The URL can be used to link to this page

Home My WebLink About11.b. Receive Semi-Annual update on Strategic Risk Inventory/Enterprise Risk Management (ERM) Program Page 1 of 5 Item 11.b. CENTRALSAN jdf A- hom CENTRAL CONTRA COSTA SANITARY DISTRICT November 3, 2022 TO: HONORABLE BOARD OF DIRECTORS FROM: SHARI DEUTSCH, RISK MANAGEMENT ADMINISTRATOR PHILIP LEIBER, DIRECTOR OF FINANCE AND ADMINISTRATION REVIEWED BY: ROGER S. BAILEY, GENERAL MANAGER SUBJECT: RECEIVE SEMI-ANNUAL UPDATE ON STRATEGIC RISK INVENTORY/ ENTERPRISE RISK MANAGEMENT (ERM) PROGRAM In January 2020, staff presented to the Board Central San's initial Strategic Risk Inventory. At that time, it was noted that the risk inventory would be used as the foundation for an Enterprise Risk Management (ERM) Program. Since then, semi-annual updates have been provided on the status of these risks. Background on Enterprise Risk Management Organizations have traditionally managed risks in a distributed way, with a variety of internal functions that identify and manage risks. Prior to ERM, these efforts were typically not centrally coordinated or reported on. A central goal of ERM is to improve this capability and coordination, while providing summary level reporting to provide a unified picture of risk for stakeholders, and improving an organization's ability to manage these risks effectively. The Central San Strategic Risk Inventory is used for two purposes: 1. As an input to the Internal Auditor's annual work plan. 2. For monitoring, control, and reporting on risks. The ERM Team meets twice per year to discuss progress on mitigating the risks identified in the Strategic Risk Inventory. Updates to the Strategic Risk Inventory are reported to the Administration Committee and Board semi-annually. The attached presentation constitutes the semi-annual update on the ERM Strategic Risk Inventory, and highlights changes in risk rankings as well as new risks identified (if any). The presentation for this period is relatively short, as there have been few changes in the assigned scores for the risks between the last update and now. This matter was last reviewed with the Finance Committee on March 22, 2022, covering the risk inventory status for the second half of calendar year 2021. ATTACHMENTS: 1. Presentation November 3, 2022 Regular Board Meeting Agenda Packet- Page 113 of 245 Page 2 of 5 November 3,2022 , Strategic Risk Inventory and Enterprise Risk Management - Summer 2022 Update Board of Directors Meeting _e . Shari Deutsch Risk Management Administrator - - Philip Leiber Director of Finance&Administration 1 1 ERM Program - ' i Strategic Risk Inventory Created in 2018-2019 Presented to Admin Committee in December 2019 and to Board in January 2020 Reviewed b ERM Team biannually Y Updates included in biannual reports to Admin g Committee and Board Mitigation Plans Each risk on the inventory has a mitigation plan. Each plan is reviewed, updated during biannual ERM Team Mtg. Progress and goals amended in response to risk scores and operational environment 2 November 3, 2022 Regular Board Meeting Agenda Packet- Page 114 of 245 1 Page 3 of 5 E R M Program ERM Team Meets biannually to review and update strategic risk inventory and mitigation plans, then re-scores all strategic risks Members are the Executive Team, Risk Manager and Internal Auditor ;w Risk Scoring Four-part risk assessment, each scored from 1-10 Risk Score is the total of four scores =a Ranking based on Risk Score: Highest score = Highest Rank Risk Description N.. Economic Uncertainty Recession 7 8 2 8 25 1 Global Pandemic 6 10 3 5 24 2 Internal Controls Failure 4 3 2 7 16 3 3 The Top 10 (or 11 ): Rank and Scores Evolve over Time Rank Summer 2022 Score Winter 2022 Score 1 Environmental Risk 34 Natural Disaster 32 2 Major Spill 32 Major Spill 32 ............... ................ .... .................. .................. ................................. 3 Natural Disaster 32 Environmental Risk 31 ............... ................ .... ............ .................. ................................. 4 Loss of Major Asset 30 Loss of Major Asset 30 4 5 Physical Security Breach,. ... . ...� 28, Loss of Utilities/Supply Chain ... . .. 27 6 Loss of Utilities/Supply Chain 27 Continuity Threat/Pandemic 27 ............... .... .................. ................................. 7 Continuity Threat/Pandemic 27 Service or Product Failure 26 8 Service or Product Failure 26 CyberSecurity 25 ......... ................ .... _......... ................... ............... .................... 9 CyberSecurity 25 Self-Insurance/Reserve Insufficiency 24 10 Self-Insurance/Reserve Insufficiency 24 Loss of Life/Major Injury i 23 11 Economic Downturn/Recession 24 Economic Downturn/Recession 23 The top risks don't change very often,but occasionally a new top 10 risk arises and others are displaced 4 November 3, 2022 Regular Board Meeting Agenda Packet- Page 115 of 245 2 Page 4 of 5 Current Strategic Risks (28) Operations Service or Product Failure F'"e"Ceg poor[nstomer Commanieati°n: Admin Slow Response to Customer Self-insurance/Reservelnsufficienry ` I �� Poor Jurisdictional Coordination Failure of lutemal Controls I Loss of Utilities/Supply Chain Economic Downturn/Recession (I Continuity Threat/Pandemic Need for Large Rate Increase 7 Loss of Major Asset Loss of Major Customer/Partner Physical Security Breach Higher Borrowing Costs/Loss of TE Bond Status Social/Political Risk(Civil Unrest etc( y CyberSecurity Lg Tech Implemeniati°n Failure r LAornal Data ConnectivityRisk f Engineering Environmental Risk Failure to Adopt New Technology J New/Proposed Regs/Legislation &j Natural Disaster } Major Spill HR Loss of Life/Major Injury Poor Coordination on Large Projects Work Stoppage Changing Workforce Change Readiness Risk 5 5 Strategic Risks - Summer 2022 Alk G. 40 Strategic Risk Scores-Summer 2022 ` 35 — 30 as 0 25 � ea 20 10 1 1 1 I I 1 I 11 1 I I I I I I j� Bye 5 0 c ��t`�y`�`�e,��^� y�``��h`` \�P'fisc��``o`` 4 "��°��{ <`��;a``e �'`��ess` aye s < ev ca Q` R"eb c9 ° 0 3 v 'e� yt S� F C ° e�1 m F, & of C� * of Q, r` e� e cP st°�c�\Ls a oc o`'C's�� o<`o� ¢ 4e�o�`Qo d�� o<QJ.�c` c, �` c�' <° / `G ra��sa� `o`^'��e��c �;,'` �`° do �,c`�� sF`e vo fi e�� ;�1 �... \e ,\°`¢neo° °•, S°2°' o'� it '* �� •Severity •Probability Midgadon •Speed of ` To Do Onset 6 6 November 3, 2022 Regular Board Meeting Agenda Packet- Page 116 of 245 3 Page 5 of 5 Questions? 7 November 3, 2022 Regular Board Meeting Agenda Packet- Page 117 of 245 4