Integrating EHS and Risk Management

The Auditing Roundtable 2010 January MeetingPhoenix, Arizona

Lawrence M. Heim, CPEAThe Elm Consulting Group International llc

Risks are known/unknown exposures to uncertainties that may impact a company’s ability to achieve business objectives A predictive concept

Important to separate “exposures” from “effectiveness of controls” Failure of controls should be considered

and reviewed

The Elm Consulting Group International LLC

Frequency/likelihood factors: Actual occurrence history/data – internal and external View of the future, changes in business/operations,

emerging trends

Severity/impact factors: Assumes the event will occur with no mitigation Existing, established and CREDIBLE value

benchmarks Appropriate and CREDIBLE impacts – internal and

external


Leverage Risk Management function Frequency/severity based on risk

management definitions▪ External and/or internal loss and experience data

Develop baseline (uncontrolled) risk profile Reduces assumptions, strengthens

predictions Allows specific evaluation of controls and

possible failure pointsThe Elm Consulting Group International LLC

Audit scope Expand beyond compliance/EHS MS Focus on specific areas, functions, operations, etc Integrate with other audit functions/activities

Audit schedule Improve method for evaluating audit frequency

Identify appropriate corrective action Severity may be better addressed via financial

solution; frequency by management systems


Coordination with Risk Management function Share metrics, benchmarks, data and resources Reduce costs, support better insurance decisions Generally, better acceptance by business/sites

Evaluate economic benefit of EHS expenses Probability-weighted EHS loss determined from risk

assessment/audit process Profits needed to offset the EHS loss; gross revenues

needed to generate offsetting profits


Thinking in terms of risk, not compliance Not easily driven by protocols, different kind

of thinking needed Different performance metrics needed May be seen as rating existing audit

program Turf battles with Risk Manager; concerns

from EHS staff Senior management buy-in to economic

valuation model


Willis North America, 2010 Marketplace Realities & Risk Management Solutions (Oct. 2009) Corporate risk professionals in the U.S. are preparing for

rigorous enforcement of EHS regulations from current administration

Economist Intelligence Unit, The transition of environmental risk management (2008) Ad hoc environmental risk management is common No clear/formal EHS risk management responsibility

established Lack of formal EHS risk assessment in strategic planning


Environmental Risk Management and the Cost of Capital, Mark P. Sharfman and Chitru S. Fernando, Strategic Management Journal, 29: 569–592 (2008)“… firms that develop a strategy that improves their total risk

management through better environmental risk management are rewarded by the financial markets for their efforts.”

Aon Global Risk Management Survey 2009 Respondents indicated significant increased interest in

captive underwriting in the next five years for environmental risk


McKinsey Quarterly, Risk: Seeing around the corners (Oct. 2009)“Risk-assessment processes typically expose only the most

direct threats facing a company and neglect indirect ones that can have an equal or greater impact.”

Aon Global Risk Consulting, Enterprise Risk Management: S&P Enhancement White Paper (Aug. 2009) S&P to begin incorporating ERM references into individual

corporate credit rating reports in 2010


The Auditing Roundtable 2010 January MeetingPhoenix, Arizona


Integrating EHS and Risk Management

Documents

Transcript of Integrating EHS and Risk Management