The URL can be used to link to this page

Home My WebLink About16.a. Receive annual update of the Strategic Risk Inventory and Enterprise Risk Management (ERM) ProgramLICENTRAL SAN June 1, 2023 Page 1 of 6 Item 16.a. FROM: SHARI DEUTSCH, RISK MANAGEMENT ADMINISTRATOR PHILIP LEI BER, DEPUTY GENERAL MANAGER, ADMINISTRATION REVIEWED BY: ROGER S. BAILEY, GENERAL MANAGER SUBJECT: RECEIVE ANNUAL UPDATE OF THE STRATEGIC RISK INVENTORYAND ENTERPRISE RISK MANAGEMENT (ERM) PROGRAM Background on Enterprise Risk Management Organizations have traditionally managed risks in a distributed way, with a variety of internal functions that identify and manage risks. Prior to ERM, these efforts were not typically centrally coordinated or reported on. A central goal of ERM is improving this capability and coordination, while providing summary level reporting to provide a unified picture of risk for stakeholders and improving an organization's ability to manage these risks effectively. The Central San Strategic Risk Inventory is used for two purposes: As an input to the internal auditor's annual work plan. The Strategic Risk Inventory has informed the risk assessment process which leads to selection of internal audit focus areas for the year. 2. For monitoring, control, and reporting on risks. The ERM Team meets twice per year to discuss progress on mitigating the risks identified in the Strategic Risk Inventory. Updates to the Strategic Risk Inventory are reported to the Administration Committee and Board semiannually. The attached presentation constitutes the annual update on the Strategic Risk Inventory, and highlights changes in risk rankings as well as new risks identified (if any). Strategic Plan Tie -In GOAL FIVE: Safety and Security Strategy 1 - Reduce and eliminate risks of injury or illness, Strategy 2 - Protect personnel and assets from threats and emergencies ATTACHMENTS: 1. Presentation June 1, 2023 Regular Board Meeting Agenda Packet - Page 144 of 165 6/1/23 Strategic Risk Inventory and Enterprise Risk Management Spring 2023 Update Shari Deutsch Risk Management Administrator 1 Table of Contents Enterprise Risk Management (ERM) Program 2. Strategic Risk Scoring 3 Top Ten Strategic Risks as of Winter 2023 Z' All Strategic Risk Scores as of Winter 2023 2 Page 2 5f/(R2/2023 June 1, 2023 Regular Board Meeting Agenda Packet - Page 145 of 165 1 ERM Program - Two Parts Strategic Risk Inventory Developed in 2018-19 Presented to Board in January 2020 Reviewed by ERM Team biannually ERM Team is the Exec Team, HR, Risk Management and Internal Audit Risk Management reports updates to Finance Committee and Board Mitigation Plans Each strategic risk has a corresponding mitigation plan and is assigned to a risk owner (a member of the Executive Team) Each plan is reviewed during ERM Team meetings Discussion considered in updating risk scores COMING SOON: RISK TEAM MEETINGS 3 28 Strategic Risks by Risk Owner Service or Product Failure Slow Response to Customer Loss of Utilities/Supply Chain Continuity Threat / Pandemic Natural Disaster Major Spill Loss of Major Asset Physical Security Breach 4 Poor Jurisdictional Coordination Work Stoppage Environmental Risk Loss of Life/Major Injury New/Proposed Regs/Legislation Changing Workforce Poor Coordination on Large Change Readiness Risk Projects Poor Customer Communications Self-Insurance/Reserve Insufficiency Failure of Internal Controls Economic Downturn/Recession Need for Large Rate Increase Loss of Major Customer/Partner Higher Borrowing Costs/ Lose Tax Exemption for Bonds Social / Political Risk (Civil Unrest etc) CyberSecurity Lg Tech Implementation Failure External Data Connectivity Risk Failure to Adopt New Technology s Page 3 (5F/1R2/2023 June 1, 2023 Regular Board Meeting Agenda Packet - Page 146 of 165 2 Ali nment with Strategic Plan on imare aenTy m . . . . 5 Risk Assessment and Scoring Risk assessed on 4 elements, each scored from 1 (low) to 10 (hi) ,, Probability -how often will it happen 2) Severity - how bad will it be 3) Mitigation Still to Do -how much work remains to manage the risk 4) Speed of Onset -how much notice do we get before it occurs Earthquake = 10 vs Proposed Legislation = 2 Risk Score is the total of four element scores Ranking based on Risk Score: Highest score = Highest Rank Economic uncertainty/Recession 7 8 2 8 25 1 Global Pandemic 6 10 3 5 24 2 Internal Controls Failure 4 3 2 7 16 3 (: Page 4 &/(�2/2023 June 1, 2023 Regular Board Meeting Agenda Packet - Page 147 of 165 3 7 is Risks - Winter 2023 40 35 30 , 1 252. IS 0 1 sh o sQq 3� 02� ``g to of cqc �o V Ins everity ■Frequency Nidgadon ■Speed of Needed Onset is Risks 1-14 - Winter 2023 I Page 5 &/(�2/2023 June 1, 2023 Regular Board Meeting Agenda Packet - Page 148 of 165 4 trurrer Pank Rating March 21123 Severty Freglwrny Vogaiior Speedof Current Trend and Needed Orm score PFior Score ENG 1 Environmental Risk 9 7 10 10 30 r 2 Natural Disaster 10 5 9 10 34 •• 3 MaorSplll 10 fi 7 9 32 00 • 4 Loss of Major Asset 10 4 7 9 30 /y • • 5 Physical 5ecunty Breach 7 6 5 10 28 UI •• 6 Lass o[1111i1esJSupply Chain 10 fi 3 8 27 7 7 Service PodudFailure 9 2 ........ ................ 5 ....... 10 26 M F Economic ]awntumlReoesslon .. 7 .... 8 2 8 25 t .. F.A.9 C*rSecurlty 9 4 ... 2 9 24 HR 10 ... ......... ......... ......... Loss ofLifelMajor€njury ......... 10 ......... 2 ......... 3 8 23 f••/ ......... : ENG ........ 11 ......... ......... ......... NewlPropasedRegslLegislaon ......... 8 ......... ........ 3 ......... ................ .... ..... 10 ......... .......... ....... 2 23 ......... 1< ......... .......... 12 w Responset0Customer 5 4 2 10 21 *0 13 FrifinwhrThreat) Pandemic 9 5.. 2 521......... lflnsuranceJReservelnsuFFicien ......... 6 ......... - 4 ......... 3 8 ......... 21 ...... .........14 I Page 5 &/(�2/2023 June 1, 2023 Regular Board Meeting Agenda Packet - Page 148 of 165 4 Page 6 &/02/2023 Strategic Risks 15-28 - Winter 2023 s Duper Rank Rating March 2623 Sesreiiy Frequency rlr�paion Speed of Current Trend and Needed Onse; Score Prior Score FIA 15 Failure of Internal Controls 4 4 3 7 18 18 4-► ........ FIA 16 ......... ......... Ddemal Data Connectivity Risk ......... 5 ......... 3 ......... 2 ........ 7 ................ .... it 17 4! £. i ......... HA 17 ......... ......... Lg Tech €mplemen ation Failure 5 ........ .................. 3 ..... 3 5 16 18 1 j, ........ FIA 18 ..... ......... Need for Large Rate Increase ......... 7 ......... 3 ........ .................. ......... 2 ..... ........ 3 ......... ................ .... 15 ......... 16 ......... ......... _ 19 PoorJunsdictional Coordination fi 4 2 2 14 14 «y 20 Charging Workforce .. ..... .... 3 ..... 6 3 2 14 14 N 21 Poor Coordination on Large Projects 2 fi 5 1 14 14 4* FIA 22 Loss ofMaorCustomerlPartner 9 1 3 1 14 14 4.0 ✓ _ ....._< FIA ........ 23 ...... ......... ......... Lose Tax Exemption 6or Bonds ...... 5 ................ .. .................. 4 ..... 2 3 14 13 1-+ HR ........ q 24 Work Stoppage ... ... ...... 7 1 .. 4 .. 1 13 13 �► I ► FIA 25 Social I Political Risk {Civil Un estetc} 5 2 2 4 13 13 H FIA 26 Failure to Adopt New Technology 3 3 3 3 12 13 ......... FIA ........ 27 ......... ........ ......... Poor CustomerCommunicalions 4 ........ .................. 3 ..... 2 ......... 2 11 11 40 28 Change Readiness Risk 2 2 1 1 6 6 9 10 e CLCD CENTRAL SAN 77 June 1, 2023 Regular Board Meeting Agenda Packet - Page 149 of 165 5