Enterprise Risk Management for

International Schools

2014 NESA Business Managers’ Conference

Presented by Michael Rodman & Timothy King

Albert Risk Management Consultants

INTRODUCTION

Michael Rodman Principal Consultant

Timothy King Senior Consultant

Albert Risk Management Consultants Independent Risk Management & Insurance Consultants

No Insurance Sold

Objective Advice

Experienced Consultants with International School Focus

2

OUTLINEI. ERM Overview

II. Interactive Session: Risk Analysis

III. Heat Mapping and Risk Analysis Debrief

IV. Foreign Travel: An ERM Perspective

3

ERM: WHAT WE’RE TALKING ABOUT TODAY

Enterprise-Wide Risks

Operational Risks

Insurable Risks

4

ERM: A DEFINITION

Enterprise Risk Management:

a strategic business discipline that supports the achievement of an

organization’s objectives by addressing the full spectrum of its

risks and managing the combined impact of those risks as an

interrelated risk portfolio.

Source: Risk and Insurance Management Society, Inc.

1. Strategic: inextricably linked to the organization’s mission and strategy, which sets risk appetite

2. Disciplined: consistent and structured approach to assess and manage risks and improve decision making

3. Full spectrum: addresses all forms of risk: strategic, financial, operational, technological, compliance, hazard, ...

4. Interrelated: risks are interrelated and must be managed as a whole

5

VALUE OF ERM1. Resiliency and

Sustainability• Uncovering risk and reducing

catastrophic blindside potential

• Protecting reputation and “brand” value

2. Governance• Better understanding and

articulation of stakeholders’ risk appetite/tolerance

• Improved decision making by encouraging appropriate risk/reward analysis

3. Coordination• Prioritizing risk mgmt. efforts

• Coordinating the handling of risk throughout the org

• Filling gaps and eliminating unnecessary redundancies

4. Optimize Use of Capital• Moving beyond silos

• Transferring risk (insurance) when mitigation or retention is not feasible

• Possibly lowering cost of capital

6

SIMPLIFICATON: RISK SILOS

7

Admissions Facilities HRFinance Foreign

Travel

Risk

DecisionsRisk

Decisions

Risk

Decisions

Risk

Decisions

Risk

Decisions

AN ENTERPRISE RISK APPROACH

8

Risk

Decisions

Centralized

Risk Admin.

Finance

Admissions

HR

Foreign

Travel

Establish Context

Identification

AnalysisEvaluation

Treatment

Monitor and

Improve

9

ERM

PROCESS

ALTERNATE ERM PROCESS & OUTSIDE INFLUENCE

ISO 31000:2009 (built on AS/NZS 4360) Outside Influence

10Source: Committee of Sponsoring Organizations

of the Treadway Commission

• Attorneys

• Audit Firms

• Insurance Brokers

• Consultants

• Community Leaders

• Embassy/Consulate

BEFORE YOU START!

You must receive the

support from Board, and

/or top management.

They must participate in

the process.

11

ESTABLISH CONTEXT

Know Your Organization’s:

Vision

Mission

Competitive Environment

Culture

Decision Making Process

Use:

3/5 Year Strategic Plans

Annual Reports

SWOT Analysis

Who:

Those Responsible for Implementation

12

Establish Context

Identification

AnalysisEvaluation

Treatment

Monitor and

Improve

IDENTIFICATION

Make a List of Risks: Not Just Insurable and Not Just Controllable

Financial, Reputational, Economic

Categorize

Receive Input From All Departments

Receive Input from All Org. Levels

Use: Surveys

Interviews

Workshops

Who: Broad Group of Faculty and Staff

Outside Opinions

13

Establish Context

Identification

AnalysisEvaluation

Treatment

Monitor and

Improve

ANALYZE

Impact-Effect on Reputation, Financials, Health/Safety Velocity-How Quickly Will the Impact Be Felt?

Duration-How Long Will the Impact Last?

Insurance- What It the Effect of Insurance?

Frequency-How Often? Controls-What Is In Place to Lessen Frequency?

Use: Risk Register

Who: Outside Opinions

Risk Committee

School Executives

14

Establish Context

Identification

AnalysisEvaluation

Treatment

Monitor and

Improve

RISK ANALYSIS EXERCISE

Prototype School

Identification Phase Complete

Evaluation

Impact

Likelihood

15

Establish Context

Identification

AnalysisEvaluation

Treatment

Monitor and

Improve

SCORING IMPACT (1-5):DEPENDING ON RISK

16

Score Impact Financial Reputation Safety &

Security

1 Negligible Little/No Impact on

Tuition Income

Short-Term

Internal Impact

No Treatment

2 Marginal 5-10% Drop in

Tuition Income

Long-Term

Internal Impact

Minor Injuries

First Aid

3 Serious 10-30% Drop In

Tuition Income

Short-Term

External Impact

Non-Life

Threatening

Injury/Illness

4 Critical +30% Drop In

Tuition Income

Long Term

Internal Impact

Life Threatening

Injury/Illness

5 Catastrophic Income Drop

Forces School

Closure

External Impact

w/ Permanent

Damage

Multiple Serious

Injuries or Death

SCORING FREQUENCY(1-5):

17

Score Frequency Meaning

1 Impossible No Known Occurrences with Us or Similar

Organizations

2 Rare One Occurrence Every 10 or More Years.

Known to Have Occurred at Similar Schools

3 Occasional One Occurrence Every 5-10 Years

4 Common One Occurrence Every 1-5 Years

5 Frequent One or More Occurrences Per Year

EVALUATE

Effectively Prioritize

Determine What Needs Treatment

Use

Heat Mapping

Who

Risk Committee

School Executives

18

Establish Context

Identification

AnalysisEvaluation

Treatment

Monitor and

Improve

RISK APPETITE AND TOLERANCE

Broad Risk Appetite

What types of risks, are we willing to take to accomplish strategic objectives?

Risk Tolerance

What level of risk are we willing to accept?

May be expressed as a low-high range.

The Target level is somewhere between the high and low.

Tolerance

Target

Too high

Too low

20

TREATMENT: SETUP

Assign Risk Owner

Identify Dependencies

Create Timelines

Use

Expanded Risk Register

Information on Current Controls

Who

Risk Committee

Risk Officer

21

Establish Context

Identification

AnalysisEvaluation

Treatment

Monitor and

Improve

TREATMENT

Use

Create & Document Response Plans

Who

Risk Owner

Field Experts/Outside Experts

22

Establish Context

Identification

AnalysisEvaluation

Treatment

Monitor and

Improve

23

Enterprise Risk Management Is

Continuous

Prioritization Changes Over Time &

New Issues Will Emerge

Commitment Must Be Long Term

SUMMARY: ERM TOOLS/TECHNIQUES

Step Considerations Tools

1. Establish

Context

Mission, Vision, Values, Regulatory

&Competitive Environment, Strategic

Objectives, Decision Making Processes

Strategic Plan,

SWOT Analysis

2. Identify What concerns exist?Surveys, Interviews,

Workshops

3. Analyze Impact, Frequency, Controls, Velocity, etc. Risk Registers

4. EvaluateExceed Tolerance Level?

If Yes, Prioritize and Treat

Risk Heat Maps

(also for Monitoring)

5. TreatmentWho Is Responsible for Follow-Through?

What are the dependencies and timelines?Risk Response Plans

6. Monitor Continuous Process24

AN ENTERPRISE RISK APPROACH

25

Risk

Decisions

Centralized

Risk Admin.

Finance

Admissions

HR

Foreign

Travel

Foreign Travel: An ERM Perspective

ENTERPRISE WIDE CONSIDERATIONS Injury to Students Causes Financial and Reputational Loss

Concentration of Students Off-Campus

Risk “Avoidance” Not an Option

Need to Remain Competitive

Part of Comprehensive Academic Program

26

OPERATIONAL RISK CONSIDERATIONS

Pre Trip Visits by Faculty

Parent Releases

Dedicated Employee for Travel Planning

Dedicated Employee (On Campus) for Emergencies

Vendor/Contract Management

27

INSURABLE RISK CONSIDERATIONS Appropriate Limits for Third Party Liability

Worse Case Scenarios

Appropriate Insurance Coverage for Emergency Evacuation

Appropriate Insurance Coverage for Kidnap and Ransom

28

What Keeps You Up At Night?

Critical Risk Management Issues for

International Schools

2014 NESA Business Managers’ Conference

Presented by Michael Rodman & Timothy King

Albert Risk Management Consultants

COMMON RISK MANAGEMENT PITFALLS

30

Territory and Scope of Coverage

Time Element

Abuse and Molestation

Property Valuation

“Cyber” Risks

Time Element Issues

What Next?

Rebuild

Reopen

Recoup

32

Loss Scenario Major Fire

Sprinkler Failure

Office, Classrooms, & Cafeteria Damaged

School Closes

Time Element

33

Property Damage = Rebuild

Extra Expense =Reopen

Business Income Loss = Recoup

Time Element

34

What We Are Hearing: In-House Loss Mitigation Refund Policy

Emergency Fund

Disaster Planning

We Can’t Shut Down

Time ElementTime Element

35

What We See Emergency Fund Needed Elsewhere

Still Can Be Used In a Loss

Refund Policy for Next Term

Disaster Planning Well Done, But Are All Costs Considered?

Can the Plan Get You to 100% Capacity

Time Element

36

Extra Expense

Online Learning Setup

Alternative Location

Temporary Structures

Income Loss

Tuition

Other Income

Teacher Contracts

Continuing Expenses

How Long?

Time Element

37

Potential Coverage Pitfall 12 Month Period of Restoration

Not Realistic In Many Cases

Look at Policies Carefully

Time Element

38

Putting the Puzzle Together: Territory and Scope of Coverage

Typical Local Required Policies

General Liability

Directors and Officers Liability

Workers Compensation

Property

Automobile Liability

Local Policy Issues Scope of Coverage Insufficient

Limited to Certain Activities

Limited Territory

Inadequate Limits

41

Territory & Scope of Coverage

Difference in Condition Policy Issues What are they?

Often: Lack of Regulatory Compliance

No U.S. and Canada Coverage

Potential Solution

42

Territory & Scope of Coverage

D.I.C.

Local Comprehensive

Program

Territory & Scope of Coverage

Issues w/ Coverage Availability

Coverage Territory: U.S. Suits Excluded

Adequacy of Controls

Driving Limits Purchased

Separate, But Not Equal, Terms & Conditions

44

Abuse and Molestation

Issues w/ Coverage Availability Excluded from General/Public Liability

Limited Markets for Dedicated Coverage

Self Insurance Too Risky

Exposure to “Western” Suits

45

Abuse and Molestation

Coverage Territory: U.S. Suits Excluded Most “Occurrences in U.S. Excluded

What About Jurisdiction?

46

Abuse and Molestation

Adequacy of Controls Training Faculty/Staff

Training Students

Boundaries: In Person and on Social Media

Background Checks

Indirect Causes of Liability (e.g. Contractors)

47

Abuse and Molestation

Driving Limits Purchased Think About A Large Loss

What Could Stress Your Current Limits?

Should Exposure Drive Your Purchasing Habits

48

Abuse and Molestation

Separate, But Not Equal, Terms & Conditions Coverage for Innocent Individuals

Lower Limit and Higher Deductibles/Retentions

Claims-made Coverage

Severability

49

Abuse and Molestation

Choice Valuation

Market Value

Depreciated/Book Value

Replacement Cost (New)

Original Cost+ Trend Factor

50

Property Valuation

51

Property Valuation

Must Assume Total Loss

Coverage Pitfalls Actual Cash Value

Average Clause or Coinsurance

Functional Replacement Cost

Understanding “Cyber” Risks’

Wide Reaching Impact

Wide-Reaching Implications Theft of Funds (Computer Crime and Funds Transfer Fraud)

Damage to Critical Systems from Malicious Attack

Damage or Theft of Data

Breach of Personal Information

53

“Cyber” Risks

Theft of Funds Understanding Your Crime Policy

Computer Crime

Electronic Funds Transfer Fraud

Damage to Systems and Data

Look Carefully at Your Property Policy

What Causes of Loss Are Excluded?

54

“Cyber” Risks

Breach of Personal Information Liability: What Are The Damages

Is A Stand-Alone Policy “Worth” It?

Success of Privacy Suits

Can Coverage be Found Elsewhere?

Expanding Regulatory Involvement Internationally

Statutory Fines and Penalties

55

“Cyber” Risks

TheftMalicious

Attacks

Theft of Personal

Information

Regulatory Fines and Penalties

Comprehensive Cyber Program

56

“Cyber” Risks

57

Questions?