1. Five Risk Management Best Practices Scott Moss, CIS P/C Trust Director ERM – ISO 31000

2. Why ERM – ISO 31000  Future of Risk Management  International Standard of Risk Management  Risk Management Education Using ERM  Better Decisions  Greater Accountability  Reduce Losses  Improve Outcomes

3. ISO 31000  Principles  Framework  Process

4. ERM Process  Establish internal and external context  Risk assessment  Risk treatment  Monitor results  Communicate and consult with internal and external stakeholders

5. Communications & Consultation Monitoring & Review Establish Context 1.Mission/Strategic Plan 2.Risk Tolerance 3.Risk Policy 4.Internal & External Stakeholders

6. Align uncertainties with your Mission. What is your purpose? How do risks contribute to your mission? Align with your entity’s Strategic Plan How you will achieve your goals? Mission & Strategic Plan

7. Determine your risk tolerance High Moderate Low Determine amount of risk to retain vs. transfer Risk Tolerance & Appetite

8. Develop a risk policy that outlines ERM objectives Executive responsibility Board risk oversight committee responsibility Staff risk management committee responsibility Risk Policy

9. Various department reps Identify risk exposures Assign risk owners Develop transfer or methods to reduce risks Risk Treatment Plans 4.ERM Team

10. Identify who the stakeholders are for your entity How do they play a role in your ERM program? 5.Internal & External Stakeholders

11. Communications & Consultation Monitoring & Review Risk Assessment: Risk Identification

12. Identify Uncertainty (Opportunity & Threats) Risk AnalysisRisk Evaluation Risk Assessment

13. RiskCategoryDescriptionFrequencySeverityProbabilityOwnerTreatment Plan Risk Register

14. Financial Business Model Political Competition Underwriting Reserving/Claims Reinsurance Risk Map

15. Communications & Consultation Monitoring & Review Risk Treatment

16. Communication Plan Benchmarks Resources New Strategies Existing Strategies Root Causes Owner Risks ERM Treatment

17. Communications & Consultation MONITORING & REVIEW ERM Monitoring

18. BenchmarksEarly warning signalsInvestigationsCreate dashboards ERM Monitoring

19. ERM Monitoring — Dashboards  Identify the metric  Obtain data for the metric  Determine metric boundaries  Measure the above against the old thresholds

20. ERM Monitoring — Examples ComplaintsBad Outcomes ClaimsOverspending Others’ experiences Internal controls Surveys National standards

21. COMMUNICATIONS & CONSULTATION Monitoring & Review ERM Communication

22. Use current communication channels Add “Threats & Opportunities” to internal reports and Board/Staff reports ERM Communication

23. Positive Outcomes with ERM Communications & Consultation Monitoring & Review

24. Creates Value Risk treatment becomes part of culture Clear format for addressing uncertainty Systemic & structured method worldwide 1 2 34

25. Provides for ownership, responsibility, and accountability Transparent and reactive Facilitates continual improvement 5 6 7

26. Questions? Do not be afraid to ask dumb questions. They are easier to handle than dumb mistakes. -- Unknown