HomeMy WebLinkAbout5.b. Receive Mid-Year Update on Strategic Risk Inventory/Enterprise Risk Management (ERM) Program Page 1 of 9
Item 5.b.
CENTRAL SAN
July 21, 2020
TO: ADMINISTRATION COMMITTEE
FROM: SHARI DEUTSCH, RISK MANAGEMENT ADMINISTRATOR
PHILIP R. LEIBER, DIRECTOR OF FINANCEAND ADMINISTRATION
REVIEWED BY: ANN SASAKI, DEPUTY GENERAL MANAGER
ROGER S. BAILEY, GENERAL MANAGER
SUBJECT: RECEIVE MID-YEAR UPDATE ON STRATEGIC RISK INVENTORY/
ENTERPRISE RISK MANAGEMENT (ERM) PROGRAM
In January 2020, staff presented to the Board the District's initial Strategic Risk Inventory. At that time it
was noted that the risk inventory would be used as the foundation for an Enterprise Risk Management
(ERM) program.
Organizations have traditionally managed risks in a distributed way, with a variety of functions that identify
and manage risks. Prior to ERM, these efforts were not typically centrally coordinated or reported on. A
central goal of ERM is improving this capability and coordination, while providing summary level reporting
to provide a unified picture of risk for stakeholders and improving an organization's ability to manage these
risks effectively. The Central San Strategic Risk Inventory is used for two purposes:
1. As an input to the internal auditor's annual work plan. The risk inventory was used in the development
of the 2020 internal audit plan (which is pending the hiring of a replacement internal auditor).
2. For monitoring, control, and reporting on risks. A risk committee meets internally quarterly to discuss
progress on mitigating the risks identified in the Strategic Risk Inventory. Updates to the Strategic
Risk Inventory are reported to the Administration Committee and Board semiannually.
The attached presentation constitutes the mid-year update on the risk inventory, and highlights changes in
risk rankings, new risks identified, and updates to the mitigation plans in place to address the risks. The
annual report, to be provided this winter, will provide this and other information, in a more detailed report.
Strategic Plan re-In
GOAL ONE: Customer and Community
Strategy 1—Deliver high-quality customer service, Strategy 2—Maintain a positive reputation
GOAL TWO: Environmental Stewardship
Strategy 1—Achieve 100% compliance in all regulations, Strategy 2—Anticipate and prepare for potential regulatory
July 21, 2020 Regular ADMIN Committee Meeting Agenda Packet- Page 115 of 126
Page 2 of 9
changes, Strategy 3—Support regional development of local water supply, Strategy 4- Reduce reliance on non-
renewable energy
GOAL THREE:Fiscal Responsibility
Strategy 1—Maintain financial stability and sustainability,, Strategy 2—Ensure integrity and transparency in financial
management
GOAL FOUR: Workforce Development
Strategy 1—Proactively plan for future operational staffing needs, Strategy 2—Foster relationships across all levels of
Central San, Strategy 3—Inspire employee engagement, Strategy 4—Meet or exceed industry safety standards
GOAL FIVE:Infrastructure Reliability
Strategy 1—Manage assets optimally to prolong their useful life, Strategy 2—Execute long-term capital renewal and
replacement program, Strategy 3—Protect personnel and assets from threats and emergencies
GOAL SIX.Innovation and Optimization
Strategy 1—Implement the Central San Smart Initiative, Strategy 2—Improve and modernize operations through
technology and efficiency measures
GOAL SEVEN:Agility and Adaptability
Strategy 1—Maintain a safe working environment for employees and the public during the COVID-19 pandemic
, Strategy 2—Plan ahead for scenarios of direct adverse impacts
ATTACHMENTS:
1. Presentation
July 21, 2020 Regular ADMIN Committee Meeting Agenda Packet- Page 116 of 126
Page 3 of 9
r�
Enterprise Risk Management
Mid-Year Update
Administration Committee Meeting
3 July 21, 2020
-h
_ Shari Deutsch, Risk Management Administrator
Phil Leiber, Director of Finance and Administration
ERM PROGRAM
Strategic Risk Inventory
• Created in 2018-2019
• Presented to Admin Committee in December 2019 and to Board
in January 2020
• Reviewed by ERM Team at least biannually (targeted quarterly)
• Updates included in biannual reports to Admin Committee
and Board
Mitigation Plans
• Each risk on the inventory has a mitigation plan.
• Each plan is reviewed, updated during biannual ERM Team Mtg.
• Progress and goals amended in response to risk scores and
operational environment
1
1
July 21, 2020 Regular ADMIN Committee Meeting Agenda Packet- Page 117 of 126
Page 4 of 9
ERM PROGRAM
ERM Team
• Meets biannually to review and update risk inventory
and mitigation plans, then re-scores all strategic risks
• Members are the Executive Team, Risk Manager and
Internal Auditor
Risk Scoring
• Four part risk assessment, each scored from 1-10
• Risk Score is the total of four scores
• Ranking based on Risk Score: Highest score = Highest Rank
Ris --_ Rank
Score
Economic Uncertainty/Recession 7 8 2 8 25 1
Global Pandemic 6 10 3 5 24 2
Internal Controls Failure 4 3 2 7 16 3
2
CIENTRALSAN
THE TOP TEN:
RANK AND SCORES EVOLVE OVER TIME
Rank 2019 Score 2020 Score
1 Natural Disaster 32 Natural Disaster 32
2 Major Spill 31 Major Spill 31
... .............. ............ .......... ............. .............. ............ ........... . ......... .........
3 Environmental Damage 30 Environmental Damage 30
4 Loss of Major Asset 30 Loss of Major Asset 30
... .......... ..................... ............ ..... .._. �..
5 Loss of Utilities/Supply Chain 26 Pandemic/Continuity Threat 28
6 Service or Product Failure 25 Service or Product Failure 26
......... ............ ............. ............ .
7 CyberSecurity 24 Loss of Utilities/Supply Chain 26
8 Physical Security Breach 23 Economic Uncertainty/Recession 25
9 Self-Insurance/Reserve Insufficiency 23 CyberSecurity 25
10 Loss of Life/Major Injury 22 Self-Insurance/Reserve Insufficiency 24
3
2
July 21, 2020 Regular ADMIN Committee Meeting Agenda Packet- Page 118 of 126
Page 5 of 9
TOP 4 STRATEGIC RISKS:
NO CHANGE IN RANK OR RISK SCORE
1. Natural Disaster 2. Major Spill
u
Jo
yp 9 g 1L g g
B B
fi 6 5
< 3 3 4
3 . 2
g 0
Saccy MOCedlry MY�mTo 90 SpeNd�nv2 gbyny pppapliy Mn�wn TO Do SgeNdOnsd
�Oa-l9�lu•NI •hc-19•Jambi
Focus on earthquake,severe weather, Mitigations include additional pipe condition
landslide,flood and fire. assessments and project prioritization.
Mitigations identified in hazard mitigation plan
and in CIP.
4 `
TOP 4 STRATEGIC RISKS:
NO CHANGE IN RANK OR RISK SCORE
3. Environmental Damage 4. Loss of Major Physical Asset
-- u
io
m w
a e
6 g
� 1
0
5e,epy g,v6eNiry Mrtgsa re Oe SpemdOnm 9aauy RohetiM Mifa'cn TO Dv Sveatl✓Ons•
Includes permit violations,accidents Mitigations focus on loss of four asset types:
Pump Stations
• Low probability of occurrence combined with Force Mains
high mitigation costs,requires frequent Treatment Systems
review. Plant Control Systems
5
�.. CENTRALSAN
3
July 21, 2020 Regular ADMIN Committee Meeting Agenda Packet- Page 119 of 126
Page 6 of 9
OTHER RISKS VARIED OVER TIME AND
CIRCUMSTANCE
5. Pandemic/Continuity Threat
a 7.Loss of Utilities/SupplyChain
6.Service or Product Failure ...
New to the Risk Inventory Score:N/C Rank:-2
Concern for fuel,
Mitigations underdevelopment in real chemicals, emergency response
time. Outcome will include a current, , supplies and equipment.
tested,and effective Pandemic
Response Plan. Mitigations include establishing
minimum quantities kept on site.
Score:+1 Rank:N/C
• Service disruption,permit delay,
NOVs,other complainants
(developers)
• Slightly elevated risk due to COVID-
19 changes 6
OTHER RISKS VARIED OVER TIME AND
CIRCUMSTANCE
8.Economic Uncertainty/Recession io,s,ir mffia„
- � 1
w,m ��„ Me�.•,a� �a� mar wee ,„.,� �..�,
New to the top 10 list 9.Cyber Security Score:+1 Rank:N/C
• Severity,probability and speed of onset Losses possible from multiple
have increase since COVID-19. losses below the insurance
threshold,or catastrophic losses
Market conditions,employment,local above insurance limits,or losses
priorities in flux. ■ for non-covered areas.
v� � .,,.,• �� .a.•d� Potential increases could be
considered during each budget
Score:+1 Rank:-2 process
Mitigations include development of
3rd party access controls,
continued penetration testing and
ongoing employee education and
training. 7
LkIL- 4
July 21, 2020 Regular ADM IN Committee Meeting Agenda Packet- Page 120 of 126
Page 7 of 9
DROPPED FROM THE TOP TEN
• No change in scores from 2019 to 2020.
• Rank changed as other exposures scored higher on risk inventory.
11. Physical Security Breach 12. Loss of Life or Major Injury
rx
le ,p la
9 e
m
fi 9
9 4 3 3
o R
Sueiry PwEnhiliy M3c.avnT spmEaft•na ..n I.—P M9iptm Ta Uo spxpd'.
•Qs59•lu.al •e¢19•luml0
Score:N/C Rank:-3 Score:N/C Rank:-2
Security Improvements Project being Well-established safety and training program
scoped now. reduces probability
• Currently managing systems while volume
and complexity of work on site increases.
8
CURRENT STRATEGIC RISKS (28)
Operations Finance&
&HR Service or Product Failure Admin Self-Insurance/Reserve Insufficiency
Slow Response to Customer Failure of Internal Controls
Poor Jurisdictional Coordination Economic Uncertainty/Recession
Poor Customer Communications Need for Large Rate Increase
Loss of Life/Major Injury Loss of Major Customer/Partner
Work Stoppage Higher Borrowing Costs/Loss of TE Bond Status
Changing Workforce Social/Political Risk(Civil Unrest)
Change Readiness Cyber Security
Loss of Utilities/Supply Chain Lg Tech Implementation Failure
Continuity Threat/Pandemic External Data Connectivity Risk
9- Failure to Adopt New Technology
Engineering Environmental Damage
New/Proposed Regs/Legislation
Natural Disaster
Major Spill
Loss of Major Asset
Physical Security Breach
Poor Coordination on Large Projects 9 ,1
CENTRALSAN
5
July 21, 2020 Regular ADMIN Committee Meeting Agenda Packet- Page 121 of 126
Page 8 of 9
STRATEGIC RISKS - J U N E 2019
35
30
25
20
15
10
5
0
o",
1
`�l JQos
aeie a
Q�°'
■Severity ■Probability ■Mitigation TODo 05peedof Onset
10
STRATEGIC RISKS - JUNE 2020
35
30 —
25
20 —
15
10 . ■ ' '
.��L
■Severity ■Probability MitigationTODo ■Speed of Onset
11
6
July 21, 2020 Regular ADMIN Committee Meeting Agenda Packet- Page 122 of 126
Page 9 of 9
Questions?
r
July 21, 2020 Regular ADMIN Committee Meeting Agenda Packet- Page 123 of 126