This document summarizes the key concepts of enterprise risk management. It discusses how risk management aims to help organizations achieve their mission and avoid surprises by dealing with uncertainty. The risk management process involves identifying potential risks, evaluating and prioritizing them, selecting risk management techniques, and monitoring risks. The roles of the board, senior management, and risk management committee in the risk management process are also outlined.

1. AH&T Nonprofit’s 13 th Annual Risk Management Seminar Leslie T. White CPCU, CIC, ARM, CRM Croydon Consulting, LLC November 10, 2005 Enterprise Risk Management

2. Risk Management A discipline for dealing with the possibility that some future event may cause unexpected results Dealing with uncertainty . . .

3. Principles of Enterprise Risk Management Every entity exists to provide value to stakeholders All entities face uncertainty which presents both risk & opportunity with potential to erode, preserve or enhance value ERM enables management to deal with uncertainty, associated risk & opportunity, enhancing its capacity to build value

4. Purpose of Enterprise Risk Management To provide value to stakeholders To help nonprofits get to where they want to go To avoid pitfalls & surprises To enhance value, achieve the mission

5. Dealing with uncertainty . . . Pre-loss exercise that reflects organization’s post-loss goals and reflective of the organization’s culture To identify potential events that if they occur would affect the organization Events can have negative, positive or both impact To manage risks within your risk appetite

6. Dealing with uncertainty . . . Determine how much uncertainty (risk and opportunity) you are prepared to accept as strive to grow value, achieve mission Risk management enable management to effectively deal with uncertainty and associated risk and opportunity Helps management achieve performance targets and prevent loss of resources

7. Innovation requires risk taking. Taking risks requires informed, fact-based decision making. Why Risk Management?

8. Risk Management Roles Board Define expectations Set strategy & high level objectives Resource allocation Adopt risk management policy Senior Management Responsible for all activities Sets the tone & influences of the internal environment (principles, values) Develop risk management philosophy, appetite & culture

9. Risk Management Roles Risk Management Committee Propose risk management policy & philosophy Establish risk management goals Develop & implement a risk management program Help managers incorporate risk management into operations Convert risk management strategies into operations Present annual report to Board

10. Risk Management Program Development Plan Establish risk management committee Create action plan Establish risk management goals Adopt risk management policy Evaluate risk attitudes (tolerance & appetite) for areas of risk

11. Risk Management Program Development Plan Follow steps of risk management process Identify & analyze risks (risk assessment) Evaluate & prioritize Select & implement strategies and techniques Monitor & revise Annual report to board

12. Risk Management Attitudes Level of risk tolerance & risk appetite Level of commitment to risk management Risk management strengths & weaknesses Available resources – people, time & money

13. Risk Management Basics A state of mind Involve people at all levels Provide instruction, training and equipment Develop and follow procedures Encourage input

14. The first standard that should be in effect for any organization is the safety of its constituents. Goal of Risk Management

15. Risk Management Cycle Identify risks Evaluate & prioritize risks Select risk management techniques Implement techniques Monitor & improve the program

16. Risk Management Process 1. Acknowledge and identify risks “ What could go wrong?” People Property Income Goodwill Nonprofit Assets Dimensions of Risk Operational Legal Political Financial & market

17. Risk Management Process 2. Evaluate and prioritize risks Frequency Severity Risk Analysis

18. Risk Management Process 3. Select and implement risk management techniques Avoidance Modification Retention Transfer “ What will we do?”

19. Risk Management Process 4. Monitor and update the program Compare actual to expected results Any new programs, activities or risks? Changes in mission or strategy?

20. Cost of Risk Retained losses Insurance premiums or payments to outside sources for funds Costs of measures to prevent or reduce losses Administrative costs for risk management

21. Croydon Consulting, LLC Leslie T. White, CPCU, CIC, ARM, CRM P. O. Box 1414 Severna Park, MD 21146-8414 410-544-0913 Fax 410-544-9913 Email: Lwhite@croydonconsult.com www.croydonconsult.com