Enterprise Risk Management Lucas Taylor Fermilab Strategic Planning Workshop 4 – 5 November 2015.

Slides:

Advertisements

Similar presentations

The Department of Energy Enterprise Risk Management Model

Advertisements

AASHTO Internal Audit Conference 2012 – Phoenix Daniel Fodera, CMQ/OE Program Management Improvement Team Federal Highway Administration.

Risk Management at Harvard – Panel Discussion Harvard IT Summit

Risk The chance of something happening that will have an impact on objectives. A risk is often specified in terms of an event or circumstance and the consequences.

Hospital Emergency Management

Lisanne Sison Director ERM Bickmore

November 2004 The Research Infrastructures in FP7 DG RTD – Directorate ‘Structuring ERA’

Briefing to the Commission to Review the Effectiveness of the National Energy Laboratories (CRENEL) Joseph McBrearty, Deputy Director for Field Operations.

Contractor Assurance System AC Overview October 13, 2009.

Introduction to Enterprise Risk Management (ERM)

Advanced Metering Infrastructure AMI Security Roadmap April 13, 2007.

Project Risk Management

Enterprise Risk Management in DHHS

Risk Assessment Frameworks

Managing Risk to Reduce Construction Claims (And Improve Project Success) Presented by Laurie Dennis, PE, CVS-Life, FSAVE.

Chapter 11.  The board is ultimately responsible for risk management  Oversee strategic risks, operational risks, and financial risks  Many federal.

Project Delivery Method Selection Guidance ACEC/WSDOT Annual Meeting June 11, 2015 Jeff Carpenter Director, WSDOT Construction Division.

Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.

Project Risk Management. The Importance of Project Risk Management Project risk management is the art and science of identifying, analyzing, and responding.

Audits & Assessments: What are the Differences and How Do We Learn from the Results? Brown Bag March 12, 2009 Sal Rubano – Director, Office of the Vice.

FY2010 PEMP Notable Outcomes October 15, FRA, LLC Board of Directors 10/15-16/2009 Office of Quality and Best Practices Performance Evaluation Management.

RISK MANAGEMENT PRESENTATION ASQ- GREATER HOUSTON SECTION 1405 Lila Carden, Ph.D., MBA, PMP University of Houston Instructional Associate Professor

1 Enterprise Risk Management (ERM) Program PNM Resources, Inc. March 29, 2007 Presentation to American Public Power Association March 2007 Austin, Texas.

Where Innovation Is Tradition Mason Initiatives: Efficiency & Effectiveness Enterprise Risk Management Beth Brock, Associate VP & Controller George Mason.

1 FCAP Review Comments and Responses – 05/13/08 Fermilab Contractor Assurance Program Ed Vokoun EG&G Sr. Logistics Manager at Fermilab.

IT Risk Management, Planning and Mitigation TCOM 5253 / MSIS 4253

Organize to improve Data Quality Data Quality?. © 2012 GS1 To fully exploit and utilize the data available, a strategic approach to data governance at.

NIST Special Publication Revision 1

CONNECTING SCIENCE TO DECISIONMAKING ON CLIMATE CHANGE David Blockstein, Ph.D., Senior Scientist, NCSE Executive Secretary Council of Environmental Deans.

INTEGRATING ENTERPRISE RISK MANAGEMENT IN THE FEDERAL GOVERNMENT

ERM or COLLEGE WIDE RISK MANAGEMENT - MADE EASY Financial Management Institute – June 6 th, 2007 Peter Lockie, Chief Financial Officer Camosun College.

Corporate Governance and Risk Management. Introduction Corporate Governance What does it mean? and Why does it matter? Risk Management Challenges of growth.

Executive Session Director’s CD-3b Review of the MicroBooNE Project January 18, 2012 Dean Hoffer.

JLab Software Assurance Program A Risk Based Approach to Software Management.

Presenter’s Name June 17, Directions for this Template  Use the Slide Master to make universal changes to the presentation, including inserting.

APPA - Enterprise Risk Management LCRA’s ERM Journey Presented by JoEllen Peterman, ERM Program Manager September.

Geoffrey L. Beausoleil Assistant Manager, Office of Operational Support DOE Idaho Operations Office September 12, 2006 Presentation to DOE ISM Champions.

1 Introducing Enterprise Risk Management (ERM) - The KOC Experience November 2012 Khaled Al-Awadhi Risk Management Team Kuwait Oil Company.

“Integrating Property Management with Emergency Recovery” Ivonne Bachar, CPPM CF Director, Property Management Office Stanford University

Fermilab Presentation Greg Bock, Pepin Carolan, Mike Lindgren, Elaine McCluskey 2014 SC PM Workshop July 2014.

1 EMS Fundamentals An Introduction to the EMS Process Roadmap AASHTO EMS Workshop.

Katie Yurkewicz Community Advisory Board 24 September 2015 Enterprise Risk Management.

Project Management Risk and Quality.

APPA - Enterprise Risk Management LCRA’s ERM Journey Presented by JoEllen Peterman, ERM Program Manager March 29, 2007.

Environmental Management System Implementation. Practices, Aspects, Impacts- Concepts Mission Resource Impact Resource Impact Activities/ Operations Practices.

Developed for: ORIMS Professional Development Session October 22, 2013 Presented by: Steve Pottle, York University Michelle Williamson-Reid, TSSA Risk.

Swedish Risk Management System Internal management and control Aiming to Transport Administration with reasonable certainty to.

1 Introduction to Enterprise Risk Management Liz Ryan On Detail to NOAA OCFO Risk Office.

Presented by: Andrea Miller, PMP. Objectives Understand your project's risk How to plan your contingencies How to identify when your contingencies should.

Improving performance, reducing risk LRQA Service Summary Name: Lionel Westall, LRQA Company: IOSH Date: April 2016.

Enterprise Risk Management in the Construction Industry

One Lab: Know our Operational Risks T.I. Meyer | Chief Operating Officer, Fermilab Risk Workshop Kickoff 04 April 2016.

Prevention & Protection SAME ENDS DIFFERENT MEANS? THE FUTURE STRUCTURE AND PURPOSE OF CFOA’ s PREVENTION AND PROTECTION ACTIVITIES.

Quantifying Cyber Security Risk in Dollars and Cents to Optimize Budgets CRM008 Speakers: Chris Cooper, VP, Operational Risk Officer; RGA Reinsurance Company.

USDA 2016 Financial Management Training Transforming Shared Services

Risk Management Lucas Taylor Fermilab Risk Manager 3 rd February Director's Review -- Risk Management L. Taylor, 3rd February 2016.

Introduction to Enterprise Risk Management (“ERM”)

Workshop Goals and Preparation Lucas Taylor Fermilab Risk Manager LBNF / DUNE Risk Workshop for Far Site Conventional Facilities Fermilab, 31 st August.

JMFIP Financial Management Conference

Michael J. Novak ASQ Section 0511 Meeting, February 8, 2017

An Overview on Risk Management

NYSICA 2016Membership survey

Data Architecture World Class Operations - Impact Workshop.

Risk Identification HL-LHC Detector Upgrades Project

Software Configuration Management

COSO and ERM Committee of Sponsoring Organizations (COSO) is an organization dedicated to providing thought leadership and guidance on internal control,

ITSM Governance is Imperative to Succeed

Privacy Project Framework & Structure

Bridging the ITSM Information Gap

Program & Project Risks and Reporting with Oracle Primavera Cloud

Presentation transcript:

Enterprise Risk Management Lucas Taylor Fermilab Strategic Planning Workshop 4 – 5 November 2015

Introductions Lucas Taylor, Fermilab –PhD Particle Physicist, PMP-certified, Deputy Project Manager for “LHC CMS Detector Upgrades” –Fermilab Risk Manager, Lab risk processes, tools, project risk (CMS, LBNF / DUNE…), enterprise risk Keith Molenaar, U. of Colorado –Professor of Construction Engineering Mgmt. –Research interests: project risk analysis, alternative project delivery methods, and cost engineering Anne Kerhoas, CERN –Physicist, Engineer, MBA, previously: Senior Safety Officer, International Atomic Energy Commission –CERN Enterprise Risk Management Oct 2015Lucas Taylor | Risk Register and Management2

Terminology Enterprise Risk: Effect of uncertainty on strategic Lab goals and objectives Enterprise Risk Management (ERM): Processes to identify, analyze, mitigate and respond to enterprise risks Lucas Taylor, Enterprise Risk Management | Fermilab Strategic Planning Workshop3

1.Enterprise risks are BIG – strategic not tactical 2.Enterprise risks are DIVERSE and CROSS-CUTTING “ERM analyzes all risk across the enterprise, including operational risk, governance and compliance risk, project and program risk, financial risk, and others.” J. Crook, Director of ERM, Consolidated Nuclear Security, Oak Ridge. Perspective Lucas Taylor, Enterprise Risk Management | Fermilab Strategic Planning Workshop4

Outputs of the workshop 1.Define the Lab’s enterprise risk tolerance (Group 0) Ranking scheme in terms of probabilities and impacts. 2.Identify the top risks to the Lab — (Groups 1—5) Rank risks and update risks summary, mitigations, response plans, owners … 3.Action items Ambitious but a lot of preparatory work has been done Lucas Taylor, Enterprise Risk Management | Fermilab Strategic Planning Workshop5

Enterprise Risk Management at Fermilab ERM owned by Senior Lab Mgmt. ERM coordinated by IPPM –Integrated Planning & Perf. Mgmt. Monitored by DOE / FRA –Contractor Assurance System (CAS) Learning from others –CERN, ESA, NASA, NGOs, NATO, aviation, power, manufacturing, hi- tech, military (ERMINE forum) Maturing the ERM process –Consolidate after the workshop –Flow down to projects, operations, business processes… Lucas Taylor, Enterprise Risk Management | Fermilab Strategic Planning Workshop6 Establish enterprise risk mgmt. context Identify enterprise risks Develop mitigation and response plans Monitor and Control risks Analyze risks and rank them Communication / Monitoring / Review ISO 31000:2009(E) “Risk management – Principles and guidelines”

Identifying Enterprise Risks 2011: 16 major risks identified –Rather general and mostly still valid 2014: revisions of strategic planning process and tools –New Enterprise Risk Register web tool 2015: ~20 risk interviews with senior Lab management, CAS owners, FSO –“What is the biggest risk to..” Lucas Taylor, Enterprise Risk Management | Fermilab Strategic Planning Workshop7 Establish enterprise risk mgmt. context Identify enterprise risks Develop mitigation and response plans Monitor and Control risks Analyze risks and rank them Communication / Monitoring / Review ISO 31000:2009(E)

Identifying Enterprise Risks  164 candidates Lucas Taylor, Enterprise Risk Management | Fermilab Strategic Planning Workshop8

Boiling down the number of risk candidates 164 risks were initially identified Scrubbed / merged  47 risks in the enterprise risk register –Risk summaries were written to capture risk interview information Working groups get ~10 risks each Lucas Taylor, Enterprise Risk Management | Fermilab Strategic Planning Workshop9 Establish enterprise risk mgmt. context Identify enterprise risks Develop mitigation and response plans Monitor and Control risks Analyze risks and rank them Communication / Monitoring / Review ISO 31000:2009(E)

All risks are in a new Enterprise Risk Register Lucas Taylor, Enterprise Risk Management | Fermilab Strategic Planning Workshop

Assessing risks: Working groups 1—5 Session #1 1.Improve risk title and summary 2.Define risk mitigations that can reduce probability and/or impacts BEFORE the risk happens –Examples: safety training, staffing plan 3.Define risk responses that can reduce impact AFTER risk happens –Examples: minimum safe shutdown plan, active shooter response plan Just a few lines – we can follow up later Take credit for what’s already being done 4.Assign risk owners 5.Action items  comments field Lucas Taylor, Enterprise Risk Management | Fermilab Strategic Planning Workshop11 Establish enterprise risk mgmt. context Identify enterprise risks Develop mitigation and response plans Monitor and Control risks Analyze risks and rank them Communication / Monitoring / Review ISO 31000:2009(E)

Assessing risks: Working groups 1—5 Session #1 Lucas Taylor, Enterprise Risk Management | Fermilab Strategic Planning Workshop12  Update status as you assess each risk

High rank(expect < 5 of these) –Probability AND impacts are high –Owned and managed at Director level –Closely monitored by DOE / FRA board Medium rank(expect ~10–15 of these) –Probability OR impacs high, or both medium –Owned and managed at Chiefs’ level –Monitored by DOE / FRA board Low rank(expect ~20–30 of these) –Probability AND impacts all moderate / low –Either keep on ERM watch list or push down into organization: Division, Project, etc. Risk ranking – Purpose Working Group 0 Lucas Taylor, Enterprise Risk Management | Fermilab Strategic Planning Workshop13 Establish enterprise risk mgmt. context Identify enterprise risks Develop mitigation and response plans Monitor and Control risks Analyze risks and rank them Communication / Monitoring / Review ISO 31000:2009(E)

Risk tolerance matrix Working Group 0 Two dimensions for ranking: 1.Probability that risk occurs 2.Impact of risk on: Science Mission, themes, Lab goals and objectives, including PEMP Finance Funding, resources, protection of existing Lab's assets – people, physical assets, data… Reputation Standing with scientific community, public, DOE, Government Lucas Taylor, Enterprise Risk Management | Fermilab Strategic Planning Workshop14 Establish enterprise risk mgmt. context Identify enterprise risks Develop mitigation and response plans Monitor and Control risks Analyze risks and rank them Communication / Monitoring / Review ISO 31000:2009(E)

Risk ranking – 2-D risk tolerance (ranking) matrix Lucas Taylor, Enterprise Risk Management | Fermilab Strategic Planning Workshop15 Working Group 0 will fill this in

Ranking risks Working groups 1—5 Session 2 Groups look at the same ~10 risks as before Using new risk tolerance matrix from Group 0 Assess the probability and impacts of each risk Risk Register automatically computes overall risk rank Lucas Taylor, Enterprise Risk Management | Fermilab Strategic Planning Workshop16 ISO 31000:2009(E)

Ranking risks Working groups 1—5 Session 2 Lucas Taylor, Enterprise Risk Management | Fermilab Strategic Planning Workshop

Review full list of ranked risks Final plenary Lucas Taylor, Enterprise Risk Management | Fermilab Strategic Planning Workshop18 1 1

Agenda Lucas Taylor, Enterprise Risk Management | Fermilab Strategic Planning Workshop19 8:00 – 8:30Setup and refreshmentsAll 8:30 – 8:55Introduction, goals and organizationLucas Taylor 8:55 – 10:20 Define Lab’s enterprise risk tolerance (fill in probability vs. impacts matrix) Keith Molenaar with Group 0 (1)Review risks, improve descriptions (2)Add mitigations and response plans (3)Identify owners (4)Note any future action items Breakout Groups 1 – 5 (10 risks each) 10:20 – 10:30Coffee + distribute risk tolerance matrixAll 10:30 – 11:15Rank risks using risk tolerance matrix Groups 1–5 (10 risks each) 11:15 – 12:00Review and refine full ranked list of risksAll