Click to edit Master title style

Presented by:Joey Page

  President of Essential Risk Solutions

Excellence in Risk Management through Enterprise Risk Management

Learning Objectives Today

• What is ERM?• How does it fit within a Public Entity structure?• Public Sector ERM• Why should we expand our thinking?• TRM & ERM: Key comparisons• ERM – Who’s doing it?• Who’s ready for ERM?• ERM tools & resources

Why ERM? Why Today? Why you? Why Me? Why your Entity?

• Summed up, Public Entity’s need the concepts of ERM today more than ever to survive-not simply to exist

• Why TODAY? Simple, economics will drive you to ERM more than anything else.

• Who has unlimited funds to balance your budget?• ERM Process helps you go through processes

that helps find funding or unnecessary services.

So What Is Enterprise Risk Management?

Enterprise Risk Management defined:

“Enterprise Risk Management (ERM) is a process, affected by the organizations leadership, applied in a strategy setting, and across the organization, designed to identify potential events that may affect the organization, and manage risk(s) to be within its risk appetite, to provide reasonable assurance regarding the achievement of the organization’s objectives.”

Let’s Break It Down

• Process – ongoing and fluid throughout the organization structure • Affected – every person at every level• Applied in Strategy Setting – you have to have a game plan• Applied Across the Organization – no one is left out • Designed to Identify Events – good and bad• Reasonable Assurance – yes management; it works • Geared to Achieve Objectives – touches every department, every

school

Sounds good, looks pretty on paper, has all kinds of cool buzz

words, and it works. So why this topic???

Reality checking in government:

• No one is held accountable for much of anything• More silos in government than grain silos in the Mid-

West

• Yes, we have a budget, but theoretically we will not be shut down if we run out of money( CA has seen some Entities go belly-up; The whole state is on the brink of financial collapse)

• Most organizations see Risk Managers as claims handlers

• Most Within The Risk Management Community Are Waiting To Be Told To Look Into ERM

Why Broaden Risk Mgmt?

• Yellow Springs, OH – This village near Dayton will lose $140,000 in income tax revenue when Antioch College closes next year due to lack of money, taking with it 160 jobs and 300 students (USA Today – Wednesday, August 8)

What revenues does your entity rely upon? Are there “non-essential” services that might be cut? Any potential risks associated with that??

Why Broaden Risk Mgmt?

• Pittsburgh, PA – 11 teachers 2 counselors “furloughed” in addition to 160 teachers who retired last year. District is dealing with declining enrollment with student population down by 1,500 from last year (USA Today – Wednesday, August 8)

• Dallas, Ft Worth, Plano, Austin, San Antonio had to build in furlough days to help balance budgets this year

What happens when you have fewer employees doing more, fewer resources available to employees & declining morale??

Why Broaden Risk Mgmt?

• NYC, NY – 3 city traffic enforcement agents were arrested and charge with writing >46 falsified parking tickets, to make it appear they had been busy (but no worries, the bad tickets will be voided) (USA Today – Wednesday, August 8)

How long does it take to recover from a bad reputation??

Why Broaden Risk Mgmt?

• What if your entity has a great crisis response plan in place to deal with a flu pandemic but you haven’t coordinated it with surrounding entities, the state, local hospitals or private businesses?

• How many have had a coordinated discussion of IT risks across your organization? Consider on-line payments, private medical information, sensitive financial data, student records...

• Have all of you along the Gulf Coast really sat down and worked thru the logistics of working together before, during, and after a hurricane? FEMA?????

(TPCG just entered into inter-local with Monroe)

ERM: A Few Key Issues

• Very broad approach to risk• Risks identified by risk owners, not “experts” –

mitigated by them, too• Tied to strategic objectives• Risk ownership• ERM “thinks forward”

Real issue for risk managers with ERM today is it is finance and/or internal audits based.– If you are not in one of these two areas, you will probably

never see ERM.– RM’s in Public Sector are not involved in the Finance side of

the equation unlike their private sector counterparts.– If you have not been provided ERM by your current broker, you

will not see it any time soon.– If you have not gone out to bid in a long time, and do not plan

on going out to bid soon, you will never see it.– If your risk manager does not get out of their office to

investigate accidents, conduct facility audits or visit the troops – they are less inclined to try anything new, including ERM.

• Or maybe you looked into it and just cannot imagine ERM working in your entity

• QUESTION?– Has anyone in the audience today ever considered ERM

for their organization?– Is anyone considering or in process of implementing ERM?– (Will anyone even consider ERM?)

Comparing TRM & ERM

TRM• Grew out of safety &

insurance purchase• Risk = bad• Framed by mgmt

process; focuses on problem solving to reduce & mitigate risk

• Focuses on insurable risks

ERM• In US, emerged from

financial & banking indus.

• Risk = bad + good?• Framed by

measurement & control processes; focuses on strategic objectives

• Wide focus on ALL risk

TRM & ERM

TRM

• Starts at the bottom??• Reports to Legal, HR,

Finance or Manager• Risk Management Policy

across org?• Accident review

committee, safety or RM committee

ERM

• Starts at the top??• Reports to CEO, audit

committee or CFO• ERM mandate

established• Interdisciplinary

advisory council or RM steering comm.

Hazard Risks

Financial RisksExternally driven

Property Damage

Employee injury

Public Liability

Natural disasters

Interest rates

Asset values

Loss of funding

Tuition stability

Distance Learning

Information

systems

Regulatory

environment

StrategicRisks

Operational Risks

Changes in Student Needs

Alliances

Image/Reputation

R&D

Intellectual capital

Campus Safety

Student activities

Cash flow

Campus life issues

Internally driven

Interest rates

Loss of funding

Risk Quadrants - HE

Hazard Risk

Risks that are generally covered by insurance, and that result in non-financial asset impairment.– Natural hazards– Physical damage to tangible assets– Injury to students, faculty, staff and visitors– Environmental impairment– Injury to citizens on parks, in Civic Centers– Automobile accidents– School bus accidents– Workers’ Compensation

Financial Risk

Risks related to the financial well-being of the institution. This includes such things as:– Interest rate volatility– Revenue stability– Cash flow– Asset value– Investments– GASB 45– Auditing Standards by Rating Agency’s

Strategic Risk

• The risk that an institution will be unable to fulfill its mission as a result of its failure to adapt to the changing needs of its stakeholders and operating environment, or its failure to implement all or part of its strategic plan. This includes:– Intellectual property– Distance learning– Changes in demographics– Alliances– Competition by other entities for limited Local, State or Federal

Programs and resources, including Employee’s (yes, you do have competition)

– Economic Climate

Operational Risk

Risks related to the operation of the institution and its facilities. This includes:– Information technology– Student activities– Succession planning– Board composition– Purchasing procedures– Accounting practices

ERM: Who’s Implemented COSO?

Private Sector

• Wal-mart – world’s largest retailer• Unocal Corporation – one of world’s largest oil &

gas co’s• General Motors – world’s largest vehicle

manufacturer• FirstEnergy Corp – 4th largest investor-owned

electric utility in US• Toyota-U.S.A.

ERM – Higher Ed

• University of CA system• University of CO system• Maricopa County Community College District • IL State University• UNC – Chapel Hill• NCSU – ERM Initiative• Abilene Christian University

ERM in Public Entities

• Maricopa County, AZ• State of WA• Bonneville Power (Portland, OR)• Plano,TX??

Emerging…• NM Association of Counties• Dallas/Ft Worth International Airport

I am not aware of anyone in Louisiana public sector practicing ERM at this time

Public Entities “Ripe” for ERM

• Looking for “what’s next?”• Want to be visionary, forward thinking about risk• Good upper-level support for RM• Solid, functional RM program with a good leader• Not an organization in turmoil, with strong “silos”

and turf issues

A Few ERM Resources

• Check out the Australian Standard – http://www.saiglobal.com/shop/script.asp

• URMIA Journal & new ERM initiative – www.urmia.org

• RIMS ERM Center of Excellence is evolving at www.rims.org

• COSO – www.coso.org

• IIA (Internal Auditors) www.theiia.org

• Develop Your Own Standard

So What Does ERM Look Like

Sample Employee Survey

Risk Ranking Tool

Risk Register

Still not able to get arms around ERM?

– Introducing –

• PERS or Public Entity Risk Solutions• We took the best of the COSO standard that

would or could fit in the Public Entity Framework and created PERS to work from

WHY? I can’t even understand all the different Standards out there. Nor is there one applicable to Public Entity’s.

PERS – Old Fashion Risk Management

• About visiting and working across silos • Helping other departments be better at what they

do• Do what you can with what you have• Communicate – Risk is not a vacuum• It is about bringing all the stakeholders together

to better manage the entities risk

Why the name change to PERS?

Simple:• Public Sector Brass dislikes anything new for the most

part and like things they know very little about even less

• Plus, if they looked up ERM, they would see more about it pertaining to the private sector…

And why should government ever be run like a business????

Remember: With ERM, you must think outside the box

How is Risk Management Evolving?

Transactional

Traditional Risk Management – Hazard-based risk identification & controls– Compliance issues addressed separately– Safety & emergency mgmt handled separately– Purchases insurance to cover risks– A “siloed” approach – risks are not integrated or

managed broadly across the organization– Risk Manager is the insurance buyer

Risk is bad – focus is on transferring risk

Integrated

Advanced Risk Management– More proactive about preventing and reducing risks– Integrates claims mgmt, contracts review, special event

RM, prevention & training, insurance and risk transfer techniques

– Cost allocation used for education and accountability– Lowers insurance costs (over time)– More collaboration – as depts. are willing– Risk Manager may be the risk owner

Risk is an expense – focus is on managing risk

Strategic

Enterprise-wide Risk Management– A wide range of risks are discussed & reviewed, including

reputational, human capital, strategic & operational – Aligns RM process with strategy and mission– May include “upside risks” (opportunities)– Helps manage growth, allocate capital & resources– Risks are owned by all & mitigated at the department level– Many risk mitigation tools available– Risk Manager is the risk facilitator & leader

Risk is uncertainty – focus is on optimizing risk

How is Risk Management Evolving

Risk Management Perspective

Traditional Risk Management • Hazard-based risk identification & controls• Compliance issues addressed separately• Safety & emergency mgmt handled separately• Purchases insurance to cover risks• A “siloed” approach – risks are not integrated or managed broadly across the organization• Risk Manager is the insurance buyer

Advanced Risk Management• More proactive about preventing and reducing risks• Integrates claims mgmt, contracts review, special event RM, prevention & training, insurance and risk transfer techniques• Cost allocation used for education and accountability• Lowers insurance costs (over time)• More collaboration – as depts. are willing• Risk Manager may be the risk owner

Transactional

Strategic

Risk is bad – focus is on transferring risk

Risk is an expense – focus is on managing risk

Risk is uncertainty – focus is on

optimizing risk

Integrated

Who’s Responsible for Risk?

C.M. Owns Risk

RM Steering Comm. Oversees Risk

Mgmt. & EmployeesIdentify & Mitigate Risks

Everyone is ResponsibleFor Risk

Risk Management Steering Committee

• City Manager ,Parish President, Superintendent• Executive Directors, Asst Superintendents• Entity Attorney• Budget Director• Finance Director• Risk Manager

Risk Management Steering Committee

• Ad hoc committee originally formed to approve large claim settlements.

• Scope expanded to provide direction and oversight, via RM, to treatment of risk throughout the Entity.

• Committee meetings have evolved from claims handling to risk tolerance.

• Approve Insurance Programs, Self Insured Retentions

Managers Need to Understand under ERM

• They are Risk Managers• Accepting and managing risk is their

responsibility• The ultimate success of the City, as well as their

personal success, depends on how well they accept and manage risk

• We don’t just tell them what they can’t do• We help them optimize risk taking• Risk is a partner with Operations

The New Face of Risk

• A systematic approach to managing the risks associated with opportunities in a consistent and coordinated manner, across the entire organization.

Stakeholders

• Residents• Taxpayers• Citizens• Employees

These are the constituencies that entity leaders and management strive to satisfy. An amazing balancing act to say the least.

Goals of ERM

• Protect the Entity from risks that prevent it from achieving its objectives

• Increase the efficiency and effectiveness of operations by decreasing frictional costs associated with risks and optimizing the allocation of resources

• Increase opportunities by treating the associated risks within the entity’s risk appetite

• Increase stakeholder value

Implementation Plan – Steps

Communicate to ALL appropriate stakeholders– Plan the project– Conduct risk assessments– Rank & prioritize risks– Identify risk owners & mitigation options– Implement mitigation efforts & track results– Monitor & revise as necessary

• This needs to be communicated to all appropriate stakeholders

Entity ERM Process

Entity’sVision Entity’s Goals Risk Framework Identify Risk

Universe Risk Workshop Control & Action Workshop

MonitorEvaluateManage

Vibrant, Safe, Sustainable

City

Premier Cityin Which to

Live

CategorizeRisk

Survey Stakeholders

CrossDepartmental

DiscussionsEvaluate Risk Develop Timeline

Vital Economy Livable and Sustainable Community

StandardizeFramework/

Language

Compile Results

 IdentifyAdditional

Risk

EvaluateExistingControls

Take Action

High Degreeof mobility

“Service Excellence”

Reference Benchmark Share Data Prioritize Risk Identify

Deficiencies Monitor Progress

Abundance of Educational, Recreational and Cultural

Diverse Business Center

ScheduleWorkshop

DevelopAction Plan Address Gaps

Opportunities

Safe, Efficient

Travel

AssignResponsibility Report Results

ERM Implementation Plan

Project Plan 0-18 mos.

Risk Assessment 12-30 mos.

Risk Ranking 24-42 mos.

Mitigation Options & Owners

36 – 54 mos.

Implementation & Tracking

48-60 mos.

Reporting; Monitor & Modify

60-60+ mos.

Develop draft planImplement Mgmt Self

Assessment SurveyPrioritize risks from Mgmt

Survey

Clarify responsibilities & develop tools & resources as needed (heat maps, etc.)

Use subsequent surveys to benchmark & track

changesReport to management

Develop talking points for Risk Manager to use with

key decision-makersDevelop employee survey

Rank risks from employee survey & categorize into

risk register

Report to steering committee; identify risk

owners & responses

Steering committee or subcommittees to report

Annual report to all employees & council

Discuss talking points w/ Management

Interview managers & key stakeholders (?)

Incorporate data from interviews (if appropriate)

Meet with risk owners to identify mitigation

strategies & benchmarks

Utilize internal audit to validate processes?

RM & steering committee recommends

changes/revisions

Discuss talking points with Executive Directors. (3)

Consider an entity-wide risk assessment workshop

Identify risk categories: strategic, operational,

financial, human capital, technology, legal &

regulatory

Develop dashboard reporting tools for

management

Review Plan with steering committee

Consider a dept-specific ERM project

Identify Risk ChampionsIdentify & Consult with

Risk Champions

Risk Assessment – What if?

• What could happen that would keep you from doing tomorrow the things you are doing today?

• What keeps you up at night?• What could go wrong in your area?• What could go wrong in another area that would

impact your area?• What little things could go wrong that, taken in the

aggregate, could add up to significant problems?• What’s going on outside the City that could go

wrong and impact you?

ERM Discovery Questions

Operating procedures– Is this operating method being performed at optimum levels?– What steps can be taken to improve operations to better serve its

core customers?

Service Level– How can services be enhanced or improved considering the

importance rankings?– Are services being provided at the most efficient level?

Staffing– Is staff being provided where it is needed so that customers can be

serviced efficiently and quickly?– Are there efficiencies that can be obtained by combining services

within or with other departments to better service its core customers?

Outsourcing– Are services that are now being outsourced making sense to

outsource?– Are there other services that make sense to outsource?

Revenues– How can revenues be maximized while maintaining and enhancing

service levels?– Identify new revenue streams to offset enhanced service levels

Enterprise Risk

• Requires a new approach – not all risk is bad or a problem

• Requires a new approach – not all risks are insurable

• Requires a new approach – Teamwork and eliminate Silo’s

Public Entity Risk Solutions (or ERM)

Vision– To be the primary source of expertise and guidance for

optimizing risk taking decisions, in support of the Entity’s objectives.

Mission– To provide the leadership, methodology and tools

necessary to support operating management in its responsibility to optimize risk taking decisions

Risk Management

Mission StatementTraditional– To promote health and safety, and to minimize financial

risks to the Entity by creating a safe environment for its employees, citizens, and visitors.

Enterprise– To provide the leadership, methodology and tools

necessary to support operating management in its responsibility to optimize risk taking decisions

An excerpt from an entity’s long range planning document

“As new development dwindles, the challenge becomes sustaining the quality of life through the protection and enhancement of existing assets.”

So Why Has ERM Not Hit The Public Sector?

• Because we do not operate Government like a Business

• The “A” word that is historically absent in the Public Sector-ACCOUNTABILITY

• We operate in Silo’s in Government• Brokers either lack knowledge or are fearful they

may lose paycheck if you go to ERM• RISK Managers have not thought outside the box

Problem from a Risk Management perspective

• Historically, Risk Managers are not risk takers (old school)

• Been brain washed by the insurance industry as to what their role is

• Lack the fundamental training required to implement ERM

• Are comfortable where they are in the organization• Won’t rock the boat• Are overlooked in the entity’s decision process because

old school known as nay-sayers• Not much fun at parties

• ERM until just recently has been a threat to public entity insurance brokers and risk managers. – Big Brokerage outfits have put ERM into practice

for their private sector clients, not Public clients– Smaller Agency’s have not had a need to

implement – Silo mentality– Risk Managers are not looking out for the future

ERM Bridges Silo’s

Cherish the thought of us working together until we are forced to-Hurricane Katrina

So where does ERM fit in at the public sector level?

• Data available tells us it is a fit with everything we do in the Public sector

• Any and all Departments, Schools, Divisions can improve with ERM

• Works for the smallest to the largest program• Fits wherever decisions need to be made

ERM Today

• Departments interact consistently in making decisions

• Each department provides input that will be impacted

• All options are thrown on the table for discussion• Each department has a vote in the decision• Issues like funding, maintenance, insurance, are

brought out in advance. • Decisions are no longer made in a vacuum

In other words, those that could be impacted by a purchase, or a program, or something new are brought together collectively to decide what is best for the Entity as a whole

Making the switch to ERM

• Homework• Someone needs to facilitate the process• Starts at the top and moves downward in the

organization• Is implemented from the bottom up• Everyone comes to realize they are their own risk

manager• Risks are identified, and ranked• Risks identified are scored• A plan is put in place to mitigate risks

A Risk Assessment is a lengthy process, but is the most critical part of the ERM process if it is to be implemented successfully.

Is it too much of a burden to implement? Not really

• Start with one or a few departments• Pick Departments or Directors or Managers that

are motivated• Start with those that will guarantee you success.

Early failures dooms the best ERM game plan you lay out

(Not a burden, but without a champion, can be tough to implement. And it requires a risk manager with a passion for what they do)

Example #1

Success in a Solid Waste Department. – Had highest injury incidents– Their employee’s worked all over the City– Work without direct supervision– Had a mixed bag of educational levels– Had no computer access– The Director had a higher vision and needed to shine– Was over running budget annually– And we were motivated in Risk Management because we

had done our homework, knew what ERM could do for them, had Broker support, and our own reputation was on the line if it failed

Example #1

In this example:– Rolling workforce– No access to technology– Picking up waste was priority #1 for our constituents– Majority male workforce, Director was female– Decisions crossed different disciplines

• Equipment Services• Accounting• Payroll• Purchasing• Warehouse• HR• Risk Management

Example #1

Results– Implemented Self Directed work teams– Representatives from other disciplines added on the

team– Implement Gain sharing– Established Benchmarks to prove success– Established on-line training using surplus computers– Goal oriented

Example #1

The results were positive– Cost to operate decreased– Budgets were maintained– Accidents went down– Complaints declined– Attendance improved– Morale improved– Win, Win, Win

We in Risk had a signed agreement with the Director what was expected of us as did all other stakeholders– (Show copy of memo)

Another Example

• Want to save money quick using ERM=HEALTHCARE

• Who can afford healthcare today, much less the years to come?

• Healthcare costs will bankrupt many an entity in the very near future

• Retiree healthcare• GASB 45• The current presidential agenda???

Learning Objectives Today

If you are like most entities, you probably have a broker or consultant.– Higher deductibles– Larger co-pays– Plan Design Changes– Employee’s can no longer afford further cost shifting

NONE OF THESE HAVE WORKED TO CONTROL HEALTHCARE COSTS

On-Site Clinics

• Controls healthcare costs at the point of service• Is the perfect ERM modeling opportunity in any

organization? Big or Small• Can address Workers’ Compensation as well as

Group Benefits

Opening an Occupational Clinic success story

• After a 4 year struggle had Top Management support

• Started trying for Group Healthcare Clinic• Ended up only with Occupational Clinic• Pulled Committee together• Feasibility studies• Good benchmarking data• Conducted needs assessments with all

departments-police, fire, health, public works, parks

What we were able to accomplish:

• Provided Occupational Care that was uncontrollable at Doc in the Box Occupational Clinics

• Provided preventive inoculations for departments and did not take that money, they kept it for other pressing needs

• Saved FD $60,000.00 alone• Return to work quicker• Reduced overall WC costs• Did it less costly in house vs. outside contractor

SAVINGS-The real proof

• Reduced allocated expenses by over 55% • Lowered WC costs over $350,000.00 after

expenses• Allowed other departments to use it (Health

Department Screenings and programs; FD Health and Wellness programs)

• Could have saved Health Fund $650,000.00 but that was the only silo we had against us

For other Entity’s

• Odessa has had double digit healthcare cost decreases 4 years running

• Mesquite and Mesquite ISD partnered on a clinic and are reporting millions of dollars in healthcare cost and pharmacy costs savings (they operate a pharmacy in their clinic).

Other success stories

• Travis County (now operates 3 clinics, about to open pharmacy

• Rockwall ISD just opened a clinic part-time and is seeing savings

• Amarillo• Garland• San Angelo (Clinic and Pharmacy)• City of Corpus Christi out for feasibility study

• The ERM process and combating rising healthcare costs go hand in hand

• Also works for the budget process• Works if done by one section or entire operation• Once you implement, TRM goes out the window

Be forewarned, in the near future, you will have

to have ERM in place to get the highest bond rating.

Better begin implementation of ERM soon if you are going to be issuing new debt in the near future.

The Future of ERM in the Public Sector

1. Encourages multi-jurisdictional partnering for a common cause

2. Sharing of resources – cross jurisdictional agencies will work together (School District and Parish collaborations; Police and Fire; City Police and Sheriff’s Dept; etc)

3. Eliminates duplication of services4. Builds TEAMWORK5. Saves money for all involved as costs go down

when you work thru decisions together

The biggest challenge for Public Entities in implementing ERM is bridging silos

Opens door for cross jurisdictional agencies to work together and save taxpayers money

What’s the point again?

• To prepare for negative events (traditional risk)• To bring new risks into awareness• To understand risk relationships, influence &

overlaps• Better decisions, fewer surprises• Achieving entity’s goals & objectives

Conclusion

Is ERM right for you? – Depends on your willingness to work hard, break down

silo’s– If you need new revenue sources to help balance your

Budget

Can it work?– It is working and will work with any issue or program. – Can work real quick with Top Management support– Will work for each of you

• Now is the perfect time to consider ERM to tackle the tough economic forecast you are facing. It is a work in progress and requires someone dedicated to the process. It will save you money that you didn’t know you could save!

• Are you ready for excellence in Risk Management thru Enterprise Risk Management?

You better be or you may not be able to balance your budgets in the near future without drastic measures

being taken. And it may cost you more money to borrow if your Bond Rating is lowered

Acknowledgements

Dorothy Gjerdrum, ARM-P– Executive Director– Gallagher’s Public Entity & Scholastic Division

 

John Billingham ARM– Loss Control Consultant– Self employed

Questions

Thank You!

For more information:

Joey PageEssential Risk Solutions

Website: www.essentialrisksolutions.comEmail: jpage@essentialrisksolutions.com

Office: (214) 725-7797Cell: (972) 742-2334Fax: (214) 509-9715

Real Examples

City XYZ 2005-06 2006-07 2007-08

With TPA With TPA XYZ Model

Claims & Ancillary Charges  $300,000 $300,000 $220,000

PEER Review  $16,861  $16,450 $0 

Bill Review $55,646 $47,579  $12,399 

Utilization Review/Pre-cost $54,438 $49,280  $9,510 

Durable Medical Equipment $19,767 $19,490 $6,114

Diagnostic (X-rays, MRI) $33,582  $28,490 $5611 

Total $480,294.00 $461,295.00 $253,634.00

Actual Savings

Claim Utilization 2007 2008 Average visits per injury 3.5 per claim 1 per injury Average visits before referral 4.5 per claim 1 per

injury Average # of x-rays per claim 16.1 per claim 8

per claim

Utilization Control with On-Site Clinic Model