The URL can be used to link to this page

Home My WebLink About04.b. Receive Annual Update of the Strategic Risk Inventory and Enterprise Risk Management (ERM) ProgramPage 1 of 5 Item 4.b. F--1-448�411C-S0 April 25, 2023 TO: FINANCE COMMITTEE FROM: SHARI DEUTSCH, RISK MANAGEMENT ADMINISTRATOR PHILIPLEIBER, DIRECTOR OF FINANCE AND ADMINISTRATION REVIEWED BY: ROGER S. BAILEY, GENERAL MANAGER SUBJECT: RECEIVE ANNUAL UPDATE OF THE STRATEGIC RISK INVENTORYAND ENTERPRISE RISK MANAGEMENT (ERM) PROGRAM Background on Enterprise Risk Management Organizations have traditionally managed risks in a distributed way, with a variety of internal functions that identify and manage risks. Prior to ERM, these efforts were not typically centrally coordinated or reported on. A central goal of ERM is improving this capability and coordination, while providing summary level reporting to provide a unified picture of risk for stakeholders and improving an organization's ability to manage these risks effectively. The Central San Strategic Risk Inventory is used for two purposes: As an input to the internal auditor's annual work plan. The Strategic Risk Inventory has informed the risk assessment process which leads to selection of internal audit focus areas for the year. 2. For monitoring, control, and reporting on risks. The ERM Team meets twice per year to discuss progress on mitigating the risks identified in the Strategic Risk Inventory. Updates to the Strategic Risk Inventory are reported to the Administration Committee and Board semiannually. The attached presentation constitutes the annual update on the Strategic Risk Inventory, and highlights changes in risk rankings as well as new risks identified (if any). Strategic Plan Tie -In GOAL FIVE: Safety and Security Strategy 1 - Reduce and eliminate risks of injury or illness ATTACHMENTS: 1. Presentation April 25, 2023 Special FINANCE Committee Meeting Agenda Packet - Page 152 of 160 Page 2 of 5 4/25/2023 Strategic Risk Inventory and Enterprise Risk Management Winter 2023 Updatez1z 1 i........ Shari Deutsch J Risk Management Administrator 1 2 April 25, 2023 Special FINANCE Committee Meeting Agenda Packet - Page 153 of 160 1 Page 3 of 5 ERM Program Strategic Risk Inventory Created in 2018-19 Presented to Board in January 2020 Reviewed by ERM Team biannually ERM Team is the Exec Team, HR, Risk Management and Internal Audit Risk Management reports updates to Finance Committee and Board Mitigation Plans Each strategic risk has a corresponding mitigation plan and is assigned to a risk owner (a member of the Executive Team) Each plan is reviewed during ERM Team meetings Discussion considered in updating risk scores COMING SOON: RISK TEAM MEETINGS 3 Strategic Risk Scoring Four-part risk assessment, each scored from 1-10 Probability - how often will it happen Severity - how bad will it be Mitigation Still to Do - how much work remains to manage the risk Speed of Onset - how much notice do we get before it occurs Earthquake = 10 vs Proposed Legislation = 2 Risk Score is the total of four scores • Ranking based on Risk Score: Highest score = Highest Rank Economic uncertainty / Recession 7 8 2 a is I Global Pandemic 6 10 3 5 24 2 Internal Controls Failure 4 3 2 7 16 3 4 April 25, 2023 Special FINANCE Committee Meeting Agenda Packet - Page 154 of 160 2 Page 4 of 5 Top Ten Strategic Risks Winter 2023 40 30 3, • , 25 20 ■ ■ is 10 A[T 1 I 1 1 5 0 tF+ �� ° a �0' qIc c `��0 o�vo c�d� QPa .��SQ �` o0 ,� , s E y ■S—riq ■Frequency Mitigation ■Sip-dof Needed On- 5 Strategic Risks 1-14 Winter 2023 .,.: Falk Rating March 2023 yem, F.Wuy waan We d,e sprgiirf Ori Current Score Trend and Prior Score EN,; '.. 1 Environmental Risk 9 7 10 10 36 't a 2 Natural �isase 10 5 9 10 34 •' 3 ... .... ...... Major Spill ..... 10 6 ... .... 32.,,, 1"1 •' 4 ...... LossofMajorAsset ... 10 ..... 4 ....7 7 .9 9 30 ...... .... 4y «' S Physical Secuniy Breach 7 6 5 10 28 4# �• 6 Loss of lltihfeslSupply Chain 10 6 3 a 27 F'1 7 Service orProductFailure 9 2 5 10 26 4� F1A 8 Economic CowntumlRecession 7 a 2 8 25 t.. F. 9 Cyber5ecurdy _. __. 9 ._... 4 __.._2 _.9 24_ t.. _ HR 10 Loss of LOPENalor Injury 10 2 3 8 23 M f1 Newlroposed RegslLegislabon 6 3 10 2 23 t12 Slow Response to Customer 5 4 2 10 21 4# 13 Continua ThwAa Pandemic 9 5 2 521�ENG A 14 SelflnsurancelReserwInsuthciency 6 4 3 a 21 j, 6 I April 25, 2023 Special FINANCE Committee Meeting Agenda Packet - Page 155 of 160 3 Page 5 of 5 Strategic Risks 15-28 Winter 2023 0—',. F?r Rating March 2O23 sin, FeqL.,wq milin Needed 9pem of OrrA Current score T.. and Prior Score F1A ''. 15 Failure oflntemal Controls 4 4 3 .......... 7 18 *4 ...... F1A .............. 16 ............... ............... ............... External Data Connectivity Risk ....... 5 ......... 3 2 7 :................ ............... 17 ................. ... ............ ; 4.* .......... .................. F1A 17 ............ .................. ..... ........ ...... Lg Tech Implementation Failure .........:.. 5 ..:........ 3 3 ... e.............. 5 ....... ........ . 16 ............. ................. l '.................... ...... RA .................. .............. 18 ............... ............... ............... Need for Large Rate Increase ....... 7 ......... 3 2 3 ... ........ ........ 15 ............ .......... FNG .. 19 ............ ................. ................ Poor Jurisdidonal Coordination .........:.. 6 ..:........ 4 2 ..... ........ ..... ..... ... 2 .... .... .................... 14 ................. Jl HR 20 Changing Workforce 3 6 3 2 14 - 1♦ _ ENG _.FAA 21 _.Lass Poor Coordination on large Protects 2 6 5 ._._ 1 14 _.14 My 22. ollMtor CuslomerlPadner 9 1 3 1 40 HA _.HR 23 Lase Tax Exemption tar Bonds __.. 5 4 2 ._._ 3 14 _.13_F/ ISM _. 24._Work Stoppage 7 1 4 1 HA 25 Social l Political Risk {Civil llnrest etc) 5 2 2 4 13 ",: 00 F1A 26 Failure to Adopt New Technology 3 3 3 3 12 F1A 27 Poor Customer Communications 4 3 2 2 11 11 4* MW 28 Change Readiness Risk 2 2 1 1 6 6 S April 25, 2023 Special FINANCE Committee Meeting Agenda Packet - Page 156 of 160 4