The Risk Management Function
Presented to The University of Houston
Bauer College of Business
McDermott International
February 24, 2011
© 2010 McDermott International, Inc. All rights reserved.
Cautionary Statements
Statements we make in the following presentation which express a belief,
expectation or intention, as well as those that are not historical fact, are
forward-looking statements. These forward-looking statements speak only as
of the date of this report and we caution you not to rely on them unduly. We
have based these forward-looking statements on our current expectations and
assumptions about future events and initiatives. While our management
considers these expectations and assumptions to be reasonable, they are
subject to risks and uncertainties, which may be beyond our control or difficult
to predict. Our actual plans, results, performance or achievements could differ
materially from those we express in the following discussion as a result of a
variety of factors. For a detailed discussion of those risks and uncertainties that
may affect our company, please refer to the “Cautionary Statement Concerning
Forward-Looking Statements” and “Risk Factors” headings in Items 1 and 1A of
Part I to McDermott International, Inc.'s Form 10-K for the year ended
December 31, 2010 filed with the Securities and Exchange Commission.
2
Presentation Overview
 McDermott Company Information
 Risk Management Overview
 Risk Identification
 Examples of Risk Treatment
 Insurance Programs
 Captives
 Inside a Risk Management Department
 Enterprise Risk Management (ERM)
 Business Continuity Planning (BCP)
3
McDermott Overview
 Engineering & Construction (“E&C”) company
 Specialty manufacturing and service capabilities
 Large, repeatable projects are our strength
 Deep, long-term and diverse client relationships
 Strong emphasis on project bidding and execution
4
What We Do – Jacket Loadout
5
What We Do – Jacket Launch
6
What We Do – Deck Floatover
7
A Leader in E&C for Offshore Oil & Gas Worldwide
Engineering
Caspian
Americas
Middle East
Asia Pacific
Marine Installation
8
Spectrum of Offshore Infrastructure
McDermott’s leadership covers shallow to the deepest water
(Graphics compliments of Offshore Magazine; 2005 Offshore Oil & Gas Industry Deepwater Solutions for Concept Selection)
9
Strong Backlog of $3.6 Billion Provides Visibility
(as of September 30, 2010)
Backlog by Geographic Location
Atlantic, 9%
Historical Backlog Levels
5,000
4,000
Asia Pacific,
33%
Middle East,
58%
3,000
2,000
1,000
0
2006
2007
2008
2009
3Q 2010
10
Historical Financial Summary
Operating Income [1]
Revenues [1]
4,000
3,000
3,174
500
3,338
400
2,525
2,432
1,864
2,000
377
278
300
200
1,000
256
188
125
100
0
0
2007
2008
2009
3Q 2009
YTD
3Q 2010
YTD
2007
2008
2009
3Q 2009
YTD
3Q 2010
YTD
[1]
Fiscal year ended 2007 – 2009 represents pro forma financial information from August 4, 2010 Form 8-K; year-to-date represents earnings per share from continuing operations
[2]
Fiscal year ended 2007 – 2009 represents capital expenditures for Offshore Oil & Gas Construction segment
11
McDermott Financial Snapshot
2009 Operating Results
Revenues
$6,193 million
Common Stock Information [2]
Recent price/share $23.79
Operating Income $546,496 million
Shares Outstanding
233.45 million
Earnings per share
Market Capitalization
$5,553.75 billion
52 week trading range
$9.94 - $24.00
Net cash (debt) [1] $72,984 million
Daily volume average
1,410,000
[1] See Appendix A for additional detail
[2] As of February 17, 2011
Backlog
$1.66
$8,111 million
12
Risk Management Overview
13
Risk Primer
Analysis
Design Strategy
Disclosure
Avoidance
Monitor
 “Risk” is an uncertain event that may
prevent or slow the achievement of the
goals and objectives of the Company
 The goal of risk management (at least
according to McD) is to:
 Facilitate the achievement of
Company goals
 Through the creation of a
sophisticated risk culture
 That systematically identifies and
appropriately treats risk at all
levels of the Company
 By employing the risk treatment
process
Design Strategy
Identification
Loss
Control
Financing
Implement
Strategy
14
Risk Management Process
Risk Identification
Risk Analysis
Review
Design Risk Management Strategy
Risk Avoidance
Loss Control
Risk Financing
Captives
Transfer - Ins
Finite ins, retros, etc
Transfer - Contract
Go bare
Debt
Implement Strategy
15
Risk Identification - Attitude
The view of some:
“ But in all my experience, I have never been in any
accident…of any sort worth speaking about. I have
seen but one vessel in distress in all my years at
sea. I never saw a wreck and never have been
wrecked nor was I ever in any predicament that
threatened to end in disaster of any sort.”
-E.J. Smith 1907
16
Risk Identification
 Your own Experience (trailing):
 Prior losses
 Near Misses
 Your Own Experience (leading)
 Questionnaires/interviews (labor, staff)
 Audits (e.g., safety, property, financial controls)
 The experience of others (leading – at least to you):
 Trade/industry peer groups (e.g., CII, IMCA)
 Subject matter experts (e.g., surveyor, lawyers)
©
 Risk Wellness Assessments
17
Risk Wellness Assessments
Deliverables:
Risk Management Process
Executive Summary
RWA Report
Action Item Registry
Risk Wellness Assessment
Prevention Review
Coverage Evaluation
18
Risk Identification
Other Contractor
People and Property
JRM People and
Property
Work in Progress
The Environment
Company People
and Property
19
Risk Identification – Sometimes Hard
20
Risk Analysis
 Think in terms of frequency and severity
 How often? What is the likelihood?
 How much? What is the impact?
 Tools for analyzing risk include:








Trend Lines
Probability Distributions
Benchmarking databases
Probable Maximum Loss/Maximum Possible Loss Analysis
Simulation and models
Claims and near miss reviews
Legal analysis of exposures
Mapping
21
Risk Analysis – Risk Map
1
2
3
4
5
6
7
8
9
10
Catastrophe
9
10
10
11
4
2
9
1
8
3
7
Challenge
5
6, 13
6
8
5
12
4
3
Distraction
Consequence
7
2
• Chart the risks
identified in
interviews and
questionnaires
• Where should we
start with loss
control?
• How much should
we be willing to
spend (not relevant
if HSE&S)
1
Improbable
Probable
Certain
Likelihood
22
Risk Treatment Methods
 Avoidance
 Do not engage in task/activity
 Drastic step as revenue = zero
 Loss Control
 Steps to decrease frequency and/or severity
 Examples are safety systems, sprinklers, containment systems
 Components of an effective loss control system
 Management commitment – it all starts (and can end) here
 Procedures - Practices/policies that reduce risk
 Training – It doesn’t matter if no one knows
 Behavior – Need to have rewards and accountability to drive the
correct behavior
 Communication – Need to talk and walk, share results and updates,
etc.
23
Risk Treatment (continued)
 Financing (not mutually exclusive)
 Go bare
 Take as current expense when loss occurs
 Can use cash or debt to finance
 Self finance through:
 Reserves
 Captives
 Transfer
 Loss sensitive/retro programs/profit sharing
 Pure/guaranteed cost insurance
 Contractual indemnity from third party
24
Risk Categorization for Financing
Low Freq
High Severity
High Freq
High Severity
Severity
Transfer/Finance
via Insurance
Avoid
Low Freq
Low Severity
High Freq
Low Severity
Cost Effective Loss
Control or Ignore
Retain and
Finance via Captive
Frequency
25
Risk Financing – The Basics
Limits - $$$$$$
Limits based on:
• Benchmarking
MII Captives:
• Calculated exposure
• Allow us to avoid “dollar
• Historic losses
swapping” with insurers
• Market capacity
• Allow us to control our claims
• Cost
• Risk transfer from OUs;
Captives accept risk for
a fixed
Low
premium with no adjustments
Frequency
• Premiums based on actuarial
Transfer/Finance
High
analysis, market conditions,
Via Insurance
and risk factorsSeverity
Transfer point determined
actuarially and by insurance
market’s appetite for risk
Risk Retention
Financed Via Captives
High
Frequency
Low
Severity
26
Other Contractor People
and Property
• Contractual indemnity
with customer and/or
contractor
• Corporate liability
program excess of
captive funded SIR
• Perhaps project specific
CGL
Risk Treatment – Real Life
JRM People and
Property
•Contractual indemnity
•Backed by naming
and waiving to
relevant insurance
policies (liability, hull,
etc.)
•Extensive loss control
Work in Progress
•JRM indemnity from
customer
•Also CAR coverage
•Maybe JRM DIC CAR
•Extensive loss control
The Environment
• Clean up coverage
•Liability Coverage
•Extensive loss control
Company People
and Property
•Customer Indemnity
•If not full, project
CGL
•Corporate liability
excess captive
funded SIR and
excess project cover
27
28
29
30
31
Piracy
Not Really…
Modern day Pirates (Pictures of
Nigerian Pirates in the Gulf of Aden)
32
Risk Treatment - Piracy
 Risk Identification and Assessment:
 London Offshore Consultants to assess vessel readiness ($30K)
 Control Risk to assess security plan, vessel, & intended route ($20K)
 Naval architect to verify hull integrity ($10K)
 Medical assessments of riding crew ($32K)
 Risk Management:
 Change tow route to decrease racking stress ($200K)
 Add emergency tow gear, new damage control equipment, and enhanced crew
safety equipment (e.g., new survival suits) ($70K)
 Continuous Wilkens weather forecast($4K)
 Damage control training for crew and add welders to riding crew ($10K)
 De-mob crew prior to Gulf of Aden ($200K direct and $100K increased tow time)
 Guys with guns ($400K)
 Total cost: > $1,100,000 plus internal cost
 Incidents: Zero
33
Last convoy through the Gulf of Aden (March 2011)
Marshal-5 (right) and Marshal 1
(below) providing escort duty to
McDermott’s Agile Sea during
her transit of the Gulf of Aden.
Pictures taken from the bridge of
the Agile Sea.
34
The Hardening of the Agile Sea
McDermott fortifies its vessels on top of hiring
security contractors to ensure a high level of
security has been reached.
35
Insurance: Because Loss Control Does not Always Work
36
Insurance: Because of Ingenuity….
37
Risk Treatment – Role of Insurance
 The view of some (per Cecil Beaton):
Americans have an abiding belief in their ability to control reality
by purely material means... airline insurance replaces the fear
of death with the comforting prospect of cash.
 McDermott’s (current) view:
 Use only to finance low frequency, high severity losses
 The less you use it, the happier everyone is
 Growing bias towards retaining risk
 Down Low – avoid dollar swapping with insurers
 Quota share – skin in game
 Invest in loss control - not in insurers
38
Excess Liability and Captive Program
1992 cost of $24.04
per $1K revenue
$90,000,000
E xc e s s T ra ns f e r P re m ium s
2008(f) cost of $6.43
per $1K revenue
$80,000,000
$70,000,000
C a pt iv e P re m ium
2 0 0 8 C a pt iv e P ro gra m s
E xpe ns e s & <$ 2 M M R is k
T ra ns f e r
Difference of $102.9M
$60,000,000
HIGH $ 82.2M
$50,000,000
2008 $ 37.5M
$40,000,000
$30,000,000
$20,000,000
$10,000,000
39
2010
2009
2008
2007
2006
2005
2004
2003
2002
2001
2000
ew 99
1999
1998
1997
1996
1995
1994
1993
1992
$0
Insurance Programs



Diversity of MII’s operations drive diversity and complexity of
insurance programs
 Currently approx. 32 different insurance policies in place
 Most are placed at the McD level on behalf of it and its subs
 Cumulative annual premium spend of approx. $20M for risk
transfer
 Also self finance SIRs on most programs through captives with
annual “spend” of approx. $10M
Tendency to be very conservative
 Higher limits vis-à-vis peers
 Very stable markets with focus on long term relationships
 Conservative reserving for captives
Lockton is our universal Broker
40
Synopsis of Major Insurance Programs
Limits
Cost
Liability/Third Party
Property/First Party
Primary
Casualty
Captives finance most workers comp, auto and general liability up to
attachment point of excess programs
$2mm
$10mm
Directors &
Officers
Protects D’s & O’s and the Company for “Wrongful Acts “committed in
fulfilling duties
$150mm - side A
115mm - Side B
$1.4mm
Employment
Practices
Protects against claims by employees for discrimination, sexual
harassment or other employment related allegations
10mm xs &
15mm
38.4K &
81.9K
Fiduciary
Liability
Protects against breach of fiduciary duty claims in regards to Company’s
sponsored Employee Benefit Plans
$40mm
$192K
Aircraft/
Aviation
Non-owned for chartered aircraft; Owned or fractional ownership
aircraft
$10mm &
$100mm
$121.6 K
& $10K
Excess
Liability
Excess coverage on General Liab; Auto Liab; Employers Liability, certain
Marine Insurance (e.g. MEL, Wreck Removal, P&I), Non – Owned
Aircraft Liab
$500mm
$4.7mm
Terrorism
Separate terrorism liability placement
$100mm
$230K
Secunda P&I
Club
Covers vessel related risk including crew liability, vessel liability, and
wreck removal
Circa $7B
$710K
Global
Property
Covers all risks of direct physical loss or damage from any external
cause, except as excluded or limited (e.g., flood and named windstorm)
$250mm
$910K
Marine
Insurance
Covers physical loss or damage to Hull or Contractors Equipment; loss of
hire, and other incidental marine risks (e.g., Lift/Loading Risk;
Construction/Installation)
Fleet value
$1B
Plus LOH & ROW
$7.6mm
Cargo
J Ray programs covering loss or damage to shipments
Terrorism
Separate property coverage for terrorism losses
As declared
$200mm
$112.5K
Example: EPL Limit Benchmarking – This allows us to price against the Market to
make sure we are getting accurate pricing from insurers and the market.
42
Insurance Industry: Market Participation
 London Market
 Casualty Program
 Marine Program
 Property Terrorism
 Risk Appetite:
 Primary
 Domestic Distaste
43
Insurance Industry: Market Participation
 Domestic Market
 Financial Products
 Property
Risk Appetite:
 Primary
 Marine Distaste
44
Insurance Industry: Market Participation
 Bermuda Market
 Excess Casualty
Risk Appetite:
 High Limits and Large
Capacity
 High Excess Layers
45
Captive Boudin
MII
McDermott
Cayman, Ltd.
Boudin
Assets
$50,865
Liabilities
$35,115
Retained
Earnings
$12,802
Net Inc 2010
$2,314
46
Captives
• Captives used to fund self-insured retentions for WC, General Liability,
and Auto Liability
• Max per occurrence $2mm
• Annual “premiums” total $10mm
• Consolidated captives for: decrease admin cost, and increase ability to
retain risk
Captive Benefits
• McD makes almost all claim decisions
• Pre-fund losses (through actuary) so premium can be invested, Investment
income helps to defray claim costs
• Allows us to retain risk in hard markets
• Favorable tax treatment (e.g. Bermuda)
• Fewer regulatory restrictions and better access to reinsurance
• Possible accumulation of cash reserves
47
Captives Cont.
Fronting Insurer
• Captives typically are not admitted insurers by states. Therefore, a
fronting insurer is needed to:
• Provide evidence of Insurance
• Administer and Pay claims (later reimbursed)
• May or may not accept risk of claims at certain levels
How do McDermott’s Captives Work?
• Ace (our Fronting Insurer) agrees to evidence coverage to
employee’s and third parties above a deductible and up to a limit
• Ace also pays claims and is reimbursed the amounts paid within
McD’s Deductible
• The captives are funded by the data from analysis done by 3rd party
actuaries and industry trends
• These use law of large numbers and macro trends, not individual
claims
48
Be Careful What You Buy
A Case Study in Risk Retention
 Historically, and with the exception of domestic GL liability,
we transferred through insurance number of certain
casualty risks below $2M
 For example, we bought:
 Auto liability cover above $250K domestic and $100K
foreign
 Foreign GL cover above $1.5M
 Workers Comp above $1M non-Ohio and $750K Ohio
49
A Case Study in Risk Retention
2,500,000
ACE or London X/S
2,000,000
Dollars
1,500,000
1,000,000
500,000
0
Ohio W/C
Non Ohio W/C Domestic Auto
Domestic GL
Retention
MEL
Foreign GL
Foreign WC
Foreign Auto
Transfer
50
Be Careful What You Buy
 The issue: from 1999 through 2008, we have paid
approx. $18M in premiums to transfer these risks,
during which time insurers have paid out approx.
$1M in claims
 Total of 3 losses with 2 of them very minor and one serious
 Net underwriting profit of about $17M or $1.9M per year
 Calculations do not include time value of money which
would bolster profits given the delays in pay out on claims
 CIRM proposed we retain these risks in the captives
rather than transferring them
 Significant savings to company since the change
51
Inside a Risk Management Department
52
Risk management Group
53
Year over Year Insurance Cost
• We need to track how we are doing as stewards of the
Company’s resources
• Here we look at insurance cost in relation to the amounts
of coverage we are buying, or our “Rate per Mill”
$35,000,000
8,349
9,000
7,930
8,000
$30,000,000
7,000
$25,000,000
5,776
4,875
6,000
5,115
4,923
$20,000,000
5,000
4,000
$15,000,000
Property
Marine Package
Other-FloaTec, Aircraft…
FinPro
Excess Liability
Primary Risk Transfer
3,000
Captive
2,000
MII Corp
$10,000,000
Cost per $100000 of Limits
$5,000,000
1,000
$0
0
2005
Prem. ($mm) 23.6
2006
2007
2008
2009
2010
25.4
29.4
28.6
30.1
2.5
3.8
3.4
2.7 (F)
5.86
5.89
5.81
Rev. ($B)
1.2
1.6
Limit ($B)
2.83
3.19
5.09
28.6
54
Premium per $1K of Revenue
• Here we look at insurance cost in relation to our revenue
• It shoes an uptick in our cost of insurance per $1K of
revenue because our insurance cost we basically consent
while our revenue decreased
• We could have purchased less coverage but elected not to
$25.00
$35,000,000
$30,000,000
$25,000,000
$20.00
$19.07
$15.76
$15.00
$20,000,000
$7.48
$10.00
$8.87
Marine Package
Other-FloaTec,
Aircraft…
FinPro
Excess Liability
$10.38
$12.00
$15,000,000
Property
$10,000,000
Primary Risk
Transfer
Captive
$5.00
$5,000,000
MII Corp
$0.00
$0
2005
2006
2007
Year
2008
2009
Cost per $1000
Revenue
2010
55
Claim Analysis
 MII total CGL claims:
2005 – 49
2006 – 9
2007 - 21
2008 – 12
2009 – 5
2010YTD – 0
$1,800,000
$1,600,000
$1,400,000
$1,200,000
$1,000,000
 Percent of claims since
2000 below*:
 $250K – 97.21%
 $500K – 97.77%
 $1mm – 100%
56
$2,000,000
$800,000
$600,000
$400,000
$200,000
$0
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010YTD






Largest Single Claim*
* Based on actual cost or current reserve
Time For Video Break
57
Enterprise Risk Management
58
What Do We Seek to Accomplish and Why?
 Question: What do we want to achieve with our ERM Process?
Why do this?
 Answer: The Company wants to anticipate surprises and avoid
them or lessen their impact so that we achieve our goals; we need
to reduce uncertainty
 External Drivers: Credit rating agencies, outside auditor, customer
requirements, etc.
59
McDermott ERM Mission Statement
To facilitate achievement of Company goals through
the creation of a sophisticated risk culture that
systematically identifies and appropriately treats risk
at all levels of the Company
60
A Few Enterprise Risks We Face











Revenue and Income Volatility
Operational Disruptions
Project Management
Financial Controls
Supply Chain
Information and Technology
Geopolitical
Strategic
Market and Customer
Regulatory and Environmental Compliance
Many others
Controlled,
not controlled,
or uncontrollable?
Which to accept
and which to avoid?
Who owns risks?
61
Operational Risks
Development
Supply
Chain
Discovery
Sourcing
• Quality
• Security of Supply
Patents
Patents Diversity
• Sourcing
• Attrition
Attrition Certification
• Supplier
• Tariffs
• Ethical Production
• Political Issues
• Regulatory Adherence
• Port Security
• Transportation Costs
• Product Tampering
• Labor Shutdowns
• Terrorism
 Partnering
 Customer Needs
 Project Lead Time
 Country of Origin Political Issues
Manufacturing
Production
• Labor Relations
• Transportation Costs
• Warehousing
• Product Safety
• Logistics
• Fleet Security
• Product Tracking
• Inventory Control
Marketing
Marketing
• Competitors
• Brand Protection
• Reputation
• Customer Trends
• Emerging Social
Issues
 Sales & Marketing
Practices
 Product Pricing
 Site Acquisition
Sales
Sales
• Transaction Control
• Turnover
• Labor Relations
• Compliance Execution
• Regulatory
• Facility Closures
Customer Needs
 Media Pressures
 Government Relations
Cross-Organizational Risks
• Leadership
Human
• Leadership
Human Capital
• Decision
- making
• Decision
Making
Resources
• Communication
• Communication
• Skills/Competencies
• Skills/Competencies
• Accountability
• Accountability
Change Readiness
• •Change
Readiness
Hiring/Retention • Empowerment
Global Diversity • •Hiring/Retention
•• Diversity
• Empowerment
•
Human
Rights
•• Culture
Culture
• • Succession
Plans
• Human Rights
Succession
Plans
Finance
Finance
• Loss
• Treasury
Operations
• Treasury
Operations
• Loss
of of
Revenues/Earnings
•
Insurance
Revenues/Earnings • Insurance
•
•
•Capital
Market Allocation
•Tax
Tax Payments
Payments
••
••
Integrity
Integrity
• Reputation/
Industry &• Ethics/Social
• Ethics/Social
• Reputation/
Industry
Company
Responsibility
• Responsibility
Company &
•
•
•Conflict
Conflict of
ofInterest
Interest
•Fraud
Fraud
• Lack
of Business
Process • Organizational Model
• Lack
of Bus
Process
• Organizational Model
• Lack
of SOPs
• Lack
of SOPs
• Change Response
ActsActs
•• Unauthorized
Unauthorized
• Consistency
•• Applications
Applications
of of
Lessons Learned
Lessons
Learned
• Business
Model
• Business
Model
Strategic Plan
• •Strategic
Plan
Execution
• Execution
• Political/ Government
Environmental Health
• •Environmental,
and Safety
Health,
and Safety
• SEC/ Disclosures
• Health Authority
• Local/Federal
• SEC/ Disclosures Reporting
• Reporting
Process
Process
Strategy
Strategy
Regulatory/
•
Regulatory
Compliance
•
Compliance
Regulatory
Regulatory/Legal •
Legal
•
Information
Information
•
Technology
Technology
• Strategic
Plan
• Strategic
Plan
Development
• Development
• Compliance
Network/ • Governance/
• Governance/
Compliance
Network/
Infrastructure
Oversight
Infrastructure
Oversight
• Product Liability
Product Liability
• Stakeholder
Class
• Stakeholder
Class
Actions
• Actions
Business
Continuity
Security/Access
• Data
Security/Access
• Business
Continuity • Data
Data
Integrity
•
Reliability
• Data Integrity
• Reliability
• Physical
Security
Miscellaneous
• Physical Security
Miscellaneous
• Crisis
Management
• Crisis Management
• Change Response
•
•
•Regulatory/Legal
Regulatory/Legal
Controls
Controls
Availability
• • Availability
Capacity
• • Capacity
• •Media
Media
Financial
Reporting
• Cash Flow
• Liquidity
Financial
Reporting
• Liquidity
• Cash Flow
Debt
Rating
• Currency
Debt Rating
• Currency• Credit • Credit
• Operational Execution
• Political/ Government
• Customer Damage Lawsuits
• Interest Group Lawsuits
•• Infrastructure
Infrastructure
•• Ecommerce
E-commerce
• Knowledge
Management Management
• Knowledge
• Management
Reporting
• Management
Reporting
• Shareholder Relations
• Shareholder Relations
62
2011 survey results
The risk map utilizes impact and likelihood scores to depict which risks have
high inherent risk and may require further management attention
10.0
9.0
O
8.0
T
Major
7+
E
Impact
K
C
R N
7.0
D
H
I
S
A
B
L
F
J
Q
M
P
6.0
Moderate
5
5.0
U
G
4.0
Minor
3
3.0
2.0
2.0
3.0
Unlikely - 3
63
4.0
5.0
6.0
Likely – 7+
Possible - 5
Likelihood
7.0
8.0
2011 survey results
Management gap analysis provides insight into which risks may not be receiving sufficient
management attention by examining residual risk.
Management
effectiveness
Inherent risk
Catastrophic 9
Major 7
Moderate 5
Minor 3
Minimal 1
9
9 9 Extremely effective
8
8
7
7 7 Strong
6
6
5
4
5 effective
4
3
3
2
2
1
1
0
0
5 Moderately
3 Limited
1 Minimally effective
Management
Effectiveness
Inherent Risk
2011 Focus Risk
Inherent risk
7.7
7.3
7.5
8.1
8
7.1
4
8
8
7
7.5
7.4
6.5
7
9
6
7
7
8
8
5 Inherent risk
ME
5.4
Gap
2.3
6.3
4
4.1
7
4.6
5
6.4
5
3.7
2.5
5.4
5.5
7
8
6
5.3
6
5
7
5 ME
1
3.5
4
1
2.5
1
1.6
3
3.3
5
2
1
0
1
0
1.7
1
3
1
0 Gap
Gap analysis compares the relationship between inherent risk and current risk management effectiveness to determine
if a risk is over- or under-managed. Large positive gaps indicate potential under-management and the need to develop a
risk response
64
Business Continuity Planning
65
Business Continuity Planning
 BCP is the process of preparing for disruption to critical
business functions
 It includes project management, risk assessment, impact
analysis, strategy development, plan documentation and
exercises
 Driver is the need for business recovery from impacts of a
disaster
66
IT-DRP
ERP: Emergency Response Plan
Event Driven Response (Site Impact)
Contamination,
Integrations
Integrations
Bomb-threat,
Fire,
Earthquake,
Depending on event,
Wind,
the integration
Etc.
ERP
of all plans is
possible
Integrations
CMP: Crisis Management Plan
Event Escalation Response
(Corporate Impact)
Non-physical or physical impacts,
Examples:
Exxon –Valdez Oil Spill,
J&J – Tylenol Tampering
IT-DRP: IT Disaster Recovery Plan
(Technology - Voice & Data Impact)
Network Failure, Sabotage, Virus,
Physical Loss of Systems, etc.
BCP
Integrations
CMP
BCP: Business Continuity
Time Driven Response
(Site and Business and Image Impact)
Infrastructure Disruptions,
Business Unit Disruptions,
Department Disruptions
(Failure to deliver product or service)
67
Disaster Management Continuum
Pre-Loss
• Risk Identification
• Risk Assessment
• Loss Modeling
• Business Impact Analysis
• Loss Control
• Business Continuity Mgmt
• Training and Testing
• Risk Financing Decisions
Post-Loss
• Loss Notification
• Event Stabilization
• Impact Mitigation
• Business Restoration
• Insurance Claim
• Preparation
• Submission
• Recovery
68
Executives /
Process Owners
Activity Level
Control Teams
BCP
Response Protocols (Intensity)
BCP
Emergency
Response
Crisis
Management
Business
& IT
Restoration
Normalization
(Full Recovery)
69
Salvage & Recovery
McDermott Risk Management and
Insurance Department
70