The Two-Headed Monster of Risk: What Higher Ed Traditional Risk Managers and Enterprise Risk Managers Can Learn from Each Other STARRING! Andy Goldblatt, RISK MANAGER, UC BERKELEY Hans Gude, ARM-E, Enterprise Risk Director, UC Berkeley Today’s Agenda 1. Define traditional and enterprise risk management 2. List useful skills for each 3. Describe how enterprise risk helps the traditional risk manager 4. Describe how traditional risk helps the enterprise risk manager 5. Explore three risks and whether they are traditional, enterprise, or both What is Traditional Risk Management? Focused principally on operations and insurable risks. Loss prevention Claim and lawsuit handling Traditional Risk Manager’s Skill Set 1. Knowledge of: – Insurance – Law – Loss prevention 2. Appetite for action 3. Crisis management 4. Comfort in gray areas 5. Ability to communicate to a broad audience 6. Ability to negotiate What is Enterprise Risk Management? ERM ERM ERM ERM ERM ERM ? ? ? ? ? ? FORGET ABOUT ‘ERM’ ! We’ll remember it back in a minute.... The business problem: Given my organization’s strategic objectives... What are our opportunities? Where are our greatest threats? Where should we focus our finite resources to mitigate threats and maximize opportunities? “ERM” refers to two things: “ERM” refers to two things: First, a perspective on how to think about risk in your organization... What is that perspective? >Operational >Reputation >Financial >Strategic >Health -Safety “ERM” refers to two things: Second, a toolbox for how to solve “the business problem”... • COSO • ISO 31000 • Et al. How do you DO that? Enterprise Risk Manager’s Skill Set 1. Creative thinking: Figuring out how to take concepts and make them operational 2. Consulting, including organizational change and process improvement 3. Networking & sales 4. Willing to roll up your sleeves and help with the work 5. Communicate with leadership 6. Comfort in gray areas 7. Patience to accept slow, incremental change How Enterprise Risk Helps the Traditional Risk Manager How Enterprise Risk Helps the Traditional Risk Manager Broadens perspective. How Enterprise Risk Helps the Traditional Risk Manager Provides basis for prioritizing tasks based on mission. How Enterprise Risk Helps the Traditional Risk Manager Provides a governance structure for bringing risk trends to senior management. How Traditional Risk Helps the Enterprise Risk Manager What are you nuts! We don’t say ‘No.’ We say ‘How.’ Financial risk Operational risk Reputational risk Strategic risk Health–safety risk How Traditional Risk Helps the Enterprise Risk Manager Makes ERM pragmatic: It has to make a difference ‘on the ground.’ How Traditional Risk Helps the Enterprise Risk Manager Clarifies that activities are the point of entry for assessing ‘enterprise’ risks, because that’s where the risks “live.” UC Berkeley tabletop fault model How Traditional Risk Helps the Enterprise Risk Manager Clarifies the day-to-day risks that impact the campus. Traditional or Enterprise Risk? Student Alcohol Abuse Traditional or Enterprise Risk? Reliable Source of Campus Energy Traditional or Enterprise Risk? The Demand for “Safe Space” In conclusion... 1. Allies, not rivals. 2. Traditional risk manager becomes more strategically savvy. 3. Enterprise risk manager becomes more operationally savvy. 4. Increased individual effectiveness. 5. More effective at reducing the campus’s overall risk. Enterprise Risk Services, UC 36