Category Archives: Enterprise Risk Management

The Cost of Workplace Bias

Posted on by

There are many costs associated with workplace harassment and discrimination—monetary, reputational and the morale of employees to name a few. In 2012, the U.S. Equal Employment Opportunity Commission (EEOC) reported filing 122 lawsuits including 86 individual suits, 26 multiple-victim suits (with fewer than 20 victims) and 10 systemic suits. The EEOC’s legal staff resolved 254 lawsuits for total monetary recovery of $44.2 million.

The agency added that it secured monetary and non-monetary benefits for more than 23,446 people through administrative enforcement. These methods include mediation, settlements, conciliation and withdrawals with benefits. The number of charges resolved through successful conciliation, the last step in the EEOC administrative process before litigation, increased by 18% over 2011.

Harassment & Discrimination: Do You Know the REAL Impact?
By The Network Inc., the leader in providing integrated ethics, risk and compliance solutions

Read more: http://www.tnwinc.com/solutions/discrimination-and-harassment/infographic-workplace-harassment-training/#ixzz2jDmSPiiH

Spencer Educational Foundation Gala Raises Record $870,000

Posted on by
Spencer Gala Honorees Michael Kerner and Patrick Ryan with Spencer Scholar Lakenya Young

Spencer Gala Honorees Michael Kerner and Patrick Ryan with Spencer Scholar Lakenya Young

 

At its recent annual gala, the Spencer Educational Foundation raised a record $870,000 from leaders of the risk management industry. The dinner also drew its largest crowd yet to honor Zurich’s Michael Kerner and Ryan Specialty Group’s Patrick Ryan.

Kerner lauded the foundation while encouraging colleagues in the insurance industry to embrace and prioritize the role of younger entrants to the field. “We struggle as an industry with reputation, unfortunately,” he said. “To this day, for most people that get into the business, it wasn’t necessarily their childhood dream to be in insurance. We don’t do a good enough job as an industry in promoting the value that we bring to the economy and to business on the whole, or the exciting and fun careers you can have in the insurance space.”

Dedicated to aiding future risk managers, the Spencer Educational Foundation awards scholarships in risk management and insurance, runs student internship programs and issues grants to facilitate risk management course development at schools across the country. As of this year, according to Chairwoman Peggy Accordino, the foundation has awarded over $5 million to students.

Applications for 2014 Spencer Scholars, internships, and the Risk Manager in Residence program are now live, with scholarship applications due by January 31. Applications for employers to participate in the student internship program are also available, with a deadline of February 14.

RMORSA Part 5: Risk Reporting & Communication

Posted on by

Having standardized risk assessments and well documented mitigation and monitoring activities will equip your organization with a lot of risk intelligence. The question becomes: how do you report all of this information to your board and communicate it to your commissioner in a way that demonstrates the value of your ERM program? First, risk managers must be able to demonstrate how risks across the organization roll-up to impact the board’s strategic objectives; and second, ERM functions must track key metrics to validate the effectiveness of a formalized risk management approach.

Reporting on Critical Risks

Due to the limitations of spreadsheets, risk managers often have to choose between presenting actionable data that is too granular for the board, or presenting a high level summary, such as a top 10 risk report, which lacks the context of how risk within business process activities relate to the objectives that senior leadership and the board require.  However, a common risk taxonomy allows organizations to gather risk intelligence at the business process level, and aggregate it to a high level for senior leadership.

For the top risks across the organization, often risk managers must provide the more detailed underlying data, such as which business areas are involved, their individual profile of the risk, their mitigation strategy and how the risk is being monitored.

The most commonly used method to determine top key risks is to rank risks based on the score from their assessment. This aggregate will depict which risks pose the most immediate danger to the enterprise, and should be reported on regularly. The second method uses your common language, root cause library to identify systemic risks. These are risks that have been identified by multiple departments, and may be more easily addressed with corporate wide policies or procedures rather than point solutions. And now that you have a complete and transparent mitigation library, you can publish effective controls from one department to another, reducing overlapping activities in your organization and leveraging the practices in departments that are the most effective in managing risk.

The State of ERM

When demonstrating the value of your ERM program, take a step back to evaluate just how many risks have been identified, and how well risks are being evaluated and mitigated. The common standards established by an ERM program will significantly enhance your risk identification process by allowing you to prioritize efforts to the most important risks that have the least assurance of control effectiveness.

You might find that over the past several quarters, the gap between the number of risks identified and those that have been addressed has grown. This isn’t a concern, but rather a sign that your organization has a clear path forward and is beginning to understand its entire risk universe.

You can also track your progress with the ERM guidelines outlined in the RIMS Risk Maturity Model. Providing your executives, board or commissioner with a bi-annual report on the maturity of your ERM program will show which areas you’ve improved upon and what areas need focus going forward. The model provides a repeatable process that enables internal audit to validate its quality and effectiveness. This same model also has the benefit of enabling you to benchmark your program against others in your industry, providing a transparent, third party evaluation of where your organization stands.

This concludes Steven’s series on ORSA Compliance. Looking for more ERM best practices and the latest industry trends? Subscribe to Steve’s Blog or visit www.logicmanager.com.

RMORSA Part 4: Risk Monitoring, Control & Action Plans

Posted on by

The fourth step of ORSA implementation, risk monitoring, control, and action plans illustrates the importance of adhering to best practices when executing risk culture and governance, identification and prioritization, and risk appetite and tolerances.

With the necessary structure in place to track and collect risk intelligence, the next step involves orchestrating a plan for improvement. Why is a plan for improvement so critical? Besides limiting the risk exposure of your organization, consider that under the SEC Rule Proxy Disclosure Enhancements, boards of directors and executive leadership can be found negligent for having inadequate or ineffective ERM programs. Having a demonstrable plan for improvement, however, can greatly reduce or even exempt companies from penalties under the Federal Sentencing Guidelines.

The Right Way to Monitor Control Activities

Boards and CEOs are depending on risk managers to monitor key risk indicators at the business process level. This can be accomplished one of two ways: testing or business metrics.

Testing provides a high level overview of whether a control is occurring, usually in the form of a simple pass/fail. Testing does not, however, provide actionable steps to take in order to improve a mitigation activity. The result is that many organizations are only testing compliance with internal policies, which may or may not tie back to the specific risks that the policies were designed to mitigate.

Here’s an example: an insurance organization with an online customer service system is experiencing unacceptable downtimes, and the appropriate staff members never seem to be available to fix the problem. The organization implements what would appear to be a reasonable control activity, by insisting that every member of the support team be trained to refresh the system.

The company tests internal compliance with this policy by tracking whether the online training has been completed. Unfortunately, even if everyone takes the training, the company has no idea whether this control is fulfilling its purpose.

In testing compliance to the policy, the organization has lost sight of the risk. If they had tracked a business metric, like system downtime, however, they would have realized that the controls in place made no difference to the impact or likelihood of system failure. Business metrics may have indicated that the system was going down during peak usage hours, like lunch, when staff was unavailable. With no business metric tracking, the organization continued with a Band-Aid approach when money might have been better spent upgrading system memory.

Developing the Action Plan

To avoid this common pitfall, your key business metrics need to be aligned not only with the control activities you’ve designed, but the risks they were designed for. Keeping track of these linkages can be impossible with two dimensional spreadsheets, but is critical to monitoring the risks you’ve identified so that your action plans and control activities are meaningful and measurable.

As a risk manager, approach process owners in need of assistance with mitigation plans geared toward their most severe risks. As you develop actionable plans for improvement, don’t lose sight of the end goal or fall into the trap of testing controls rather than monitoring risks.

Interested in the best way to monitor or audit your risk management program?

buy tadalista online medilaw.com/wp-content/uploads/2015/03/jpg/tadalista.html no prescription pharmacy

Check out the RIMS Risk Maturity Model Audit Guide, also available through the RIMS Risk Maturity Model.