1 / 112

Risk Management User Group

Risk Management User Group. Wednesday, February 5, 2003. Welcome. Michael L. Hay, CGFM, CPPM. Meeting Agenda. 8:30 – 9:00 am – Welcome, Overview of SORM 200 Data 9:00 – 9:15 am – Legislative Overview 9:15 – 9:45 am – Business Continuity Management Update

walker
Télécharger la présentation

Risk Management User Group

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Risk Management User Group Wednesday, February 5, 2003

  2. Welcome Michael L. Hay, CGFM, CPPM

  3. Meeting Agenda • 8:30 – 9:00 am – Welcome, Overview of SORM 200 Data • 9:00 – 9:15 am – Legislative Overview • 9:15 – 9:45 am – Business Continuity Management Update • 9:45 – 10:15 am – Terrorism Insurance Act, Employee Dishonesty, and What’s Up Next • 10:15 – 10:30 - Break

  4. Meeting Agenda • 10:30 – 11:00 am – HIPAA • 11:00 – 11:30 am – SORM 200 FY03 Data Entry, TWCC 1S & TWCC 6 • 11:30 – 11:45 am – FY03 Assessments • 11:45 – 12:00 pm – Questions, Discussion

  5. SORM 200 Data Overview Michael L. Hay, CGFM, CPPM

  6. SORM 200 Expenditures Summary

  7. Correlation of Risk Management Expenditures to Amount of Claims Conclusion: There is obviously a linear correlation between risk management expenditure and claims amount: The higher the claims amount - the higher risk management expenditure.

  8. Correlation of Risk Management Expenditures to FTE’s Conclusion: FTE and Risk Management Expenditure have positive correlation, close to linear but not totally linear: more FTE, more risk management expenditure spent

  9. Total Number of Claims ReportedBoth Insured and Uninsured

  10. Insured Claims

  11. Uninsured Claims

  12. Legislative Overview Lucinda Saxon

  13. Business Continuity Management Update Todd Roberts, CBCP Roger Thormahlen, CIC

  14. Business Continuity Management • Business Continuity Management(BCM) is a comprehensive, integrated, and enterprise-wide process to ensure the continued availability of time-sensitive and critical services, prevent or limit injury to personnel, as well as damage to structures and equipment. • Business Continuity Planning (BCP) is the actual 10 step, ‘best practices’, model for advanced planning and preparation.

  15. Is Business Continuity the same as Disaster Recovery? Answer = NO Disaster Recovery focuses on the ability to recover the IT infrastructure, applications, and the data network in the event of a catastrophic loss or damage to this infrastructure. Business Continuity focuses on the coordination and development of acceptable overall recovery strategies, creating and implementing individual departmental planning and testing, as well as risk mitigation and crisis management. Disaster Recovery is just a part, albeit a critical part, of a Business Continuity Management Program.

  16. Purpose of BCM • Develop a process to identify and categorize known risk and associated recovery objectives and to maintain a “minimal level of acceptable service” for the organization across all levels • Business functions • Facilities • Voice/data network infrastructure • Operations support and associated applications • Develop “availability standards” and RTO (recovery time objectives) for business continuity plans and alternate recovery solutions for all business functions and facilities • Identify the appropriate resource/risk ratio • Mitigate or minimize business interruptions to agencies, customers, systems and associates • Minimize duration of disruptions to business functions when they occur

  17. Why Plan and Why SORM? • Good Business Practice • SORM’s Mission Statement – “SORM will provide active leadership to enable State of Texas Agencies to protect their employees, the general public, and the state’ physical and financial assets by reducing and controlling risk in the most efficient and cost-effective manner.” • TAC Title 1 Part 10 Chapter 202 Rule202.6 Business Continuity Planning (a) Business Continuity Planning covers all business functions of an agency and it is a business management responsibility. Agencies should maintain a written Business Continuity Plan so that the effects of a disaster will be minimized, and the agency will be able to either maintain or quickly resume mission-critical functions.

  18. Planning Benefits • Execute a planned and timely response to any loss or interruption of business functions. • Ensure continuous availability and /or total recovery of critical business activities. • Validate current disaster recovery and restoration efforts of IT resources. Contribute additional information for strategic future planning in business continuity and disaster recovery. • Significantly increases our ability to continue operations efficiently, thereby, reducing liabilities and meeting the expectations of customers.

  19. Scope of Planning Effort Planning for events of limited duration includes: • Loss of the department or facility (worst case scenario) • Weather-related outages • Loss of • Data center • Systems • Telecommunications • Agency mail or distribution centers • Other technology outages

  20. SORM’s BCM Goals • Create BCP awareness at the agency level • Provide BCM standards and guidelines using BCP “Best Practices” • Assist all agencies in the development and testing of BCP • All State agencies have a BCP plan in place by the end of calendar year 2004.

  21. Where We are Today • Combined effort of DIR and SORM • State Agency Disaster Recovery Work Group • Evaluated and selected planning software for agencies interested in a common look and feel. • Completed “State of the State” survey • SORM Risk Managers are asking to see plan to heighten awareness • Developing BCP guidelines and procedures document to be used as a standard in the future.

  22. Business Continuity“A shared Responsibility”

  23. SORM’s Responsibilities • Development of BCP standards and procedures using “Best Practices” methodology • Assist agencies with BIA, Risk Analysis, and/or Risk Assessment • Assist with Education and Awareness • Assist in plan development and testing • Periodic review of plans and enhancement recommendations • Share information and expertise with agencies.

  24. SORM’s Resources • BCP Generator Software • Risk Managers • Two dedicated BCM associates • Participants in the State Agency Disaster Recovery Work Group

  25. BCP SoftwareWhat to Look For • A hypertexted template based on Microsoft Word • Asks logical & sequential questions • Easy to use • Inexpensive

  26. Agency’s Responsibilities • Conduct a BIA to identify critical functions, processes, and requirements • Identify critical dependencies (including people, resources, skills and knowledge) • Identify RTO (recovery time objectives) • Select the proper balance between risk and expense • BCP integration • Create and maintain plan • Plan testing and follow-up • Share information and expertise with other agencies.

  27. Recap • Disaster recovery is not BCP … just one piece • A shared responsibility between agency and SORM • SORM’s resources available to agencies • BCP roadmap—planning tool

  28. Recap (cont.). • SORM contacts: • Todd Roberts (512) 936-1528 todd.roberts@sorm.state.tx.us • Roger Thormahlen (512) 936-2944 john.thormahlen@sorm.state.tx.us

  29. Break Time! See you at 10:30!

  30. Insurance Terrorism Insurance Act Employee Dishonesty What’s Up Next Sally Becker, CPCU, ARM

  31. Terrorism Risk Insurance Act of 2002 Officially signed into Federal Law on November 26, 2002

  32. Goals of the Act • To ensure the availability of commercial property and casualty insurance coverage for losses resulting from certain acts of terrorism through 2005. • To allow for a transitional period for the private insurance markets to stabilize, resume pricing of such insurance, and build capacity to absorb any future losses.

  33. Acts of Terrorism - Definition An “ACT OF TERRORISM" means any act that is certified by the Secretary of Treasury, in concurrence with the Secretary of State and the Attorney General to be: • A violent act or an act that is dangerous to human life, property, or infrastructure. • To have resulted in damage in the US or outside the US in case of an air carrier or vessel or the premises of a US mission, and • To have been committed by an individual or individuals acting on behalf of any foreign person or foreign interest as part of an effort to coerce the civilian population of the United States or to influence the policy or affect the conduct of the U.S. Government by coercion.

  34. Not Covered By the Act • An act or event that is committed in the course of war declared by Congress • Domestic Terrorism acts • Losses under $5 million dollars, per act

  35. Excluded Lines • Life and health • Medical Malpractice • Flood • Personal Line policies • Crop insurance

  36. Mandatory Involvement of Insurers • During the period beginning on the 1st day of the Transition Period and ending on the last day of 2005, each eligible insurer shall: • Participate in the program • Make terrorism coverage available in all of its property and casualty policies Note: Terrorism coverage can not differ materially from the terms, conditions, amounts, and coverage limitations of other provisions.

  37. Effects of the Act • Any provision of a contract for commercial property and casualty insurance that is in force on the date of enactment, which excludes losses resulting from acts of terrorism shall be “VOID”

  38. Requirements of Insurers • For Policies currently in force: • Notification must be sent to insureds within 90 days of the enactment (11/26/02) advising of the cost of the terrorism coverage. • For Policies issued during or after the 90 day period: • A separate line item identifying terrorism coverage must be included at time of offer, purchase or renewal.

  39. Reinstatement of the Terrorism Exclusion • An insurer may reinstate the terrorism provision only if: • The covered entity provides written notice declining the coverage, or • The covered entity fails to pay any increased premium charge within 30 days of notice

  40. Your Exposure • Terrorism insurance should be considered just like any other line of insurance or peril. • Evaluate potential loss exposure in relation to the likelihood of a terrorist act.

  41. Exposure (cont’d) Questions to ask yourself: • Does our agency need this insurance? • Is our agency an obvious terrorist target? • What is our proximity to a terrorist targets? • Is our agency close to a critical infrastructure?

  42. Exposure (cont’d) • Is there a HIGH or LOW risk? • The cost of the insurance must be weighed against the cost of risk.

  43. SORM’s Involvement Because each agency has unique terrorist exposures based on their location in the state and their particular operations, The State Office of Risk Management will not make the business decision to purchase or not. However, SORM will assist in evaluating and analyzing the exposure and costs.

  44. EMPLOYEE DISHONESTY • Definitions • Employee Dishonesty is the unlawful taking of money, securities and other property by an employee. • Employee is any person compensated to perform services for you; temporarily furnished to you; or trustee, officer and administrator. • Money means currency, coins, bank notes, travelers checks, money orders and register checks.

  45. EMPLOYEE DISHONESTY • Definitions cont’d • Securities means negotiable and nonnegotiable instruments or contracts representing money or property. • Other Property means tangible property other than money or securities that has intrinsic value

More Related