The URL can be used to link to this page

Home My WebLink About13.a. Receive annual update on Strategic Risk Inventory/Enterprise Risk Management (ERM) Program Page 1 of 6 Item 13.a. CENTRALSAN jdf A- hom CENTRAL CONTRA COSTA SANITARY DISTRICT April 21, 2022 TO: HONORABLE BOARD OF DIRECTORS FROM: SHARI DEUTSCH, RISK MANAGEMENT ADMINISTRATOR PHILIP LEIBER, DIRECTOR OF FINANCE AND ADMINISTRATION REVIEWED BY: ROGER S. BAILEY, GENERAL MANAGER SUBJECT: RECEIVE ANNUAL UPDATE ON STRATEGIC RISK INVENTORY/ ENTERPRISE RISK MANAGEMENT (ERM) PROGRAM In January 2020, staff presented to the Board the District's initial Strategic Risk Inventory. At that time, it was noted that the risk inventory would be used as the foundation for an Enterprise Risk Management (ERM) Program. Since then, semi-annual updates have been provided on the status of these risks. Background on Enterprise Risk Management Organizations have traditionally managed risks in a distributed way, with a variety of internal functions that identify and manage risks. Prior to ERM, these efforts were typically not centrally coordinated or reported on. A central goal of ERM is to improve this capability and coordination, while providing summary level reporting to provide a unified picture of risk for stakeholders, and improving an organization's ability to manage these risks effectively. The Central San Strategic Risk Inventory is used for two purposes: 1. As an input to the Internal Auditor's annual work plan. 2. For monitoring, control, and reporting on risks. The ERM Team meets twice per year to discuss progress on mitigating the risks identified in the Strategic Risk Inventory. Updates to the Strategic Risk Inventory are reported to the Finance Committee and Board semi-annually. The attached presentation constitutes the semi-annual update on the ERM Strategic Risk Inventory, and highlights changes in risk rankings as well as new risks identified (if any). The presentation for this period is relatively short, as there have been few changes in the assigned scores for the risks between the last update and now. This matter was reviewed with the Finance Committee on March 22, 2022. Strategic Plan Tie-In GOAL SEVEN:Agility andAdaptability Strategy 2—Plan ahead for scenarios of direct adverse impacts April 21, 2022 Regular Board Meeting Agenda Packet- Page 68 of 135 Page 2 of 6 ATTACHMENTS: 1. Presentation April 21, 2022 Regular Board Meeting Agenda Packet- Page 69 of 135 Page 3 of 6 Enterprise Risk Management Winter 2022 Update Board Meeting April 7, 2022 Shari Deutsch, Risk Management Administrator Phil Leiber, Director of Finance and Administration 1 ERM PROGRAM Strategic Risk Inventory • Created in 2018-2019 • First presented to Board in January 2020 • Reviewed by ERM Team biannually • Updates included in biannual reports to Finance Committee and Board Mitigation Plans • Each risk on the inventory has a mitigation plan. • Each plan is reviewed, updated during biannual ERM Team Mtg. • Progress and goals amended in response to risk scores and operational environment CENTPAL SAN 2 April 21, 2022 Regular Board Meeting Agenda Packet- Page 70 of 135 1 Page 4 of 6 ERM PROGRAM ERM Team • Meets biannually to review and update strategic risk inventory and mitigation plans, then re-scores all strategic risks • Members are the Executive Team, Risk Manager and Internal Auditor Risk Scoring • Four-part risk assessment, each scored from 1-10 • Risk Score is the total of four scores • Ranking based on Risk Score: Highest score = Highest Rank Risk Description Speed of Onset Total=Risk 1-10 ScoreEconomic Uncertainty/Recession 7 8 2 8 25 1 Global Pandemic 6 10 3 5 24 2 Internal Controls Failure 4 3 2 7 16 3 3 THE TOP TEN: RANK AND SCORES EVOLVE OVER TIME Rank Winter 2022 Score Summer 2021 Score 1 Natural Disaster 32 Natural Disaster 32 2 Major Spill 32 Major Spill 32 3 Environmental Risk 31 Environmental Risk 31 4 Loss of Major Asset 30 Loss of Major Asset 31 5 Loss of Utilities/Supply Chain 27 Continuity Threat/Pandemic 27 6 Continuity Threat/Pandemic 27 Service or Product Failure 26 7 CyberSecurity 25 Lossof Utilities/Supply Chain 26 ... .............. ...................... ............... ................ .............. .. .............. .._............ ........... ........... ............... 8 Self-Insurance/Reserve Insufficiency 24 Self-Insurance/Reserve Insufficiency 25 Loss of Life/Major Injury 23 CyberSecurity 25 10 Economic Downturn/Recession 23 Economic Downturn/Recession 24 The top risks don't change very often. 4 April 21, 2022 Regular Board Meeting Agenda Packet- Page 71 of 135 2 Page 5 of 6 CURRENT STRATEGIC RISKS (28) Op.r.tion.Service or Product Failure Adnan Poor Cwto W(.pmmunitdUons SJD Fbmon5e to C.sromer Selr-Insuran /Rene Inwrliciency Poor lurlsd ktional Coordinargn Failure of Infernal Cwt ols Loss of Uti litwgSupply Chain Economie DowntumlReeessinn Conunuity Threat 1 Pandemic Need for Large Il Increase Loss of Majpr Asset Lora of Major Cv.iwnrrlPtlrinrr Physical Securty fueach ... .._ Nigher borrowing CosrslLoss pF TE Bond Status Social I Political Risk(Civil VnreH utcl eyhelseruriry 4 Tech lmpleme tion Failure Engi—Firig Environmental Risk Ert—id para ConnecrNay Rick New/Proposed Regs/Legislation Failure to Adopt New Technology Natural Disaster Malar Spill Poor Coordination on Large Projects KR Loss OF Llte/Major Injury Work Stoppage Changing Workforce Change Readiness Risk 5 STRATEGIC RISKS - RANKED LOW TO HIGH Strategic Risk Scores-Winter 2022 50 ES 20 15 ' ,s+" x —dw•Prwauh "I 11� .:sof ll 6 April 21, 2022 Regular Board Meeting Agenda Packet- Page 72 of 135 3 Page 6 of 6 Questions? 7 April 21, 2022 Regular Board Meeting Agenda Packet- Page 73 of 135 4