Five Risk Management Best Practices Scott Moss, CIS P/C Trust Director ERM – ISO 31000

Why ERM – ISO  Future of Risk Management  International Standard of Risk Management  Risk Management Education Using ERM  Better Decisions  Greater Accountability  Reduce Losses  Improve Outcomes

ISO  Principles  Framework  Process

ERM Process  Establish internal and external context  Risk assessment  Risk treatment  Monitor results  Communicate and consult with internal and external stakeholders

Communications & Consultation Monitoring & Review Establish Context 1.Mission/Strategic Plan 2.Risk Tolerance 3.Risk Policy 4.Internal & External Stakeholders

Align uncertainties with your Mission. What is your purpose? How do risks contribute to your mission? Align with your entity’s Strategic Plan How you will achieve your goals? Mission & Strategic Plan

Determine your risk tolerance High Moderate Low Determine amount of risk to retain vs. transfer Risk Tolerance & Appetite

Develop a risk policy that outlines ERM objectives Executive responsibility Board risk oversight committee responsibility Staff risk management committee responsibility Risk Policy

Various department reps Identify risk exposures Assign risk owners Develop transfer or methods to reduce risks Risk Treatment Plans 4.ERM Team

Identify who the stakeholders are for your entity How do they play a role in your ERM program? 5.Internal & External Stakeholders

Communications & Consultation Monitoring & Review Risk Assessment: Risk Identification

Identify Uncertainty (Opportunity & Threats) Risk AnalysisRisk Evaluation Risk Assessment

RiskCategoryDescriptionFrequencySeverityProbabilityOwnerTreatment Plan Risk Register

Financial Business Model Political Competition Underwriting Reserving/Claims Reinsurance Risk Map

Communications & Consultation Monitoring & Review Risk Treatment

Communication Plan Benchmarks Resources New Strategies Existing Strategies Root Causes Owner Risks ERM Treatment

Communications & Consultation MONITORING & REVIEW ERM Monitoring

BenchmarksEarly warning signalsInvestigationsCreate dashboards ERM Monitoring

ERM Monitoring — Dashboards  Identify the metric  Obtain data for the metric  Determine metric boundaries  Measure the above against the old thresholds

ERM Monitoring — Examples ComplaintsBad Outcomes ClaimsOverspending Others’ experiences Internal controls Surveys National standards

COMMUNICATIONS & CONSULTATION Monitoring & Review ERM Communication

Use current communication channels Add “Threats & Opportunities” to internal reports and Board/Staff reports ERM Communication

Positive Outcomes with ERM Communications & Consultation Monitoring & Review

Creates Value Risk treatment becomes part of culture Clear format for addressing uncertainty Systemic & structured method worldwide

Provides for ownership, responsibility, and accountability Transparent and reactive Facilitates continual improvement 5 6 7

Questions? Do not be afraid to ask dumb questions. They are easier to handle than dumb mistakes. -- Unknown