HomeMy WebLinkAbout5.b. Receive Mid-Year Update on Strategic Risk Inventory/Enterprise Risk Management (ERM) Program Page 1 of 9 Item 5.b. CENTRAL SAN July 21, 2020 TO: ADMINISTRATION COMMITTEE FROM: SHARI DEUTSCH, RISK MANAGEMENT ADMINISTRATOR PHILIP R. LEIBER, DIRECTOR OF FINANCEAND ADMINISTRATION REVIEWED BY: ANN SASAKI, DEPUTY GENERAL MANAGER ROGER S. BAILEY, GENERAL MANAGER SUBJECT: RECEIVE MID-YEAR UPDATE ON STRATEGIC RISK INVENTORY/ ENTERPRISE RISK MANAGEMENT (ERM) PROGRAM In January 2020, staff presented to the Board the District's initial Strategic Risk Inventory. At that time it was noted that the risk inventory would be used as the foundation for an Enterprise Risk Management (ERM) program. Organizations have traditionally managed risks in a distributed way, with a variety of functions that identify and manage risks. Prior to ERM, these efforts were not typically centrally coordinated or reported on. A central goal of ERM is improving this capability and coordination, while providing summary level reporting to provide a unified picture of risk for stakeholders and improving an organization's ability to manage these risks effectively. The Central San Strategic Risk Inventory is used for two purposes: 1. As an input to the internal auditor's annual work plan. The risk inventory was used in the development of the 2020 internal audit plan (which is pending the hiring of a replacement internal auditor). 2. For monitoring, control, and reporting on risks. A risk committee meets internally quarterly to discuss progress on mitigating the risks identified in the Strategic Risk Inventory. Updates to the Strategic Risk Inventory are reported to the Administration Committee and Board semiannually. The attached presentation constitutes the mid-year update on the risk inventory, and highlights changes in risk rankings, new risks identified, and updates to the mitigation plans in place to address the risks. The annual report, to be provided this winter, will provide this and other information, in a more detailed report. Strategic Plan re-In GOAL ONE: Customer and Community Strategy 1—Deliver high-quality customer service, Strategy 2—Maintain a positive reputation GOAL TWO: Environmental Stewardship Strategy 1—Achieve 100% compliance in all regulations, Strategy 2—Anticipate and prepare for potential regulatory July 21, 2020 Regular ADMIN Committee Meeting Agenda Packet- Page 115 of 126 Page 2 of 9 changes, Strategy 3—Support regional development of local water supply, Strategy 4- Reduce reliance on non- renewable energy GOAL THREE:Fiscal Responsibility Strategy 1—Maintain financial stability and sustainability,, Strategy 2—Ensure integrity and transparency in financial management GOAL FOUR: Workforce Development Strategy 1—Proactively plan for future operational staffing needs, Strategy 2—Foster relationships across all levels of Central San, Strategy 3—Inspire employee engagement, Strategy 4—Meet or exceed industry safety standards GOAL FIVE:Infrastructure Reliability Strategy 1—Manage assets optimally to prolong their useful life, Strategy 2—Execute long-term capital renewal and replacement program, Strategy 3—Protect personnel and assets from threats and emergencies GOAL SIX.Innovation and Optimization Strategy 1—Implement the Central San Smart Initiative, Strategy 2—Improve and modernize operations through technology and efficiency measures GOAL SEVEN:Agility and Adaptability Strategy 1—Maintain a safe working environment for employees and the public during the COVID-19 pandemic , Strategy 2—Plan ahead for scenarios of direct adverse impacts ATTACHMENTS: 1. Presentation July 21, 2020 Regular ADMIN Committee Meeting Agenda Packet- Page 116 of 126 Page 3 of 9 r� Enterprise Risk Management Mid-Year Update Administration Committee Meeting 3 July 21, 2020 -h _ Shari Deutsch, Risk Management Administrator Phil Leiber, Director of Finance and Administration ERM PROGRAM Strategic Risk Inventory • Created in 2018-2019 • Presented to Admin Committee in December 2019 and to Board in January 2020 • Reviewed by ERM Team at least biannually (targeted quarterly) • Updates included in biannual reports to Admin Committee and Board Mitigation Plans • Each risk on the inventory has a mitigation plan. • Each plan is reviewed, updated during biannual ERM Team Mtg. • Progress and goals amended in response to risk scores and operational environment 1 1 July 21, 2020 Regular ADMIN Committee Meeting Agenda Packet- Page 117 of 126 Page 4 of 9 ERM PROGRAM ERM Team • Meets biannually to review and update risk inventory and mitigation plans, then re-scores all strategic risks • Members are the Executive Team, Risk Manager and Internal Auditor Risk Scoring • Four part risk assessment, each scored from 1-10 • Risk Score is the total of four scores • Ranking based on Risk Score: Highest score = Highest Rank Ris --_ Rank Score Economic Uncertainty/Recession 7 8 2 8 25 1 Global Pandemic 6 10 3 5 24 2 Internal Controls Failure 4 3 2 7 16 3 2 CIENTRALSAN THE TOP TEN: RANK AND SCORES EVOLVE OVER TIME Rank 2019 Score 2020 Score 1 Natural Disaster 32 Natural Disaster 32 2 Major Spill 31 Major Spill 31 ... .............. ............ .......... ............. .............. ............ ........... . ......... ......... 3 Environmental Damage 30 Environmental Damage 30 4 Loss of Major Asset 30 Loss of Major Asset 30 ... .......... ..................... ............ ..... .._. �.. 5 Loss of Utilities/Supply Chain 26 Pandemic/Continuity Threat 28 6 Service or Product Failure 25 Service or Product Failure 26 ......... ............ ............. ............ . 7 CyberSecurity 24 Loss of Utilities/Supply Chain 26 8 Physical Security Breach 23 Economic Uncertainty/Recession 25 9 Self-Insurance/Reserve Insufficiency 23 CyberSecurity 25 10 Loss of Life/Major Injury 22 Self-Insurance/Reserve Insufficiency 24 3 2 July 21, 2020 Regular ADMIN Committee Meeting Agenda Packet- Page 118 of 126 Page 5 of 9 TOP 4 STRATEGIC RISKS: NO CHANGE IN RANK OR RISK SCORE 1. Natural Disaster 2. Major Spill u Jo yp 9 g 1L g g B B fi 6 5 < 3 3 4 3 . 2 g 0 Saccy MOCedlry MY�mTo 90 SpeNd�nv2 gbyny pppapliy Mn�wn TO Do SgeNdOnsd �Oa-l9�lu•NI •hc-19•Jambi Focus on earthquake,severe weather, Mitigations include additional pipe condition landslide,flood and fire. assessments and project prioritization. Mitigations identified in hazard mitigation plan and in CIP. 4 ` TOP 4 STRATEGIC RISKS: NO CHANGE IN RANK OR RISK SCORE 3. Environmental Damage 4. Loss of Major Physical Asset -- u io m w a e 6 g � 1 0 5e,epy g,v6eNiry Mrtgsa re Oe SpemdOnm 9aauy RohetiM Mifa'cn TO Dv Sveatl✓Ons• Includes permit violations,accidents Mitigations focus on loss of four asset types: Pump Stations • Low probability of occurrence combined with Force Mains high mitigation costs,requires frequent Treatment Systems review. Plant Control Systems 5 �.. CENTRALSAN 3 July 21, 2020 Regular ADMIN Committee Meeting Agenda Packet- Page 119 of 126 Page 6 of 9 OTHER RISKS VARIED OVER TIME AND CIRCUMSTANCE 5. Pandemic/Continuity Threat a 7.Loss of Utilities/SupplyChain 6.Service or Product Failure ... New to the Risk Inventory Score:N/C Rank:-2 Concern for fuel, Mitigations underdevelopment in real chemicals, emergency response time. Outcome will include a current, , supplies and equipment. tested,and effective Pandemic Response Plan. Mitigations include establishing minimum quantities kept on site. Score:+1 Rank:N/C • Service disruption,permit delay, NOVs,other complainants (developers) • Slightly elevated risk due to COVID- 19 changes 6 OTHER RISKS VARIED OVER TIME AND CIRCUMSTANCE 8.Economic Uncertainty/Recession io,s,ir m­ffia„ - � 1 w,m ��„ Me�.•,a� �a� mar wee ,„.,� �..�, New to the top 10 list 9.Cyber Security Score:+1 Rank:N/C • Severity,probability and speed of onset Losses possible from multiple have increase since COVID-19. losses below the insurance threshold,or catastrophic losses Market conditions,employment,local above insurance limits,or losses priorities in flux. ■ for non-covered areas. v� � .,,.,• �� .a.•d� Potential increases could be considered during each budget Score:+1 Rank:-2 process Mitigations include development of 3rd party access controls, continued penetration testing and ongoing employee education and training. 7 LkIL- 4 July 21, 2020 Regular ADM IN Committee Meeting Agenda Packet- Page 120 of 126 Page 7 of 9 DROPPED FROM THE TOP TEN • No change in scores from 2019 to 2020. • Rank changed as other exposures scored higher on risk inventory. 11. Physical Security Breach 12. Loss of Life or Major Injury rx le ,p la 9 e m fi 9 9 4 3 3 o R Sueiry PwEnhiliy M3c.avnT spmEaft•na ..n I.—P M9iptm Ta Uo spxpd'. •Qs59•lu.al •e¢19•luml0 Score:N/C Rank:-3 Score:N/C Rank:-2 Security Improvements Project being Well-established safety and training program scoped now. reduces probability • Currently managing systems while volume and complexity of work on site increases. 8 CURRENT STRATEGIC RISKS (28) Operations Finance& &HR Service or Product Failure Admin Self-Insurance/Reserve Insufficiency Slow Response to Customer Failure of Internal Controls Poor Jurisdictional Coordination Economic Uncertainty/Recession Poor Customer Communications Need for Large Rate Increase Loss of Life/Major Injury Loss of Major Customer/Partner Work Stoppage Higher Borrowing Costs/Loss of TE Bond Status Changing Workforce Social/Political Risk(Civil Unrest) Change Readiness Cyber Security Loss of Utilities/Supply Chain Lg Tech Implementation Failure Continuity Threat/Pandemic External Data Connectivity Risk 9- Failure to Adopt New Technology Engineering Environmental Damage New/Proposed Regs/Legislation Natural Disaster Major Spill Loss of Major Asset Physical Security Breach Poor Coordination on Large Projects 9 ,1 CENTRALSAN 5 July 21, 2020 Regular ADMIN Committee Meeting Agenda Packet- Page 121 of 126 Page 8 of 9 STRATEGIC RISKS - J U N E 2019 35 30 25 20 15 10 5 0 o", 1 `�l JQos aeie a Q�°' ■Severity ■Probability ■Mitigation TODo 05peedof Onset 10 STRATEGIC RISKS - JUNE 2020 35 30 — 25 20 — 15 10 . ■ ' ' .��L ■Severity ■Probability MitigationTODo ■Speed of Onset 11 6 July 21, 2020 Regular ADMIN Committee Meeting Agenda Packet- Page 122 of 126 Page 9 of 9 Questions? r July 21, 2020 Regular ADMIN Committee Meeting Agenda Packet- Page 123 of 126