Charting Your Way Through Assessment?

Linda Conrad, Director of Strategic Business Risk, Zurich Global Corporate

Loren Nickel, Google Inc., Director of Analytics

Ward Ching, Aon, Managing Director T Learning Objectives

• Break down the three components of a risk assessment.

• Contrast techniques based on the risk type, analysis purpose, resource limitations and available information.

• Explore different types of qualitative and quantitative risk assessment methods: Safeway and Zurich case studies

2 Risk Assessment

• Risk assessment is the heart of the process

• It examines the causes and consequences of undesired events, and may provide pointers on how they could be avoided...or optimized!

• The information generated by risk assessment informs or validates the decisions and resource allocations your organization makes.

• Determine which method(s) are suitable for your organization and integrate them in your risk management framework

3 Business life cycle costs

4 RIMS Risk Maturity Model

5 ISO 31000: seven components

Internal Environment / Establishing Context

Objective Setting & Risk Criteria

Risk Identification

Risk Evaluation

Risk Treatment

Communication & Consultation

Monitoring and Review

6 Assessment components

• Per ISO 31000, the three components of a risk assessment are:

1. Identify – conduct a ‘gross analysis’, a large scope overview of risk exposures – timing can be critical: before project kickoff, strategy plan or budget

2. Analyze – The appropriate analysis tool is essential to be efficient and effective – prioritize exposures that require further attention and analysis

3. Evaluate – Look at with an independent and interconnected approach – Revisit results at different times during a project or business lifecycle

7 Enhance enterprise resilience • Risk assessment can help you to understand resilience challenges : – emerging issues – market dynamics – supply chain risk management – business continuity – crisis response and more.

• Identify support needed to reduce business disruption risks and costs

• Develop actions and takeaways to help protect your profitability.

• An Enterprise Risk Management (ERM) approach can be very helpful 8 Learning Objectives

• Break down the three components of a risk assessment.

• Contrast techniques based on the risk type, analysis purpose, resource limitations and available information.

• Explore different types of qualitative and quantitative risk assessment methods: Safeway and Zurich case studies

9 Selecting a methodology

Scope perspective • Type of industry / process • Inherent hazard • Breadth of risks • Size and complexity of scope • Depth of analysis • Inductive/deductive

Scope perspective • Team vs. single approach • Documentation required • Time required • Team leader expertise

10 11 FTA • Overview – Fault tree analysis is a ‘top‐down” approach that focuses on a particular undesired event or failure (the top event) and aims to determine all the ways in which it could occur. The fault tree graphically displays the different combinations of base events (causes), which could include equipment failures or human errors that may lead to the top event. With suitable skill and data, it can be used to quantify the likelihood of the top event. • Strengths and weaknesses – A top down deductive technique identifying events or combinations of events that can lead to an undesired event – Structured and methodical – Assists in identifying critical elements that can lead to a loss – Time consuming and potentially complex, therefore should only be used in very specific circumstances – A skilled analyst is required – The value of the study will be limited if data are of poor quality. A fault tree cannot provide a precise prediction from imprecise data. • Why FTA? – To identify the root causes and combinations of causes of a major hazard/event that has previously been identified. Identify and quantify improvements and the value of those improvements to the system. 12 Bow Tie Analysis

• Overview – Bow tie analysis provides a simple diagrammatic way of illustrating and analyzing an event from the causes to the consequences. The event is represented in the center (the knot of the bow tie) with the causes and preventative controls to the left and the mitigation controls and consequences to the right. The technique, whilst not as comprehensive as fault tree analysis or event tree analysis is often easier to understand than these more complex techniques. • Strengths & weaknesses – Simple to understand – Useful for training and auditing purposes – Focuses attention on barriers (controls) and the links between the causes, consequences and controls – Another hazard analysis is normally needed to provide an input to the study – Does not depict where multiple causes are required to occur to cause the event – May oversimplify some more complex scenarios • Why Bow Tie Analysis? – To provide a clear, visual diagram illustrating the main failure pathways and the barriers in place to prevent or mitigate the undesired events.

13 FMEA

• Overview – Failure Modes and Effects Analysis (FMEA) is a systematic process to identify the failure modes of individual plant items (how can this component fail?) and the effects of the failure on the item and rest of the system (what will happen if it does fail?). The analysis, conducted by a small team, is thorough but time consuming and is most often applied to physical systems such as electrical and mechanical systems, although it can be applied to human failure modes and effects. • Strengths and weaknesses – It identifies component failure modes, their causes and effects – Identifies single point failure modes – Can include semi quantitative risk ranking – Not effective in identifying combinations of failures – Can become costly and time consuming unless well controlled – Can become difficult for complex multi layered systems • Why FMEA? – To identify which failures in systems can lead to undesirable situations, particularly in electrical and mechanical processes.

14 HAZOP

• Overview – Hazard and Operability (HAZOP) study is one of the most widely used hazard identification methods used within the chemical and many other industries. It is a structured analysis of a system, process or operation, conducted by a multi‐disciplinary team. The team proceed on a line by line, step by step based using a firm design, typically at the detailed design stage. A combination of guidewords (no, less, more etc.) combined with parameters (temperature, pressure, level etc.) are used to identify deviations from normal operation and the associated causes, consequences, safeguards and recommendations. • Strengths and weaknesses – Provides a systematic and thorough examination of a system – A range of can be assessed, both physical systems and procedures – The team gains a deep understanding of the system, potentially with better operating procedures, faster start‐up and fewer operating problems – High resource requirements, both in personnel and data – Needs to be conducted during a ‘specific’ window in the project lifecycle – Can focus on design rather than wider external issues • Why HAZOP? – To conduct a detailed analysis of hazards and operational issues, typically during the detailed design stage of a project. Particularly suited to chemical, pharmaceutical, petrochemical and other higher hazard industries. 15 What if / Checklist

• Overview – Sometimes referred to as SWIFT (Structured What‐if), it was originally developed as a simpler alternative to HAZOP. It is a systematic team‐based study using ‘what‐ if’ phrases to investigate how a system, item of plant, organization or procedure will react. Structure is provided through the use of question categories and a checklist used by the facilitator to prompt further discussion or ‘what‐if’s’. The technique can be applied to a wide range of scopes at varying stages in the project lifecycle. • Strengths and weaknesses – Very flexible and can be used at any part of a project lifecycle – A simple technique and relatively quick to conduct – Requires minimal preparation by the study team – It requires an experienced and competent team leader to be efficient – Careful preparation is required by the team leader – The results are qualitative and less detailed than some other techniques • Why What‐if / Checklist? – To perform a flexible, wide‐ranging, efficient analysis at a higher level and/or lower level of detail that an HAZOP or similar technique.

– The technique can include risk rating and risk ranking. 16 HACCP

• Overview – Hazard Analysis and Critical Control Points (HACCP) was developed to ensure quality in the food, beverage and more recently the pharmaceutical and medical industry. It provides a structure to identify hazards and ensure controls are in place at relevant parts of a process to maintain the quality, reliability and safety of a product. It focuses on the minimization of risk though controls, rather than inspection of the end product. • Strengths and weaknesses – A structured process aiding quality control – Focuses on how hazards can be prevented and risks controlled – Many need to be combined with other tools to identify the hazards, risks and their significance – The focus of action when control parameters are exceeded may miss gradual changes • Why HACCP? – To perform a detailed hazard analysis on food, beverage, pharmaceutical and medical processes and identify critical process limits that require monitoring. 17 ETA

• Overview – Event tree analysis is a technique to graphically represent the different possible outcomes from a single, selected initiating event. The event tree represents the various factors such as responses from people or protective systems and presents the possible outcomes clearly. The approach can be used qualitatively and quantitatively to determine the likelihood of the different consequences. • Strengths and weaknesses – It presents a clear picture of the potential outcomes from an initiating event – Structured, methodical yet relatively easy to understand and use – Can account for timing, dependence and domino effects which are more complex to represent in fault trees – Needs to be combined with other forms of hazard analysis techniques (identifying initiating events) – The path is conditional on the events that occurred at previous branch points • Why ETA? – To model sequences of events and their potential outcomes.

18 LOPA

• Overview – Layers of Protection Analysis (LOPA) is an analytical process normally conducted by a small team to review the adequacy of the safeguards for each hazard identified. It identifies whether additional control or mitigation measures are required by comparing the risk against pre‐determined criteria. An initial hazard analysis such as HAZOP or ZHA is required to provide an input to the LOPA study. • Strengths and weaknesses – It helps focus resource on critical controls (layers of protection) – It requires less time and resource that a fault tree analysis, but us more rigorous than some other qualitative techniques. – Can be useful when preparing a ‘safety case’ and a ‘demonstration of adequacy’ – Another hazard analysis is needed to provide an input to the study – To be quantified, all layers of protection must be independent (no common mode failure) – Aspects of the assessment and quantification can be subjective • Why LOPA? – To assess the adequacy of controls, particularly where ‘safety instrumented systems’ are being used or considered as one of the means of risk reduction.

19 ZHA and TRP

• Overview – ZHA is a team based methodology which encourages analysis of the 360 degrees of ‘Total Risk.’ Hazard scenarios are developed and illustrated on a ‘Risk Profile’, the core of the methodology, which graphically highlights risk priorities in the analysis. The analysis team cover a given scope, applying ’Pathways’ and ’Ticklers’ to ensure a thorough and systematic assessment is realized. • Strengths and weaknesses – Can be applied to any stage of the product or system lifecycle – Wide ranging analysis scope from occupational safety to product liability – Risks can be quickly prioritised without quantification – It requires an experienced and competent team leader to be efficient – The results are qualitative and can be less detailed than some other techniques • Why Zurich Hazard Analysis? – To identify hazards in almost any area, including property, liability, employee safety, company image, environmental issues and overall financial performance. • Total Risk Profiling – A derivative of the ZHA called Total Risk Profiling (TRP) can identify a wider range of vulnerabilities that can impact a company’s balance sheet and brand. 20 Risk analysis tools

21 Bridging the gap: corp. and ops.

22 Learning Objectives

• Break down the three components of a risk assessment.

• Contrast techniques based on the risk type, analysis purpose, resource limitations and available information.

• Explore different types of qualitative and quantitative risk assessment methods: Safeway, Google and Zurich case studies

23 What is Risk –The Safeway Perspective

24 Safeway at a Glance – Pre Albertsons Acquisition

Safeway is One of the largest Food and Drug Retailers in North America 2013 Sales $44.17 Billion 1,350 Retail Locations (approx.) Recently exited Canada and Illinois About 75% of Stores have Pharmacy Operations 400 Fuel Stations 12 Distribution Centers 20 Manufacturing Facilities: - Milk - Beverage - Bread - Ice Cream Approximately 171,000 Employees

25 Pre January 2015 Safeway Footprint

26 Post Albertsons Acquisition Profile

 Definitive Agreement for Albertsons Acquisition LLC to purchase Safeway – February 2014  Private Equity sponsored purchased completed January 2015. – Combination – Albertsons Holdings LLC (Legacy Albertsons and Safeway Assets) – Combination – New Albertsons Inc., with Safeway Eastern Division  Assets: – 1845 Stores – 345 Fuel Stations 27 Safeway Enterprise Risk Management at a Glance

 Corporate Structure: – Risk Management Operations • Culture of Safety ‐ Platform • Property Risk Engineering • Corporate Safety • Insurance • Environmental • Regulatory Compliance – Finance/Accounting – Claims Management • SWY is Self‐Insured and Self‐Administered for WC, CGL, AL 28 Albertsons Holdings Risk Finance - Philosophy

 Enterprise Risk Perspective  Three Captives: – Hawaii Domicile – Lehua – Bermuda Domicile – Milford • Both captives are well capitalized • Underwriting, Investments, Claims Management, Audit, Executive Management structures – Vermont ‐ Runoff  Moderate to high Retentions on all major lines of coverage.

29 30 31 ExMods applied to retail

32 Zurich’s “EROM” wheel

33 Zurich ERM Diagnostic: benchmark ISO 31000, COSO

34 Risk Room Provides macro country Zurich enterprise insights, e.g. political stability, economic status, resilience tools labor situation

Total Risk Profiling Nat Cat -Location risk Provides exposure information Structured approach to for supplier locations in defining risk appetite and respect of e.g. floods, prioritisation for dealing earthquakes, windstorm, with risks in the supply related transport infrastructure chain

Value Chain Risk and Profit risk Supplier risk exposure assessment Profit understanding Enables a company to Formalised assessment of understand its total relevant areas which are supply chain profit part of the due diligence exposure in terms of a process within the sourcing particular location, activity country or region

Business Continuity Planning Business interruption Disruption understanding modeling analysis Helps in the understanding of the level and nature of disruptions in the Helps a company model its particular industry or a certain relevant BI and CBI exposures location from a unique database

35 Zurich Risk Room on the go

A simplified, demo version of the full app Contains 7 predefined scenarios on: Macroeconomic Imbalances Political Volatility Nat. Cat. and Disaster Management Supply Chain Disruption Demographic Shifts Sustainable Growth Human Capital Easy to navigate, intuitive interface Provides the ability to model changes in individual risks to see how they impact other, interconnected risks Available free of charge to the general public as part of Zurich’s thought leadership innovations and initiatives

Visit www.zurich.com/riskroom or download a free demo for Apple or Android 36 TRP and ZHA methodology

What is Total Risk Profiling and Zurich Hazard Analysis? a team-based, forward-looking process tool to identify hazards and manage risks. a systemic, repeatable risk identification, quantification and prioritization process What is its purpose? primary objective is to mitigate risk, but opportunities can be included too. harnesses the collective knowledge of in-house personnel for risk prioritization When should you use it? scope can be as broad as Board-level strategic issues to the narrow factory floor for operations, safety, new ventures or project, to help achieve targets or timeline What is the outcome? help ensure risk “ownership” for solutions and supports budgeting for treatment teams manage risks proactively to avoid losses to people, property, profit.

37 TRP vs. ZHA: the difference? …just the application. It depends the issues you are addressing. Generally, TRP is used at corporate level, ZHA on the plant floor • TRP is top-down at board /corporate level for broad, long term risks • focus on risks and opportunities, to embed positive risk culture • used for strategic decisions, opportunities, execution of projects or plans that could have material effects on the entire business • used internally by all of Zurich Insurance 200+ times per year • ZHA is a bottoms-up, more detailed analysis. • often shorter term and specific, following “pathways” of risk • Applied in heavy engineering, electronics, chemical / pharma, food and beverage, banking and insurance, and public sector • For systematic analysis of potential hazards of new or existing: products, systems, business operations, manufacturing sites, procedures, project management, safety, processes, etc…

38 TRP and ZHA for cyber risk

39 How the methodology works

Visit www.ZurichERM.com and www.SupplyChainRiskInsights.com 40 The process

1 Preparation: Define purpose and scope

2 Preparation: Select the team

3 Identify/Assess: Define risk scenarios, quantify severity and probability 4 Rank: Build the risk profile, set risk tolerance boundary and plot each risk 5 Improve: Develop risk improvement actions and plot target risks 6 Improve: Implement the risk improvement actions

7 Review the analysis

41 Improving risk profiles Improving Probability A F E D C B 87 1 Severity Current Risk Profile Current Risk VIII I II III IV 64 3 2 5

Probability A F E D C B 837 1 Severity Target Profile Risk VIII I II III IV 4,6 2,5 42 The proof is in the results

• Using Total Risk Profiling, Zurich moved from an asset-based approach to risk-based approach for quantification and capital allocation

• One Zurich business unit reduced operational risk-based capital (RBC) consumption by 21.7 percent

• The business unit then identified high risk exposures, performed a deeper assessment and developed mitigation

• They had an additional reduction of 28.9 % in operational RBC consumption

• Capital not consumed was then available to fund profitable growth for Zurich.

43 Imi grows up

2010 – E&O Current 23 covers $ in millions

44 Deciding what to keep, what to transfer

Access to capacity

Control and flexibility Capital

Administrative costs ity Transfe Sever Administrative r Tax benefits costs

Shar Tax benefits e

Retai n

Frequenc y

45 Risk Challenges

● Risks not contemplated by insurance companies

● Beta/test periods before smaller live launches

● Quick to market solutions which doesn’t match slow regulatory environment

● Some products are seen as beneficial to insurance companies and others are not, so not all insurance companies are supportive of product potential

● Wide variety of risks, many new and emerging are difficult to handle for any one insurance company

46 Moonshot Culture

47 48 Captive Solutions

● Allow for greater freedom of terms, better pricing and availability

● Allow for beta testing and smaller launches, do not need immediate scale

● Very quick to market solutions, faster than any insurance company

● Partner with insurance companies on fronting, where needed or desired

● Wide variety of risks are beneficial for the captive, as it allows for a portfolio effect and is a better use of capital

● On‐staff actuarial resources ensure risk taking is not excessive and is in line with capital requirements

49 Questions?

50