Risk Management and Risk Transfer A MULTI-PRONGED APPROACH

Presented by Remonde Brangman, CBIZ MHM Financial Risk Advisory Practice Leader Email: rbrangman@cbiz.com | Phone: (301) 951-3636, Ext. 6719

linkedin.com/in/rbrangman

Tony Consoli, President, CBIZ Insurance Services, Mid-Atlantic Region Email: aconsoli@cbiz.com | Phone: (877) 251-5345

linkedin.com/pub/anthony-consoli/5/248/abb

2

What is Risk Management?

What is Risk Transfer?

Why are they relevant?

How do we integrate them?

Value to your organization

Q&A

Topics

4

A Risk Factor is something that can cause harm. It is a poor business condition or practice that can negatively impact a company.

Risk is the likelihood of harm. The likelihood that profitability and shareholder value will be negatively impacted.

Definitions - in business terms….

RISK MANAGEMENT: Coordinated activities to direct and control an organization with regard to risk. RISK MANAGEMENT FRAMEWORK: A set of components that provide the foundations and organizational arrangements for designing, implementing, monitoring (2.28), reviewing and continually improving risk management (2.2) throughout the organization.

Note 1: The foundations include the policy, objectives, mandate and

commitment to manage risk (2.1). Note 2: The organizational arrangements include plans, relationships,

accountabilities, resources, processes and activities. Note 3: The risk management framework is embedded within the

organization's overall strategic and operational policies and practices.

ISO 31000 Definitions

Risk and Insurance Overview

Strategic Risk

Hazard Risk Financial Risk

Operational

Categories of

Risk

Risk retention

Contractual risk transfer, i.e. noninsurance

Risk control

Risk avoidance

Insurance risk transfer

Financial tools, ala hedges, swaps, etc.

Risk and Insurance Overview

DEFINED: A risk management technique whereby risk of loss is transferred to another party through a contract (e.g., a hold harmless clause) or to a professional risk bearer (i.e., an insurance company).*

Risk Transfer

* International Risk Management Institute (IRMI)

Continuum of traditional and alternative insurance arrangements

12

Risk Profile Risk Aware

Risk

Aware Risk

Attentive Risk Attentive

Risk Enabled

Risk Enabled

Description Management is aware of the benefits of implementing risk management principles organization wide

Management is ready to embrace risk management in everyday processes and practices. It is attentive to some, if not all, of its risks.

Management recognizes risk management as a core competence and is successfully using it as a competitive advantage in chosen markets.

§ Risks managed in silos § Management holds decision

power § Financial risk focus only § No risk management training

Risks managed in silos Management holds decision power Financial risk focus only No risk management training

§ Risk management committees § Decision power devolved § Operational risk focus § Balanced scorecard in place

Risk management committees

Decision power devolved

Operational risk focus

Balanced scorecard in place

§ Self sufficient committees in place § All involved in decision making § Business risk focus § Risk management is core

competence

Self sufficient committees in place

All involved in decision making

Business risk focus

Risk management is core competence

Characteristics

Reactive Financial focus

Career internal auditors Low profile

Role of Internal Audit

Proactive Operational focus Role rotation

Higher profile

Change agents

Business focus

Integrated risk management Risk & control educators

Risk Management Continuum

13

65% of Public Firms

Financial Services

Energy Sector

Health Care

Transportation

Education

Newcomers: Construction

& Mining Source: Excellence in Risk Management VI, Marsh | RIMS

Industries That Have Adopted ERM

14

ERM: Both Negative & Positive Mindsets

Controlled Risk Maximum Performance

vs.

Uncontrolled Risk Under Performance

Risk Management Heat Map

321

3

2

1 O - 8

12

R - 3

3

3

2

1

Opportunities RisksLikelihood Likelihood

Impa

ct o

n O

bjec

tives

Impa

ct o

n O

bjec

tives

Management addresses these key risks andopportunities in its plans and prioritiesNote: Some adjustment to current priorities may be required

O - 14 R - 34

R - 72

O - 21 R - 11

Developed byJay Mattingly

16 Vary by Industry & Importance

Characteristics of Risk Factors

17

Transparency

Technology Competition

Compliance

Public Companies

Public and Private Companies

ERM Implementation Drivers

How do leaders determine which techniques or approaches to risk management are the most appropriate for their organization?

Key Question:

Answer: Risk Assessment Process

19

Risk Analysis Analyze presence of risk - Assess the level of risk - Quantify the results - Report the findings - Recommend action

Risk Response Develop an action plan; determine what risks to control and assign responsible individuals Risk Control

Implement a solution to reduce or transfer the risk

Risk Monitoring Observe the completed implementation and report the results

Risk Factor Identification Identify all potential risk exposures

The ERM Process

20

Top-Down / Bottom-Up Risk Based Approach High Risk Processes

Moderate Risk Processes

Low Risk Processes

RiskGovernance

RiskOversight

Risk Management

Board of Directors

Executive Management

Process Owner

Executive Management

Management

Process Owner

Design

Implementation

Top-

Dow

nB

otto

m-U

p

Risk Management Evolution Traditional Risk Management Modern Risk Management

ISO 31000 Methodology

Principles

Framework

Process

Compliance oriented Financial focus Negative risk events Driven from credit and market risk modeling

Top down approach Complex methodologies Lacking front line involvement and buy-in

Not seen as a model for small businesses

Management oriented

Broad organizational focused

Positive and negative risk events

Driven from strategic and organizational objectives

Both top down and bottom up

Simplified methodologies

Organizational buy-in

Excepted model for all businesses

Knowledge, understanding and development of a plan for continuous improvement.

Risk Control Techniques

Safety Programs Security Systems Fire Suppression Construction Materials Driver Training Pre Employment Screening

Insurance Policy

SafetyLoss

Contro

l

Claims ManagementFinan

cial A

nalysis

Insurance Policy

SafetyLoss

Contro

l

Claims ManagementFinan

cial A

nalysis

Insurance Policy

Review of risks − Operational − Hazard − Financial

Coverage Review

Building & Equipment Insurable Valuation

Review Current Risk Processes: − Safety Program − Claims Handling − Lease

Agreements

Loss Analysis & Trending

Total Cost of Risk

Business Interruption limit calculation

Benchmarking

Risk Transfer Options • Fully Insured • Large Deductible • Self Insurance • Captive

Placements

Brokerage Services

Coverage Recommendations

Implementation

Periodic Review & Analysis

Risk Management Services: − Safety − Claims

Management − Contract Review

Identify Quantify Fund Manage

Consultative Risk Management Process

25

!?

Ensures Sound Decision Making How: By adjusting managerial business approach and policies

Benefits of Controlling Strategic Risk

26 Improves Operational Efficiencies

How: By installing more cost effective and accurate internal systems

Risk Management Evolution

27

Maintains Availability of Credit and Manages Cost of Funds How: By improving outside relationships and considering all “what if” scenarios

Benefits of Controlling Financial Risks

28

Reduces the Consequences of Uncontrollable Losses How: By increasing safety and obtaining adequate coverage for potential losses

Benefits of Controlling Hazard Risks

29

By removing business conditions that can

have a negative financial impact

By installing business

practices that can have a positive financial

impact

ERM Maximizes Profitability and Shareholder Value

Increase the likelihood of achieving objectives

Encourage proactive management

Be aware of the need to identify and treat risk throughout the organization

Improve the identification of opportunities and threats

Comply with relevant legal and regulatory requirements and international norms

Why Implement Risk Management?

Improve mandatory and voluntary reporting

Improve governance

Improve stakeholder confidence and trust

Establish a reliable basis for decision making and planning

Improve controls

Effectively allocate and use resources for risk treatment

Why Implement Risk Management? Continued

Improve operational effectiveness and efficiency

Enhance health and safety performance, as well as environmental protection

Improve loss prevention and incident management

Minimize losses

Improve organizational learning

Improve organizational resilience

Why Implement Risk Management? Continued

33

Organization A was a Non-Profit organization with a large source of Government Grant funding. The organization believed that it had a good handle on risk and had recently updated its Governance structures.

During a review of the organization we noted that the governance structure did not include a structure for risk management.

After performing a one day review of risk exposures it was noted that the organization’s compliance program did not cover all relevant compliance requirements.

Further tests revealed that it was not in compliance with a Government regulation and had utilized the Grant inappropriately.

The amount of the misappropriation was significant to the survival of the organization. A simple Risk Management infrastructure would have prevented this loss from occurring.

Risk Management Case 1 – “Lesson Learned”

34

Company B had a database with over 2500 outside contractors for various levels of technical support. They realized that they were vulnerable to significant operational risk if their contractors did not adequately fulfill their contracts but were struggling to manage such a vast contractor base. A risk based framework was developed to determine which contractors presented the greatest risk to the organization and procedures were developed to monitor the specific risks identified.

Of the 2500 contractors, only 15 were critical to Company B requiring extensive oversight, an additional 35 vendors were moderate risks and required a minimum level of oversight and 300 low risk contractors. The remainder represented inactive vendors.

Company B was able to develop a more efficient oversight program utilizing fewer resources with increased risk coverage than provided by their previous business model.

The organization also ended up with a risk profile that allowed them to reduce the number of supporting contractors without impacting the level of service being provided.

Risk Management Case 1 – “Performance Improved”

You may also be interested in

Abandoned / Unclaimed Property by

Marshal Kline Managing Director, CBIZ MHM, LLC