ocean park corporation enterprise risk management system

Enterprise Risk Management (ERM)

Speaker: Mr. Matthias Li Deputy Chief Executive & Chief Financial Officer Ocean Park Corporation Hong Kong

Agenda

• Goal of ERM

• Structure and Processes of an ERM

System

• Risk Assessments and Controls

• Crisis Management, Emergency

Responses and Business Continuity

2

Ocean Park Hong Kong

3

4

Ocean Park - Waterfront

Ocean Park - Summit

5

ERM at Ocean Park

Milestone Dates • 1985: First Safety Committee • 1995: First Emergency Response Plan • 2001: Setting up of EHS Department • 2006: Enterprise Risk Management

6

ERM at Ocean Park

Milestone Dates

• 2007: Crisis Management Plan • 2007: Revamped Emergency Response Plan • 2008: Strategic / Corporate Risk Register • 2008: Operational Risk Register • 2010: Project Risk Register • 2011: Divisional Operational Risk Registers • 2012: Business Continuity Plan

7

On August 13, 1995, at 2:17am ...

8

Landslide Occurred

Landslide incident at Ocean Park

Collapsed Road Surface

9

Landslide Occurred

Landslide incident at Ocean Park - 1995 10

Immediate Impacts

Blocked the ONLY vehicular access to the Summit

The Summit area was closed for 2 weeks

Power failure and no water supply

Limited daily capacity

One-third Admission Fee

…etc. 11

First Emergency Plan

First Emergency Plan established

– Combining elements in on-site emergency

handling and crisis management at a

corporate level

12

EHS Department

Set up Environmental, Health & Safety (EHS) Department – A CORPORATE function – Systematically oversees

EHS management system of the Park

Sr. EHS Manager

Environmental Team

Health & Safety Team

13

Master Redevelopment Project (MRP)

• US$710 Million redevelopment project

• Increased number of attractions from 35 to 70

• Commenced in 2006 and completed in 2012

14

Expansion of OP - Attendance

-

2.00

4.00

6.00

8.00

1995/96 2001/02 2006/07 2009/10 2010/11 2011/12

3.02 3.39

4.92 5.09 5.89

7.08

Mill

ion

Year

Annual Attendance

Expansion of OP - Headcount

500

1,000

1,500

2,000

1995/96 2001/02 2006/07 2009/10 2010/11 2011/12

735 775

1,038

1,384

1,566

1,856

Year

Headcount

Expansion of OP – Revenue, OPEX & Fixed Assets

52.93 68.77 114.19 132.13 165.94 211.48

150.84 193.42 202.71

396.77

869.42 933.55

32.39 43.48 71.23 92.13 112.00 123.48 -

200

400

600

800

1,000

1,200

1995/96 2001/02 2006/07 2009/10 2010/11 2011/12

Mill

ion

(US$

'M)

Year

Gross Revenue Gross Fixed Assets Opex

ERM Launched!

In view of the Park’s expansion, the


System is setup to identify and manage

risks in a Proactive & Systematic manner.

18

ERM Structure Risk Management System Document

Set out: - Risk Management Policy

- Roles and Responsibilities - Minimum requirements, etc. for Risk

Management within Ocean Park

Strategic & Corporate Risk

Register

Operational Risk Register

Occupational Health & Safety

Risk Register

Contract Risk

Register

Contract Risk

Register

Contract Risk

Register

Contract Risk

Register

OPC’s vulnerabilities & capabilities, as

documented in the risk registers, informs

the contents of Response Plans

Crisis Management Plan

Emergency Response

Plan

Business Continuity

Plan

Departmental Recovery Plan A

Departmental Recovery Plan B

Departmental Recovery Plan C

Departmental Recovery Plan D

Risk Registers Business Continuity Management Response Plans

Strategic R

esponse

Tactical R

esponse

Operation

Response

19

Ocean Park Risk Management Policy

Risk Management Policy

Recognises risk is an INHERENT part of our

businessz

Commitment to identifying & managing risks in a

PROACTIVE AND SYSTEMATIC MANNER

21


• Future uncertain event that impacts upon objectives

Risk

• Normal business risks • Extreme risks (i.e. sudden / dramatic events

and require immediate management) • Business Continuity Management

ERM System covers

22


By understanding and managing DOWNSIDE risks, we:

Protect staff,

guests, neighbours,

and the animals

collection

Ensure business continuity

Minimize negative financial impacts

Protect reputation & standing

• Risks, for all aspects of business & projects, will be:

Identified Assessed Controlled


24

Risk Management Policy - Responsibilities

• Oversee the overall implementation of the ERM System Board

• Review the ongoing effectiveness of the ERM System

• Report the risk profiles to the Board on a timely manner

Chief Executive

25

Risk Management Policy - Responsibilities

• Manage risks in collaboration with the Risk Management Committee and the Senior EHS Manager

• Ensure the effective implementation and maintenance of the ERM System

Deputy Chief Executive &

CFO

26

Goals of ERM

Reducing Loss Achieving

Company Objectives

27

ERM Process

• The process by which the probable gains and losses associated with an activity are

, and

Identification

Evaluation

Control 28

ERM Looks at Risk!

• CHANCE of something happening

• Impact upon BUSINESS OBJECTIVES

Risk

29

Strategic & Corporate Objectives

1. Community Education

To provide & promote conservation awareness in the global community through education, research funding and direct involvement

2. Competitive position

To sustain market share from Hong Kong guests, grow international guests & diversity guest markets

3. Financial Performance

To sustain an operating surplus to fund ongoing operations, enable reinvestment & service future debt associated with redevelopment with adequate contingency reserve funds

Strategic & Corporate Objectives (cont’d)

4. Employees To attract and retain

capable, reliable and engaged employees

5. Project Viability To deliver a facility that

meets the needs of Ocean Park and its key stakeholders

31

Operational Objectives

1. Community Participation

To enable participation in Ocean Park’s activities amongst all community members regardless of financial position or physical and mental ability

2. Animal Welfare

To ensure all animals in Ocean Park’s care are and remain physically healthy and mentally enriched

3. Natural Environment

To continuously reduce adverse impacts to air, land, water, flora, fauna associated with our operations & to contribute financially to environmental improvement programs

Operational Objectives (cont’d)

4. Customer Satisfaction

To maximize customer satisfaction with our people, facilities, entertainment & events

5. Health & Safety To provide an injury free

environment for all people

6. Standards To maintain high status in global

zoological community including AZA accreditation whilst meeting all other relevant compliance requirements 33

Operational Objectives (cont’d)

7. Business Continuity

To constantly maintain business as usual ensuring full preparedness for out of usual events

8. Project Completion

To complete all projects on time, within budget, and with minimal disruption to existing facilities

34

Risk Categories

Downside Risks

Upside Risks

35

Downside Risks

Slip and Fall

Abrasion

Sore Shoulder Cut

Downside risks = Health & Safety??

36

Safety & ERM

Downside Risk is MORE THAN just Health & Safety…

It is an integral part of the


37

Risks at Enterprise Level

Enterprise Risks

Health & Safety risks

Marketing risks

Political / regulatory

risks

Reputational risks

Financial risks

Business Continuity

risks

Customer satisfaction

risks

There are other type of ENTERPRISE risks!

38

Risk Identification

Business downturn Competitions Terrorism Animal

activists Change in

government policies

Landslide Employee turnover & retention

Ride incident Animal

escape & attack

Major power failure

Risk Evaluation • Analyze the risk by considering the

CONSEQUENCES and their LIKELIHOOD; and “calculate” the risk rating

40

Outcome of a risk source affecting BUSINESS

OBJECTIVES

41

Consequence

Risk Sources & Consequences

Massive Fire at an

Exhibit

Customer Satisfaction

Competitive position & financial

performance

Risk Sources Business Objectives Being Impacted

Reduced attendance causing less

revenue

Reduced guest

experience damaging reputation

Consequences

42

Ride accident - Guest Injury / Fatality

Example of Consequence at Themed Park Industry

43

Loss of a coaster due to Hurricane Sandy


44

Bad news on newspaper - Reputational Loss!


45

Consequences Rating Level

Descriptor Financial (HKD)

Health & Safety Social & Natural Environment

Reputation & Brand Compliance

1 Insignificant < X1 No medical treatment required

Limited damage to minimal area of low significant

Public concern restricted to local complaints about OPC brand

Single minor breach of law with formal complaint

2 Minor X1 – X2 Minor first aid – no disabling

Minor effects on biological or physical or social environment

Minor, adverse local public or media attention or complaints about OPC brand

Multiple minor breaches of laws with formal complaints or standard requiring rectification

3 Moderate X2 – X3 Disabling incident requiring medical treatment with no permanent impact

Moderate, short-term effects but not affecting ecosystem function or ongoing social issues

Attention from media and/or heightened concern by local community complaints a bout OPC brand

Minor breach of laws resulting in prosecution. Failure to meet standard audits

4 Significant X3 – X4 Serious (permanent disabling injury that was life threatening – “near miss”

Serious medium term environmental effects or ongoing serious social issues

Significant adverse national media and public attention impacting on OPC brand

Single significant breach of laws resulting in prosecution. Failure to meet standard audits

5 Major X4 – X5 A fatality, or very serious irreversible injury to a small number of people in localized area

Very serious, long-term environmental impairment of ecosystem function or ongoing widespread social impacts

Serious public or media outcry, international coverage with significant impact on OPC brand

Multiple significant breaches of laws. Single loss of certification to international standard

6 Critical X5 – X6 Multiple fatalities, or very serious irreversible injury to multiple persons in localized area

Significant impact on highly valued species, habitat, or ecosystem or breakdown in social order

International media condemnation with major impact on OPC brand

Single major breach of laws. Loss of multiple certifications to internal standards

7 Catastrophic > X6 Over 10 fatalities or very serious irreversible injury to board group of persons across many areas

Very significant impact on highly valued species, habitat or ecosystem or complete breakdown in social order

Prolonged international condemnation with permanent damage to OPC brand

Multiple major breaches of laws resulting in imprisonment of executives. Loss of license to operate

Likelihood

• Frequency of happening • Could be quantified

– Once in a month – Twice a year – Once in 5 years – Once in 20 years – … etc.

• Also named as - Probability 47

Likelihood Rating Level

Descriptor Description Frequency

1 Extremely remote

The event is not expected to occur in most circumstances

Less than once in 100 years

2 Remote The event is not expected At least once in 100 years

3 Rare The event may occur only in exceptional circumstances

At least once in 50 years

4 Unlikely The event could occur at some time At least once in 25 years

5 Possible The event should occur at some time At least once in 10 years

6 Likely The event will probably occur in most circumstances

At least once in 2 years

7 Almost certain

The event is expected to occur in most circumstances

At least once per years

Quantifying Risk

• Risk = probability of an event times its consequences

Or Consequence x Likelihood

• Risk is now expressed as : Quantified monetary loss

49

Quantifying Risk

RISK = CONSEQUENCES (1 – 7) X LIKELIHOOD (1 – 7)

• Based on a 7 x 7 risk matrix • Therefore, Risk Rating ranges from 1 (1x1) to 49

(7x7)

50

7 x 7 Risk Matrix Li

kelih

ood

Ratin

g

7 14 21 28 35 42 49

6 12 18 24 30 36 42

5 10 15 20 25 30 35

4 8 12 16 20 24 28

3 6 9 12 15 18 21

2 4 6 8 10 12 14

1 2 3 4 5 6 7

Consequence Rating

Risk Rating = Consequences x Likelihood Risk Rating

Descriptor

28 – 49 Catastrophic

21 – 27 Major

14 – 20 Moderate

7 – 13 Minor

1 – 6 Insignificant

51

Inherent Risks

• Outcome: Inherent Risk Rating (1 – 49)

i.e. Risk rating BEFORE any control measures

are implemented

52

Risk Controls

Inherent Risk

Risk Control

Reducing Consequence

Reducing Likelihood

53

Hierarchy of Risk Control

Eliminate

Avoid

Reduce

Mitigate

Transfer Risk Custody

(residual risk)

54

Pref

eren

ce

Most Effective

Less Effective

Residual Risks

• Take the risk controls into account, calculate

the Residual Risk Rating

i.e. Risk rating AFTER control measures have

been implemented and considered

55

Risk Controls

Inherent Risk

Risk Control

Reducing Consequence

Reducing Likelihood

Lowering Risk Level: Residual

Risk

Brin

g do

wn

risk

ratin

g

56

Outcome: Risk Register

57

OP’s Risk Registers

• Strategic / Corporate Risk Register

• Operational Risk Register

• Project Risk Register

• Operational Risk Registers at Business Unit levels

58

On-going Monitoring & Review

Identify changes on: • Business environment • Risk profile • Progress of risk controls

59

Crisis & Emergency Risk Management System Document





Register



Risk Register

Contract Risk

Register

Contract Risk

Register

Contract Risk

Register

Contract Risk

Register





Emergency Response

Plan


Strategic R

esponse

Tactical R

esponse

60

Crisis & Emergency

• Separate Emergency Plan into:

– Crisis Management Plan – Emergency Response Plan

61


Guide & support the strategic response at a corporate level when a

risk event occurs

Determine the immediate response of the Park

Minimize the short, medium and long term impacts to the

Park

Risk Event = Unexpected & outside the normal course of business, and require priority attention until controlled

62


• Incident reporting & escalation • Formation of Crisis Management

Team & responsibilities • Definition of Crisis Levels 1 to 3 • Setting of Emergency Control and

Information Center (ECIC) • Checklists for collecting facts &

prioritizing tasks • Media & communication handling • …etc.

63

Crisis Levels Crisis Level

Potential Human Impact

Potential Environmental or animal Impact

Potential Operational Impact

Potential Reputation Impact

Ocean Park Response

Level 1 Minor First Aid – no disabling impact; no other threat; Guests trapped for < X minutes

Minor affect on biological or physical environment. Containable.

Temporary stoppage of ride or facility

Complaints, no media interest

Activate Emergency Response Team (ERT) where appropriate

Level 2 Medically treated injury; threat to other guests; guests trapped for > X minutes.

Moderate, short-term effects. Potentially difficult to contain. Loss of mammal.

> X minutes stoppage of ride or facility with guests trapped

Minor, adverse local public or media attention and complaints

Activate site ERT Activate Crisis Management Team (CMT) where appropriate

Level 3 Major injury or fatality

Serious medium term environmental impacts. Loss of more than one mammal.

Serious disruption to large area of park

Significant adverse media /public/NGO attention

Activate ERT and CMT

Emergency Response Plan

Guide & support on tactical response for

emergency phase when a risk event

occurs

Protect the safety of people & animals

Minimize the damages to the Park’s properties

65

Emergency Response Plan

Covering areas of:

• Rescue & life-saving • Contain damages • Evacuation & crowd control • Emergency transportation service • Manpower deployment • Emergency Guest Service…etc.

Business Continuity Risk Management System Document





Register



Risk Register

Contract Risk

Register

Contract Risk

Register

Contract Risk

Register

Contract Risk

Register





Emergency Response

Plan

Business Continuity

Plan

Departmental Recovery Plan A

Departmental Recovery Plan B

Departmental Recovery Plan C

Departmental Recovery Plan D


Strategic R

esponse

Tactical R

esponse

Operation

Response

67

Business Continuity Plan

• Established Business Continuity Plan (BCP)

• Supported by various Departmental Recovery Plans at operational level

68

Guide & support on tactical

response to resume normal

operation

Resume normal operation within the SHORTEST

time

LIMIT THE DISRUPTIONS on

the business critical activities


Business Critical Activities

Maintain health of animals collection

Maintain adequate revenue

Meet customer expectations

70

Burnt down of Finance main

office

Finance office is not able to function as

normal

Purchasing

Payroll

Ticket Admission

Business Continuity - Example

Business Continuity: • Relocate to other cashier office • Home offices

Affected Functions

71


Covering areas of:

Monitoring & notification procedures

Maximum Tolerable Period of Disruption

Procedures to prioritize responses & recovery efforts

72

Drill Exercises

Categories Drills Conducted in 2012

Rides Rescue 258

Fire drill 18

Biological / Chemical Leakage 4

Animal Escape / Attack 4

Miscellaneous 5

Total 289 73

Fire Drill in Office Buildings

Ride Rescue Drill - Eagle

75

Ride Rescue Drill – Crazy Galleon

Night time drill! 76

Open Water Rescue

Scuba diver missing in open water 77

Water Rescue Drill – Grand Aquarium

Drill for snorkeling activity 78

Cable Car Vertical Rescue Drill

79

Panda Escape Drill

80

Biological Spillage Drill

81

Crisis Management in Action!

82

Board

Chief Executive

Deputy CE & CFO EHS Department

Risk Management Committee

Risk Owner

Risk Coordinator

Risk Owner

Risk Coordinator

Risk Owner

Risk Coordinator

1. Review risk reports & controls 2. Oversee the ERM implementation

1. Direct ERM & report to the Board

1. Implement ERM 2. Review progress of ERM & risk controls

1. Oversee & review the risk profile 2. Monitor risk controls

1. Oversee the ERM operation 2. Administer risk registers &

produce risk reports 3. Support CMP implementation 4. Maintain BCM Response Plans

1. Monitor risks 2. Ensure adequate controls 3. Review risk profile

1. Assist Risk Owner to follow up on risk controls

ERM Organization

83

Making ERM a Successful One!

Get LEADERSHIP

SUPPORT

ERM is MORE THAN JUST

SAFETY

Engage ALL staff

Continue ERM as an ON-GOING

process, not a “one-off” exercise

INTEGRATE risk

management into daily

operations

Thank You

ocean park corporation enterprise risk management system

Documents