HomeMy WebLinkAbout04.a. Receive annual update on Strategic Risk Inventory/ERM Program (Cont. from 01-26-21) Page 1 of 10
Item 4.a.
CENTRAL SAN
February 3, 2021
TO: FINANCE COMMITTEE
FROM: SHARI DEUTSCH, RISK MANAGEMENT ADMINISTRATOR
PHILIP R. LEIBER, DIRECTOR OF FINANCEAND ADMINISTRATION
REVIEWED BY: ROGER S. BAILEY, GENERAL MANAGER
SUBJECT: RECEIVE ANNUAL UPDATE ON STRATEGIC RISK INVENTORY/
ENTERPRISE RISK MANAGEMENT (ERM) PROGRAM [CONTINUED
FROM JANUARY 26, 2021]
In January 2020, staff presented to the Board the District's initial Strategic Risk Inventory. At that time it
was noted that the risk inventory would be used as the foundation for an Enterprise Risk Management
(ERM) program. A mid-year update was presented in June 2020. This report represents the annual
update.
Background on Enterprise Risk Management
Organizations have traditionally managed risks in a distributed way, with a variety of internal functions that
identify and manage risks. Prior to ERM, these efforts were not typically centrally coordinated or reported
on. A central goal of ERM is improving this capability and coordination, while providing summary level
reporting to provide a unified picture of risk for stakeholders and improving an organization's ability to
manage these risks effectively. The Central San Strategic Risk Inventory is used for two purposes:
1. As an input to the internal auditor's annual work plan. The Strategic Risk Inventory was used
to develop the 2020 internal audit plan (execution of which is pending the hiring of a replacement
internal auditor; a hiring process is currently underway).
2. For monitoring, control, and reporting on risks. The ERM Team meets twice per year to
discuss progress on mitigating the risks identified in the Strategic Risk Inventory. Updates to the
Strategic Risk Inventory are reported to the Administration Committee and Board semiannually.
The attached presentation constitutes the annual update on the Strategic Risk Inventory, and highlights
changes in risk rankings as well as new risks identified (if any).
Strategic Plan Tie-In
GOAL TWO: Environmental Stewardship
Strategy 1—Achieve 100% compliance in all regulations
GOAL FIVE:Infrastructure Reliability
Strategy 3—Protect personnel and assets from threats and emergencies
February 3, 2021 Special FINANCE Committee Meeting Agenda Packet- Page 3 of 186
Page 2 of 10
GOAL SEVEN:Agility and Adaptability
Strategy 2—Plan ahead for scenarios of direct adverse impacts
ATTACHMENTS:
1. Presentation
February 3, 2021 Special FINANCE Committee Meeting Agenda Packet- Page 4 of 186
Page 3 of 10
2020 Year-End Enterprise Risk
Management Update
_ Finance Committee Meeting
January 26, 2021 / February 3, 2021
_ Shari Deutsch, Risk Management Administrator
Phil Leiber, Director of Finance and Administration
1
ENTERPRISE RISK MANAGEMENT
Traditional Risk Management
• Included insurance risk management and management
of various risks by individual managers.
am,re,re,mreDr
m(gale leve tnrmgn SiIDW ReacLve
.nsrra0l[riei Irrymae enNerY IndecendemlV Ino 6dma ovDenanmernl
nary i
Fa IanlB�cl la i arganzaoenaawe '" 1h esses nse
organlxallDnY NreDAn lncreax0 dsgpDwNni1•es Holistic imarxe Enlemnse xioe
peiAomwnce, eglawtnp ana OelkY ccnlinually
ueing imanAlge+ tledaion maa+ng. naManrrafrenur
lik Yepuuaen.
ENTERPRISE RISK MANAGEMENT
Enterprise Risk Management
• Adds centralized oversight and reporting.
• Broad consideration of what can go wrong, what are we doing
about it, how are risks changing over time. Portfolio approach.
66 CENTRAL SAN
2
1
February 3, 2021 Special FINANCE Committee Meeting Agenda Packet- Page 5 of 186
Page 4 of 10
BACKGROUND
• Central San created a strategic risk inventory in 2018-2019
• Presented results of the risk inventory in December 2019
• Committee desired periodic updates; two times per year is the
current plan
• Summary update in July
• More detailed update in January
• 25+ strategic risks identified; top 10 were focus of presentation
to the Board in June 2020
• Risk mitigation plans developed for each
• Year-end update:
• Rescore the risks and consider trends
• Update the mitigation plans
• Present all strategic risks
FAITIFETT."W-1 M2I
i,
3
CENTRAL SAN ERM PROGRAM
ERM Team
• Meets twice per year to review and update risk inventory
and mitigation plans, then re-scores all strategic risks
• Members are the Executive Team, Risk Management
Administrator and Internal Auditor
Risk Scoring
• Risks assessed on four factors, each scored from 1-10
• Risk Score is the total of factor scores
• Ranking based on Risk Score: Highest score = Highest Rank
nPtl �m� 1-10 Score
J,Rlsk
onomic Uncertainty/Recession 7 8 2 8 25 1
obal Pandemic 6 10 3 5 24 2
ternal Controls Failure 4 3 2 7 16 3
4
2
February 3, 2021 Special FINANCE Committee Meeting Agenda Packet- Page 6 of 186
Page 5 of 10
TOP 10 STRATEGIC RISKS
No changes to the Top 10 List since mid-2020
Seventy !frequency 0t Currentand Trend
Gnomon Rank Risk Oesaiptions Nftw Onset Scare pr]oracora
Jluf� Na
W,111 asAV 10 3 9 10 32 3i
2 Mair Spill to 6 7 9 32 at �R
JMP 3 1-JnAfLi n-mM RrA 10 3 9 9 31 30
JMP 9 t—ol Mapr Meet H a 7 f0 M w 40*
5 CWNN*Th"?P"lamic 95 f0 3 S 275 m �
5 Semte or Product i atlure 9 2 5 10 2.6 26 �I
7 1.ass ofUff&a+Su Chan 10 5 3 8 26 26 1"1
PL 8 9 4 3 9 25 25 �1
PL 9 SelLicwranoe�F2eaerve Inmkieray 7 3 5 9 24 74 4`►
PL 10 F-nw—OovmWmlRearvaion 7 7 2 a
I
-
5
TOP TEN STRATEGIC RISKS IN 2020
35
30
25 —
20
JS
JO 1 1 1
`+ate oa` ph sP�e �' ta'ae c'cac
a�a`o tea` Po�em
t r d
`�co3d S¢dF �o o,J
0
S
MSe—iry EFrequency Mhigaden ■Speedo/
Needed Onset
onsomor4rkff.F7-lixf-I ME
6
3
February 3, 2021 Special FINANCE Committee Meeting Agenda Packet- Page 7 of 186
Page 6 of 10
STRATEGIC RISKS RANKED #11 -20
• Some movement due to recalibration of scoring and differing
views of status
• Anticipate some additional movement with participation of the
new Director of Operations.
Fm9u�Y mmmn SPW of Current Trend
Nooded Omni Score end prior wore
[Teter frank 37ixk Ikremplwne
TO 11 1owofMUM)rInjury 1f1 23 s 1'3
JUP 12 Ph I Seco rty Hnwh r 2 3 10 22 7.i 4R
JMP 13 Nawfp *1obm 6 2 HJ 1 21 12 40R
14 SbwRespoimTrme 5 3 2 10 20 26 40R
Ta_ 15 Work SWpage 7 3 9 1 20 14 t
_AL 16 Fajen of Wmal Caie6 4 4 3 7 18 16 i
AL 17 Exiernsd DwW Corrnecivily Rok 5 3 2 7 17 15 i
ill 1S j y Tmh Irnpi.iiie::U—Fnlure 6 3 2 a 16 IS l
1'1 i9 Need fnr I arge Itala Inrmame 7 3 2 3 15 16 4► ,
2LI Icor Junsdlctonal f_:mrdr tet 5 4 2 2 14 11 4R
7
STRATEGIC RISKS RANKED #21 -28
• Risks with lower scores/rank still require attention,
reassessment, as environment and circumstances will change
over time.
S-Mrtiy Fr MA5 Hkm 5pew1 of Gurrerrt Trend
Needed Onset Score and prior more
Wncr Rank Risk Ocsaiptim[s
TO 21 Ghan i Wmkkx 3 6 3 1 2 14 1: 4-*
PL 72 1=CA Map,C:rA�nrA'adnmr 9 1 3 1 1A 1:S 4-R
,W. 23 Poor Connfsution m t anja Proonts 2 5 5 1 13 14 1
f ighcr f3orrovnng CosL4
PL 24 l.OMto[.xloriimcis 5 3 2 3 13 9
PL 25 Scoai 7Poih ag Risk Gail Unrest etc 5 2 2 4 13 12 4R
PL 76 1 Mum In Ad New 1o&n 3 3 4 3 13 12IM 4�R
21 Poor Gwbrnnr Gnmmunr bonen 4 2 2 2 70 _ 111 �R
TO 28 Change 17eadimm Risk 2 2 7 1 B !l
I
8
4
February 3, 2021 Special FINANCE Committee Meeting Agenda Packet- Page 8 of 186
Page 7 of 10
NOTABLE MOVEMENTS SINCE LAST REVIEW
CURRENT PRIOR TREND
15 Work Stoppage 20 14 t
16 Failure of Intemal Controls 18 16 t
17 External Data Connectivity Risk 17 15 it
18 Lq Tech Implementation Failure 16 18 j
23 Poor Coordination on Large Projects 13 19
Higher Borrowing Costs/
24 Lose Tax Ex for Bonds 13 9
*Work Stoppage-recognition of mitigation work needed
Lre*Large Project Coordination -significant progress made in mitigation
efforts
*Borrowing -severity increased based on financial impact which was
calibrated with standard scale across all risks.
I
9
BUBBLE CHART
OF ALL STRATEGIC RISKS
• Placement of bubble:top right is more concern. Lower left is less.
• Size of bubble: composition of speed of onset and mitigation work
remaining Risk Heat Map:Pro babi Iity of Occurrence,Severity of Impact,and
Mitigation Opportunity/Speed of Onset
12 f
N Serviced
O Product jor
10 Failure lury y
oss of Maj a Natural Disa16r-16r
_O Customer/Pa `
II 8 Is
xe��(eri -ssao nWork Stoppage_—Self-Ilnsuffide/enReserve Economic
v o Downtum/Recessian
Physical Security B42r ^a[lo`Need for Large
N _ rr^ g Slow oo di Rate Increase
CL ELou TaxaExemw'^ gesponse...F— EMernal Da(a
4 ��p"98or Curtomer Connectiviry Risk Ke to bubble i
Communications a1 Soclal/ e
p owls Politica Ris Chan g Risk Nam
Civll gm
.T. —,n nev, ( I WoMorce Size of bubble is based on
ge a fof
2 Reatliness fe`^oology P000rC eraages
> Risk mitig tion to do and
Large Projects speed of onset
0
a 2 4 6 8
Probability of Event(1 =low,10=high)
I
CENTRALSAN
10
5
February 3, 2021 Special FINANCE Committee Meeting Agenda Packet- Page 9 of 186
Page 8 of 10
BUBBLE CHARTS BY RISK OWNER:
ENGINEERING
Risk Heat Map:Probability of Occurrence,Severity of Impact,and
Mitigation Opportunity/Speed of Onset
12 ew/Prpposed
II Regs ��
/Legislation Natural Disaster Major Spill
10 2.0 10 zo
Loss of Major Asset 00
S.S \9.5 4.00 8.0
0.0
II 8 8.5
U L 6
N tT sial ev to bubble info:
C L Security Risk Name
4 Breach Poor Probability
0 2 Coord,.,, Impact
T 7 on Lug,Prolccts Avg of Mitigation&Speed of Onset
6.5 5.0
2.0
> -WTO
U) 0
2 4 6 8 0
Probability of Event(1 =low,10=high)
I
11
BUBBLE CHARTS BY RISK OWNER:
HUMAN RESOURCES
Risk Heat Map:Probabi I ity of Occurrence,Severity of Impact,and
Mitigation Opportunity/Speed of Onset
t;
'C Loss ort+ryrag4r ipirry
lT
L t` 20
is
1
� s
O —kstoppage
0
II 70
� 50
0
Q
Cnarylki�. ace Keyta bubbleinfo:
O Ay'. VRisk Name
[nen{eReetl'mes Rist 3L - Probability
2.0 2i- Impdtt
> z.e Avg of Mitigaupn&SpeedotOoset
al l o
2 4 6 {
Probability of Event(1=low,10=high)
f
CENTRALSAN
12
6
February 3, 2021 Special FINANCE Committee Meeting Agenda Packet- Page 10 of 186
Page 9 of 10
BUBBLE CHARTS BY RISK OWNER:
FINANCE AND ADMINISTRATION
Risk Heat Map:Probability of Occurrence,Severity of Impact,and
Mitigation Opportunity/Speed of Onset
12
Loss arMajor
L ne+ Neeor age PaCerS _ Self-insurance/
Yer
� ReelauRicien
ySOCus
3.0
g L.O.. 7.0
2. P
}T $
p tgTecn Implemlreauon Emnpmk
Failure External Data ConnectOw Mufn/ReLess�en
Risk
3.0 7.0
6 6.0 , 5.0 7_0
ro 3.5 e55.0 5.0
Q Higher Borrowing Costs/ Failreotln[emateentrol5'S
E a Lose Tax Exemption to 4.0
aands 4.0 Keyto bubble Info:
A3.0 Fa�'ure[oAdop[Nev,30 Rusk N.-
50 -e[nnowgy Scr-a./POIRral R.n.
75 30 unresrE_ Probability
> 3.o 51 Impact
3.5 3.1
Avg of Mitigation&Speed of Onset
3.0
0
0 2 6 F
Probability of Event(1 =low,10=high) idol.
13
BUBBLE CHARTS BY RISK OWNER:
OPERATIONS
Risk Heat Map:Probability of Occurrence,Severity of Impact,and
Mitigation Opportunity/Speed of Onset
t Loss of L1jWgVj5upp1y
to
Continuity Threat/
r m
Semor.Pn;dll�r,Failure P
II 2�.
0 1[1.0
9.5
4.0
0
p Slow Reponse 7in>� �
;`ss:4Rljlrisdictional
Poor Customer -- Coordination
a e Communis 60 aevtobubblelnfo:
E 20 L.0 Risk Name I
QU Probability
a i 2.9 2'0 Impaa
Avg of Mitigation&Speed of Onset
'0 o
0 2 6 9 l�
Probabilityof Event(1=low,t6=high)
I�
CENTRALSAN
I
14
7
February 3, 2021 Special FINANCE Committee Meeting Agenda Packet- Page 11 of 186
Page 10 of 10
ALL STRATEGIC RISKS - DECEMBER 2020
35
30
25
20
111 lip
15
10
5
0
c4 011.0 Q`°11,c®c94S es e�'o c°110a°oo �Qa ceMs eeacoe�$.eCvFSOQ&-A�°Oeaulo P
-6 1,,*h d CQ�c0Qla�3p"µlt
�41
p
P?eF°a�'�,;\� e `c�ce pQ�o P�\9�eee 0�"aQ�aoe\5e of od.�a��a eoa
a4 ao 0P .E a c y e o d 0 5 3�a .v�
�caP oPaQ.a�ozc�lseE3FQ Oaa Ja So c`&eooJ`\a�F\ 4,
Qoo``�W" 0 e Q 110 o "-c. el Qa de\Q` ooia o R 5 c
ao� 0 c
Qoo Fa 5e�s
�a
■Severity ■Probability Mitigation TO Do ■Speed of Onset
I\I
15
Questions?
CENTRAL SAN
16
8
February 3, 2021 Special FINANCE Committee Meeting Agenda Packet- Page 12 of 186