

Risks and uncertainties Risks and uncertainties Our risk management approach We have a well-established risk management methodology which we use throughout the business to allow us to identify and manage the principal risks that

More information

Aligning Compliance Program Priorities with Business Objectives

Aligning Compliance Program Priorities with Business Objectives Aligning Compliance Program Priorities with Business Objectives By Jay G. Martin Vice President, Chief Compliance Officer and Senior Deputy General Counsel Baker Hughes Incorporated CAIL Institute for

More information

Cutting through the insurance jargon!

Cutting through the insurance jargon! Cutting through the insurance jargon! Babbar Abbas October 2015 Who I am Babbar Abbas Worked in insurance for 7 years worked at Aon for 5 years Worked with numerous non-profit organisations varying in

More information

Aftermath of a Data Breach Study

Aftermath of a Data Breach Study Aftermath of a Data Breach Study Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: January 2012 Ponemon Institute Research Report Aftermath

More information

Guidance Note: Stress Testing Class 2 Credit Unions. November, 2013. Ce document est également disponible en français

Guidance Note: Stress Testing Class 2 Credit Unions. November, 2013. Ce document est également disponible en français Guidance Note: Stress Testing Class 2 Credit Unions November, 2013 Ce document est également disponible en français This Guidance Note is for use by all Class 2 credit unions with assets in excess of $1

More information

Information Security in the framework of Enterprise Risk Management (ERM)

Information Security in the framework of Enterprise Risk Management (ERM) ERM, a widespread practice in Financial Institutions Value based ERM is driven by shareholder value Strategic ERM is driven by the internal control imperative Integral part of sound business management

More information

Capital Requirements Directive Pillar 3 Disclosure. December 2015

Capital Requirements Directive Pillar 3 Disclosure. December 2015 Capital Requirements Directive Pillar 3 Disclosure December 2015 1. Background The purpose of this document is to outline the Pillar 3 disclosures for BlueBay Asset Management LLP ( BlueBay ). BlueBay

More information

Remarks by. Carolyn G. DuChene Deputy Comptroller Operational Risk. at the

Remarks by. Carolyn G. DuChene Deputy Comptroller Operational Risk. at the Remarks by Carolyn G. DuChene Deputy Comptroller Operational Risk at the Bank Safety and Soundness Advisor Community Bank Enterprise Risk Management Seminar Washington, D.C. October 22, 2012 Good afternoon,

More information

A REPORT BY HARVARD BUSINESS REVIEW ANALYTIC SERVICES Meeting the Cyber Risk Challenge. Sponsored by

A REPORT BY HARVARD BUSINESS REVIEW ANALYTIC SERVICES Meeting the Cyber Risk Challenge. Sponsored by A REPORT BY HARVARD BUSINESS REVIEW ANALYTIC SERVICES Meeting the Cyber Risk Challenge Sponsored by ABOUT ZURICH INSURANCE GROUP Zurich Insurance Group (Zurich) is a leading multi-line insurance provider

More information

Insurance Considerations Related to Data Security and Breach in Outsourcing Agreements

Insurance Considerations Related to Data Security and Breach in Outsourcing Agreements Insurance Considerations Related to Data Security and Breach in Outsourcing Agreements Greater New York Chapter Association of Corporate Counsel November 19, 2015 Stephen D. Becker, Executive Vice President

More information

Fund County Insurance

Fund County Insurance Mission To ensure the health and safety of County residents, employees, and public officials, and to protect the County s financial assets. The agency is committed to providing the highest quality customer

More information

Data Breach and Senior Living Communities May 29, 2015

Data Breach and Senior Living Communities May 29, 2015 Data Breach and Senior Living Communities May 29, 2015 Todays Objectives: 1. Discuss Current Data Breach Trends & Issues 2. Understanding Why The Senior Living Industry May Be A Target 3. Data Breach Costs

More information

Operational Risk Management- More than an insurance policy

Operational Risk Management- More than an insurance policy State of Rhode Island Accountants and Auditors Institute Annual Meeting October 1, 2008 Operational Risk Management- More than an insurance policy William K. Austin Principal and Consultant Austin & Stanovich

More information