04 Risk Management Audit Report
Internal Audit Report Comprehensive Operational Audit Risk Management Department January 1, 2010 December 31, 2011 Issue Date: May 15, 2012 Report No. 2012-07 Internal Audit Report Risk Management Department January 1, 2010 December 31, 2011 Table of Contents Transmittal Letter ................................................................................................................................................................... 3 Executive Summary............................................................................................................................................................... 4 Background.............................................................................................................................................................................. 5 Highlights and Accomplishments...................................................................................................................................... 7 Audit Scope and Methodology............................................................................................................................................ 9 Conclusion ............................................................................................................................................................................... 9 2 of 9 Internal Audit Report Risk Management Department January 1, 2010 December 31, 2011 Transmittal Letter Audit Committee Port of Seattle Seattle, Washington We have completed a comprehensive operational audit of the Risk Management Department. We reviewed information relating to the Risk Management Department from January, 1 2010, through December 31, 2011. We conducted this performance audit in accordance with generally accepted government auditing standards. Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objectives. We believe that the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objectives. We extend our appreciation to the Risk Management staff for their assistance and cooperation during the audit. Joyce Kirangi, CPA Director, Internal Audit 3 of 9 Internal Audit Report Risk Management Department January 1, 2010 December 31, 2011 Executive Summary Audit Scope and Objectives The purpose of the audit was to determine whether management has implemented adequate controls to ensure: Policies and procedures are followed and kept current Performance measures are tracked Receipts are properly accounted for We reviewed information for the period January, 1 2010, through December 31, 2011. Background The Risk Management Department provides many services and performs many tasks for the benefit of the Port as a whole: 1) incident reporting, 2) claims management, 3) contractual risk analysis, 4) risk financing, 5) insurance purchasing, 6) driver safety training, 7) enterprise risk assessments and 8) special event management. The Department also has a role in self-funding for employee health benefits, fleet management as it pertains to driver safety, contractual liability management with the Central Procurement Office, construction safety and management of the federally mandated drug testing requirements for commercial driver license holders (emphasis in 2012 is on the new hires for the rental car facility busing operations). Risk Management uses broker intermediaries to purchase commercial insurance policies that pay for losses exceeding the selfinsured retention of $1 million. Reported incidents number approximately 700 per year, with less than one percent becoming claims. Departments throughout the Port are responsible for all liability and property claim and litigation costs not covered by property and general liability insurance up to the Port's $1 million self-insured retention, including outside attorney services. Departments do not budget for these types of uncertain losses and related claims as they generally fall within the Port's self-insured retention (deductible). However, claims and losses may exceed the available limits of coverage, may relate to events for which there is no insurance available or where the Port chose not to purchase insurance. There were 4,289 incidents for the five year period 2007-2011 in the incident-tracking database. The following totals include Worker's Compensation incidents, which are not included in the scope of this audit: Year Incidents 2007 850 2008 921 2009 823 2010 801 2001 894 Audit Result Summary The Risk Management Department has adequate controls to ensure policies and procedures are followed and kept current, performance measures are tracked and receipts are properly accounted for. 4 of 9 Internal Audit Report Risk Management Department January 1, 2010 December 31, 2011 Background The Risk Management Department provides many services and performs many tasks for the benefit of the Port of Seattle as a whole: 1) incident reporting, 2) claims management, 3) contractual risk analysis, 4) risk financing, 5) insurance purchasing, 6) driver safety training, 7) enterprise risk management assessments and 8) special event management. The Department also has a role in self-funding for employee health benefits, fleet management as it pertains to driver safety, contractual liability management with the Central Procurement Office, construction safety and managing the federal mandated drug testing requirements for commercial driver license holders (emphasis in 2012 is on the new hires for the rental car facility busing operations). Risk Management uses broker intermediaries to purchase commercial insurance policies that pay for losses exceeding the selfinsured retention. The Risk Management Department uses industry claims management software to track all reported incidents, adjust claims and monitor litigation. The incidents in the table below include worker's compensation incidents, which are tracked in the same database, but are not the responsibility of the Risk Management Department. Of the incidents cited below, Risk Management is responsible for approximately 700 incidents annually. Year Incidents 2007 850 2008 921 2009 823 2010 801 2001 894 Total 4,289 Port departments are directly responsible for all liability and property claim and litigation costs not covered by property and general liability exposures up to the Port's $1,000,000 self-insured retention. These costs are borne by the business unit that manages the operation or the revenue center where the liability arises. Departments do not budget for these losses, as they generally fall within the Port's self-insured retention. However, claims may exceed the available limits of coverage, may relate to events for which there is no insurance available or may be areas for which the Port chose not to purchase insurance. The Port establishes reserves to cover potential claims costs. The Port had an owner controlled insurance program from 2001 to 2008, to manage claims and provide insurance coverage for the major capital program at the airport, which included the AOB, CTE, Third Runway, STS Upgrade and several other projects. Although the program ended in 2008, the policies are still active to receive and respond to claims through 2016. This program will generate refunds on Port collateral, premium refunds and interest earnings on collateral. 5 of 9 Internal Audit Report Risk Management Department January 1, 2010 December 31, 2011 The following tables depict the top ten incident locations and the top six incident types relative to incidents that involve property damage and bodily injury. Top 8 Incident Locations 2007 2008 2009 2010 2011 Total Escalator 113 131 126 171 199 740 Parking Garage 58 53 52 53 55 271 AOA/Ramp 28 71 30 34 50 213 Parking Lot 31 39 31 36 44 181 Street 37 49 27 35 28 176 Main Terminal 30 33 37 30 26 156 Dock 12 27 18 20 22 99 Baggage Claim 25 28 28 10 14 105 Grand Total 334 431 349 389 438 1941 Source: RiskMaster incident tracking and claims management database Top 6 Incident Types 2007 2008 2009 2010 2011 Total General Liability Aviation Bodily Injury 351 322 310 353 347 1683 Vehicle Incident - First Party Only 19 49 44 47 73 232 General Liability Aviation Property 43 77 66 35 63 284 Port Property Loss Real Estate 1 3 29 27 48 108 Port Property Loss Aviation 34 50 24 33 45 186 Vehicle Incident 62 77 60 63 39 301 Grand Total 510 578 533 558 615 2794 Source: RiskMaster incident tracking and claims management database Financial Highlights Reserves declined significantly in 2011, due to settlement of litigated claims. Actual Actual Budget Insurance Premiums 2010 2011 2012 Property Insurance Premiums 1,180,332 1,216,743 1,400,000 Liability Insurance Premiums 670,000 692,000 725,000 Claims and Litigation Reserves 10,838,315 2,400,000 2,600,000 Driver Program Liability Costs 13,300 25,000 50,000 Workers Compensation Self Insured Reserves 1,333,000 1,200,000 1,400,000 Driver Program Physical Damage Costs 31,300 20,000 35,000 Source: 2012 Budget Summary 6 of 9 Internal Audit Report Risk Management Department January 1, 2010 December 31, 2011 2010 2011 2011 DESCRIPTION ACTUAL ACTUAL BUDGET OPERATING REVENUE 0 0 0 OPERATING EXPENSE SALARIES & BENEFITS 547,697 522,392 551,050 OTHER OPERATING AND MAINTENANCE 87,659 22,139 33,268 TOTAL OPERATING & MAINTENANCE EXPENSE 635,356 544,531 584,318 Source: Responsibility Reports Highlights and Accomplishments Claims Review In May 2010, a claims officer from an insurance carrier independently reviewed the Port's claims management program. This review encompassed handling procedures and a sample of 33 claims, which represented a cross section of losses spanning several operations, including those at the airport, seaport, cruise and moorage terminals, as well as vehicular accidents and situations giving rise to employment related claims. The conclusion was that the overall management of the process was very professional, from the investigation to liability assessment to evaluation of damages to negotiation of settlements. Claims Management The claims program generates approximately $1,000,000 in reserves and self-insured retentions each year, as well as payments of approximately $300,000 per year to claimants and service providers. The Risk Management Department is responsible for the management and resolution of approximately 700 events per year, which involve a wide variety of property and liability. The coverage, exclusions, self-insured retentions and deductibles vary widely with retentions up to $1,000,000 and policy limits up to $500,000,000. Enterprise Risk Management Enterprise Risk Management had been discussed for a number of years at the Port. In 2010 a pilot study was done for Harbor Services. The Port used a consulting firm to assist the Port and educate management on a risk assessment framework. In 2011, another ERM project was conducted, which involved the ICT Corporate Services Department. This latter study was performed without consultants. Results of both assessments were presented to the Audit Committee. Liability and Property Insurance Broker Selection A five-year contract with a national brokerage firm was signed in May 2011, after a competitive process and a team evaluation of the proposal, to assist the Port with its liability risk management (including claims and procurement of insurance). A three-year contract was signed in March 2012, following a separate competitive process, to select a broker to assist the Port with the purchase of its property insurance, equipment breakdown inspections and property claims management. 7 of 9 Internal Audit Report Risk Management Department January 1, 2010 December 31, 2011 Driver Safety Risk Management oversees the driver safety program, which covers all Port drivers as well as specialized drivers that require commercial driver licenses. This program covers the Port's selfinsured auto program, the management of first-party and third-party auto claims, recovery of damages from liable third parties, maintaining a list of employees eligible to drive, driver training and communication of safety performance criteria through the Port's Health and Safety Program. Since the Port began its self-insurance program in 2003, savings are approximately over $3.5 million dollars, with an additional amount of over $150,000 collected from the parties responsible for physical damages to Port-owned vehicles. Self-Funded Employee Benefit Programs In 2009, Risk Management initiated the Port's research into the merits of self-funding medical and dental benefits for the Port. Self-funding provides more control over benefits offered and cost savings of profit that would otherwise go to the insurance company. Transition to the self-funded program began in 2010, with 2011 the first year of implementation, covering about 950 employees. Total incurred costs for 2011 medical claims were $10.3 million ($1.1 million below the budgeted costs). Total incurred costs for 2011 dental claims were $1.3 million ($190,000 below the budgeted costs. The run of claims from the 2010 (and prior) fully insured plans with Premera will result in the Port receiving an estimated $2 million refund of its Premium Stabilization Reserve in 2012, after the reserve is closed. Cost of Risk - Risk and Insurance Management Society (RIMS) Benchmark Survey $50.00 $45.00 Port of Seattle - Cost of Risk Per $40.00 $1000/Revenue $35.00 Port Cost of Risk per $1000 of Revenue $30.00 Risk and Insurance Management $25.00 $20.00 $15.00 $10.00 $5.00 $- 19961997199819992000200120022003200420052006200720082009201020112012 Est Note-The Port's Cost of Risk is in line with industry standards. Review of Contracts Risk Management reviews over one hundred contracts annually, which include leases, MOAs, interlocal agreements, personal and professional service agreements and construction contracts. The department's review ensures that insurance and indemnity requirements are adequate. Risk 8 of 9 Internal Audit Report Risk Management Department January 1, 2010 December 31, 2011 Management participated in the CPO-led study team in 2011 (Service Agreement Advisory Committee), which reviewed CPO-1 and recommended changes to facilitate utilization and execution of this policy for service agreements. Audit Scope and Methodology We reviewed information for the period 2010-2011 and analyzed reported incidents for a five-year period (2007-2011). We utilized a risk-based audit approach, from planning to testing. We gathered information through interviews, observations and analytical reviews, in order to obtain a complete understanding of the operations and responsibilities of the Risk Management Department. We applied detailed audit procedures to areas with the highest likelihood of significant negative impact as follows: We reviewed Policy EX-7, which guides incident reporting, and Policy EX-14, which guides driver safety. o We determined whether the policies had been reviewed and updated, as necessary. We reviewed the performance measures used by the department to determine whether appropriate and reasonable. o We compared performance measures to industry standards, to determine whether comparable. o We determined whether performance measures were related to goals and objectives. We identified receipts flowing directly into the Risk Management Department and determined whether properly accounted for. o We determined whether receipts had been deposited timely o We determined whether receipts had been properly recorded Conclusion The Risk Management Department has adequate controls to ensure policies and procedures are followed and kept current, performance measures are tracked and receipts are properly accounted for. 9 of 9
Limitations of Translatable Documents
PDF files are created with text and images are placed at an exact position on a page of a fixed size.
Web pages are fluid in nature, and the exact positioning of PDF text creates presentation problems.
PDFs that are full page graphics, or scanned pages are generally unable to be made accessible, In these cases, viewing whatever plain text could be extracted is the only alternative.