The URL can be used to link to this page

Home My WebLink About05.c. Receive annual update on Stratgic Risk Inventory/Enterprise Risk Management (ERM) Program Page 1 of 10 Item 5.c. ,orVIOIN SAN January 26, 2021 TO: FINANCE COMMITTEE FROM: SHARI DEUTSCH, RISK MANAGEMENT ADMINISTRATOR PHILIP R. LEI BER, DIRECTOR OF FINANCEAND ADMINISTRATION REVIEWED BY: ROGER S. BAILEY, GENERAL MANAGER SUBJECT: RECEIVE ANNUAL UPDATE ON STRATEGIC RISK INVENTORY/ ENTERPRISE RISK MANAGEMENT (ERM) PROGRAM In January2020, staff presented to the Board the District's initial Strategic Risk Inventory. At that time it was noted that the risk inventory would be used as the foundation for an Enterprise Risk Management (ERM) program. A mid-year update was presented in June 2020. This report represents the annual update. Background on Enterprise Risk Management Organizations have traditionally managed risks in a distributed way, with a variety of internal functions that identify and manage risks. Prior to ERM, these efforts were not typically centrally coordinated or reported on. A central goal of ERM is improving this capability and coordination, while providing summary level reporting to provide a unified picture of risk for stakeholders and improving an organization's ability to manage these risks effectively. The Central San Strategic Risk Inventory is used for two purposes: 1. As an input to the internal auditor's annual work plan. The Strategic Risk Inventory was used to develop the 2020 internal audit plan (execution of which is pending the hiring of a replacement internal auditor; a hiring process is currently underway). 2. For monitoring, control, and reporting on risks. The ERM Team meets twice per year to discuss progress on mitigating the risks identified in the Strategic Risk Inventory. Updates to the Strategic Risk Inventory are reported to the Administration Committee and Board semiannually. The attached presentation constitutes the annual update on the Strategic Risk Inventory, and highlights changes in risk rankings as well as new risks identified (if any). Strategic Plan Tie-In GOAL TWO: Environmental Stewardship Strategy 1—Achieve 100% compliance in all regulations GOAL FIVE:Infrastructure Reliability Strategy 3—Protect personnel and assets from threats and emergencies January 26, 2021 Regular FINANCE Committee Meeting Agenda Packet- Page 294 of 305 Page 2 of 10 GOAL SEVEN:Agility and Adaptability Strategy 2—Plan ahead for scenarios of direct adverse impacts ATTACHMENTS: 1. Presentation January 26, 2021 Regular FINANCE Committee Meeting Agenda Packet- Page 295 of 305 Page 3 of 10 2020 Year-End Enterprise Risk Management Update _ Finance Committee Meeting January 26, 2021 _ Shari Deutsch, Risk Management Administrator Phil Leiber, Director of Finance and Administration 1 ENTERPRISE RISK MANAGEMENT Traditional Risk Management • Included insurance risk management and management of various risks by individual managers. am,re,re,mreDr m(gale leve tnrmgn SiIDW ReacLve .nsrra0l[riei Irrymae enNerY IndecendemlV Ino 6dma ovDenanmernl nary i Fa IanlB�cl la i arganzaoenaawe '" 1h esses nse organlxallDnY NreDAn lncreax0 dsgpDwNni1•es Holistic imarxe Enlemnse xioe peiAomwnce, eglawtnp ana OelkY ccnlinually ueing imanAlge+ tledaion maa+ng. naManrrafrenur lik Yepuuaen. ENTERPRISE RISK MANAGEMENT Enterprise Risk Management • Adds centralized oversight and reporting. • Broad consideration of what can go wrong, what are we doing about it, how are risks changing over time. Portfolio approach. CENTRAL SAN 2 1 January 26, 2021 Regular FINANCE Committee Meeting Agenda Packet- Page 296 of 305 Page 4 of 10 BACKGROUND • Central San created a strategic risk inventory in 2018-2019 • Presented results of the risk inventory in December 2019 • Committee desired periodic updates; two times per year is the current plan • Summary update in July • More detailed update in January • 25+ strategic risks identified; top 10 were focus of presentation to the Board in June 2020 • Risk mitigation plans developed for each • Year-end update: • Rescore the risks and consider trends • Update the mitigation plans • Present all strategic risks FAITIFETT."W-1 M2I i, 3 CENTRAL SAN ERM PROGRAM ERM Team • Meets twice per year to review and update risk inventory and mitigation plans, then re-scores all strategic risks • Members are the Executive Team, Risk Management Administrator and Internal Auditor Risk Scoring • Risks assessed on four factors, each scored from 1-10 • Risk Score is the total of factor scores • Ranking based on Risk Score: Highest score = Highest Rank nPtl �m� 1-10 Score J,Rlsk onomic Uncertainty/Recession 7 8 2 8 25 1 obal Pandemic 6 10 3 5 24 2 ternal Controls Failure 4 3 2 7 16 3 4 2 January 26, 2021 Regular FINANCE Committee Meeting Agenda Packet- Page 297 of 305 Page 5 of 10 TOP 10 STRATEGIC RISKS • No changes to the Top 10 List since mid-2020 �� Fragta&xy WOO. Speed of current Trend }nr,.:r Rank Risk�oscriptiarle Haadw OTIWA Score and prior scare JMP t rMral©6ashT! 10 3 9 10 32 32 JMP 2 Major Splll 10 5 7 9 N 11 JMP 3 Fnviro selal Risk 10 3 9 9 31 :A JMp7 ms[#Malo[R884 10 0 7 7Q 31 :w 60 5 Cvnhnu*3 hreal I llandemic 9.5 10 3 S 21-5 28 00 6 Semw ur ProductFadura 9 2 5 10 26 28 -0 7 Loss of Chem 10 5 3 8 26 26 PL 9 C Sew 9 d 3 9 25 25 FL 9 SelNnsuranoad owm hmrk my 7 3 5 9 24 ',-1 PL N 1.r rrwc Dawdurr.Vpm 7 7 2 B 24 7S 5 TOP TEN STRATEGIC RISKS IN 2020 35 30 25 za 15 io 5 0 J` tNel `,z SJQ�i eco e ems e\ c rya o �a��a O° ePe o e Sao` � �cVc ■Severity ■Frequency Mitigation ■Speedof Needed On- 6 3 January 26, 2021 Regular FINANCE Committee Meeting Agenda Packet- Page 298 of 305 Page 6 of 10 STRATEGIC RISKS RANKED #11-20 • Some movement due to recalibration of scoring and differing views of status • Anticipate some additional movement with participation of the new Director of Operations. Sermr Frnduen[y Speed ul curYnrt Trend Owner Nsnk flak V—ripo— Wei Or" scan and prior■caro TO 11 I ons of l lfa:Mapr Injury to 2 3 S 23 22 -+ JMP_ 12 1lhyrlral.;r rdy I heads 1 2 1 18 22 2:1 ai JMP 13 NmV Ia6on 8 2 10 1 21 22 ai 14 Slow Resiponim Tuna 5 3 a f0 20 20 -0 TO_ 15 Work Sloppap T 2 9 1 20 14 PL 16 Padure of ln4.vnel Canlyds 4 4 3 7 1S 16 t PL 17 Ex[emal Dula Connediviiv Rick 5 3 2 7 17 15 f PL 10 1 y Terh IinfdemenIA—Failure 6 3 7 5 16 18 j PL T9 Need lar I arge Rafe Inrreara 1 3 2 3 15 16 ai 20 Door Jan9ddonal Coordlnahon 6 4 2 2 14 1•f I\i 7 STRATEGIC RISKS RANKED #21 -28 • Risks with lower scores/rank still require attention, reassessment, as environment and circumstances will change over time. Seventy Frequency,, MNgahon Speed of Current Trend Needed Onset Score and prior score Owner Rank Risk Descriptions TO 21 Changing Workforce 3 6 3 2 14 14 `4 PL 22 Less of li Customer/Partner 9 1 3 1 14 13 is+ JMP 23 Poor Coordlnahon on Large Pni 2 5 5 1 13 _.19 { _. Higher Borrowing Cosml '.,. '... PL 24 Lose Tax Ex for Bonds 5 3 2 3 13 9 PL 25 Social I Political Risk(Civil Unrestetc) 5 2 2 4 13 12 PL 26 Failure to Adopt New Technology 3 3 4 3 13 12 27 Poor Cusmmer Communications 4 2 2 2 10 10 is+ _.TO 28 Change Readiness Risk 2 2 1 1 6 _._.8 4 January 26, 2021 Regular FINANCE Committee Meeting Agenda Packet- Page 299 of 305 Page 7 of 10 NOTABLE MOVEMENTS SINCE LAST REVIEW CURRENT PRIOR TREND 15 Work Stoppage 20 14 t 16 Failure of Internal Controls 18 16 t 17 External Data Connectivity Risk 17 15 it 18 Lq Tech Implementation Failure 16 18 j 23 Poor Coordination on Large Projects 13 19 Higher Borrowing Costs/ 24 Lose Tax Ex for Bonds 13 9 *Work Stoppage-recognition of mitigation work needed Lre*Large Project Coordination -significant progress made in mitigation efforts *Borrowing -severity increased based on financial impact which was calibrated with standard scale across all risks. I 9 BUBBLE CHART OF ALL STRATEGIC RISKS • Placement of bubble:top right is more concern. Lower left is less. • Size of bubble: composition of speed of onset and mitigation work remaining Risk Heat Map:Probability of Occurrence.Severity of Impact,and Mitigation Opportunityl Speed of Onset 12 L 01 L Le rul a 10 - Less of N Loss Q Major p [ontlnti andemk Cvswme ersecornF }� g rlPartner Sel(-la9rarcdResae C- .9 JrWotkSl.ppp� 111 ljTec - Neetl forLxgecenamie QpwiMaert(Re�ien v 6 FnYsica15asuity 8ra-rn Imle Rate 3ncreme tlOn Fdlleiel W W Nigher_-Slow Res—Tme - on _ Nter 101 a CL —ireE 4 Costs/ �.ii�re arie:ee.le,�, CanneaNily Risk ose Tal CammuaaanorYi Neto Social! Chlrk&V emptionAdopt Pol itical Risk Wage .Tr 2 [Rentls Rc New area Techroh. Popk—di—iCn mRvk On Large Pfplect$ m (n 0 Probability of Event(1=low,10=highs I 10 5 January 26, 2021 Regular FINANCE Committee Meeting Agenda Packet- Page 300 of 305 Page 8 of 10 BUBBLE CHARTS BY RISK OWNER: ENGINEERING Risk Heat Map:Probabilityof Occurrence,Severity of Impact,and M itigation Opportunity/Speed of Onset 12 � Rewle,apaaea _ �, Regs t la /uP+se{m II 20 O 8. � B 3 0 u �• fi Physi- E Snw,ry a &ea[h [Dora oiwtim o 2 onLaReP,.,— II ,.,- 56 K,yta bubble info: Risk Name j 2 3'{ Probability N ImpaR N Avgof Mitigation&Speed of ORset 0 0 2 Y Probability of Event(1=low,10=high) I CENTRALSAN 11 BUBBLE CHARTS BY RISK OWNER: HUMAN RESOURCES Risk Heat Map:Probability of Occurrence,Severity of Impact,and Mitigation Opportunity/Speed of Onset h 'C Loss ott+L.ssgariy�ry lT II 10.0 O —Stoppage so to � 50 0 o- Lna .yWPoarce KeytO bubble info: O '. Risk Name [nen{eReed'mes RLR 3L - P.bab-Ilty 20 2i- I[Ilpdtt > z.p Avg of Mitigation&SpeetlotOnset al i o 2 6 6 { Probability of Event(1=low,10=high) t CENTRALSAN --r - 12 6 January 26, 2021 Regular FINANCE Committee Meeting Agenda Packet- Page 301 of 305 Page 9 of 10 BUBBLE CHARTS BY RISK OWNER: FINANCE AND ADMINISTRATION Risk Heat Map:Probability of Occurrence,Severity of Impact,and Mitigation Opportunity/Speed of Onset 12 Loss arMajor L ne+ Neeor age PaCerS _ Self-insurance/ Yer � ReelauRicien ySOCus[o 3.0 g L.O.. 7.0 2. P }T $ p tgTecn Implemlreauon Emnpmk Failure External Data ConnectOw Mufn/ReLess�en Risk 3.0 7.0 6 6.0 , 5.0 7_0 ro 3.5 e55.0 5.0 Q Higher Borrowing Costs/ Failreotln[emateentrol5'S E a Lose Tax Exemption to 4.0 aands 4.0 Keyto bubble Info: A3.0 Fa�'ure[oAdop[Nev,30 Rusk N.- 50 -e[nnowgy Scr-a./POIRral R.n. 75 30 unresrE_ Probability > 3.o 51 Impact 3.5 3.1 Avg of Mitigation&Speed of Onset 3.0 0 0 2 6 F Probability of Event(1 =low,10=high) idol. 13 BUBBLE CHARTS BY RISK OWNER: OPERATIONS Risk Heat Map:Probability of Occurrence,Severity of Impact,and Mitigation Opportunity/Speed of Onset t Loss of L1jWgVj5upp1y to Continuity Threat/ r m Semor.Pn;dll�r,Failure P II 2�. 0 1[1.0 9.5 4.0 0 p Slow Reponse 7in>� � ;`ss:4Rljlrisdictional Poor Customer -- Coordination a e Communis 60 aevtobubblelnfo: E 20 L.0 Risk Name I QU Probability a i 2.9 2'0 Impaa Avg of Mitigation&Speed of Onset '0 o 0 2 6 9 l� Probabilityof Event(1=low,t6=high) I� CENTRALSAN `►5 I -- 14 7 January 26, 2021 Regular FINANCE Committee Meeting Agenda Packet- Page 302 of 305 Page 10 of 10 ALL STRATEGIC RISKS - DECEMBER 2020 35 30 25 20 111 lip 15 10 5 0 c4 011.0 Q`°11,c®c94S es e�'o c°110a°oo �Qa ceMs eeacoe�$.eCvFSOQ&-A�°Oeaulo P -6 1,,*h d CQ�c0Qla�3p"µlt �41 p P?eF°a�'�,;\� e `c�ce pQ�o P�\9�eee 0�"aQ�aoe\5e of od.�a��a eoa a4 ao 0P .E a c y e o d 0 5 3�a .v� �caP oPaQ.a�ozc�lseE3FQ Oaa Ja So c`&eooJ`\a�F\ 4, Qoo``�W" 0 e Q 110 o "-c. el Qa de\Q` ooia o R 5 c ao� 0 c Qoo Fa 5e�s �a ■Severity ■Probability Mitigation TO Do ■Speed of Onset I\I 15 Questions? CENTRAL SAN 16 8 January 26, 2021 Regular FINANCE Committee Meeting Agenda Packet- Page 303 of 305