Enterprise Risk Management for International Schools 2014 NESA Business Managers Conference Presented by Michael Rodman & Timothy King Albert Risk Management Consultants
INTRODUCTION Michael Rodman Principal Consultant Timothy King Senior Consultant Albert Risk Management Consultants Independent Risk Management & Insurance Consultants No Insurance Sold Objective Advice Experienced Consultants with International School Focus 2
OUTLINE I. ERM Overview II. III. IV. Interactive Session: Risk Analysis Heat Mapping and Risk Analysis Debrief Foreign Travel: An ERM Perspective 3
ERM: WHAT WE RE TALKING ABOUT TODAY Enterprise- Wide Risks Operational Risks Insurable Risks 4
ERM: A DEFINITION Enterprise Risk Management: a strategic business discipline that supports the achievement of an organization s objectives by addressing the full spectrum of its risks and managing the combined impact of those risks as an interrelated risk portfolio. Source: Risk and Insurance Management Society, Inc. 1. Strategic: inextricably linked to the organization s mission and strategy, which sets risk appetite 2. Disciplined: consistent and structured approach to assess and manage risks and improve decision making 3. Full spectrum: addresses all forms of risk: strategic, financial, operational, technological, compliance, hazard,... 4. Interrelated: risks are interrelated and must be managed as a whole 5
VALUE OF ERM 1. Resiliency and Sustainability Uncovering risk and reducing catastrophic blindside potential Protecting reputation and brand value 2. Governance Better understanding and articulation of stakeholders risk appetite/tolerance Improved decision making by encouraging appropriate risk/reward analysis 3. Coordination Prioritizing risk mgmt. efforts Coordinating the handling of risk throughout the org Filling gaps and eliminating unnecessary redundancies 4. Optimize Use of Capital Moving beyond silos Transferring risk (insurance) when mitigation or retention is not feasible Possibly lowering cost of capital 6
SIMPLIFICATON: RISK SILOS Finance Admissions Facilities HR Foreign Travel Risk Decisions Risk Decisions Risk Decisions Risk Decisions Risk Decisions 7
AN ENTERPRISE RISK APPROACH Centralized Risk Admin. Admissions Foreign Travel Finance HR Risk Decisions 8
Monitor and Improve Establish Context Treatment ERM PROCESS Identification Evaluation Analysis 9
ALTERNATE ERM PROCESS & OUTSIDE INFLUENCE ISO 31000:2009 (built on AS/NZS 4360) Outside Influence Attorneys Audit Firms Insurance Brokers Consultants Community Leaders Embassy/Consulate Source: Committee of Sponsoring Organizations of the Treadway Commission 10
BEFORE YOU START! You must receive the support from Board, and /or top management. They must participate in the process. 11
ESTABLISH CONTEXT Know Your Organization s: Vision Mission Competitive Environment Culture Decision Making Process Use: 3/5 Year Strategic Plans Annual Reports SWOT Analysis Who: Treatment Those Responsible for Implementation Monitor and Improve Evaluation Establish Context Analysis Identification 12
IDENTIFICATION Make a List of Risks: Not Just Insurable and Not Just Controllable Financial, Reputational, Economic Categorize Receive Input From All Departments Receive Input from All Org. Levels Use: Surveys Interviews Workshops Who: Broad Group of Faculty and Staff Outside Opinions Treatment Monitor and Improve Evaluation Establish Context Analysis Identification 13
ANALYZE Impact-Effect on Reputation, Financials, Health/Safety Velocity-How Quickly Will the Impact Be Felt? Duration-How Long Will the Impact Last? Insurance- What It the Effect of Insurance? Frequency-How Often? Controls-What Is In Place to Lessen Frequency? Use: Risk Register Who: Outside Opinions Risk Committee School Executives Treatment Monitor and Improve Establish Context Identification Evaluation Analysis 14
RISK ANALYSIS EXERCISE Prototype School Identification Phase Complete Evaluation Impact Likelihood Monitor and Improve Establish Context Treatment Identification Evaluation Analysis 15
SCORING IMPACT (1-5): DEPENDING ON RISK Score Impact Financial Reputation Safety & Security 1 Negligible Little/No Impact on Tuition Income Short-Term Internal Impact No Treatment 2 Marginal 5-10% Drop in Tuition Income Long-Term Internal Impact Minor Injuries First Aid 3 Serious 10-30% Drop In Tuition Income 4 Critical +30% Drop In Tuition Income Short-Term External Impact Long Term Internal Impact Non-Life Threatening Injury/Illness Life Threatening Injury/Illness 5 Catastrophic Income Drop Forces School Closure External Impact w/ Permanent Damage Multiple Serious Injuries or Death 16
SCORING FREQUENCY(1-5): Score Frequency Meaning 1 Impossible No Known Occurrences with Us or Similar Organizations 2 Rare One Occurrence Every 10 or More Years. Known to Have Occurred at Similar Schools 3 Occasional One Occurrence Every 5-10 Years 4 Common One Occurrence Every 1-5 Years 5 Frequent One or More Occurrences Per Year 17
EVALUATE Effectively Prioritize Determine What Needs Treatment Use Heat Mapping Who Risk Committee School Executives Treatment Monitor and Improve Establish Context Identification Evaluation Analysis 18
RISK APPETITE AND TOLERANCE Broad Risk Appetite What types of risks, are we willing to take to accomplish strategic objectives? Risk Tolerance What level of risk are we willing to accept? May be expressed as a lowhigh range. The Target level is somewhere between the high and low. Too high Tolerance Too low Target 20
TREATMENT: SETUP Assign Risk Owner Identify Dependencies Create Timelines Use Expanded Risk Register Information on Current Controls Who Risk Committee Risk Officer Treatment Monitor and Improve Establish Context Identification Evaluation Analysis 21
TREATMENT Use Create & Document Response Plans Who Risk Owner Field Experts/Outside Experts Monitor and Improve Establish Context Treatment Identification Evaluation Analysis 22
Enterprise Risk Management Is Continuous Prioritization Changes Over Time & New Issues Will Emerge Commitment Must Be Long Term 23
SUMMARY: ERM TOOLS/TECHNIQUES Step Considerations Tools 1. Establish Context Mission, Vision, Values, Regulatory &Competitive Environment, Strategic Objectives, Decision Making Processes Strategic Plan, SWOT Analysis 2. Identify What concerns exist? Surveys, Interviews, Workshops 3. Analyze Impact, Frequency, Controls, Velocity, etc. Risk Registers 4. Evaluate 5. Treatment Exceed Tolerance Level? If Yes, Prioritize and Treat Who Is Responsible for Follow-Through? What are the dependencies and timelines? Risk Heat Maps (also for Monitoring) Risk Response Plans 6. Monitor Continuous Process 24
AN ENTERPRISE RISK APPROACH Centralized Risk Admin. Foreign Travel Foreign Travel: An ERM Perspective Admissions Finance HR Risk Decisions 25
ENTERPRISE WIDE CONSIDERATIONS Injury to Students Causes Financial and Reputational Loss Concentration of Students Off-Campus Risk Avoidance Not an Option Need to Remain Competitive Part of Comprehensive Academic Program 26
OPERATIONAL RISK CONSIDERATIONS Pre Trip Visits by Faculty Parent Releases Dedicated Employee for Travel Planning Dedicated Employee (On Campus) for Emergencies Vendor/Contract Management 27
INSURABLE RISK CONSIDERATIONS Appropriate Limits for Third Party Liability Worse Case Scenarios Appropriate Insurance Coverage for Emergency Evacuation Appropriate Insurance Coverage for Kidnap and Ransom 28
What Keeps You Up At Night? Critical Risk Management Issues for International Schools 2014 NESA Business Managers Conference Presented by Michael Rodman & Timothy King Albert Risk Management Consultants
COMMON RISK MANAGEMENT PITFALLS Time Element Territory and Scope of Coverage Abuse and Molestation Property Valuation Cyber Risks 30
Time Element Issues
What Next? Rebuild Reopen Recoup 32
Time Element Loss Scenario Major Fire Sprinkler Failure Office, Classrooms, & Cafeteria Damaged School Closes 33
Time Element Property Damage = Rebuild Extra Expense =Reopen Business Income Loss = Recoup 34
Time Time Element Element What We Are Hearing: In-House Loss Mitigation Refund Policy Emergency Fund Disaster Planning We Can t Shut Down 35
Time Element What We See Emergency Fund Needed Elsewhere Still Can Be Used In a Loss Refund Policy for Next Term Disaster Planning Well Done, But Are All Costs Considered? Can the Plan Get You to 100% Capacity 36
Time Element Extra Expense Online Learning Setup Alternative Location Temporary Structures Income Loss Tuition Other Income Teacher Contracts Continuing Expenses How Long? 37
Time Element Potential Coverage Pitfall 12 Month Period of Restoration Not Realistic In Many Cases Look at Policies Carefully 38
Putting the Puzzle Together: Territory and Scope of Coverage
Typical Local Required Policies General Liability Directors and Officers Liability Workers Compensation Property Automobile Liability
Territory & Scope of Coverage Local Policy Issues Scope of Coverage Insufficient Limited to Certain Activities Limited Territory Inadequate Limits 41
Territory & Scope of Coverage Difference in Condition Policy Issues What are they? Often: Lack of Regulatory Compliance No U.S. and Canada Coverage Potential Solution 42
Territory & Scope of Coverage Local D.I.C. Comprehensive Program
Abuse and Molestation Issues w/ Coverage Availability Coverage Territory: U.S. Suits Excluded Adequacy of Controls Driving Limits Purchased Separate, But Not Equal, Terms & Conditions 44
Abuse and Molestation Issues w/ Coverage Availability Excluded from General/Public Liability Limited Markets for Dedicated Coverage Self Insurance Too Risky Exposure to Western Suits 45
Abuse and Molestation Coverage Territory: U.S. Suits Excluded Most Occurrences in U.S. Excluded What About Jurisdiction? 46
Abuse and Molestation Adequacy of Controls Training Faculty/Staff Training Students Boundaries: In Person and on Social Media Background Checks Indirect Causes of Liability (e.g. Contractors) 47
Abuse and Molestation Driving Limits Purchased Think About A Large Loss What Could Stress Your Current Limits? Should Exposure Drive Your Purchasing Habits 48
Abuse and Molestation Separate, But Not Equal, Terms & Conditions Coverage for Innocent Individuals Lower Limit and Higher Deductibles/Retentions Claims-made Coverage Severability 49
Property Valuation Choice Valuation Market Value Depreciated/Book Value Replacement Cost (New) Original Cost+ Trend Factor 50
Property Valuation Must Assume Total Loss Coverage Pitfalls Actual Cash Value Average Clause or Coinsurance Functional Replacement Cost 51
Understanding Cyber Risks Wide Reaching Impact
Wide-Reaching Implications Theft of Funds (Computer Crime and Funds Transfer Fraud) Damage to Critical Systems from Malicious Attack Damage or Theft of Data Breach of Personal Information Cyber Risks 53
Theft of Funds Understanding Your Crime Policy Computer Crime Electronic Funds Transfer Fraud Cyber Risks Damage to Systems and Data Look Carefully at Your Property Policy What Causes of Loss Are Excluded? 54
Cyber Risks Breach of Personal Information Liability: What Are The Damages Is A Stand-Alone Policy Worth It? Success of Privacy Suits Can Coverage be Found Elsewhere? Expanding Regulatory Involvement Internationally Statutory Fines and Penalties 55
Cyber Risks Theft Malicious Attacks Theft of Personal Information Regulatory Fines and Penalties Comprehensive Cyber Program 56
Questions? 57