Designing and implementing an integrated Corporate Governance FrameworkPresented by Andrea Kanserski, National Risk ManagerGallagher Bassett Pty Ltd

NATIONAL CONFERENCE & EXHIBITION 2014Platinum Sponsor

Silver Sponsor

Bronze SponsorRisk Manager of the Year

Award Sponsor

Conference and Exhibition Partners

Introduction• Who is Gallagher Bassett?

• Company Overview

• Accountability and responsibility framework• Five year risk plan• Risk maturity and assessment• Influencing risk culture• Key business drivers that the RM can influence• Corporate Governance Framework• Business growth• What our clients say

National Conference & Exhibition 2014

Our core products include:

• General Insurance Claims Management – all classes

• Workers Compensation – Statutory and Self-Insured

• Crisis Management

• Consulting & Audit Services

Who is Gallagher Bassett?

Gallagher Bassett – the world’s largest Multi-disciplinary Third Party Claims Administrator

National Conference & Exhibition 2014

Company overview

Gallagher Bassett Services Pty Ltd (GB) is wholly owned by Gallagher Bassett Services Inc. (GBSI), which is in turn wholly owned by Arthur J. Gallagher & Co (AJG).

• Experience – 4,230 employees in 100 sites

• Client Profile – 4,291 clients worldwide (98% retention)

• Financial Stability – US$549 million revenue in 2013

National Conference & Exhibition 2014

Accountability and responsibility frameworkGB

Corporate

Finance & Accounting

Finance & Accounting

Account Management

Information Services

Human Resources

Business Development

Workers’ Comp’General &Self

Insurance

Audit & Compliance

Risk Management

NSW

Victoria

South Australia

General Insurance

SelfInsurance

Infrastructure

Applications

IS Strategy & Architecture

PMO/IT Security

Business Intelligence

HR

L&D

OH&S

Sales & Marketing

Tenders

Claims Operations

Corporate Service Operations

Premium Operations

SI Operations

Account Management

GB Operations

GI Operations Project Risk Registers:

Strategic Risk Register

Operational Risk Register

Contractual Risk Register

National Conference & Exhibition 2014

Five year risk plan

Develop• Corporate Governance Charter• ERM Policy & Framework• Accountability & Responsibility• Risk Assessment Criteria• ERM Training• Reporting framework

Implement• Risk Register Framework & Tool & Reporting• Control Framework and Library• Audit and Compliance framework and process• Strategic & Operational Business Planning • Policy & Process/Procedure Management• Business Continuity and Disaster Mgt Policy & Framework• Incident & Claims Mgt Policy & Process • Customer Feedback Mgt Policy & Process

Integrate• Project Management• Performance Review and Remuneration• Budget and Capital allocation and spend• Learning & Development• Standardised controls with Process management, Incident Mgt. & Customer feedback• COSO (SOX compliance) • Critical processes &Business continuity testing• 3 tier audit framework and process• Contract Management• Information Security Mgt• Asset Management• OHS Management• Management Reporting

Evaluate• Internal audit & compliance • External audit• Risk Maturity Assessment

2007

2012

National Conference & Exhibition 2014

Risk maturity and assessment

Adhoc

Initial

Repeatabl

e

Managed

ERM-based approach

•Level 4 Managed

ERM process management

•Level 4 Managed

Risk appetite management

•Level 3 Repeatable

Root cause discipline

•Level 3 Repeatable

Uncovering risks

•Level 4 Managed

Performance management

•Level 4 Managed

Business resiliency and sustainability

•Level 4 Managed

GB in 2007 GB in 2009 GB in 2011 GB in 2013

During the past six years, GB has matured from a risk maturity assessment rated as ‘Ad Hoc’. This is defined as:

‘Corporate culture has little risk management accountability. Risk management is not interpreted consistently. Programs for compliance, internal audit, process improvement and IT operate independently and have no common framework, causing overlapping risk assessment activities and inconsistencies. Controls are based on departments and finances. Qualitative risk assessments are unused or informal. Risk management is considered a quantitative analysis exercise’.

GB has now moved to a maturity assessment rated as ‘Managed’, defined as:

‘Risk management is clearly defined and enforced at every level. A risk policy articulates management’s responsibility for risk management, according to established risk management processes. An Enterprise Risk Council exists and management develops and reviews risk plans. The ERM Process is coordinated with managers’ active participation. Opportunities associated with risk are part of risk plans’ expected outcome. Authentication, audit trail, integrity and accessibility promote roll-up information and information sharing. Periodic reports measure ERM progress for stakeholders, including the Board of Directors.’

National Conference & Exhibition 2014

Influencing risk culture and internal/external communication

Objective 1 – ensure communication with all employees is undertaken in the most efficient

and effective manner

•Key strategy – Build robust, professional working relationships with the board, executive and business operations to outline risk management plan and strategies. •Key strategy – Develop articles on Risk Management plan, communication and integration strategy and objectives for GB magazine for all GB staff and customers•Key strategy – Review Risk Management intranet website to enable access to information and risk register. •Key strategy – Develop and incorporate standardised Risk Management training into induction and orientation program.•Key Strategy – Develop risk review and reporting framework including meeting schedule – Executive and operation, Compliance and Audit Committee, Risk Management Committee, Ethics Committee

Objective 2 – ensure senior staff share ownership of and are fully aware of

the Risk Management plan, policy and framework and how it relates to

Gallagher Bassett’s vision and values

•Key strategy – Define and implement risk context – Strategic, Operational, Contractual and Project risk management•Key strategy – Risk Policy & Framework & risk register define and implement risk management accountability and responsibility across the enterprise. •Key strategy – Develop Risk Management Documentation: Likelihood, consequence and rating matrices for approval by GB Board , Managing Director and senior executives•Key strategy – develop and implement integrated business management tools to enable & support business information analysis and decision making. •Key Strategy – Incorporate risk, audit & compliance, incident, customer feedback into executive and operational management reporting

Objective 3 – ensure multiple communication and

innovative/creative training mediums to enhance knowledge of

risk management are utilised

•Key strategy – Incorporate Risk Management into staff induction and learning and development program. •Key strategy – Develop and implement self paced, interactive electronic learning modules - risk, control, audit, incident management, Business Continuity, Customer feedback, Ethics and Fraud

Objective 4 – ensure staff remain enthusiastic and committed to the process and demonstrate ongoing

application of it in all business management practices

•Key strategy – Ongoing communication and feedback between National Risk Manager and Executive and senior management staff.

•Key strategy – Lead by example- Board, Executive and management ownership and management of risk identification, assessment, treatment/actions, risk reviews and reporting.

•Key strategy –Remuneration and performance recognition for managing risk and achieving planned business outcomes

National Conference & Exhibition 2014

Corporate Governance Framework

We

belie

ve o

ur p

eopl

e...

Are

our s

tren

gth

We

trus

t... O

ur p

eopl

e

We

lead

... B

y ex

ampl

e

We

are

acco

unta

ble.

.. An

d Ac

cept

resp

onsi

bilit

y

We

take

prid

e...

In w

ho w

e ar

e an

d w

hat w

e do

We

deliv

er...

For

our

cus

tom

ers

Strategic & Operational Business Planning Risk Management Internal Control

Ethics & Fraud Management Client Contract Management

Audit

Incident Management Customer Feedback Management

Policy and Process Management

Our Vision: Gallagher Bassett is recognised as the ‘go to’ business partner in Third Party Administered claims management servicesOur Purpose: To foster long-term relationships with our customers by providing them with solutions that help them meet their goals.

To support our people, allowing them to realise their full potential.To deliver to our owners a sustainable, profitable and growing company.

Business Continuity and Disaster Recovery

National Conference & Exhibition 2014

National Conference & Exhibition 2014

Risk and corporate governance integration

Gallagher Bassett business growth

National Conference & Exhibition 2014

2009 2010 2011 2012 2013 20160

50

100

150

200

250ComCover renewal

Disaster recovery

framework

Risk and compliance integration through

company control framework

IT infrastructure platform

Succession planning

Adhoc Initial Repeatable Managed

ComCover contract VIC WorkCover SA WorkCover

($m)

ISO 27001 IT security management certification New claims

management system APEX

HR Recruitment Framework

MARCOM communications

framework

Grow Beyond career and leadership development

JDE Finance SystemClaims practice

excellence model

National OHS strategy

Internal restructure to align business with product offerings

Policy management

system

Process management

systemElectronic risk register

Client Testimonial – Barbara Stenning

National Conference & Exhibition 2014

‘...GB represented a “no risk” partner for us as far as APRA’s regulatory requirements were concerned, due to their robust corporate governance protocols and disciplines. None of the other competitors that I met with had already got in place processes, procedures, documentation and testing that would meet the APRA standards that a licensed insurer such as W.R. Berkley require from a partner...Their professional and embedded approach to the management of operational and contractual risks, fraud and general business continuity clearly sets them apart from their competitors.’

– Barbara Stenning, National Head of Claims, Solicitor, W.R. Berkley Insurance Australia

Questions

www.gallagherbassett.com.au

National Conference & Exhibition 2014

Thank you.

NATIONAL CONFERENCE & EXHIBITION 2014Platinum Sponsor

Silver Sponsor

Bronze SponsorRisk Manager of the Year

Award Sponsor

Conference and Exhibition Partners