enterprise risk management for water utilities · coso (2004) defines enterprise risk management...
TRANSCRIPT
![Page 1: Enterprise Risk Management for Water Utilities · COSO (2004) defines enterprise risk management as: “a process, effected by an entity’s board of directors, management, and other](https://reader034.vdocuments.us/reader034/viewer/2022042409/5f267175ad49f146b81e29ca/html5/thumbnails/1.jpg)
Enterprise Risk Management for Water
Utilities
Justin Carlton, CMA, MBAFinancial Analyst
Tualatin Valley Water District
![Page 2: Enterprise Risk Management for Water Utilities · COSO (2004) defines enterprise risk management as: “a process, effected by an entity’s board of directors, management, and other](https://reader034.vdocuments.us/reader034/viewer/2022042409/5f267175ad49f146b81e29ca/html5/thumbnails/2.jpg)
Washington County, Oregon
2
Enterprise Risk Management for Water Utilities
![Page 3: Enterprise Risk Management for Water Utilities · COSO (2004) defines enterprise risk management as: “a process, effected by an entity’s board of directors, management, and other](https://reader034.vdocuments.us/reader034/viewer/2022042409/5f267175ad49f146b81e29ca/html5/thumbnails/3.jpg)
Washington County, Oregon
3
Presentation Goals
• Define Risk, Risk Management and ERM• Why is Risk Management Important• Traditional Risk Management vs ERM• Types of Risk and Risk Categories• Risk Maturity• ERM Tools• Questions
![Page 4: Enterprise Risk Management for Water Utilities · COSO (2004) defines enterprise risk management as: “a process, effected by an entity’s board of directors, management, and other](https://reader034.vdocuments.us/reader034/viewer/2022042409/5f267175ad49f146b81e29ca/html5/thumbnails/4.jpg)
Washington County, Oregon
4
“Take risks: if you win you’ll be happy; if you lose, you will be wise and unemployed.”
![Page 5: Enterprise Risk Management for Water Utilities · COSO (2004) defines enterprise risk management as: “a process, effected by an entity’s board of directors, management, and other](https://reader034.vdocuments.us/reader034/viewer/2022042409/5f267175ad49f146b81e29ca/html5/thumbnails/5.jpg)
Washington County, Oregon
5
Risk & Risk Management
• Risk is the difference between the actual outcome of an event and the expected one.
• Risk management is the process of managing the effects of uncertainty related to an organization’s objectives.
![Page 6: Enterprise Risk Management for Water Utilities · COSO (2004) defines enterprise risk management as: “a process, effected by an entity’s board of directors, management, and other](https://reader034.vdocuments.us/reader034/viewer/2022042409/5f267175ad49f146b81e29ca/html5/thumbnails/6.jpg)
Washington County, Oregon
6
Risk Management• Reducing the likelihood a negative event
will occur or minimizing the impact if it does
![Page 7: Enterprise Risk Management for Water Utilities · COSO (2004) defines enterprise risk management as: “a process, effected by an entity’s board of directors, management, and other](https://reader034.vdocuments.us/reader034/viewer/2022042409/5f267175ad49f146b81e29ca/html5/thumbnails/7.jpg)
Washington County, Oregon
7
Risk vs Reward
![Page 8: Enterprise Risk Management for Water Utilities · COSO (2004) defines enterprise risk management as: “a process, effected by an entity’s board of directors, management, and other](https://reader034.vdocuments.us/reader034/viewer/2022042409/5f267175ad49f146b81e29ca/html5/thumbnails/8.jpg)
Washington County, Oregon
![Page 9: Enterprise Risk Management for Water Utilities · COSO (2004) defines enterprise risk management as: “a process, effected by an entity’s board of directors, management, and other](https://reader034.vdocuments.us/reader034/viewer/2022042409/5f267175ad49f146b81e29ca/html5/thumbnails/9.jpg)
Washington County, Oregon
9
COSO (2004) defines enterprise risk management as:
“a process, effected by an entity’s board of directors, management, and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within the risk appetite, to provide reasonable assurance regarding the achievement of entity objectives”
Enterprise Risk Management
![Page 10: Enterprise Risk Management for Water Utilities · COSO (2004) defines enterprise risk management as: “a process, effected by an entity’s board of directors, management, and other](https://reader034.vdocuments.us/reader034/viewer/2022042409/5f267175ad49f146b81e29ca/html5/thumbnails/10.jpg)
Washington County, Oregon
10
Evolution of ERM19
70’s
CreditHazard 19
80s
MarketCreditHazard
1990
’s
StrategicOperational
FinancialHazard
![Page 11: Enterprise Risk Management for Water Utilities · COSO (2004) defines enterprise risk management as: “a process, effected by an entity’s board of directors, management, and other](https://reader034.vdocuments.us/reader034/viewer/2022042409/5f267175ad49f146b81e29ca/html5/thumbnails/11.jpg)
Washington County, OregonRisk Management vs ERM
• Enterprise Risk Management
• Traditional Risk Management
• Holistic approach• More strategic focused• Business• All Management• Proactive• Continuous• Opportunities
• Silo approach• Historical• Financial• Accounting • Reactive• Ad hoc• Hazards
![Page 12: Enterprise Risk Management for Water Utilities · COSO (2004) defines enterprise risk management as: “a process, effected by an entity’s board of directors, management, and other](https://reader034.vdocuments.us/reader034/viewer/2022042409/5f267175ad49f146b81e29ca/html5/thumbnails/12.jpg)
Washington County, Oregon
12
The goal of ERM:
To create, protect, and enhance stakeholder value by managing the uncertainties that affect the ability of an organization to achieve its objectives.
![Page 13: Enterprise Risk Management for Water Utilities · COSO (2004) defines enterprise risk management as: “a process, effected by an entity’s board of directors, management, and other](https://reader034.vdocuments.us/reader034/viewer/2022042409/5f267175ad49f146b81e29ca/html5/thumbnails/13.jpg)
Washington County, Oregon
13
Benefits of ERM
Enhanced risk responses
Increased customer/stakeholder
confidence
Lower cost of capital & improved rate stability
ERM
![Page 14: Enterprise Risk Management for Water Utilities · COSO (2004) defines enterprise risk management as: “a process, effected by an entity’s board of directors, management, and other](https://reader034.vdocuments.us/reader034/viewer/2022042409/5f267175ad49f146b81e29ca/html5/thumbnails/14.jpg)
Washington County, OregonTYPES
Avoidable UnavoidableC
ATE
GO
RIE
S
Strategic
Commercial
Operational
Technical
Financial
Compliance
![Page 15: Enterprise Risk Management for Water Utilities · COSO (2004) defines enterprise risk management as: “a process, effected by an entity’s board of directors, management, and other](https://reader034.vdocuments.us/reader034/viewer/2022042409/5f267175ad49f146b81e29ca/html5/thumbnails/15.jpg)
Washington County, Oregon
15
Assessing Avoidable Risk
![Page 16: Enterprise Risk Management for Water Utilities · COSO (2004) defines enterprise risk management as: “a process, effected by an entity’s board of directors, management, and other](https://reader034.vdocuments.us/reader034/viewer/2022042409/5f267175ad49f146b81e29ca/html5/thumbnails/16.jpg)
Washington County, Oregon
16
Avoidable Risk
![Page 17: Enterprise Risk Management for Water Utilities · COSO (2004) defines enterprise risk management as: “a process, effected by an entity’s board of directors, management, and other](https://reader034.vdocuments.us/reader034/viewer/2022042409/5f267175ad49f146b81e29ca/html5/thumbnails/17.jpg)
Washington County, Oregon
17
Avoidable Risks
• Poor customer relations• Complete asset and system failures not resulting
from an external event• Inadequate human capital• Lack of internal controls
![Page 18: Enterprise Risk Management for Water Utilities · COSO (2004) defines enterprise risk management as: “a process, effected by an entity’s board of directors, management, and other](https://reader034.vdocuments.us/reader034/viewer/2022042409/5f267175ad49f146b81e29ca/html5/thumbnails/18.jpg)
Washington County, OregonUnavoidable Risks
![Page 19: Enterprise Risk Management for Water Utilities · COSO (2004) defines enterprise risk management as: “a process, effected by an entity’s board of directors, management, and other](https://reader034.vdocuments.us/reader034/viewer/2022042409/5f267175ad49f146b81e29ca/html5/thumbnails/19.jpg)
Washington County, Oregon
19
Unavoidable Risk
• Natural disasters• Weather• Market volatility• Changes in the regulatory environment• Workplace safety hazards
![Page 20: Enterprise Risk Management for Water Utilities · COSO (2004) defines enterprise risk management as: “a process, effected by an entity’s board of directors, management, and other](https://reader034.vdocuments.us/reader034/viewer/2022042409/5f267175ad49f146b81e29ca/html5/thumbnails/20.jpg)
Washington County, OregonLe
vel 1
Initial
Leve
l 2
The Repeatable Organization
Leve
l 3
The Defined Organization
Leve
l 4
The Controlled Organization
Leve
l 5
The Optimized Organization
Risk Maturity
![Page 21: Enterprise Risk Management for Water Utilities · COSO (2004) defines enterprise risk management as: “a process, effected by an entity’s board of directors, management, and other](https://reader034.vdocuments.us/reader034/viewer/2022042409/5f267175ad49f146b81e29ca/html5/thumbnails/21.jpg)
Washington County, OregonProf. Simon Pollard – CranfieldUniversity, UK
Risk Management for Water and Wastewater Utilities
WRF Publications
“Risk Analysis Strategies for Credible and Defensible Utility Decisions” [#2939]
“Developing a Risk Management Culture-Mindfulness in the International Water Utility Sector” [#3184]
“Risk Governance: A Water Utility Manager’s Implementation Guide” [#4363]
![Page 22: Enterprise Risk Management for Water Utilities · COSO (2004) defines enterprise risk management as: “a process, effected by an entity’s board of directors, management, and other](https://reader034.vdocuments.us/reader034/viewer/2022042409/5f267175ad49f146b81e29ca/html5/thumbnails/22.jpg)
Washington County, Oregon
22
Level 1 - Characteristics
• Lacks formal risk management processes• Relies on individuals to develop risk management
for their own areas of responsibility• No means of monitoring risks
![Page 23: Enterprise Risk Management for Water Utilities · COSO (2004) defines enterprise risk management as: “a process, effected by an entity’s board of directors, management, and other](https://reader034.vdocuments.us/reader034/viewer/2022042409/5f267175ad49f146b81e29ca/html5/thumbnails/23.jpg)
Washington County, Oregon
23
Level 2 – Characteristics
• Recognizes that risk management requires a formal system
• Has some basic processes in place• Focused mainly on water quality, occupational
health and safety• Risk management is the result of established
processes not active management of risk
![Page 24: Enterprise Risk Management for Water Utilities · COSO (2004) defines enterprise risk management as: “a process, effected by an entity’s board of directors, management, and other](https://reader034.vdocuments.us/reader034/viewer/2022042409/5f267175ad49f146b81e29ca/html5/thumbnails/24.jpg)
Washington County, Oregon
24
Level 3 – Characteristics
• Defined and implemented risk management processes across core business areas
• Adopted policies and procedures that guide risk management
• Provide staff and management with funding, training, and other tools to support risk management
![Page 25: Enterprise Risk Management for Water Utilities · COSO (2004) defines enterprise risk management as: “a process, effected by an entity’s board of directors, management, and other](https://reader034.vdocuments.us/reader034/viewer/2022042409/5f267175ad49f146b81e29ca/html5/thumbnails/25.jpg)
Washington County, Oregon
25
Level 4 – Characteristics
• Ability to evaluate and ensure the effectiveness of its risk management activities
• Risk management is part of the organizational culture and reaches across all functions and through the hierarchy
![Page 26: Enterprise Risk Management for Water Utilities · COSO (2004) defines enterprise risk management as: “a process, effected by an entity’s board of directors, management, and other](https://reader034.vdocuments.us/reader034/viewer/2022042409/5f267175ad49f146b81e29ca/html5/thumbnails/26.jpg)
Washington County, Oregon
26
Level 5 – Characteristics
• Highly adaptable, flexible, and pay high levels of attention to human and organizational behavior
• Promotes continuous improvement and deeper understandings of adding value
• Constantly questioning norms and assumptions• Information is continually developed and shared
![Page 27: Enterprise Risk Management for Water Utilities · COSO (2004) defines enterprise risk management as: “a process, effected by an entity’s board of directors, management, and other](https://reader034.vdocuments.us/reader034/viewer/2022042409/5f267175ad49f146b81e29ca/html5/thumbnails/27.jpg)
Washington County, Oregon
27
FrameworkSet Strategy & Objectives
Determine Risk
Tolerance
ID Risks
Assess RisksReevaluate
Risk Tolerance
Treat & Control
Communicate & Monitor
![Page 28: Enterprise Risk Management for Water Utilities · COSO (2004) defines enterprise risk management as: “a process, effected by an entity’s board of directors, management, and other](https://reader034.vdocuments.us/reader034/viewer/2022042409/5f267175ad49f146b81e29ca/html5/thumbnails/28.jpg)
Washington County, Oregon
28
Risk Tolerance
1) How does this objective increase stakeholder value?
2) How much risk are we willing to undertake to achieve the objective?
![Page 29: Enterprise Risk Management for Water Utilities · COSO (2004) defines enterprise risk management as: “a process, effected by an entity’s board of directors, management, and other](https://reader034.vdocuments.us/reader034/viewer/2022042409/5f267175ad49f146b81e29ca/html5/thumbnails/29.jpg)
Washington County, Oregon ID & Assess Risks
![Page 30: Enterprise Risk Management for Water Utilities · COSO (2004) defines enterprise risk management as: “a process, effected by an entity’s board of directors, management, and other](https://reader034.vdocuments.us/reader034/viewer/2022042409/5f267175ad49f146b81e29ca/html5/thumbnails/30.jpg)
Washington County, Oregon
30
ID & Assess Risks
• Event inventories• Risk questionnaires & surveys• Facilitated workshops• SWOT analysis• Scenario analysis• Risk ranking• Risk maps• Linkage of risks to objectives
![Page 31: Enterprise Risk Management for Water Utilities · COSO (2004) defines enterprise risk management as: “a process, effected by an entity’s board of directors, management, and other](https://reader034.vdocuments.us/reader034/viewer/2022042409/5f267175ad49f146b81e29ca/html5/thumbnails/31.jpg)
Washington County, Oregon
31
Treat & Control
• Tolerate• Treat/Control
– Preventative– Directive– Detective– Corrective
• Terminate
![Page 32: Enterprise Risk Management for Water Utilities · COSO (2004) defines enterprise risk management as: “a process, effected by an entity’s board of directors, management, and other](https://reader034.vdocuments.us/reader034/viewer/2022042409/5f267175ad49f146b81e29ca/html5/thumbnails/32.jpg)
Washington County, Oregon
32
Communicate & Monitor
• Ongoing monitoring & reporting
• Communication within the organization and with the board and public.
![Page 33: Enterprise Risk Management for Water Utilities · COSO (2004) defines enterprise risk management as: “a process, effected by an entity’s board of directors, management, and other](https://reader034.vdocuments.us/reader034/viewer/2022042409/5f267175ad49f146b81e29ca/html5/thumbnails/33.jpg)
Washington County, OregonDevelop Tools That Works for You
![Page 34: Enterprise Risk Management for Water Utilities · COSO (2004) defines enterprise risk management as: “a process, effected by an entity’s board of directors, management, and other](https://reader034.vdocuments.us/reader034/viewer/2022042409/5f267175ad49f146b81e29ca/html5/thumbnails/34.jpg)
Washington County, Oregon
34
“It isn’t the strongest or most intelligent species that survives but rather the most adaptable.”
![Page 35: Enterprise Risk Management for Water Utilities · COSO (2004) defines enterprise risk management as: “a process, effected by an entity’s board of directors, management, and other](https://reader034.vdocuments.us/reader034/viewer/2022042409/5f267175ad49f146b81e29ca/html5/thumbnails/35.jpg)
Washington County, Oregon
Questions?