The URL can be used to link to this page

Home My WebLink About04.c. Receive Update of the Enterprise Risk Management (ERM) ProgramPage 1 of 8 Item 4.c. F__1_448�411C_S0 October 29, 2024 TO: FINANCE COMMITTEE FROM: SHARI DEUTSCH, RISK MANAGEMENT ADMINISTRATOR PHILIPLEIBER, DEPUTYGM -ADMINISTRATION REVIEWED BY: ROGER S. BAILEY, GENERAL MANAGER SUBJECT: RECEIVE UPDATE OF THE ENTERPRISE RISK MANAGEMENT (ERM) PROGRAM Background on Enterprise Risk Management The objective of Enterprise Risk Management (ERM) is to develop a holistic, portfolio view of the most significant risks to the achievement of the entity's most important objectives. ERM seeks to create a top - down, enterprise view of all the significant risks that might affect the strategic objectives of the agency. Central San's ERM process provides a unified picture of risk which then improves our ability to manage that risk effectively. Central San originally identified 28 strategic risks that encompassed all aspects of its operation. These strategic risks are subject to review and change. The `risk register' is used for two purposes: 1. As an input to the internal auditor's annual work plan. The Enterprise Risk Register has informed the risk assessment process which leads to selection of internal audit focus areas for the year. 2. For monitoring, control, and reporting on risks. The ERM Team meets twice per year to discuss progress on mitigating the risks identified in the Enterprise Risk Register. Updates to the Register are reported to the Finance Committee and Board periodically. The attached presentation updates the Enterprise Risk scores as well as initial developments of our overall program review process which will continue over the next year. Strategic Plan re -In GOAL FIVE: Safety and Security Strategy 1 - Reduce and eliminate risks of injury or illness ATTACHMENTS: 1. Presentation October 29, 2024 Regular FINANCE Committee Meeting Agenda Packet - Page 199 of 211 Page 2 of 8 Attachment 1 1 Table of Contents Background Risk Evaluation and Scoring Fall 2024 Results Program Review Retired Risks Risks Renamed and/or Redefined Next Steps 2 October 29, 2024 Regular FINANCE Committee Meeting Agenda Packet - Page 200 of 211 Page 3 of 8 Background Strategic Risk Inventory Created in 2018-19 3 Presented to Board in January 2020 Reviewed by ERM Team biannually ERM Team is the Exec Team, HR, Risk Management and Internal Audit Risk Management reports updates to Finance Committee and Board Mitigation Plans Each strategic risk has a corresponding mitigation plan and is assigned to a risk owner (a member of the Executive Team) Each plan is reviewed during ERM Team meetings Discussion informs updated risk scores 3 Risk Evaluation and Scoring Four-part risk assessment, each scored from 1-10 Probability - how often will it happen Severity - how bad will it be Mitigation Still to Do - how much work remains to manage the risk Speed of Onset - how much notice do we get before it occurs Earthquake = 10 vs Proposed Legislation = 2 Risk Score is the total of four scores Ranking based on Risk Score: Highest score = Highest Rank mm� Economic Uncertainty/ Recession 7 8 2 a Global Pandemic 6 10 3 5 24 2 Internal Controls Failure 4 3 2 7 16 3 4 October 29, 2024 Regular FINANCE Committee Meeting Agenda Packet - Page 201 of 211 Page 4 of 8 Top 10 Enterprise Risks -Fall 2024 40 ■Severity 35 ■ Frequency 30 25 ■ Mitigation 20 Needed S ■ Speed of Onset 0 5 0 ff °c � SJ 5 _ ,A Enterprise Risks 1-14 Fall 2024Alk 'µ�►� Faak Rating Odoher 2424 Severity Frequenq '�, MuigaSon Neetetl Speed of Onset Cunerd Score Trend and Prior Score 1 1 EnuironmerrtalRegulatoryCompliance..............9.....---.-.....7. . 14.......i......14... 36-----.36 Ir 7! 2 Natural Disaster 10 • 5---- -------9 10 34 34 ----(y------- 3 4 Loss of Major Asset -- -- --- Physical Security Breach 10 - 7 4 6 7 5 9 -------- 10 30 - ---- 28 30 -------------- 28 �► � � Blake -�� =7 5 Lass of lltrlrheslSupply Chain------------------- 10 6 3 ----------- 8------ ...-- 27----- 27............... 6 Service or Product Failure 9 2 5 10 26 26 «r► 7 --- EmeiginglPoten4al RegsrLegs ------ 8 4 -- 8 - 5 25 23 ... ---- t 8 Lass of LifelMalor Injury 10 2 4 8 24 23 �- 9 Self-Insurance/Reserve Insufficiency 9..... Z.......1.- 3 ...i......14 24 - 24.......4. .. -- 10 Ecanomlc DowntumlReemion — -- ------- 7 7 2 ---- 8 24 24 1" (F - 11 _ CyberSecunly _ - - 9 4 2 9 24 24 _ fir.► ___ 12 ContimgThreatIl andemic ...--- 9 5 1 5 20--- 21 ;-------.. 13 Finlure of Internal Controls 4 5 3 7 19 19 4in► 14 External Data_Connedwity_Risk.. 6.... •.....3.......',... 2 ...,.......7 1S 17....... - — • I October 29, 2024 Regular FINANCE Committee Meeting Agenda Packet - Page 202 of 211 Page 5 of 8 Enterprise Risks 15-28 Fall 2024 Rank Rating October 2024 Sevedy Frequency °^ eed of Current Trentl and Needed Onset Score Prior Score 15 Need for Large Rate Increase 7 5 2 3 17 15 t 16 Lg Tech tmplementabon Failure 5 3 3 5 16 16 4-0 ... 17 ......... ......... ......... ......... Changing Workforce 3 ...... 6 ............ 4 .... .... .... 1 .... .... ...... 14 4 �/ ... 18 ......... ......... ......... ......... Poor Coordination on Large Projects ............ 2 .... ..... 6 ........ 5 ........ 1 14 14 +,+ ... 19 Lass of Major GustomerlPa leer ......... ......... ......... ......... 9 ...... 1 ........ 3 ........ 1 14 14 4-0 Higher Borrowing Costsr 20 Lase Tax Exemption for Bonds .. ............ 5 .... ..... 4 ............ 2 .... .... ... 3 14 14 *y 21 Social IPal itiralRisk (Civil lJnnest etc) 5 3 2 4 14 14 �► 22 Work Stoppage 7 1 3 1 12 13 j 23 F ai I u re to Adopt New Technology 3 3 3 ........ 3 ......... 12 ......... ......... 12 M 24 Poor Customer Communicabons 4 3 2 2 11 11 w► ......... ...... Retired Risk ... ......... law ...... ........ ........ ........ ......... Retired Risk ... ...... ..... ......... ......... r" pis Retired Risk ... �..�.�...,...Q� ......... ......... ......... AA3e 5pN ...... ........ Retired Risk 7 Material Score Changes Emerging/Potential Probability + I Updated to reflect projections Regulations/Legislation Speed of Onset +3 of HAS impact New/Proposed Regs/Legs Probability +I Redefined as emerging risks Mitigation to Do -2 Excludes Nutrients Speed of Onset +3 Includes PFAS Need for Large Rate Probability +2 Potential cost of nutrient Increase removal 0 6. S October 29, 2024 Regular FINANCE Committee Meeting Agenda Packet - Page 203 of 211 Page 6 of 8 Program Review Retired Risks Slow Response to Customer Poor jurisdictional Coordination Not an enterprise -level risk Not an enterprise -level risk, Monitored at project -level Change Readiness Risk Incorporated into forthcoming`Agility' risk Major Spill Not an enterprise -level risk I Program Review Risks Renamed and/or Redefined Environmental Risk Environmental Regulatory Compliance • Risk of non-compliance with current requirements. • Includes Nutrients and MAC50 New/Proposed • Risks associated with emerging issues, Regulation or not current obligations Legislation • Includes PFAS Failure to Adopt Agility • Keeping up with the industry New Technology • Will combine 'Change Readiness' and 'Failure to Adopt New Tech' into a single 'Agility' risk 10 October 29, 2024 Regular FINANCE Committee Meeting Agenda Packet - Page 204 of 211 Page 7 of 8 Program Review - Next Steps A Longer View: Are these scores Stable or Stuck? Service or Product Failure 26 26 26 26 Changing Workforce 14 14 14 14 Major Asset Failure 27 27 27 27 Large Project Coordination Failure 14 14 14 14 Loss of Major Customer 14 14 14 14 Failure to Adopt New Tech 12 12 12 12 Program Review - Next Steps Looking Backward What works well? What can we improve (stable vs. stuck)? Looking Forward Identify Emerging Risks Can we consolidate our risk register, have fewer but broader risks? Evaluation our Process and Presentation Align mitigation plans with Strategic Plan projects and accomplishments Adjust the process as needed to generate concise and actionable intelligence 12 BE October 29, 2024 Regular FINANCE Committee Meeting Agenda Packet - Page 205 of 211 Page 8 of 8 13 October 29, 2024 Regular FINANCE Committee Meeting Agenda Packet - Page 206 of 211