The URL can be used to link to this page

Home My WebLink About12.c. Receive update of the Enterprise Risk Management (ERM) ProgramPage 1 of 8 Item 12.c. 110ENTRAL SAN November 21, 2024 FROM: SHARI DEUTSCH, RISK MANAGEMENT ADMINISTRATOR PHILIP LEIBER, DEPUTYGM -ADMINISTRATION REVIEWED BY: ROGER S. BAILEY, GENERAL MANAGER SUBJECT: RECEIVE UPDATE OF THE ENTERPRISE RISK MANAGEMENT (ERM) PROGRAM Background on Enterprise Risk Management The objective of Enterprise Risk Management (ERM) is to develop a holistic, portfolio view of the most significant risks to the achievement of the entity's most important objectives. ERM seeks to create a top- down, enterprise view of all the significant risks that might affect the strategic objectives of the agency. Central San's ERM process provides a unified picture of risk which then improves our ability to manage that risk effectively. Central San originally identified 28 strategic risks that encompassed all aspects of its operation. These strategic risks are subject to review and change. The `risk register' is used for two purposes: 1. As an input to the internal auditor's annual work plan. The Enterprise Risk Register has informed the risk assessment process which leads to selection of internal audit focus areas for the year. 2. For monitoring, control, and reporting on risks. The ERM Team meets twice per year to discuss progress on mitigating the risks identified in the Enterprise Risk Register. Updates to the Register are reported to the Finance Committee and Board periodically. The attached presentation updates the Enterprise Risk scores as well as initial developments of our overall program review process which will continue over the next year. Strategic Plan re -In GOAL FIVE: Safety and Security Strategy 1 - Reduce and eliminate risks of injury or illness ATTACHMENTS: 1. Presentation November 21, 2024 Regular Board Meeting Agenda Packet - Page 141 of 164 Page 2 of 8 Attachment 1 1 Table of Contents Background M �. Risk Evaluation and Scoring - r Fall 2024 Results Program Review ,- Retired Risks - Risks Renamed and/or Redefined r Next Steps 'A;,�, 2 November 21, 2024 Regular Board Meeting Agenda Packet - Page 142 of 164 Page 3 of 8 Background Strategic Risk Inventory Created in 2018-19 Presented to Board in January 2020 Reviewed by ERM Team biannually ERM Team is the Exec Team, HR, Risk Management and Internal Audit Risk Management reports updates to Finance Committee and Board Mitigation Plans Each strategic risk has a corresponding mitigation plan and is assigned to a risk owner (a member of the Executive Team) _ Each plan is reviewed during ERM Team meetings ' Discussion informs updated risk scores ell 3 Risk Evaluation and Scoring -- Four-part risk assessment, each scored from 1-10 Probability - how often will it happen *f� Severity - how bad will it be a4 Mitigation Still to Do - how much work remains to manage the risk Speed of Onset - how much notice do we get before it occurs Earthquake = 10 vs Proposed Legislation = 2 Risk Score is the total of four scores Ranking based on Risk Score: Highest score = Highest Rank Economic uncertainty / Recession 7 8 2 8 "8s 1. Global Pandemic 6 10 3 5 24 2 Internal Controls Failure 4 3 2 7 16 3 -a• 4 November 21, 2024 Regular Board Meeting Agenda Packet - Page 143 of 164 Top 10 Enterprise Risks -Fall 2024 40 ■Severity 35 ■ Frequency 30 25 ■ Mi[igacion 20 Needed 5 ■ Speed Onset of 10 5 0 \Q' a°¢ oQQ�i oi,d �`a�o �C°O Or ai . P? ,0 �o S c Ooac �st� 5�4�eo� c¢otQ S 'o 401 tocF 5 Enterprise Risks 1-14 1*. Page 4 of 8 Fall 2024 Faak RatingCdoher 2424 Seven Frequency: ' Muigati0n Speed 01 � Neetletl Onset CuneM Trend and Score Prior Score - 1 EnvironmerrtalReplatcryCompliance ..............9 7.......I 14 14-----...--36-----.36......x----- ....... --- 2 Natural Disaster 10 5 9 14 3 _ Loss of MajorAsset -- 10--- ------4 _ --- -7 9- 30--- 36-----1�/ ----- Blnke 4 Physical Breach Ys ^hl 7 6 5 ----------- 10 28 28—_, Lass of lltilitieslSupply Chain------------------- 10 ----------------• 6 .............. 3 -- -----------............ 8.........-- 27-----_ 2j......1rrx....... 6 Service or Product Failure 9 2 5 10 26 26 M i 7 --- EmeiginglPotenhal RegsrLegs ..... 8 ....... 4 ---- 8 5 25 27 - t♦ T 8 ------ Loss of Lifellftr Injury 10 --- ? --- - 4 8 24 23.......1. ---- - ----.. y 9 Self-Insurance/Reserve Insufficiency 9..... Z.......1-----------------;......14-------------------- 24 - 24......... - � 10 10___ Economic NawntumlRecession -------------- 7 ---------------- 7......_I • ....... 2 -----------............ 8...........24..... 24.......1"x----- r' r 11--- CyherSecurily 9 4 ---- ------- 2 9 24--- 24 - �..►------- 12 Continu_gThreat IPandemic...--- 9 5 1- 5. _ 20--- 21 --;-------.. 13 Failure of Internal Controls 4 5 37 19 19 «r► --.14... rnaaa_ConnedivAy_ Risk Ex�lDi ............................---•-............'...-----------..........7 6 3 1S 17.......- I November 21, 2024 Regular Board Meeting Agenda Packet - Page 144 of 164 Enterprise Risks 15-28 Fall 2024 Rank Rating October 2024 Sevedy Frequency Mom Speed of Current Trend and Neem Onset Score Prior Score 15 Need for Large Rate Increase 7 5 2 3 17 15 t 16 Lg Tech tmplementabon Failure 5 3 3 5 16 16 4-0 ... 17 ......... ......... ......... ......... Changing Workforce 3 ...... 6 ............ 4 .... .... .... 1 .... .... ...... 14 4 �/ ... 18 ......... ......... ......... ......... Poor Coordination on Large Projects ............ 2 .... ..... 6 ........ 5 ........ 1 14 14 +,+ ... 19 Loss of Major GustomerlPa leer ......... ......... ......... ......... 9 ...... 1 ........ 3 ........ 1 14 ......... 14 4-* ......... .......... Higher Borrowing Costsr 20 Lase Tax Exemption for Bonds .. ............ 5 .... ..... 4 ............ 2 .... .... ... 3 14 14 *y 21 Social IPal itiralRisk (Civil lJnnest etc) 5 3 2 4 14 14 �► 22 Work Stoppage 7 1 3 1 1213 j 23 F ai I u re to Adopt New Technology 3 3 3 ........ 3 ......... 12 ......... .......... 12 M 24 Poor Customer Communicabons 4 3 2 2 11 11 w► ......... ...... Retired Risk ... ......... law ...... ........ ........ ........ .......... Retired Risk ...... .... ......... ......... r" pis ...... ........ ........ .......... .............. Retired Risk ... �..�.�...,...Q� ......... ......... ......... ...... ........ ........ ........ .......... Retired Risk 7 Material Score Changes Emerging/Potential Probability + I Updated to reflect projections Regulations/Legislation Speed of Onset +3 of HAS impact New/Proposed Regs/Legs Probability +I Redefined as emerging risks Mitigation to Do -2 Excludes Nutrients Speed of Onset +3 Includes PFAS Need for Large Rate Probability +2 Potential cost of nutrient Increase removal I November 21, 2024 Regular Board Meeting Agenda Packet - Page 145 of 164 Of Page 5 of 8 i Program Review Retired Risks Slow Response to Customer Not an enterprise -level risk Poor jurisdictional Coordination Not an enterprise -level risk, Monitored at project -level Change Readiness Risk Incorporated into forthcoming`Agility' risk Major Spill Not an enterprise -level risk I Program Review Risks Renamed and/or Redefined Environmental Risk Environmental Regulatory Compliance • Risk of non-compliance with current requirements. • Includes Nutrients and MAC50 New/Proposed • Risks associated with emerging issues, Regulation or not current obligations Legislation • Includes PFAS Failure to Adopt Agility • Keeping up with the industry New Technology • Will combine 'Change Readiness' and 'Failure to Adopt New Tech' into a single 'Agility' risk 10 November 21, 2024 Regular Board Meeting Agenda Packet - Page 146 of 164 Page 6 of 8 Page 7 of 8 Program Review - Next Steps 26 _ Changing Workforce 14 14 14 14 f A Longer View: Are these scores Stable or Stuck? 27 -� 14 14 :all 2023 Fall 2022 Fall 2021 14 14 14 14 Failure to Adopt New Tech 12 12 12 12 A, i� 11 12 Service or Product Failure 26 26 26 26 Changing Workforce 14 14 14 14 Major Asset Failure 27 27 27 27 Large Project Coordination Failure 14 14 14 14 Loss of Major Customer 14 14 14 14 Failure to Adopt New Tech 12 12 12 12 4Yf, Program Review - Next Steps - All Looking Backward What works well? What can we improve (stable vs. stuck)? Looking Forward Identify Emerging Risks Can we consolidate our risk register, have fewer but broader risks? Evaluation our Process and Presentation - Align mitigation plans with Strategic Plan projects and accomplishments Adjust the process as needed to generate concise and actionable r f intelligence November 21, 2024 Regular Board Meeting Agenda Packet -Page 147 of 164 Page 8 of 8 Q• 61110� �.w lop Lwrvx OWIP W TASrb .1k - 13 November 21, 2024 Regular Board Meeting Agenda Packet - Page 148 of 164