1
Enterprise Risk Management and the 2010 Winter
Olympic and Paralympic Games
Presentation to:
Date:
Presenter:
Casualty Actuaries of the Northwest
September 28, 2012
Ron Holton
Chief Risk Officer, University of British Columbia
About VANOC
2
3
VANOC Mission, Vision and Values
Mission
To touch the soul of the nation and inspire
the world by creating and delivering an extraordinary
Olympic and Paralympic experience with lasting legacies
Vision
A stronger Canada whose spirit is raised by
its passion for sport, culture and sustainability
Values
Team | Trust | Excellence | Sustainability | Creativity
4
Scope of the Games
What’s involved in organizing the Games? Some of the many areas
VANOC was responsible for planning include:
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Accommodation
Accreditation
Construction
Culture and Ceremonies
Food Services
Medical Services
Press Operations
Security
Sport
Ticketing
Transportation
Venue Operations
Volunteer Recruitment and Training
Waste Management
5
Scope of the Games
Stakeholders include:
•
•
•
•
•
•
•
•
•
•
•
Government of Canada
Government of British Columbia
Local governments
International Olympic Committee
International Paralympic Committee
Canadian Olympic Committee
Olympic Paralympic Committee
Sponsors
Broadcasters
Spectators
Athletes
6
2010 By the Numbers
•
Olympic athletes and team officials
6,500
•
Paralympic athletes and team officials
1,350
•
Participating countries—the Olympic Games
82
•
Participating countries—t he Paralympic Games
42
•
Tickets available for 2010 events
1.6 million
•
Accredited media
10,800
•
Games volunteers
26,000
•
Television viewers (estimated)
3.5 billion
•
Visits to vancouver2010.com
275 million
About Enterprise Risk Management
7
8
VANOC Board Committee Responsibilities
• Audit Committee
– The overall VANOC Risk Management framework and
elements, including Enterprise Risk Management (ERM)
• Finance Committee
– Budget risk, including foreign exchange risk
9
Enterprise Risk Management (ERM)
A general definition:
ERM is a systematic, comprehensive and ongoing approach to
identifying and managing all types of risk on an organization-wide or
enterprise basis
Standard definition:
ISO, COSO, AU / NZ
ERM signifies:
1. the adoption of risk management throughout the organization;
2. the management of exposures to loss not only in conventional hazard
categories, but the full spectrum of strategic, operational and
administrative risk. It is essentially a decision process for managing
uncertainties and effectively allocating resources.
10
Key Features of ERM
• Generic and applicable to diverse lines of business
• Holistic; addresses all types of risk (strategic, financial,
operational, hazard, reputational) in all parts of the organization
• Continuous process
• Addresses both risks and opportunities
• Effected by people at every level of an organization
• Aims to enhance value for stakeholders
• Considers established disciplines, such as contingency
planning, disaster recovery planning or emergency response
planning, insurance, internal audit, loss prevention, to be
specific treatments within the wider ERM process.
11
Key Elements in Implementing ERM
• No single best approach
• Strong, visible and communicated support from the top of the
organization
• Each organization must develop an approach which best fits its
values, objectives, culture and constraints
• Build it into existing business processes and practices
• Bottom-up as well as top-down
• Incremental approach
• Rigorous, but not overly complicated
• Dynamic and responsive
• Collaborative and not too prescriptive
• Demonstrate value
12
Key ERM Implementation Steps
• Strong, visible and communicated commitment from the board
and senior management
• Establishment of context and objective setting
• Risk identification
• Risk analysis (probability or liklihood of occurrence, severity of
impact, quantification, prioritization)
• Risk tolerance and risk treatment or mitigation development
• Ongoing control, monitoring, review, adjustment
13
VANOC ERM
•
Robust
–
–
–
–
–
•
All 53 functions
All 14 construction venues
All 24 operating venues, competition and major non-competition
All 20 sport (test) events
Global or corporate
Integrated
– Functional interdependences identified & communicated
– Direct partner risks identified for construction venues
– Shared risks (Olympic / urban domain)
•
Holistic
–
–
–
–
–
Strategic
Financial
Operational
Reputational
Hazard
14
VANOC ERM
• Dynamic
– Regular Risk Register review & updating
– Risk retirements
– New reporting
• Top Down and Bottom-up
– Executive, Senior Leadership, Board
– Functions and venues
15
Definitions
• A RISK is something that might happen which could have a
negative impact on VANOC
• An ISSUE is something that has happened or is happening
which could have a negative impact on VANOC.
16
VANOC Risk Identification
• Risk Statement: cause and effect
• Internal and external
• Various sources
17
VANOC Risk Measurement
• For each identified risk:
– Probability of Occurrence
→ Scale of 1 (very unlikely) to 5 (almost certain)
– Severity of Impact
→ Scale of 1 (minimal) to 5 (massive)
→ Common measures established
– Overall Risk Rating
→ Probability of occurrence X severity of impact
→ Scale of 1 to 25
→ Ratings of 12 and above = Top Risks
18
Risk Quantification and Prioritization
• Financial risks tend to be more easily quantified
• Subjective ranking may be all that can be done for some risks –
don’t overly complicate!
• Quantifying can be particularly difficult for low probability / high
severity risks
19
Risk Tolerance and Risk Treatment
• Risk tolerance often defined in terms of impact on earnings or
budgets; revenue loss and/or cost increase relevant for
VANOC, also reputation and operational readiness
• With VANOC’s risk tolerance as a guide; evaluate risks and
decide to:
– Monitor
– Treat or mitigate
• Reduce probability of occurrence
• Reduce severity of impact
• Transfer
– Avoid
• Develop strategies and action plans to treat the risks
20
VANOC Risk Register
VANOC Risk Register
Risk Controls
Existing Controls and
Risk Mitigation Measures
(e.g. insurance,
contingency plans)
Existing Control Rating
(Out of 5)
Non-Competition
Global
Extent of Risk
Competition
Games
Pre-Games
Post Games
Reputation Loss
Timing
Sustainability or Other
Impact
Athlete Performance
Cost Increase
Games-time Readiness
Primary Type of Impact
Revenue Loss
Severity of Impact
Overall Rating (Out of
25)
Risk Statement
Functional Area
Risk Rating
Probability of Occurring
Functional Area
Hazard
Division
Risk Class
Financial
Risk ID
Dependencies /
Coordination
with other
Functional
Areas
Strategic
Risk Identification
Operational
Risk
Dependencies
Risk
Tolerance /
Acceptance
(M: monitor,
T: treat, A:
avoid)
Additional Risk
Mitigation
Recommendations
Risk
Mitigation
Owner
Target
Completion
Date
• Ongoing risk identification, treatment tracking and monitoring tool
21
Risk Register Review
• Major Risk Report
– The “Global” or corporate risks
– Reviewed monthly with the Executive Team and updated as
required
• Top Risks Summary Report
– By division/function
– Risks with an overall rating of 12 or higher
– Include low probability/high severity risks
– Reviewed monthly by each EVP for his/her division
22
Risk Register Review
• Function and Venue Construction Risk Register
– For all 53 Functional Areas and each construction venue
– Plus a Global Risks section
– In-depth review and updating with Functional Areas and division
heads on a six-month rotating divisional schedule
• Venue Operating Risk Registers created in tandem with Venue
Operating Plans
23
Risk Register Review
• Overdue, Current and Pending Risk Mitigation Actions Report
– Reviewed monthly by Executive Team
– Executive Team sees the report for all divisions
• Register of Retired Risks
– Reviewed with each division during six-month in-depth reviews
– Indicates date and reason risk was retired, and by whose
authority
24
VANOC Assurance Services
•
Internal Audits
- Annual Audit Plan—approved by Audit Committee
- Regular in camera meetings with Audit Committee
•
Consulting Reviews
- Proactive reviews initiated at the request of Management
25
VANOC Business Continuity
• Loss Control/Prevention
• Crisis Management Plan
• Disaster Recovery Plan
• Contingency Plans
• Emergency Response Plans
– for all venues, for both construction and operational phases
26
VANOC and Risk Management
•
This was a complex and risky project
– Many moving parts
– Many stakeholders
– Many external and shared risks
•
How to handle?
– Emphasis on identifying all types of risks and mitigating / managing
them
– Monthly meetings with Executive Team to review major risks
– Rotating monthly in-depth reviews with functions—every six months
– Monthly reporting of top risks, and overdue/current/pending mitigation
actions to all divisions and functions
– Risk-based approach for internal audit and business continuity planning
– Plans for managing risks which could not be fully mitigated
27
ERM Challenges, Successes
– In a fast-paced, very diverse organization, keeping ERM
current, relevant, and useful at all levels.
- Some risks became issues.
- VANOC was the first OCOG to fully implement and sustain
an ERM framework. This has been recognized by the IOC
and other OCOGs, and the VANOC model has become the
standard to be followed.
- The 2010 Games are regarded as having been highly
successful—ERM and the strong risk management culture
which was pervasive in VANOC contributed to this outcome.
28