weisermazars nonprofit risk presentation konrad segment 061516
Post on 22-Jan-2017
23 Views
Preview:
TRANSCRIPT
WeiserMazars LLP is an independent member firm of Mazars Group.
MANAG I N G R I S K F O R NON P RO F I T S
June 15, 2016 – New York, NY
WeiserMazars LLP is an independent member firm of Mazars Group.
T O D AY ’ S T O P T H R E AT S
A N D H OW T O MA N A G E T H E MP R E S E N T E D B Y : S C O T T K O N R A D
HUB I N T E R N A T I O N A L NOR T H E A S T L IM I T E D
WeiserMazars LLP is an independent member firm of Mazars Group.
D I S CUS S ION THEMES
Why worry about risk?
Strategy first – insurance last
Top risks and remedies
3
WeiserMazars LLP is an independent member firm of Mazars Group.
WHY WORRY ABOUT R I S K ?
“Nonprofit Leader Allegedly Attacked in Embezzlement Cover‐Up” (04/06/16) “Donations to Wounded Warrior Project Slow After Spending Scandal” (03/14/16) “Cancer Charity That Raised $10 Million Admits Bogus Claims” (12/17/15) “Duluth Diocese in Bankruptcy After $4.8 Million Abuse Award” (12/08/15) “NY Charity Accused of Bilking Teens on Summer‐Job Pay” (08/14/15) “California to Investigate Group Behind Planned Parenthood Videos” (07/27/15) “Pakistan Expels Aid Agency Save the Children” (06/11/15) “Perp Walk: Nonprofit ED Gets Jail Time” (05/18/15) “Nepal Earthquake: Americans Stuck as Death Toll Rises” (04/27/15) “Suit Claims AIDS Charity Bilked $20 Million in Federal Funds” (04/09/15) “$19 Million Loss Slams Doors on NY Agency” (02/03/15) “Boy Scouts Ordered to Pay $7 Million” (12/17/14) “Ebola Tests Insurers’ Medical Evacuation Services as Airlines Cut Flights” (10/13/14) “Suit Alleges $2 Million Embezzlement by Ex‐PBS Official” (09/26/14) “Livestrong Gifts Fell by a Third After Armstrong Admission” (09/12/14) “Lawsuit: NY Charity Threw Parties While Missing Paychecks” (08/05/14) And more...
4
WeiserMazars LLP is an independent member firm of Mazars Group.
YOUR R I S K LANDSCAPE
5
Transportation Cyber
Employment practices
Special events
Travel & security
Terrorism
Professional services
Weather events
Occupational injuries Habitational riskVolunteer risk
Abuse and molestation
Employee and volunteer dishonesty
Student life and activitiesManagement liability
Fine Arts risk
Operations abroad
…and moreMedia liability
WeiserMazars LLP is an independent member firm of Mazars Group.
STRATEGY F I RST – IN SURANCE LA ST
6
• What risks do you face?
• How frequent?• How severe?• Worst‐case impact?
• Due diligence in new ventures
• Property protection
• Safety programs• Travel risk management
• HR policies• Other preventive measures
• Consider all key contracts
• Which way does risk flow?
• Does the ‘other guy’ have the Right Stuff?
• Do you?
• Look at your loss history
• Avoid ‘trading dollars’ for low deductibles
• Absorb risk that’s predictable and affordable
Assess & IdentifyRisks
Avoid & ReduceRisks
TransferRisks
RetainRisks
WeiserMazars LLP is an independent member firm of Mazars Group.
TOP R I SK S & REMED I ES : I N FORMAT ION R I S K
Everyone has data: from clients, donors, employees, grantees, business partners
The state‐of‐the‐art in technology has advanced
The legal landscape has become more complex
The standard of expected conduct is higher
Nonprofits tend to be resource‐challenged
Online giving is on the rise
– 9.2% of total giving– Expanding mobile payment capabilities– Crowdfunding for social causes projected @ $6B
7
WeiserMazars LLP is an independent member firm of Mazars Group.
I N FORMAT ION R I S K : 4 TYPES OF DATA
PII – Personally Identifiable Information
– e.g., Name in combination with Social Security number, driver’s license number, bank account information, credit card information, online/financial account username and password
PHI – Protected Health Information
– Information relating to provision of healthcare, mental/physical condition, payment for provision of healthcare that identifies or can be used to identify individual
PCI – Payment Card Industry Information
– Cardholder data
Intellectual Property
8
WeiserMazars LLP is an independent member firm of Mazars Group.
I N FORMAT ION R I S K : HOW DO I N C ID ENTS OCCUR?
Lost Devices & Inadvertent Publication of
Data
DisgruntledEmployees
Vendors &Subcontractors
Hackers & UnsecuredWebsites
9
Accidental Intentional
Internal
External
WeiserMazars LLP is an independent member firm of Mazars Group.
I N FORMAT ION R I S K : BEST PRACT I C ES CHECK L I S T
Cybersecurity governance and risk management – Board engagement
Cybersecurity risk assessments
Technical controls
Incident response planning
Staff training
Cyber intelligence and information sharing
Third‐party/vendor management
Cyber insurance – risk financing tool
10
WeiserMazars LLP is an independent member firm of Mazars Group.
I N FORMAT ION R I S K : I N SURANCE CONS IDERAT IONS
Which exposures to insure
– First‐party: Damage to your network, digital assets; breach response costs– Liability: Damage to others’ network(s) and digital assets; privacy liability– Regulatory costs, including defense costs– Media Liability
Availability of insurer and broker breach coaching
Breadth of policy contract – no two products are built alike
Coverage territory
Insurer expertise and financial strength
Cost
11
WeiserMazars LLP is an independent member firm of Mazars Group.
TOP R I SK S & REMED I ES : OPERAT IONAL RES I L I ENCY
The ability to adapt to, and to withstand, changes to the normal operating environment
– Emergency response – incipient stage– Disaster recovery ‐ aftermath– Operational continuity – longer‐term
Many potential causes of interruption: facility‐related damage (fire, explosion, water damage), utility interruption, natural catastrophe, IT breach/outage
Interruption can threaten your revenue stream and trigger expense increases
Incalculable ripple effects
Many nonprofits remain unprepared
12
WeiserMazars LLP is an independent member firm of Mazars Group.
ORGAN I ZAT IONAL RES I L I ENCE H I ERARCHY
13
WeiserMazars LLP is an independent member firm of Mazars Group.
OPERAT IONAL RES I L I ENCY: A ST I TCH I N T IME SAVES N INE
Assemble a business continuity team
– Define roles, responsibilities, communications– Enlist executive support
Collect data
– Critical functions– Important contacts– Critical vendors– Alternate sites– Vital records
Create recovery plans
– Strategies and tasks– Internal and external resources
Activate, test, and refine plans
14
WeiserMazars LLP is an independent member firm of Mazars Group.
OPERAT IONAL RES I L I ENCY: I N SURANCE CONS IDERAT IONS
Time element exposures and values
Indirect exposures
– Civil authority– Ingress/egress– Off‐premises utility interruption– Contingent business interruption
Extended period of indemnity
Other coverage extensions
Designated adjuster
Insurer expertise and financial strength
Cost
15
WeiserMazars LLP is an independent member firm of Mazars Group.
TOP R I SK S & REMED I ES : NONOWNED AUTO L I AB I L I T Y
Civil liability to entity from employee/volunteer use of personal cars in business
– Respondeat superior creates agency
Catastrophic potential
Almost every nonprofit is exposed
– Entity perceived as “deep pocket”
Entity relies on its insurance – driver looks to his/her own personal insurance
Increasing exposure because of distracted driving
Increasing scrutiny by commercial insurers
Murky subject – definitive policies often lacking
16
WeiserMazars LLP is an independent member firm of Mazars Group.
NONOWNED AUTO L I AB I L I T Y: MIT IGAT ING YOUR R I S K
Nonowned Auto Use Agreement –between Entity and individual driver
– Minimum acceptable personal insurance limits
– Current state vehicle registration/inspections
– Vehicle maintained in safe operating condition when used for business
– Proof of acceptable personal insurance and changes
– Ancillary equipment designed/rated for use intended by Entity
– Acceptable motor vehicle report (MVR)
– No “Business Use” exclusion in personal insurance
Organizational Vehicle Use Policy
– Vehicle use rules– Distracted driving– Driver selection criteria, including
internal point system for moving violations
– Rental vehicle policy– Post‐accident investigation
responsibilities
17
WeiserMazars LLP is an independent member firm of Mazars Group.
RESOURCES
Nonprofit Risk Management Centerhttp://nonprofitrisk.org
eRiskHub®https://eriskhub.com – contact Scott Konrad for access credentials
HUB Data Breach Cost Calculatorhttps://www.hubinternational.com/business‐insurance/cyber‐risk‐solutions/tools/data‐breach‐cost‐calculator/
“Why Nonprofits Can’t Afford to Ignore Cyber Risk” (LinkedIn Pulse)https://www.linkedin.com/pulse/why‐nonprofits‐cant‐afford‐ignore‐cyber‐risk‐scott‐konrad?trk=pulse_spock‐articles
“But We Don’t Own Any Vehicles” (LinkedIn Pulse)https://www.linkedin.com/pulse/we‐dont‐own‐any‐vehicles‐scott‐konrad?trk=mp‐author‐card
HUB Crisis Management Centerhttp://www.hubinternational.com/crisis‐management
Insurance & Risk Management Terms(International Risk Management Institute)http://www.irmi.com/forms/online/insurance‐glossary/terms.aspx
18
WeiserMazars LLP is an independent member firm of Mazars Group.
FOR MORE I N FORMAT ION
19
Scott R. KonradSenior Vice PresidentNot‐for‐Profit Business Practice LeaderHUB International Northeast Limited5 Bryant Park | 1065 Avenue of the AmericasNew York, NY 10018(212) 338 2295 Direct(347) 491 9671 Mobilescott.konrad@hubinternational.com
Scott Konrad is a Senior Vice President of HUB International Northeast, with responsibility to build, brand, grow and lead a specialty practice serving the insurance, risk management, and employee benefit needs of tax‐exempt organizations. An industry veteran with 39 years of experience, Scott began his insurance career with Liberty Mutual Insurance Company. He transitioned several years later to the brokerage sector, serving in a variety of claim management, sales leadership, and relationship management roles with global brokers Johnson & Higgins, Marsh & McLennan, and Willis, over the majority of his career. From 1996 to 2003, Scott was an officer of the Church Insurance Companies, the denominational insurance arm of the Episcopal Church, for which he established a regional service center and managed deployment of the companies' products and services to over 2,000 institutional clients in 20 Episcopal dioceses throughout 11 Northeastern states. Scott joined HUB in 2013 from Crystal & Company, an independent, privately‐owned broker. A graduate of Colgate University, Scott has been recognized by Risk & Insurance magazine as a Power Broker® to the Nonprofit sector for the past six consecutive years, and he is a frequent speaker and author on nonprofit risk management themes. He launched and fronts HUB’s corporate partnerships with InsideNGO and the Nonprofit Risk Management Center. Scott is accredited in Risk Management for Churches and Schools by the University of Cambridge (UK), and serves on the diocesan insurance board for the Episcopal Diocese of Connecticut.
top related