Commercial Resilience in the Real World

844 views

Published on

Panel Moderator: Diana McClure, IBHS Business Resiliency Program Manager
Panelists: Tim Lovell, Executive Director, Tulsa Partners;
Paul Ford, Director of Safety and Security, Tampa General Hospital, and Carol Fox, Director, Strategic and Enterprise Risk Practice, RIMS

Published in: Real Estate
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
844
On SlideShare
0
From Embeds
0
Number of Embeds
18
Actions
Shares
0
Downloads
13
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Commercial Resilience in the Real World

  1. 1. IBHS  Annual  Conference   November  17,  2010   Carol  Fox,  RIMS   2  
  2. 2. Agenda   Enterprise  risk  management  (ERM)     Evolution     Alignment  with  functional  areas     Alignment  with  standards       ERM  maturity  model  approach  to   resilience     Resilience  in  the  real  world     Questions   3  
  3. 3. Evolution in Approach ERM   Integrated  /  Advanced       Traditional  /   •  Portfolio  approach   Defensive   •  Business  risk  approach   •  Risk-­‐based  business   •  Mitigate  controllable   decisions  across  the   •  Silo  ad  hoc  approach   risks   organization   •  Focus  on   •  prevent   •  Address  potentially   transferring  risks   devastating  threats  and   •  reduce  frequency   •  Protect  balance   weaknesses   sheet  through   •  reduce  severity   •  Exploit  opportunities   •  Insurance   •  Focus  on  lowering   and  strengths   •  Hedging   insurance  costs  and   •  Manage  unwanted   •  Indemnifications   retained  losses   variations  from  expected   •  Hazard  based   •  Collaborative  cross-­‐silo   outcomes   •  Pure  risk  –                             interactions   only  loss,  no  gain   •  Linked  to  corporate   •  Integrated  into   strategy    through   strategic  planning,   •  Not  linked  to   event  risks  and   operational  planning,   corporate  strategy   financial  objectives   and  day-­‐to-­‐day   activities   ©  2010  Risk  and  Insurance  Management  Society,  Inc.  All  rights  reserved.   4  
  4. 4. Alignment with Functional Areas Board of Directors Executive Sponsors: CFO and CLO Illustration Purposes Only Executive Management Team Functional Lead Reports To Risk Management Functional Areas Identified Risk Owners Risk Management* Internal Audit Business Units Lines of Business Privacy and Security Human Resources SVP, Executive Senior Presidents CEO President CEO CLO CEO CEO Controller / Director CFO VP Director Treasurer Business Continuity Compliance Top Five Risks 3 Certified BC Senior Chief Planning Director, Risk Compliance CLO Managers Management Officer Risk 1 Risk 2 Risk 3 Risk 4 IT Risk Management Privacy and Security Risk 5 Privacy and Director CIO Security CLO Office Executive Management Oversight – Risk Reporting Frequency Risks 1 and 5 Risk 2 Risk 3 Risk 4 * ERM program lead Monthly Monthly Quarterly Quarterly ©  2010  Risk  and  Insurance  Management  Society,  Inc.  All  rights  reserved.   5   5   5
  5. 5. Standards Alignment with ERM Standards   and   Frameworks   AS/NZS 4360 FRAMEWORK ISO 31000 PRINCIPLES SAQ ONR 49001 AFNOR CN FD_X50-252 TERMINOLOGY ISO GUIDE 73 ISO GUIDE 14050 NFPA 101 ISO 9001 ISO 14001 REQUIREMENTS ANSI/ASHRAE 62 NFPA 75 OHSAS 18001 ISO/IEC 27001 GUIDELINES HB 436 ISO 10005 ISO/IEC 27002 CSA Q850 TOOLS ISO 31010 ISO/IEC 15408 RISK SAFETY QUALITY TECHNOLOGY ENVIRONMENTAL ©  2010  Risk  and  Insurance  Management  Society,  Inc.  All  rights  reserved.   6  
  6. 6. ERM Aligned with Recognized Standards Adhering to risk management Mitigate or Exploit Root cause analyses policies on risk tolerance,   Risk Controls risk authorities, etc. ISO 31010 Common Risks Management Control Options   Business Disruption   Business Continuity Management ANSI / NFPA 1600   Environmental   Environmental Management ISO 14001   Execution Failure   Quality Assurance / Project Management ISO 9001 Controls   Theft / Geopolitical   Physical Security Management ISO 28000 Assessment   Data Breach   Privacy / Information Security Management ISO/IEC 27001   Regulatory   Compliance Program Management   IT Infrastructure   IT Risk Management   Financial Risks   Financial Risk Management Measure uncertainties / deviations from plan ©  2010  Risk  and  Insurance  Management  Society,  Inc.  All  rights  reserved.   7  
  7. 7. ERM Maturity Model Approach to Resilience 8  
  8. 8. Business Resiliency and Sustainability using RIMS Risk Maturity Model© The  degree  of  business  ownership  and  planning  …   Initial   Incorporates   Ad  hoc   resiliency  in  each   process,  in  addition   Focused  on   to  mitigation   Nonexistent   infrastructure   through  disaster   rather  than   recovery.   Limited  to    IT   business.  Reactive.   infrastructure   orientation.   ©  2010  Risk  and  Insurance  Management  Society,  Inc.  All  rights  reserved.   9  
  9. 9. Business Resiliency and Sustainability using RIMS Risk Maturity Model© Leadership   Framed  within  the   Managed     context  of  service   continuity  to  all   Comprehensive.   stakeholders.   Repeatable     Considers  internal   Dynamic  and   and  external   evolving  system.   Business  models   contexts  /   include  resiliency   Sustainability   relationships.   derived  from   and  sustainability   Focused  on   aspects,  such  as   continual   operational     adaptation.   geography,   objectives   disruptive   Interwoven  with   outcomes  and   strategy  and   technology,   delivering  value.   competitors,  etc.   strategic  objectives.   Visible  at  board   level.   ©  2010  Risk  and  Insurance  Management  Society,  Inc.  All  rights  reserved.   10  
  10. 10. Building Resilience in the Real World Leadership BCP Policy and •  Planning Program Structure •  Prevention •  Preparedness •  Recovery Incident Communications, •  Restoration Management Procedures, Tools Disaster Recovery Plans Address Immediate Needs People Business Operations Technology •  Product / •  Network Emergency Health & Safety •  Property Services Response, •  Employees •  Facilities Delivery •  Processes Management •  Public •  Infrastructure •  Environment •  Regulatory and Logistics •  Information / Contract Compliance Systems Training, Exercise and Testing = Corrective Actions / Continuous Process Improvement 11  
  11. 11. Resilience at Work: Typhoon Ketsana / Ondoy   Storm   monitoring   gave  advanced   warning     All  seven  sites   continued   operations     Personal  impact   to  employees     Rerouted  call  to   other  sites     “Business  as   usual”  next  day   12  
  12. 12. Questions? Contact: Carol  Fox   Director  of  Strategic  and  Enterprise  Risk  Practice   cfox@rims.org   www.rims.org ©Copyright 2010 by the Risk and Insurance Management Society, Inc. 13  
  13. 13. Referenced Recognized Standards ISO 31000: 2009 Risk Management – Principles and Guidelines AS/NZS 4360:2004 Risk Management Australian/New Zealand Standard ISO GUIDE 73:2009 Risk Management – Vocabulary HB 436:2004 Risk Management Guidelines: a Companion to AS/NZS 4360:2004 CSA Q850-10 Risk Management – Implementation of CAN/CSA-ISO 31000 ISO 31010:2009 Risk Management – Risk Assessment NFPA 101:2009 Life Safety Code® ANSI/ASHRAE 62.1-2007 Standard on Ventilation for Acceptable Indoor Air Quality OHSAS 18001:2007 Occupational Health and Safety ISO 9001:2008 Quality Management Systems – Requirements ISO 10005:2005 Quality Management Systems – Guidelines for Quality Plans NFPA 75:2009 Standard for the Protection of Information Technology Equipment ISO/IEC 27001:2005 Information Security Management Systems – Requirements ISO/IEC 27002:2005 Information Technology – Code of Practice ISO/IEC 15408:2005/2008 (3 parts) Evaluation Criteria for IT Security ISO 14050:2009 Environmental - Vocabulary ISO 14001:2004 Environmental Management Systems - Requirements ISO 28000:2007 Security Management Systems for the Supply Chain ANSI / ASIS SPC.1:2009 Organizational Resilience: Security Preparedness, and Continuity Management Systems – Requirements with Guidance for Use
  14. 14.   A  988-­‐bed  Ter5ary  Hospital  serving  a  14-­‐coun5es  with  a  popula5on   in  excess  of  4  million  in  West  Central  Florida.     The  primary  teaching  affiliate  for  USF’s  College  of  Medicine.     Region’s  only  Level  I  Trauma  Center.     Region’s  only  Burn  Center     Tier  1  Hospital  for  the  Regional  Domes5c  Security  Task  Force       Primary  receiving  hospital  for  Tampa  Bay  Metropolitan  Medical   Response  System     A  leading  organ  transplant  center     State-­‐cer5fied  comprehensive  stroke  center     Region’s  leading  safety  net  hospital.  
  15. 15. Hurricanes  
  16. 16. Emergency  Management  Commicee  with  our  partners     Recognize  and  analyze  our  risks  HVA   -­‐  Emergency  Management  -­‐  Hazard  Vulnerability  Analysis  2009-­‐2010 Type Event Probability Risk Prepara5on  Level sc P Low   Major   has   To   Disrup5o Med   Disrup5o Event  and  *  if  a  plan  is     occurred         high   me low   Life       To  Health     n   Disrup5o n     Poor   Fair     Good   currently  being  reviewed 4 3 d  2 1   5   4  3 n    2  1  3 2   1   Mass  Casualty  in  region 2 5 2 9 3 MC-­‐Terrorism-­‐chm/nuc/ rad 1 5 2 8 MC-­‐Terrorism-­‐biological 2 4 2 8 MC-­‐Explosion-­‐external 3 5 1 9 Bomb  threat 2 3 3 8 Hostage  situa5on  * 2 5 2 9 3 Mass  Migra5on 1 3 2 6 Schools  Closed 4 Hazard  Vulnerability   3 1 8 Anthropological Analysis   Civil  disturbance 2 1 1 4 VIP-­‐situa5on 4 1 1 6 Infant  abduc5on  * 3 4 2 9 3 Labor  ac5on   2 1 3 6 Internal  violence  * 4 5 2 11 1 Suicide 4 5 2 11 1 Internal  chemical  spill  * 4 4 8 Coastal  oil  spill 2 3 3 8 Gas  release  at  port  * 1 5 3 9 3 Accident  blocking  bridge 4 2 1 7 Hurricane 3 5 2 10 2 Tornado  * 3 5 2 10 3 Severe  thunderstorm 4 1 1 6 Earthquake 1 5 3 9 3 Epidemic 4 4  2 10  1 Natural   Ice-­‐ 1 3 3 7 Flooding 3 3 1 7 Temperature  extreme 1 1 3 5 Drought 3 1 1 5 Wild  fires 4 1 1 6 Fire,  Internal 4 5 1 10 2
  17. 17. Annual Update to the Citizens Advisory Committee on Mitigation Activities Hazard Mitigation Grant Program 2005 Submittals •  Met with Local Mitigation Strategy Representatives –  County, Cities, SWFWMD, Hospitals, etc. –  Initial List Submitted by Reps in October 2004 •  Approximately 30 Projects –  List Refined For Funding Constraints (January – April 2004) •  Approximately 15 Projects –  Final Submittal May 2nd, 2005 •  7 Projects •  Final Projects Submitted –  Duck Pond Area Flood Protection (City of Tampa and County) –  Tampa General Wind Retrofit –  Plant City Retrofits (Fire and Police Stations) Presented by the Hillsborough County Building Services Division, Hazard Mitigation Section August 26, 2005
  18. 18. Mi7ga7on  and  Prepara7on  Efforts   •  Hurricane  Mi7ga7on   •  Window  Shields     •  Electrical  /  Red  Outlets   •  A/C   •  Suc7on   •  Medical  Gas  –  Air  and  Oxygen   •  Boiler   •  Roofs   •  Louvers   •  Pa7ent  reloca7on  plans   •  Helo  landing  on  garage   •  Flooding  protec7on  (Sub  doors)   •  Security  weapons  
  19. 19. Mass  Casualty  Preparedness  
  20. 20.  Treatment  Surge   Capacity     60  Exam  Rooms     Double  Headwall  +  60  =  120     6  Trauma  Bays   Triage  at  Surge     Double  Gas  Booms  =  6  =  12     6  Behavioral  Exam  Rooms     Surge  Cabinets  =  71     Total  Surge  Capacity  is  200+    
  21. 21. Incremental Costs •  Size  of  ED  is  approximately  65,000  sq.  e.   •  ED  construc5on  cost=  approximately  $24,000,000   •  Approximate  cost  per  square  foot  of  $374   •  Incremental  costs  for  isola5on  pod  HVAC  $50,000   •  Incremental  costs  for  surge  capacity  headwalls   $355,000   •  Duel  headwalls  in  each  treatment  room  $450,000   •  Decontamina5on  facili5es  and  storage  $15,000   •  Addi5onal  costs  per  square  foot  for  ER  One  concepts       was    approximately  $13.40  a  square  foot  
  22. 22. Intangible  Benefits   •  Free  Publicity   •  Improvement  of  reputa5on   •  Employee  pride   •  Community  pride   •  Sleeping  becer  at  night  
  23. 23. Community Resilience in the Real World IBHS Conference November 17, 2010 Tim Lovell Executive Director Tulsa Partners, Inc.
  24. 24. Background
  25. 25. Community Partnerships-Local and State •  Chambers of Commerce •  State/County/Local Gov. •  Corporate entities •  Nonprofit entities
  26. 26. Community Partnerships-From National to Local
  27. 27. Community Partnerships and the Insurance Industry
  28. 28. Structural and Nonstructural Mitigation •  Community Emergency Response and Hazard Mitigation Processes •  Employee Preparedness •  Millennium Center •  Workshops
  29. 29. Open for Business® Training
  30. 30. Tulsa Partners, Inc. Questions? Tim Lovell Executive Director Tulsa Partners, Inc. www.tulsapartners.org tulsapartners@gmail.com 918-632-0044

×