170 likes | 385 Views
CREATING A SAFE AND PRODUCTIVE ''WORK AT HOME" ENVIRONMENT. Understanding The Risk Profile: Procedures, People, & Privacy.
E N D
CREATING A SAFE AND PRODUCTIVE ''WORK AT HOME" ENVIRONMENT Understanding The Risk Profile: Procedures, People, & Privacy
Yvette Connor: Managing Director with Alvarez & Marsal Risk Management Advisory Services in Denver, with more than 20 years of experience building, quantifying and testing operational, financial, hazard and reputational risk frameworks. • Before A&M, Ms. Connor served as the Director of Client Engagement for Marsh. Her primary focus involved leading a proprietary global servicing model to define clients’ business needs and priorities, design optimal risk management responses, and deliver value add solutions alongside exemplary team performance. • Prior to joining Marsh in 2010, Ms. Connor was the Director of Risk Management at Vulcan Inc., a privately held company, with a diverse portfolio of over 200 operating companies. There, she led the development of a multi-disciplinary risk management department that created enterprise-wide risk management platform to identify, , and mitigate exposure to risk, while focusing on value for key stakeholders. Earlier, she served as Vice President of Risk Management at Roll International, a global food producer, distributor and product manufacturer, as well as Director of Insurance and Risk Financing at Sutter Health. • Ms. Connor earned a Master’s of Science degree in Risk Management at New York University and an MBA in Finance at University of California, Davis. • In 2013, Business Insurance magazine named her as one of the “Women to Watch” in Risk Management and Insurance, confirming her talents as a leader and innovator for risk management excellence. In 2008, Treasury and Risk magazine named Ms. Connor to their “40 under 40 list.” • Suzanne Gallie: Director of Global Risk Management, Equinix, Inc. Equinix is the worlds largest data center & colocation provider with over 100 locations in 15 countries. The Equinix mission is to protect, connect and power the digital economy. • Ms. Gallie joined Equinix in 2010 and manages risk assessment and mitigation across all disciplines within the company with an emphasis on risk financing, business continuity planning and development and maintenance of an ERM approach meeting the unique needs of the business • Previously acting as Sr. Risk Manager at Sun Microsystems, her primary focus was risk financing with an innovative approach including integrated insurance programs and broad captive utilization. • Prior experience also includes Director, Risk Management at Gap, Inc. and New Business Acquisition at Sedgwick in London. • Ms. Gallie received a BS in Finance and International Business from the Leeds School of Business at the University of Colorado, Boulder and holds an ARM.
Learning Objectives • Understand ‘Telework’ as part of today’s corporate risk management environment • Explore the general pros and cons of ‘Telework’ • Develop a view that captures the practical realities of managing “work at home” (‘Telework’) exposures • Examine risk management best practices that should be maintained by both the employee and employer
Advancements in technology, specifically in the area of telecommunications, cloud storage, and virtual meeting applications, have created a platform whereby employees and/or contractors of a firm can perform their duties without having to commute to the firm’s physical location. However, debates among various management philosophies argue whether or not the pros outweigh the cons. This debate recently made headlines when Marissa Mayer, the young and progressive CEO of Yahoo Inc., ended the firm’s “work from home” policy without any public explanation as to why. In the spring of 2013, she made a public statement saying that "It's not what's right for Yahoo right now," but added that "It (the policy) was wrongly perceived as an industry narrative.”1 As the debate continues over the benefits and drawbacks of telecommuting, many are focusing only on productivity and ignoring the change that occurs to a firm’s risk profile once a telecommuting policy is in place. For management of a firm to adequately theorize the net result of implementing a telecommuting policy, all of the risk factors must be identified and quantified. This requires the expertise of highly skilled risk management team, capable of taking an organizational theory, and quantifying the operational risks. 1Tkaczyk, Christopher: Marissa Mayer breaks her silence on Yahoo's telecommuting policy. CNN Money, April 19, 2013. http://tech.fortune.cnn.com/2013/04/19/marissa-mayer-telecommuting/ Telework A new frontier of risk management
Telework Understanding impacts of Management Culture, Cost Management, and Employee Engagement • Yahoo mandated all employees must come to the office and could no longer work remotely. This move was clearly in contrast to the general growth in telecommuting or working from home (‘Telework’). • The US census bureau reported that the number of employees working from home grew 23% from 1990- 2000. • As technology continues to advance more and more companies are realizing the benefits of allowing employees to work remotely. • Telework provides an opportunity for the employer to save on real estate and office overhead expenses, and that employees are more productive and more satisfied. • However, there are new and emerging risks to consider: • People, Process, and Technology.
The ability of the firm to manage employee safety and data security creates significant challenges within the firm Identifying Risks attributed to telecommuting APPLICABLE INSURANCE COVERAGE RISK CATEGORY IDENTIFIED RISKS
Mobile Device Management: Threats and Practical Realities The Sun reported on Wednesday that the laptop, which was lost along with 19 others three weeks ago, contained the unencrypted health details of over 8.63 million people and records of 18 million hospital visits, operations and procedures. It was taken from a storeroom of London Health Programs, a medical research organization based within the NHS North Central London health authority. If the data has been breached, the implications could be serious, according to the ICO. "[The NHS] holds millions of [bits of] data on millions of people. They're probably the body that hold the most sensitive data in the UK, they have millions and millions of records being accessed every day," a spokeswoman for the ICO told ZDNet UK. http://www.zdnet.com/nhs-laptop-loss-could-put-millions-of-records-at-risk-3040093112/
Breaching the “Veil of Secrecy”Even the best are not safe from error
Mitigating Risks Associated with Telework Written policies should be created outlining specific protocols for the conditions of the employee’s work area. These protocols should include, but not be limited to: Employee’s working space must be in a clean, well-lit environment free from any personal belongings not pertinent to their job description which could be hazardous The work-space must contain adequate power outlets and surge protectors to safely power all hardwire required to perform the employee's duties Require the employee to submit photograph evidence that their work-space meets the required protocols Any employee working from home should be required to sign that they have read the safety protocols, and that worker’s compensation benefits only apply to injuries that occur in the course of their job duties Although impossible to eliminate completely, the likelihood of a material loss resulting from adopting a telecommuting policy, can be dramatically reduced by applying risk management best practices Protecting Human Capital
Network Security/Information Security/Privacy Liability insurance Policies typically include: 1st Party coverage for notification costs associated with release of personally identifiable information (sub-limits may apply). 3rd Party coverage for suits alleging invasion of privacy (lower frequency, higher severity) As additional claims result from devices utilized outside corporate firewalls, additional underwriting questions will ensue. Written policies should be created now to guide IT and employees in the following areas: An intranet time-log system should be created and monitored on-going for signs of fraud and abuse All telecommuting employees should be provided with company issued hardware and security software to ensure uniformity across applications. If employees will utilize non-company issued devices, security software should be specified and/or provided Require that all work-product be stored in and for work be performed through a cloud computing portal such as Citrix to monitor data movement and application access Provide clear instructions on steps to take if a device is lost, hacked or otherwise compromised. E & O policies currently provide broad definitions, with no commonly used exclusions for risks associated with work from home or use of personal devices. Reputation and Security