San Francisco International Airport Enterprise Risk Management Mike Warren Airport Risk Manager
WHAT IS ENTERPRISE RISK MANAGEMENT (ERM) It is a comprehensive program that focuses on a continuous and sustainable process for the identification, measurement, mitigation and control of an organization s risk. 1
WHAT IS ENTERPRISE RISK MANAGEMENT (ERM) A matching of risk to organization goals 2
WHAT IS ENTERPRISE RISK MANAGEMENT (ERM) Preventive maintenance for good decision making 3
TYPES OF RISK Hazardous and Non hazardous 4
TYPES OF RISK Hazardous risks are those perils that expose the stakeholders and/or the infrastructure to a potential loss as a result of a tangible condition of risk. 5
TYPES OF RISK Non hazardous risks are those perils that expose the stakeholders and/or the infrastructure to a potential loss as a result of an intangible condition of risk. 6
HOW DOES ENTERPRISE RISK MANAGEMENT RELATE TO AN AIRPORT BUSINESS MODEL SFO s portfolio of risk is being structured to align with the Airport s goals and objectives. It is providing a framework to manage those risks that could negatively impact SFO s business plan. 7
HOW ARE WE IMPLEMENTING ERM AT SAN FRANCISCO INTERNATIONAL AIRPORT We are keeping the model simple in order to promote senior management and key staff ownership. We are validating the process through the use of independent consultants. 8
HOW ARE WE IMPLEMENTING ERM AT SAN FRANCISCO INTERNATIONAL AIRPORT The initial scope obtain an understanding of the Airport s organization and its administrative, financial and operational processes and controls. We conducted interviews with senior management and key staff. 9
HOW ARE WE IMPLEMENTING ERM AT SAN FRANCISCO INTERNATIONAL AIRPORT We reviewed SFO physical plant, emergency operating procedures, financial statements inclusive of rates and charges, operating budgets, forecasts, capital planning requirements, debt portfolio structure, legal doctrine, claims history, safety and security programs, construction plans, infrastructure management, recruitment, retention and succession planning, public and investor relations, concession management, airline and tenant lease and use agreements 10
HOW ARE WE IMPLEMENTING ERM AT SAN FRANCISCO INTERNATIONAL AIRPORT General economic conditions within and outside of the San Francisco Bay area, stability of capital markets, airline demand, airline capacity, airline operating costs, political climate, regulatory impact 11
HOW ARE WE IMPLEMENTING ERM AT SAN FRANCISCO INTERNATIONAL AIRPORT Documentation of findings risk identification, current mitigation tactics and strategies, and areas for opportunity 12
HOW ARE WE IMPLEMENTING ERM AT SAN FRANCISCO INTERNATIONAL AIRPORT Development of risk definitions agreement and use of common definitions senior management and key staff that participated in the interview and documentation process vetted the initial findings for accuracy, clarity and, where necessary, revision. Foundation for the risk assessment workshop. 13
RISK DEFINITIONS Please refer to the Risk Definitions Summary 14
WHAT IS THE GOAL OF THE RISK ASSESSMENT WORKSHOP Risk prioritization through the application of voting criteria that weights the frequency and severity of the individual risk element. The weighting provides the prioritization or ranking of importance for a specific risk element. The end product is a risk map. 15
SFO RISK ASSESSMENT CRITERIA In order to establish a baseline, we employed a subjective frequency and severity criteria based on staff expectations, perceptions and judgment. 16
SFO RISK ASSESSMENT CRITERIA Definitions Likelihood, Given Current Mitigation Initiatives In Place Impact, If It Occurs Measure Score Financial Score Reputational Score 9 - Very High Expected - An event you can expect to happen (More than once per year -70%+) 9 Catastrophic - Very substantial impact on profitability or shareholder value 9 Public / Media outrage (demand for public enquiry) 9 7 - High Probable - An event that can be anticipated to happen and this area or a similar organization have experienced such an event (1 in 3 year event - 33%) 7 Destructive - Major impact on profitability or shareholder value 7 Public / Media concern (civil action against organization) 7 5 - Medium Possible - A rare event that can be envisaged but has not occurred in this area or in this organization (1 in 5 year event - 20%) 5 Considerable Significant impact on profitability or shareholder value 5 Adverse external publicity 5 3 - Low Unlikely - An event that can be envisaged but hasn t occurred in the company history (e.g. requires a combination of two or more events to occur) (1 in 10 year event - 10%) 3 Material - Moderate impact on profitability or shareholder value 3 Adverse internal publicity 3 1- Very Low Remote - An event that can be conceived but is considered to be very difficult to realise (e.g. requires a combination of several events to occur) (1 in 50 year event - <2%) 1 Moderate - Minor impact on profitability or shareholder value 1 Minimal impact on image 1 17
SFO RISK RANKING The risks in the chart below are ranked from highest to lowest based on the risk score. The risk score is calculated by multiplying the average impact and likelihood scores for each risk from the workshop. U.S. Airline 45.54 Concentration 43.55 Environmental 42.92 Long Term Cap 42.90 Recruit/Retain 39.65 Short Term Cap 38.35 Natural Disaster 37.52 Asset Mgmt 36.48 Succession Plan 33.60 IT- Security 32.48 Physical Security 32.33 Construction Mgmt 32.33 Legal 30.55 Cost Containment 29.28 Bus Model Changes 29.07 IT- Governance 26.46 Competition 23.03 Health & Safety 21.93 Third Party 20.24 Reg Compliance 15.96 18
SFO WORKSHOP RISK MAP MACRO VIEW 19
SFO WORKSHOP RISK MAP MICRO VIEW 20
WHAT S NEXT Risk Control the assignment of risk ownership, relationship building within the organization, and implementation of risk mitigation programs. The ERM process at SFO will remain flexible in order to adapt to changing economic conditions and take advantage of new opportunities. 21
THE FUTURE OF ERM AT SFO As the process matures at SFO, our objective is to integrate to quantitative analysis and data collection metrics to help manage our risk portfolio. Our intermediate to long term goal is to integrate the SFO model with risk portfolio of the City and County of San Francisco. 22
THANK YOU QUESTIONS 23