Create a new thread .
Chapter 3
Mars’ ERM History
Mars, Incorporated
Is a privately held and migrated to non-family management. Decentralized management
Leadership had legacy commitment to risk management
ERM was viewed as an evolution
COSO versus bespoke approach:
COSO – Committee of Sponsoring Organizations structure.
Bespoke approach won
Phase 1: Failed due to being impractical and overly complex
Phase 2: Simpler and targeted
Planning Workshops
Desire to align senior management goals with ERM.
Started with simple template
Operating plan initiative sheet:
Objective
Score
Risk column
Risk treatment column
Management team met to define and rank
Risks
Risk treatments
Changed label from “mitigations”
Global Rollout
· Used lessons learned from pilot
· Each unit has specific nuances
· Interviewing GM and CFO together saved subsequent interview time
Workshops helped to identify
· Gaps in risk management readiness
· High-risk initiatives
· Ongoing activities with unexpected high risk
Reporting
Color-coding adds Urgency and Clarity
Groups are defined as Clusters
Score represents Confidence of meeting goals.
Operating Workshops
Several ongoing changes
Technology
· Early-on, process was technology agnostic
· Word -> Excel
· Excel -> purpose-built software
ERM supports aggregation
· More complete view of organizational impact of risk
Continual template evolution
· Added risk treatment owners and due dates
Summary
Mars received an award for their ERM
· Corporate Executive Boards’ “Force of Ideas Award” for ERM
Key factors for ERM success
· Alignment with Mars’ principles
Focus on meeting objectives like Operational and Strategic
Flexible
Realistic
ERM in Practice at the University of California Health System
University of California’s ERM
University of California (UC) Health System
· Clinics, medical centers, schools
· Over 3 million patient visits annually
UC Office of the President’s Office of Risk Services
· Responsible for ERM
UC formally adopted COSO Integrated Framework in 1995
· Committee of Sponsoring Organizations Internal Control
Newly hired Chief Risk Officer (CRO)
· Experienced in ERM from industry
Key Performance Indicator (KPI)
· Critical to ERM foundation
Technology
UC’s approach incorporates technology
· ERM information system (ERMIS)
Initial phases
· Simple risk assessment tools
· Dashboards
· Control, mitigation, monitoring, survey
Dashboard system
· Based on KPIs
· Visual indicators
Premium Rate Program
Program to reduce frequency and severity of loss
· Professional Liability Prescription Program (PLPP)
Encourage risk reduction initiatives
· Aimed at reducing cost of risk
Rewards units for implementing effective initiatives
· Annual rebates for initiatives that work
· Driving concept - Everyone is a risk manager
ERM and the Center for Health Quality and Innovation
· Joint venture to award up to $8 million
· Reduce risk of clinical harm to UC surgery patients
PHIve
Personal health information (PHI)
UC asked Bickmore to develop a software tool
· Estimates the value of PHI
· PHI value estimator (PHIve)
PHIve steps
· Process determines the impact of PHI breach
Repercussions
· Reputational
· Financial
· Legal and regulatory
· Operational
· Clinical
Summary
· Risk is a part of all organizations
· ERM assists organizations in managing all risk
· UC deliberately advanced ERM to reduce overall risk
· UC Office of Risk management updates risk plans in an ongoing effort
· Technology is a cornerstone of UC’s ERM