January 2025

Join us at 9:00am on Tuesday, January 21st, to learn more about this topic.

Please RSVP by signing up here: Registration Form

Catch up on all previous Seminar topics with one click.

Catch up on all Video Shorts with one click.

Integrated Risk Management

Risk Standard

Risk and Insurance Program

Guidelines

The following guidelines represent the suggested risk management practices for integrated risk management.

1. Encourage everyone to manage the risk under their control.

2. Acknowledge that risk management is a value and as such inseparable from the work itself.

3. Learn from accidents by identifying and resolving the root cause of loss.

4. Operationalize Risk Standards by using them as training tools.

5. Comply with certain Risk Standards to win the annual Risk Standards Award. See additional information in Background / External Resources section below.

Internal Resources

Video Short – Integrated Risk Management

Overview

“Nothing [is] certain except death and taxes,’’ said Ben Franklin.

That’s why there is insurance and risk management.

Risk management describes the practice of managing uncertainty. The process involves five steps: identify, measure, analyze, treat, and monitor.

Identifying risks is done by asking the questions “what might go wrong” and “what needs to go right”.

The first question identifies hazard risks, meaning risks that only result in negative outcomes, like a fire or a lawsuit.

The second question identifies speculative risks. They are risks that might produce negative or positive outcomes, like investment risk or strategy risk.

Measuring risk is done by ranking each risk in terms of its frequency and severity profile. Frequency measures probability. Severity measures impact. The scale, at its basic level, is simply low, medium, and high.

The chart below is a methodology for assigning risk ratings.

The Risk Rating is the product of the frequency and severity values.

Analyzing risk is done by determining which treatment approach is most appropriate. The options are ignore, avoid, control, or transfer. The appropriate risk management technique corresponds to the Risk Rating matrix.

A Risk Rating of 1-2 can be ignored, 3-4 should be controlled or transferred, and ratings of 6-9 should be avoided.

Ignoring risk is appropriate whenever an outcome is unlikely or would have little financial impact.

Controlling risk is an approach that involves prevention and/or mitigation. Prevention is a technique used before a loss occurs to reduce frequency. Mitigation is used to reduce the severity of a loss after it happens. The goal of control is to transform a risk so it moves into a lower rated quadrant.

Transferring risk is accomplished by making another party responsible for the financial consequences of a loss. The most common approaches are using indemnity provisions in contracts and purchasing insurance.

Avoiding risk is the only option for significant risks that cannot be transformed using control techniques.

Selecting the appropriate technique is based on what is practical and, most importantly, will have the support of key stakeholders.

Monitoring recognizes that everything is in a constant state of change. Therefore, techniques need to be monitored to ensure they remain effective.

Integrated Risk Management

“Guard what has been entrusted to your care.” So St. Paul admonishes Timothy in words that define good stewardship.

Good stewardship includes protecting a location’s assets from loss or damage.

Accidents are a drag on efficiency. They result in higher insured and always include uninsured costs. But that’s only the tip of the iceberg. They also damage an organization’s reputation, create uncertainty, and disrupt operations.

Integrated risk management recognizes that risk is best managed where it’s created. That means Boards and Councils manage strategy risk, chief executives (i.e. pastors, principals) oversee implementation risk, supervisors (i.e. business managers) monitor control risk, and employees and volunteers prevent hazard risk (accidents).

Taking responsibility for risk management at every level of the organizations makes it an integrated and indistinguishable part of the organization’s activities. Under this approach, the job of risk management is no longer the responsibility of one person, but instead everybody’s responsibility.

Integrated risk management is transformative. It causes people to think about what might go wrong and also what needs to go right. In the end, integrated risk management decreases accidents, reduces uncertainty, and optimizes resources. That is good stewardship.

Risk Management Standards

Why reinvent the wheel - several hundred times over? The tactics used to prevent losses are no secret.

The foundation of an integrated risk management program is a code of risk standards. These standards provide a set of guidelines.

Risk Standards are curated risk management strategies designed for diocesan environments. In most cases, they are simply suggestions, with the location’s leadership free to decide otherwise. The only exceptions are where required by the Archdiocese or by law.

Risk Standards Award

A Risk Standards Award is awarded each year to those Locations that comply with certain Risk Standards. Any Location that is compliant as of April 1 will be awarded a credit on their following year’s allocation.

The applicable Risk Standards and award criteria are identified below. These standards are the ones that are most impactful on the cost of the insurance program.

The following additional criteria also applies:

Winners share a pot of money equal to 15% of the largest property, liability, and fleet allocation among the winners. Prize monies are distributed in proportion to allocation as a percent of the total.

Separate pots of prize money apply to parishes, parish schools, regional schools, Office for Catholic Education, Catholic Human Services, and All Other.

A survey will be sent in to Locations each year to claim their share of the Risk Standards Award.

Risk Excellence

Risk Standard

Risk and Insurance Program

Guidelines

The following guidelines represent the suggested risk management practices for achieving risk excellence.

1. Make risk management second nature.

Internal Resources

Video Short – Risk Excellence

Overview

“Whatever you do, do it well.” – Walt Disney

This attitude by Walt Disney applies to everything, including to organizations and in particular to risk management.

Most organizations, and a lot of good companies, view risk management as a necessary evil – something imposed upon them by taskmasters like regulators, auditors, and insurance companies. It’s just another thing to do. These companies typically delegate the “job” of risk management to managers or to certain departments, like risk management or internal audit. Here, the goal of risk management is preserving value by striving for risk compliance.

Some organizations embrace risk management. They view it as a fundamental part of everything they do. In fact, in these organizations, risk management is used to improve operating efficiencies and service quality and the very best companies use it to optimize strategy decisions. The difference is that risk management is not what they do, but it’s how they do it. Or in other words, risk management is not the “job”, the job is the job, but rather it describes how the job is done. This means everyone is managing risk - from the mailroom to the boardroom. Here, the goal of risk management is creating value by striving for risk excellence.

There are many good organizations that strive for compliance, but only the great ones strive for risk excellence.

Leading by Example

The irony is that most of us, in our personal lives, embrace risk management. It’s something we do personally every day without even thinking about it. It’s just second nature. For example, we slow down when driving in snowy conditions or cancel our travel plans entirely. We diversify our investments. We lock our doors at night. All of these actions are examples of risk management and most of us do them without even thinking. In our personal lives, we strive for risk excellence.

That’s why it’s strange there aren’t more risk-excellent organizations. Why is that? The blame likely goes to an organization’s penchant for specialization. The search for the holy grail of operating efficiency. They make risk someone’s responsibility. However, when it comes to risk management, risk must be managed where it’s created.

That means drivers must prevent auto accidents (just like they do when driving to and from work), Human Resources must avoid wrongful terminations, and maintenance staff must prevent slips/falls.

Everyone is involved and everyone is responsible for the risk under their immediate control. And you, personally, can use your risk excellence experience to lead by example.

The Five T’s

“Leadership is unlocking people’s potential to become better.” – Bill Bradley

The place to start down the road of risk excellence is at the top. Senior management must embrace risk management and advise staff, at every level of the organization, that preventing accidents is everyone’s responsibility. However, to make it actually happen, an organization must follow the guiding principles of the five T’s.

Teaching – Set the bar and set it high. Staff must be taught that preventing accidents is everyone’s responsibility and standards of excellence must be established for every activity.

Training – Nobody is a born an expert. Experts are made, through training and experience. The organization must provide training resources that allow their staff to do their jobs safely and effectively.

Trying – Nothing happens without effort and accountability. Staff must commit to safety. That means adhering to the standards of excellence but also going the extra mile in everything they do.

Tracking – You get what you measure. The organization must track progress toward reaching its goals. In the area of risk management, some of the goals worth tracking are standards compliance, claim and incident reporting, transitional duty for injured employees, and accident count.

Troubleshooting – Nothing is perfect and things change. Accidents will still happen and every accident must be used as a learning opportunity with root causes corrected. Otherwise, history will repeat itself.

The risk management program is designed around these principles. Our goal is to help every location unlock their potential to become better.

Report Early and Often

All accidents must be immediately reported using the Call Center number. Report everything, even if it seems minor.

Tell us what you thought of this newsletter. Click here to leave your feedback

What is Integrated Risk Management

The integrated risk approach calls upon everyone to manage the risk under their control, wherever a risk is created or wherever it exists.

Operationalizing Risk Standards

A plan is only as good as its implementation. Standards must be integrated into the activities of the location. That's because safety and risk management are inseparable from the task itself.