1. Assist LMCIT with choosing an ERM Framework: a. Offer two or three options for an ERM framework used for an insurance entity such as a governmental risk pool and/or a smaller private insurance company. This framework will be tailored to LMCIT’s specific needs pursuant to discussions after the consultant is engaged. b. Advise on the establishment of a risk identification and assessment methodology including the categories for the risk register, guidelines for likelihood of risks occurring, industry risk definitions, ratings system, and ranking criteria for initial risk, mitigation, and residual risk variables. c. Guide LMCIT staff on how to assess Board risk tolerance and consider establishment of a target residual risk level for key categories. d. Provide input on which software platform (spreadsheets, database used by LMCIT currently, or a specific ERM software) is appropriate for LMCIT for the initial and ongoing maintenance of the ERM framework. e. Recommend ongoing processes for LMCIT to update the ERM framework on its own staff resources in future years. 2. Review LMCIT’s core team responsibilities, internal training, and capacity building plans: a. Assist LMCIT in choosing a methodology for staffing the initial and ongoing assessment of risks. For example, should LMCIT utilize a core team of two to four staff to be the internal “experts” on ERM and conduct the interviews for risk assessment? Or should LMCIT’s risk assessment team be the department heads for LMC and LMCIT who then are responsible for their departments assessment and ongoing monitoring? b. Participate in a training session for LMCIT staff and those to be interviewed in the early stages of the engagement. c. At the end of the process, assist staff with the plan for: i. Ongoing risk governance. ii. Relationships between ERM and strategic planning. iii. How often should periodic risk assessments occur. 3. Support LMCIT staff with completing a comprehensive risk assessment: a. Work with LMCIT staff in identifying and evaluating the key risks associated with LMCIT’s operations, including strategic, operational, financial, compliance, and reputational risks. Tasks include: i. Support LMCIT staff with sample questions and tracking documents for interviews with LMCIT/LMC staff, BRAC staff, and LMCIT Board members (we do not expect the assessment to include a survey or interviews with LMCIT members/cities/customers). ii. Provide data for LMCIT to benchmark results against similar insurance entities. b. Work with LMCIT staff to assess the current risk management practices and frameworks in place at LMCIT. c. Review risk register and help LMCIT staff prioritize risks based on their severity and likelihood as well as current mitigation strategies. 4. Describe risk mitigation strategies: a. Assist LMCIT staff in developing a list of future (three-to-five-year time horizon) risk mitigation strategies and action plans for each identified risk category. 5. Risk monitoring and reporting: a. Recommend a system for ongoing risk monitoring and reporting; develop key risk indicators to track risk exposure. b. Assist LMCIT in a staff capacity assessment to determine which staff positions should be primarily responsible for ERM going forward. c. Assist LMCIT with selecting the appropriate software to support these efforts. 6. Report and recommendations: a. Review a staff drafted comprehensive report detailing the findings, proposed ERM framework, and actionable recommendations. b. Be a part of the team presenting the final report to the LMCIT management team and LMCIT Board of Trustees. c. Assist staff with developing an ERM policy for adoption by the LMCIT Board.
