The URL can be used to link to this page

Home My WebLink About06.a. Receive annual update on Strategic Risk Inventory/Enterprise Risk Management Program Page 1 of 8 Item 6.a. CENTRAL SAN September 28, 2021 TO: FINANCE COMMITTEE FROM: SHARI DEUTSCH, RISK MANAGEMENT ADMINISTRATOR PHILIP LEIBER, DIRECTOR OF FINANCE AND ADMINISTRATION REVIEWED BY: ROGER S. BAILEY, GENERAL MANAGER SUBJECT: RECEIVE ANNUAL UPDATE ON STRATEGIC RISK INVENTORY/ ENTERPRISE RISK MANAGEMENT (ERM) PROGRAM In January 2020, staff presented to the Board the District's initial Strategic Risk Inventory. At that time it was noted that the risk inventory would be used as the foundation for an Enterprise Risk Management (ERM) Program. Since then, semi-annual updates have been provided on the status of these risks. Background on Enterprise Risk Management Organizations have traditionally managed risks in a distributed way, with a variety of internal functions that identify and manage risks. Prior to ERM, these efforts were typically not centrally coordinated or reported on. A central goal of ERM is to improve this capability and coordination, while providing summary level reporting to provide a unified picture of risk for stakeholders, and improving an organization's ability to manage these risks effectively. The Central San Strategic Risk Inventory is used for two purposes: 1. As an input to the Internal Auditor's annual work plan. 2. For monitoring, control, and reporting on risks. The ERM Team meets twice per year to discuss progress on mitigating the risks identified in the Strategic Risk Inventory. Updates to the Strategic Risk Inventory are reported to the Administration Committee and Board semiannually. The attached presentation constitutes the semi-annual update on the ERM Strategic Risk Inventory, and highlights changes in risk rankings as well as new risks identified (if any). The presentation for this period is relatively short, as there have been few changes in the assigned scores for the risks between the last update and now. This matter was last reviewed with the Finance Committee on January 26, 2021. ATTACHMENTS: 1. Presentation September 28, 2021 Regular FINANCE Committee Meeting Agenda Packet- Page 158 of 170 g # Mir Mid -Year Enterprise Risk r Management Update Finance Committee Meeting September 28, 2021 • n. Shari Deutsch, Risk Management Administrator Phil Leiber, Director of Finance and Administration September 28, 2021 Regular FINANCE Committee Meeting Agenda Packet- Page 159 of 170 BACKGROUND • Central San created a risk inventory in 2018-2019 • Presented results of the risk inventory in December 2019 • Committee desired periodic updates; two times per year is the current plan • Interim update in Summer • Full update in Winter • 25+ strategic risks identified; top 10 were focus for presentation to the Board • Risk mitigation plans developed for each • Interim update: • Rescore the risks and consider trends • Updated the mitigation plans CENTRALSAN September 28, 2021 Regular FINANCE Committee Meeting Agenda Packet- Page 160 of 170 STRATEGIC RISK REVIEW RISK SCORES ARE THE SUM OF THE SCORES ON 4 CRITERIA Risk Description Probability Severity Mitigation To Do Speed of Onset Risk 1 1 1 1 Score Pandemic 6 10 3 5 24 Recession 7 8 2 8 25 Internal Control 4 3 2 7 16 Failure CENTRALSAN September 28, 2021 Regular FINANCE Committee Meeting Agenda Packet- Page 161 of 170 ERM TEAM MEMBERS • General Manager • Director of Operations • Director of Engineering and Technical Services • Director of Finance and Administration • Human Resources Manager • Risk Management Administrator • Internal Auditor CENTRALSANSeptember 28, 2021 Regular FINANCE Committee Meeting Agenda Packet- Page 162 of 170 STRATEGIC RISKS - SEPTEMBER 2021 35 30 25 20 ' 15 10 1 • 1 1 1 5 fj — 0 ' — �t ° �t o r J o J -J e o �c �� t`5 \°� yt5 005 ecc \°p° �\° otc •ec �e ea5 •��t �`5 �t°� `� ac �c t` •\Jt 5 �e o � r e ♦ P t a e`' `ca L \a ee � �o t� t° Qa c Q �J oo e \� 0t t� ce �� ec c�a L a �a t •o �h rets poQe t�°� °tto acro �G` �e� oa\� oa'o�°�a oy�o� 4°Qa eo�a G°oo �o�et ��ey �e�y\�`'ecJ�`�e o�Jto deo GJ tQt° \at \eo ta Q°5�a � \o ea 5L2 \ ok o� eye eo �� r fit. °5 Lr ,off \�Q \pa Jte 5 r� oyy `cp e\Q �c kJ J�J eeaer Q°°t Qa�e \\Q° a\ote Q°ot tCo° °y5 °o Lo \oyJt �o h�°Q `,a F d§ PO ho Q h t� �o ■Severity ■Probability Mitigation To Do ■Speed of Onset i September 28, 2021 Regular FINANCE Committee Meeting Agenda Packet- Page 163 of 170 TOP TEN STRATEGIC RISKS : CHANGES SINCE LAST REVIEW Rank Fall 2020 * Spring 2021 1 Natural Disaster 32 Natural Disaster 32 ................................................................................................................................................................................................................................................................................................. 2 Major Spill 32 Major Spill 32 .........................................................................................................................................................................................................................................................................................I..1..1. 3 Environmental Risk 31 Environmental Risk 31 .........................................................................................................................................................................................................................................................................................I....... 4 Loss of Major Asset 31 Loss of Major Asset 31 ................................................................................................................................................................................................................................................................................................. 5 Continuity Threat/ Pandemic 28 Continuity Threat/ Pandemic 27 ................................................................................................................................................................................................................................................................................................. 6 Service or Product Failure 26 Service or Product Failure 26 ................................................................................................................................................................................................................................................................................................. 7 Loss of Utilities/Supply Chain 26 Loss of Utilities/Supply Chain 26 ................................................................................................................................................................................................................................................................................................. 8 Cyber Security 25 Self-Insurance/Reserve Insufficiency 25 ................................................................................................................................................................................................................................................................................................. 9 Self-Insurance/Reserve Insufficiency 24 Cyber Security 25 10 Economic Downturn/Recession 24 Economic Downturn/Recession 24 There were no material changes in the 18 other risks ranked below these during this review period. CENTRALSAN September 28, 2021 Regular FINANCE Committee Meeting Agenda Packet- Page 164 of 170 Quest 'ions ?. 4"m CENTRALSAN September 28, 2021 Regular FINANCE Committee Meeting Agenda Packet- Page 165 of 170