PUBLISHED BY THE PUBLIC RISK MANAGEMENT ASSOCIATION OCTOBER 2017
Claims of Sexual Misconduct on Campus:
Challenges for Today’s Public Risk Manager PAGE 6
ALSO IN THIS ISSUE
THE CARE AND FEEDING OF YOUR FEMA PROJECT SPECIALIST PAGE 10
Getting Your Risk Management Program off the Ground:
HOW TO BE SUCCESSFUL ONE STEP AT A TIME
PAGE 14
PRO
TER
SUPPOR UD
PRIMA 2 0 17 BITCO Insurance Companies1 Old Republic Aerospace2
Specialized Offerings. Public Entity Expertise. Old Republic Insurance Group offers a full suite of risk management and insurance solutions, and Third Party Administration (TPA) services, with specialized offerings and expertise to meet the unique needs of public sector clients.
Old Republic Specialty Insurance3 PMA Companies3
For more information, visit: www.oldrepublicinsurancegroup.com
Insurance contracts are underwritten and issued by: 1. BITCO General Insurance Corporation and BITCO National Insurance Company; 2. Old Republic Insurance Company; 3. Pennsylvania Manufacturers’ Association Insurance Company, Manufacturers Alliance Insurance Company, Pennsylvania Manufacturers Indemnity Company.
OCTOBER 2017 | Volume 33, No. 9 | www.primacentral.org
CONTENTS
The Public Risk Management Association promotes effective risk management in the public interest as an essential component of public administration.
PRESIDENT Amy J. Larson, Esq. Risk and Litigation Manager City of Bloomington Bloomington, MN PAST PRESIDENT Terri L. Evans Risk Manager City of Kingsport Kingsport, TN PRESIDENT-ELECT Jani J. Jennings, ARM Insurance & Safety Coordinator City of Bellevue Bellevue, NE DIRECTORS Brenda Cogdell, AIS, AIC, SPHR Risk Manager, Human Resources City of Manassas Manassas, VA
6
CLAIMS OF SEXUAL MISCONDUCT ON CAMPUS:
Challenges for Today’s Public Risk Manager
Scott J. Kramer, MBA, ARM City/County Director of Risk Mgmt Montgomery County Commission Montgomery, AL Forestine Carroll Risk Manager Memphis Housing Authority Memphis, TN Sheri Swain Director of Enterprise Risk Management Maricopa County Community College District Tempe, AZ Lori J. Gray Risk Manager County of Prince William Woodbridge, VA Donna Capria, CRM, CIC, AINS Risk & Insurance Coordinator WaterOne of Johnson County Lenexa, KS
By Joe Jarret
NON-VOTING DIRECTOR Marshall Davies, PhD Executive Director Public Risk Management Association Alexandria, VA EDITOR Jennifer Ackerman, CAE Deputy Executive Director 703.253.1267 • jackerman@primacentral.org ADVERTISING Jennifer Ackerman, CAE 703.253.1267 • jackerman@primacentral.org
10 The Care and Feeding of Your FEMA Project Specialist By Mark Ferraro
IN EVERY ISSUE
14
GETTING YOUR RISK MANAGEMENT PROGRAM OFF THE GROUND:
How to Be Successful One Step at a Time By Kenny Smith
Public Risk is published 10 times per year by the Public Risk Management Association, 700 S. Washington St., #218, Alexandria, VA 22314 tel: 703.528.7701 • fax: 703.739.0200 email: info@primacentral.org • Web site: www.primacentral.org Opinions and ideas expressed are not necessarily representative of the policies of PRIMA. Subscription rate: $140 per year. Back issue copies for members available for $7 each ($13 each for non-PRIMA members). All back issues are subject to availability. Apply to the editor for permission to reprint any part of the magazine. POSTMASTER: Send address changes to PRIMA, 700 S. Washington St., #218, Alexandria, VA 22314. Copyright 2017 Public Risk Management Association
| 4 NEWS BRIEFS | 19 ADVERTISER INDEX
OCTOBER 2017 | PUBLIC RISK
1
PARADIGM Don’t ask your house painter RULE #16 to retouch the Mona Lisa.
PARADIGM Catastrophic injuries require RULE #1 catastrophic experts.
Expert CAT teams
Better outcomes
✓ 50 best in class physicians ✓ 200 specialist nurses ✓ 3x more CAT cases than anyone else
✓ 5x better clinical outcomes ✓ 40% lower costs, per Milliman ✓ Fixed price contract, guaranteed
Amputation • Brain • Burn • Multiple Trauma • Spinal Cord
800.676.6777 | paradigmcorp.com/rules
MESSAGE FROM PRIMA PRESIDENT AMY J. L ARSON, ESQ.
rom the winter storms that produced blizzards in the southern United States and ice just about everywhere else; to the tornados that wreaked havoc across the plains in the spring; the floods and wildfires in the western U.S.; and Hurricanes Harvey, in Texas and Louisiana, and Irma, in Florida, the U.S. Virgin Islands and Puerto Rico, 2017 has been a very active year for natural disasters. Unfortunately, it’s not over. At the time I’m writing this article, Hurricanes Jose and Katia are still in the Atlantic and may also be headed toward the U.S. How timely was Mark Ferraro’s article on “Understanding the FEMA Insurance Process” in last month’s magazine? The FEMA process can be very confusing, especially if you do not deal with it on a regular basis. I for one, plan to keep my copy of the magazine as a reference, just in case I need to navigate the process in the future. Ferraro’s three-part series on FEMA continues in this issue. PRIMA members can also access the PRIMA Cybrary online to download examples of disaster plans and procedures for preparedness, response and recovery. If you didn’t have time to dust off and review both your personal and entity’s preparedness plans during National Preparedness Month in September, it’s not too late. I encourage you to check out the Cybrary as well as www.Ready. gov for helpful information, including plans that can be easily adapted to your situation. To all our members experiencing or cleaning up from disasters or losses, please know that you are not alone. Your fellow risk managers are here to help. You can reach out by using
“
To all our members experiencing or cleaning up
from disasters or losses, please know that you are not alone. Your fellow risk managers are here to help. You can reach out by using PRIMAtalk, contacting
“
F
Disaster Preparedness
PRIMA staff or any one of the Board of Directors. We are only a click or a phone call away.
PRIMAtalk, contacting PRIMA staff or any one of the Board of Directors. We are only a click or a phone call away. Before signing off this month, I’d like to remind everyone that PRIMA Institute 2017 (PI 17) is almost here and will be taking place October 9–13 in San Antonio, Texas. This year’s curriculum and instructors promise to deliver exciting and timely topics and information. PI 17 provides a focused educational format that allows attendees to ask questions and network with colleagues, both new and experienced in the risk management field. I not only learn something new every year I attend, I also expand the knowledge base I can draw from as needed.
we have a unique skill set that can be very helpful in disaster situations. And, sometimes just knowing someone cares is enough to help get through the difficult times. Always remember—PRIMA cares! Until next month,
Amy J. Larson, Esq. Risk and Litigation Manager City of Bloomington Bloomington, MN
In closing, I ask all of you to keep those PRIMA members and their communities who are dealing with, or in the path of upcoming disasters, in your thoughts and prayers. I encourage you to reach out and lend a helping hand if you can. As risk managers,
OCTOBER 2017 | PUBLIC RISK
3
NEWS BRIEFS
NEWS Briefs
‘DOUBLE DIPPING’ PENSIONS NO LONGER AN OPTION FOR ILLINOIS POLICE Legislation to prevent law enforcement officers from retiring, collecting a pension and then returning to active police duty to earn a second pension was signed into law by Illinois Gov. Bruce Rauner. The measure, sponsored by state Rep. Grant Wehrli, R-Naperville, and state Sen. Michael Connelly, R-Lisle, stops the practice known as “double dipping.” It was triggered, in part, by Naperville Police Chief Robert Marshall, who retired after 28 years with the Naperville Police Department only to return seven years later as its top administrator. “This bill stops the process of double dipping,” Wehrli said. “Up until this bill was signed, a police office could retire on a Friday, start a new job as a chief of police on a Monday, collect a pension and now start working on a second pension.”
The legislation received bi-partisan support from the General Assembly and begins to address Illinois’ mounting pension problems, Wehrli said. “As those liabilities are growing, local units of government are seeing those dollars that should be allocated for other services going to fund pensions,” he said.
“
This bill stops the process of double
dipping… Up until this bill was signed, a
police office could retire on a Friday, start
a new job as a chief of police on a Monday,
“
Under the new rules, law enforcement retirees returning to active duty positions will have the option of enrolling in a 401(k)-style system instead of accruing a second pension through the police pension fund or the Illinois Municipal Retirement Fund.
collect a pension and now start working on a second pension.
State Rep. Grant Wehrli, R-Naperville
4
PUBLIC RISK | OCTOBER 2017
FREE LUNCH FOR EVERYONE! (IF YOU’RE A PUBLIC SCHOOL STUDENT IN NYC) September 7 marked the first day of school for New York City’s 1.1 million public school students—and the start of free preschool and free lunch for any pupil who wants, no questions asked. Until this school year, the cost of cafeteria lunch had been free or reduced for only the poorest students depending on household income, but families had to fill out paperwork and students who didn’t pay cash were identifiable to peers. The lunch program is aimed at destigmatizing needy schoolchildren. The program, which won’t cost the city any more money, is possible because the state changed how it flags families who are eligible for entitlements, boosting the number of eligible students and qualifying the city for a universal free lunch sponsored by the federal government.
CDC INVESTS MORE THAN $200 MILLION TO HELP STATES RESPOND TO INFECTIOUS DISEASE THREATS The Centers for Disease Control and Prevention (CDC) has awarded more than $200 million through the Epidemiology and Laboratory Capacity for Infectious Diseases (ELC) cooperative agreement to help states, cities, counties, and territories prevent, detect, respond to, and control the growing threats posed by emerging and re-emerging infectious diseases. State programs are the foundation of the U.S. public health system and are integral to the nation’s efforts to combat infectious disease threats. CDC and states work together to improve local surveillance, laboratory diagnostic capabilities, and outbreak response. The CDC funds include $77 million to help state health departments fight local antibiotic resistance threats. CDC is investing in every state to combat antibiotic-resistant foodborne
infections and infections in healthcare facilities and communities. “More than 23,000 people in the United States die each year from infections caused by antibiotic resistance,” said CDC Director Brenda Fitzgerald, M.D. “CDC is committed to helping states and cities strengthen their ability to combat antibiotic resistance, and these funds will help state efforts to keep people safe.” In addition, CDC is enhancing the Antibiotic Resistance Laboratory Network (AR Lab Network) to sound the alarm when known and emerging antibiotic resistance threats are detected. Data generated by the AR Lab Network can help improve infection control in healthcare facilities and enable more rapid and effective responses to outbreaks.
“It’s a great thing. It’s something we’re really happy about, and it’s going to allow us to provide free lunch for every child,” said Mayor Bill de Blasio, a Democrat, at a first-day event at a Bronx schoolhouse.
OCTOBER 2017 | PUBLIC RISK
5
Claims of Sexual Misconduct on Campus:
Challenges for Today’s Public Risk Manager BY JOE JARRET
6
PUBLIC RISK | OCTOBER 2017
O
NE OF THE MOST CHALLENGING, AND UNFORTUNATELY, POLITICALLY CHARGED ISSUES FACING RISK MANAGERS IN COLLEGES ACROSS THE UNITED STATES TODAY, concerns the effective and timely investigation of allegations of campus sexual misconduct. Regardless of whether misconduct allegations rise to the level of criminal wrongdoing, or are solely a violation of school policy, schools have the absolute responsibility to address sexual misconduct on their campuses to ensure all members of the campus community are protected. Needless to say, sexual assault is a public health and public safety problem with far-reaching implications. According to the National Institute of Justice (NIJ), being a victim of sexual assault is one of the most violating experiences anyone can endure, an experience that can cause immediate, as well as long-term, physical and mental health consequences.1 The challenge for risk managers is to ensure their entities protect both the victims of sexual assault, as well as the due process rights of the accused.
THE LAW:
Title IX of the Education Amendments Act of 1972 is a federal law that addresses sexual misconduct on campus. It reads: “No person in the United States shall, on the basis of sex, be excluded from participation in, be denied the benefits of, or be subjected to discrimination under any education program or activity receiving Federal financial assistance.” Title IX applies to all educational institutions, both public and private, that receive federal funds. Almost all private colleges and universities must abide by Title IX regulations because they receive federal funding through federal financial aid programs used by their students. Sex discrimination includes sexual harassment and sexual misconduct. The United States Department of Education and our federal courts have interpreted this federal law to require schools to respond to allegations of student sexual misconduct in a timely and effective manner. The most common misconception about this law is that it only applies to athletics. However, athletics comprise only one of 10 key areas addressed by the law. These areas are: Access to Higher Education, Career Education, Education for Pregnant and Parenting Students, Employment, Learning Environment, Math and Science, Sexual Harassment, Standardized Testing and Technology. Despite the existence of Title IX, however, there exists no standardized protocol relative to the investigation of allegations of sexual assault on campuses. As
such, schools are left on their own to develop such protocols.
PREVENTION:
Before discussing the due process rights of the accused, and the protection of victims during the investigative stage, it’s necessary to emphasize the importance of sexual assault prevention education. In a campus sexual assault study conducted by the NIJ and submitted to the United States Department of Justice, sexual assault education for both women and men can serve to reduce the frequency and severity of campus sexual assault. Regarding women, researchers suggest the following: Educate women about different types of sexual assault, especially since there appears to be continuity in the type of sexual assault experienced over time (physically forced or incapacitated sexual assault); Teach effective sexual assault resistance strategies to reduce harm, particularly with respect to strategies for protection from men that women know and trust; Educate women about how to increase their assertiveness and self-efficacy; Convey knowledge about how to report to police or school officials, and the availability of different types of services on and off campus; Stress the importance of reporting incidents of attempted and completed sexual assault
to mental and/or physically health service providers and security/law enforcement personnel, and the importance of seeking services, especially given the well-documented negative impacts sexual assault can have on psychological and physical functioning. Regarding programs for men to prevent sexual assault perpetration, it is suggested that men: Are provided with accurate information on legal definitions of and legal penalties for sexual assault; Are informed that they are ultimately responsible for determining (1) whether or not a woman has consented to sexual contact, and (2) whether or not a woman is capable of providing consent; and Educate men that an intoxicated person cannot legally consent to sexual contact and that having sexual contact with an intoxicated or incapacitated person is unacceptable.2
EFFECTIVE INVESTIGATIONS:
One of the traditional impediments to the thorough investigation of allegations of sexual assault on campus is the presumption that most allegations turn out to be false. This presumption in and of itself is false. In fact, research concludes that false allegations make up 2-to-10 percent of reports. When false allegations are cited in higher numbers, the inflations are errors in definitions and process.3 The International Association of Chiefs of Police (IACP) provide a telling defini-
OCTOBER 2017 | PUBLIC RISK
7
CL AIMS OF SEXUAL MISCONDUCT ON CAMPUS: CHALLENGES FOR TODAY’S PUBLIC RISK MANAGER
tion of false allegations: “The determination that a report of a sexual assault is false can be made only if the evidence establishes that no crime was committed or attempted. This determination can be made only after a thorough investigation. This should not be confused with an investigation that fails to prove a sexual assault occurred. In that case the investigation would be labeled unsubstantiated.”4 When investigating allegations of sexual assault, the American Bar Association, Criminal Justice Section, Task Force on College Due Process Rights and Victim Protection (Task Force), emphasizes the importance that schools insure that their investigative and adjudicatory hearing processes are designed in such a manner to insure all parties are afforded equal protection under law.5 The Task Force recommends in pertinent part that schools: • Impartially investigate allegations thoroughly and evenly: The school’s investigator has an absolute duty to conduct a prompt, fair, and impartial investigation. The investigation should be thorough, and both parties should have the right to participate by identifying witnesses and identifying and/or providing relevant information to the investigator. Investigators should equally seek out both inculpatory and exculpatory evidence. Where many schools err and ultimately end up in court is in those instances where cases are prejudged, dismissed short of a thorough investigation, not taken seriously, or rushed to judgment. • Ensure Confidentiality: Schools have a legal, ethical, and moral responsibility to scrupulously protect against the improper disclosure of confidential information created or gathered during an investigation. Parties, witnesses, investigators, decision-makers, and advisors should be advised of their duty to abide by these provisions. Schools should have a policy in place that serves to notify parties about the scope and limits of the school’s ability to maintain confidentiality. • Prevent Retaliation: It is not unusual for victims of sexual assault to hesitate reporting such incidents for fear of retaliation from the alleged perpetrator. Provisions must be put in place to protect all parties from retaliation. Such provisions should be published to
8
PUBLIC RISK | OCTOBER 2017
the campus community, made available for review at all times, and updated when necessary. Such policies should likewise be communicated to all participants, including witnesses, throughout the investigative and adjudicatory processes as well as provide means through which any individual can securely and confidentially report perceived retaliation. Once a thorough investigation has been completed, and protective measures are in place, the school should initiate an adjudicatory hearing process to determine whether the respondent committed sexual misconduct and that provides for: • Counsel or Advocate: The Violence Against Women Authorization Act of 20136 requires that in cases of sexual assault, both parties have the right to an advisor of their choosing, who may be an attorney or third party advocate. All advisors, including attorney advisors, must adhere to all conditions and obligations required by the school’s process. • Notice: Both parties are entitled to written notice advising them of the date of the alleged incident if known, a summary of the alleged facts, a summary of the specific policy violation(s) under investigation by the school, and instructions on how to access the relevant policies and procedures relative to the adjudicatory process. • Discovery: Once a school has conducted a thorough investigation, both parties should be provided with party statements, witness statements, and any inculpatory or exculpatory information collected during the investigation. • A diverse hearing panel: A panel of at least three people that is diverse across a number of dimensions, including gender, race, age, sexual orientation, and position within the university, serves to provide both sides the protections required by law. The panel is responsible for scrupulously following the rules of evidence and procedure promulgated by the school. • Appeal: Both parties should have an absolute right to appeal. The grounds for appeal should be limited to (1) new information not known or available at the time of the hearing; (2) a procedural error that materially affected
the findings of fact (this includes improperly excluding or including evidence); (3) the imposition of a sanction disproportionate to the findings in the case (that is, too lenient or too severe); or (4) the conduct, as found by the decision-maker, does not violate school policy (this is not intended to allow an appeal for new fact-finding).7 Because each school is a culture unique unto itself, it is up to each school to determine the manner in which hearings are conducted in terms of the standard of proof necessary to conclude that a sexual assault has taken place, as well as what disciplinary measures should be taken. It is important to note, however, that the faith, trust and confidence students, parents, and school employees have in the sexual assault allegation investigative process can be severely shaken if a school finds a person responsible for sexual misconduct who did not actually do it or, if a school finds a person not responsible who did commit the misconduct. Either scenario can result in a person suffering life-altering consequences, thus the need for an established, fair, impartial, and professionally managed investigative process. Joe Jarret is an attorney, former public risk manager and past-president of the Southwest Florida of PRIMA and PRIMA’s 2016 Author of the Year. FOOTNOTES
1 Krebs, C. P., Lindquist, C. H., Warner, T. D., Fisher, B. S., & Martin, S. L. (2008). The campus sexual assault (CSA) study. US Department of Justice. 2 Id. 3 Busch-Armendariz, N. B., Sulley, C., & Hill, K. (2016). The blueprint for campus police: Responding to sexual assault. 4 International Association of Chiefs of Police [IACP]. (2005). Investigating sexual assault: Concepts and issues paper. Alexandria, VA: Author. pp. 12-13. 5 For a more comprehensive analysis (beyond the scope of this writing) of the sexual assault investigative process see, American Bar Association, Criminal Justice Section, Task Force on College Due Process Rights and Victim Protection (2017) 6 The Violence Against Women Authorization Act (Title IV, sec. 40001-40703 of the Violent Crime Control and Law Enforcement Act, H.R. 3355) signed as Pub.L. 103–322 by President Bill Clinton on September 13, 1994. 7 American Bar Association, Criminal Justice Section, Task Force on College Due Process Rights and Victim Protection (2017)
Further your public sector risk management education without leaving the office! This Webinar series features top presenters delivering risk knowledge to your desktop!
PRIMA’S 2017 RISK MANAGEMENT
WEBINAR SERIES PRIMA WEBINARS ARE FREE FOR MEMBERS! Visit www.primacentral.org today to register for individual Webinars or for the entire program!
OC TO B E R 18 | 1 2 : 0 0 P M – 1 : 3 0 P M E ST CYBER RISKS, CYBER COVERAGE, TECH E&O RISKS AND COVERAGE SPEAKERS: Geoff Kinsella, FCII, MBA, Partner, Safeonline LLP DESCRIPTION: The world of cyber and privacy insurance is changing. As more insurers enter the market, how do you separate good policy forms from the bad? The presenter will discuss how the coverage has evolved and what to look out for when buying cyber and/or tech E&O insurances. We will consider how the provision of pre- and postbreach services and 1st party protections are driving the growth of this insurance class. Many organizations struggle with identifying risk coverage limits in the market and the corresponding costs as well. Therefore, attendees will look at some of the risk management considerations that need to be addressed and how cyber insurance loss costs can escalate. AT T E N D E E TA K E AWAYS : Learn what insurance coverages available and how they are evolving Understand why organizations are buying cyber and/or tech insurance Learn how these insurances respond to a loss
For more information, or to register, visit primacentral.org/webinars.
THE CARE AND FEEDING OF YOUR FEMA PROJECT SPECIALIST BY MARK FERRARO
10
PUBLIC RISK | OCTOBER 2017
P
UBLIC ENTITIES AND PRIVATE NONPROFITS THAT SUFFER DAMAGE during a declared disaster are encouraged to apply for grants under the Stafford Act’s Public Assistance program. Risk managers can play a significant role in the post disaster recovery process for their entity by understanding the grant application process. As discussed in last month’s article, Understanding the FEMA Insurance Process, all applications for grants must go through an insurance review prior to their approval. The key contact person between your entity and FEMA will be your assigned Project Specialist.
The relationship between your entity and your assigned project specialist is key to a swift resolution to your applications. Entities with well-organized data get through the process with fewer frustrations. A good rule of thumb is to plan for your Project Specialist to spend 2-3 hours with you to gather and organize data for each application. Every application requires a site visit in addition to the data gathering for the application. What you want to avoid is a non-productive visit with the Project Specialist. Once assigned to your entity, your Project Specialist is tasked with creating an application that meets the requirements of the Stafford Act and published FEMA policy statements. Formation of the application is guided by the Public Assistance Applicant Handbook, FEMA P-323/March 2010, (available for free via internet download). The heart of the application is the part of the application that is known as the “3D’s”: Damage, Description and Dimensions Projects are defined by the specific damage sustained at a facility and a detailed description of the proposed repair. A good damage description contains: • Description of the pre-disaster facility • Cause of damage (e.g., wind, floodwaters) • Dimensions and description of the damage
SCOPE OF WORK
The Scope of Work describes the work that is necessary to repair the damage or replace the facility. The scope of work is the basis for the cost estimate; therefore, it is important that the scope of work be comprehensive and concise enough to fully support what work is to be done and why it is being done. For large projects, FEMA must review each scope of work to ensure that the project complies with all applicable federal laws, regulations, and policies before funds can be provided. For small projects, samples are reviewed. The definition of Large and Small projects is set when the disaster is declared. For Fiscal Year 2017, which began October 1, 2016, the large project threshold is $123,100 and the small project threshold is $3,100. A description of the pre-disaster facility should include the following information: a. Name of the facility b. Address of the facility c. Property insurance schedule location number d. GPS of the damaged facility/building/equipment The cause of damage should be clearly described. If the actual cause of the damage is
unknown at the time of writing up the application, state that it is unknown. If speculating or guessing as to cause, state your assumptions. a. Confirm damages were caused by the disaster b. Separate damages by hazard type i.e. wind, flood, electrical surge, etc. c. Gather maintenance records for damaged facilities to demonstrate that the facility was being used for its intended purpose prior to the disaster
PERMANENT AND TEMPORARY REPAIRS
Confirm that your entity was legally responsible to provide the repairs or that your entity owned or was legally responsible for the property. a. Leases can be a two-edged sword, especially with the Army Corp of Engineers. Some leases with the Corp state that there can be no claim for damages against the United States of America. This has been interpreted that an entity cannot claim Stafford Act benefits for any facilities damaged during a disaster that are on Corp property. As many local public entities have built significant infrastructure on Corp leased property, this could be an exposure for your entity. b. If you lease property and the lease requires
OCTOBER 2017 | PUBLIC RISK
11
THE CARE AND FEEDING OF YOUR FEMA PROJECT SPECIALIST
the lessee to be responsible for property damage, FEMA will not respond to any property damage claims that they believe are duplicative benefits. c. Facilities under construction require special reviews to determine if the applicant or the contractor is responsible for a loss as a result of a disaster. The regulations stipulate that an applicant must have legal responsibility for the facility to be eligible for grant funding. If there is a contract with a third party that shifts the legal responsibility to the third party, the damages are not eligible for grant funding. This applies even if you entity doesn’t require the contractor to supply builders risk insurance for the project. Your project specialist is required to describe all damages as a result of the disaster. In addition, the project specialist is not authorized to determine eligibility at this stage of the recovery process. The most productive relationship you can have with your project specialist is to fully describe all damages and not worry about what might be eligible or not eligible. The reason is that if damages are not included in your application, there is no potential appeal for those damages should the costs in the application be questioned or rejected. Once the disaster is declared, there will be some lag time until FEMA can deploy their Project Specialists in the field. It might be a few days to a few weeks to even a few months, depending on the size and scope of the disaster. There are many activities and steps taken to respond and recover even before a disaster is declared.
DISASTER COST RECOVERY BEGINS WITH A PLAN
Risk managers should be proactive in securing damage information as soon as it is safe to do so. The good news is that the level of detail required to complete FEMA application for disaster cost recovery is almost identical to the insurance claim process. Here are some suggested steps for an efficient cost recovery effort: Insurance: Large disasters put a strain on the insurance adjusting process. This stress doesn’t always result in good claim practices or accurate claim settlements. FEMA will review each claim settlement for accuracy. If
12
PUBLIC RISK | OCTOBER 2017
any discrepancies are found, the insurance recovery or the claim denial will need to be resolved before your application can move through the system. Prompt Notice to Insurance Programs: Timely reporting of potential losses to your insurance program is critical for a successful application process. The Stafford Act requires that all eligible sources of recovery be exhausted before FEMA approves reimbursement. For many disaster situations, the insurance adjuster’s report can form the basis of the scope of work for an application. Risk managers should track all insurancerelated activities. Your tracker should include the following date and time information: a. Incident reported to the insurance program administrator b. Sworn proofs of loss submitted to the insurance program c. Adjuster visited each location/facility d. Adjuster’s report is received e. Claim denials received f. Claim denials sent to legal for review and appeal Claim denial letters and claim payments are also a critical element of every disaster recovery application. Unfortunately, in the high pressure environment of a disaster, insurance companies and their adjusters make mistakes. Some of the more common mistakes: a. Claim denial letters issued on a blanket basis without specific reference to your coverage document or damages. b. Bulk claim payments for multiple locations with no supporting documentation as to what was being paid or why the payment was made. c. Surrender of policy limits without any explanation of the purpose of the payment. d. Unusually long response times to inquiries or claim payment decisions. e. Failure to report your damages as required by your coverage document can have very negative consequences for your potential FEMA recovery. Any claim denied because of late reporting will not be paid by FEMA.
Pictures: Often repairs are made to damaged facilities before insurance adjusters or FEMA can visit the site. Pictures really are worth 1,000 words, if not more. Any smart phone can be used to capture damages to facilities. There are apps that make the picture even more useful. Phone apps that provide compass direction, time, date and GPS coordinates on the face of the picture are extremely helpful in the application process. What are the keys to taking a useful picture? a. Pictures should be organized by facility and labeled. b. First picture in series should be a wide shot that establishes the scope of the facility. c. To show damage, don’t zoom in too close. Without a scale for reference, many pictures will be useless to establish a scope of damages. Borrow an idea from CSI: A yard stick or any length of wood painted an alternating black and white every foot is a great scale to use in your pictures. Forgot to bring one? Put a person in the picture. Bottom of shoes/boots to belt buckle or to the shoulder is a scale. d. Flood damage to buildings should have an establishing shot to determine/show if the building has a basement/ level below grade. A three quarter view picture (shows two adjacent exterior walls and the ground level) saves a lot of questions down the road. Because of the special rules in the National Flood Insurance Program, knowing if equipment damaged in a flood is located below ground level or in a structure with a roof and two rigid walls is very important for the successful recovery of your costs. e. Label locations/facilities that match your fixed inventory/insurance schedules. Avoid the syndrome in which every department and your insurance policy uses a different ID system. f. No matter who performs the work, take pictures to tell a story: how much damage; how much debris; what kind of debris; how many dumpsters; how many work crews; what kind of equipment was used etc. Always include comments with every picture.
� Cost Data: Collecting extemporaneous data as emergency services, temporary and permanent repairs are made is critical to full cost reimbursement by FEMA. 1. Labor/Machine Run Time: The extra expenses your entity incurs to respond to the disaster are eligible for reimbursement. Even if your data is hand written, make sure it is captured as it takes place. Food, lodging and other expenses for your labor force should be captured and organized as well. 2. Materials used in the response to a disaster should be captured as they are used/ consumed. Trip tickets, weight slips, contractor receipts all become valuable documentation for your applications. Securing good information in an organized method will pay many benefits on behalf of your organization. Applications that have clarity of damage descriptions, scope of work and costs to make repairs move through the system faster. Every review question can add weeks or even months to the review process. Once your application makes it to Project Worksheet status and is assigned a PW number, there remains but three review steps: 1. Insurance 2. Environmental and Historical Preservation (EHP) 3. Final Award Insurance will review your application based on the damages sustained and the insurance coverages you entity had during the disaster period. While the insurance review process doesn’t make any eligibility decisions, it can reduce eligible amounts based on actual or anticipated insurance proceeds or lack of insurance coverage in certain circumstances. The more insurance-related information your project specialist attaches to the PW, the faster your application goes through the system. It is beyond the scope of this article to address the issues that the Environmental and Historical Preservation (EHP) and Final Award groups review. Suffice to say that EHP looks for potential conflicts with environmental and historical preservation laws in your state. Final Award looks at the application for eligibility issues under the Stafford Act.
Risk managers can also be of tremendous assistance to the process when project applications include Section 403 Hazard Mitigation and Alternative Project Funds. Section 403 Hazard Mitigation awards can be up to 15 percent of the damages in an application for hazard mitigation to prevent future damage from the same type of loss. Flood proofing doors and openings in a building or installing hurricane shutters are an example. These improvements must be insured as a condition of the grant.
appeals on eligibility or policy procedures cost public agencies millions of dollars every disaster. All appeals are internal to FEMA. Under the Stafford Act your consultant costs are reimbursable. Your contractor has to have a system that allocates their time and expenses by project worksheet (PW) on an actual incurred basis.
If you and your entity can feed the project specialist a steady diet of well-organized, factual information, your applications will enter the
system faster and with fewer reviews. The ultimate goal is to receive your maximum potential funding promptly with little wear and tear on your internal systems.
Alternative projects allow an entity to receive funding for a damaged or destroyed facility (building, equipment, vehicle or contents, etc.) but use those funds in a new way that serves the greater interests of the entities community. These alternative projects must also be insured if deemed to be insurable.
USE OF EMERGENCY MANAGEMENT CONSULTANTS TO BE YOUR ADVOCATE Every public assistance applicant is allowed to hire emergency management consultants to assist with the disaster recovery effort. Selection of your consultant should be prior to a disaster as trying to find a capable consultant after a disaster happens is problematic. You want your consultant under contract so that when a disaster does strike they can advise you immediately. Deviation of proper procurement, the actions of responding, the processes and works of clean up, repair or replacement without proper documentation can cost the your entity in rejected costs that otherwise would be reimbursable. Basically, any action without proper (qualifying) documentation may cause FEMA to deem the costs ineligible. The second area of assistance that a consultant can be of value is helping your entity with your appeals to FEMA for their funding decisions. Applicants only have two appeals with FEMA to question funding decisions. Poorly defined
Lump sums, ratios, sliding scales and so forth have a tendency to be rejected. Public Adjuster fees are not eligible for DAC reimbursement because their fees are based on a percentage of insurance company recovery, not actual work performed in the application process. (Actual or anticipated insurance proceeds deducted by FEMA never recognize the commission you agree to pay to your public adjuster.) You may wish to discuss with your agent/broker if your property policy has coverage for claim preparation costs and if those costs can include your Public Adjuster fees/commission. Your entity has to follow your own procurement rules and any state laws regarding the selection of the emergency management consultant. Too many applicants have their consulting fees rejected by FEMA because the consultant selection process was defective. If you and your entity can feed the project specialist a steady diet of well-organized, factual information, your applications will enter the system faster and with fewer reviews. The ultimate goal is to receive your maximum potential funding promptly with little wear and tear on your internal systems. Mark Ferraro is a senior policy advisor for Kinne Associates, disaster planning and recovery consultants.
OCTOBER 2017 | PUBLIC RISK
13
14
PUBLIC RISK | OCTOBER 2017
GETTING YOUR RISK MANAGEMENT PROGRAM OFF THE GROUND:
HOW TO BE SUCCESSFUL ONE STEP AT A TIME
R
BY KENNY SMITH
ISK IS A SITUATION INVOLVING EXPOSURE TO DANGER, HARM, OR LOSS—EITHER REAL OR POTENTIAL. Every day we are exposed to risk and the effort to protect our people, property and assets is why we develop risk management programs. These programs use various tactics to reduce all types of risk by determining how people and equipment can become more efficient. Ultimately, a successful risk management program will allow an organization to reduce costs by reducing injuries and the likely complications of legal action. Creating a successful risk management program, or developing one from the ground up, is not easy but it is worth the effort and can be accomplished by following a few manageable steps.
STEP 1: IDENTIFY AND RECOGNIZE ALL OF THE LOSS EXPOSURES IN THE ORGANIZATION’S OPERATIONS. A risk assessment is the most common tool used to help identify as many risks as you are aware of. A risk assessment will help determine the strengths and weaknesses within your organization’s procedures and controls. During the assessment, review loss runs to figure out historically where and what your loss sources are. Review relevant policies, including personnel, fleet safety, safety program, contracts, special events, complaint notices, and property maintenance. After this is completed, visit with every department within the organization to determine what they do, how they do it and where they do it. Each department is unique to the risks they are exposed to and will need to have specific controls in place to minimize their negative exposure. During all assessments and follow-ups, be sure to include any advisory boards and volunteer operations. STEP 2: EVALUATE THE HAZARDS AND EXAMINE THE VARIOUS RISK MANAGEMENT CONTROL OPTIONS. After the risk assessment has been completed and the risks have been identified, it is time to determine the various options available for
controls. Controls are the policies, practices or procedures that are used to modify and minimize risk. See Hierarchy of Controls Exhibit A for more reliable ways to address hazards. Once the various controls have been determined, risks should be prioritized by frequency and severity. EXHIBIT A: HIERARCHY OF CONTROLS
MOST PREFERRED (MOST RELIABLE)
Risk Avoidance: Prevent hazards being introduced into workplace by choosing to avoid exposures identified during pre-planning and design Eliminate: Remove hazards and work method risks after discovery Substitution: Replace existing risk with one less hazardous Engineering Controls: Incorporate engineering controls/safety devices Warning: Provide warning systems (alarms, signs, markers…) Administrative Controls: Apply administrative controls (rules, policy and procedures, training, scheduling, supervision…)
Personal Protective Equipment (PPE): Provide LEAST PREFERRED personal protective equipment
ANSI/ASSE Z590.3 Prevention Through Design
OCTOBER 2017 | PUBLIC RISK
15
GETTING YOUR RISK MANAGEMENT PROGRAM OFF THE GROUND STEP 3: DEVELOP THE MOST APPROPRIATE CONTROLS TO BALANCE THE RISK TO AN ACCEPTABLE LEVEL. Since risk may not be completely eliminated, it is important to put controls in place that reduce risk without being overcomplicated or overbearing on the employees and organization. While risk management is typically championed by upper management, the controls need to be abided by and carried out by all employees of the organization to be successful. Because of this, receiving support and participation from all departments is a critical step in the process. To do so, consider sending out a policy statement that emphasizes the direction of the program, authority and requirements of participation.
These five steps will lead you far in creating a successful risk management program, however there are some common mistakes that can cause even a good program to fail. These are a few of the most common failure scenarios and how those problems might be mitigated. Lack of support or direction from management. This could include ignoring the new initiatives completely, continuing to operate in an inconsistent and unsafe manner, or not participating in training and/or meetings. Instead, management should overtly show support for the process by attending risk management and safety meetings when their schedules permit.
Risk management involves planning, organizing, influencing,
communicating, leading and monitoring an entity’s activities in order to reduce the exposures to loss… Successful organizations have
implemented risk management so that it is an integrated expectation of management that everyone is responsible for, not something that
just one person does. It takes trial and error, experience and curiosity. STEP 4: IMPLEMENT THE CHOSEN CONTROLS AND TRAIN. After your organization implements controls, it is imperative that management and relevant employees are trained. Education is one of the most effective ways to manage your risks. Training can be done via online courses or in person. STEP 5: RE-EVALUATE AND FOLLOW-UP TO CONFIRM AN APPROPRIATE BALANCE HAS BEEN ACHIEVED WITH NO UNWANTED SIDE EFFECTS. After controls have been put in place, it is important to go back often to evaluate how the new controls are doing. Watch for indicators that the number and severity of the claims are going down. If they are not, then revisit step two, as some of your assumptions, or possible controls, may need to change. If adverse effects are occurring because of the new controls, consideration for change may need to occur. During program evaluations, you will also identify areas of strength and areas of weakness where improvements can be made.
16
PUBLIC RISK | OCTOBER 2017
They should work with all departments to encourage progress in creating goals, performing audits, completing projects and investigations. Upper management should also begin placing an equal or greater value on safety than on job completion timetables. Insufficient support to implement the program. Pushing safety and risk management responsibility and authority into each department level manager’s world is optimal. Having just one person assigned that responsibility often makes staff feel like they are a being watched by a safety warden, which leads them to abide by the rules only when the watcher is around and continuing to do their tasks their own way once no one is around. This typically leads to no progress or success implementing the risk management program. Instead, the risk management program should be a value all employees and managers believe in and follow. Selecting the right coordinator for the position is key to successfully implementing the program. The coordinator
should assign accountability at all levels, provide training and establish expectations. The risk management program should include a bottom-up communication pathway for the identification of risks and in the development of controls. Enforcement of policies and procedures is absent. Often employees are doing things they shouldn’t be doing or they are failing to do something they were supposed to do or no guidelines are established. Basic supervision breakdowns cause policies and procedures to be forgotten. Instead, make it easier for the employees and managers to do the right thing by developing written policies and controls to address risks associated with day-to-day operations. Ensure the policies and training is communicated not just verbally but through writing so no one can say they were not informed. Lastly, ensure enforcement is firm, consistent and that the disciplinary efforts deter repeat offenses. Lack of documentation. This often involves not documenting disciplinary discussions, performance appraisals, or inspections, tests and site safety evaluations. Instead, create a culture of strong documentation through the assignment of accountability, training and spot checks to verify quality. Risk management involves planning, organizing, influencing, communicating, leading and monitoring an entity’s activities in order to reduce the exposures to loss. Risk management has been described as being an organizational state of mind. Successful organizations have implemented risk management so that it is an integrated expectation of management that everyone is responsible for, not something that just one person does. It takes trial and error, experience and curiosity. Remember, your organization will encounter problems and mistakes when you first develop your risk management program but if you continue to follow the five steps and never stop evaluating your efforts, it will grow into a successful and beneficial program. Kenny Smith is a risk control manager for OneBeacon Government Risks.
Every community has a story. We help protect it. Travelers has solutions designed specifically for public entities. Our public entity experts work with local communities to design insurance programs tailored to their unique challenges — from public safety to catastrophic weather to online breaches of sensitive data. We are dedicated to helping communities protect themselves from the unexpected, so that they can continue to tell their stories. To learn more, contact your independent agent or broker.
travelers.com Š2015 The Travelers Indemnity Company. All rights reserved. Travelers and the Travelers Umbrella logo are registered trademarks of The Travelers Indemnity Company in the U.S. and other countries. 0427 Rev. 6-15
Everyone else is doing it. Why aren’t you?
Join PRIMA’s 2017 Enterprise Risk Management training and learn how to add value to your risk management program by implementing an enterprise-wide approach to risk. PRIMA developed this training program to teach attendees how to apply the framework of the ISO/ANSI/ASSE 31000 Standard. Participants will learn the basics of the standard as well as how to fully integrate the framework in their organization’s risk management program.
Visit primacentral.org/ermtraining for 2017 training locations and dates.
ADVERTISER INDEX
ADVERTISER INDEX
Genesis Management and Insurance Services Corporation. . . . . . . . . . . . . . . . . . . . . . . Back Cover Munich Reinsurance America. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Inside Back Cover Old Republic Insurance Group. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Inside Front Cover Paradigm. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . page 4 Travelers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . page 17 HAS YOUR ENTITY LAUNCHED A SUCCESSFUL PROGRAM? An innovative solution to a common problem? A money-saving idea that kept a program under-budget? Each month, Public Risk features articles from practitioners like you. Share your successes with your colleagues by writing for Public Risk magazine! For more information, or to submit an article, contact Jennifer Ackerman at jackerman@primacentral.org or 703.253.1267.
CALENDAR OF EVENTS PRIMA’s calendar of events is current at time of publication. For the most up-todate schedule, visit www.primacentral.org.
WEBINARS 2017
FIND US ON FACEBOOK!
• October 18 – Cyber Risks, Cyber Coverage, Tech E&O Risks and Coverage • November 15 – Risk Analysis, Assessing Your Key Risk Indicators: Are You Lagging Behind, or Leading the Pack? • December 20 – Mission Critical: ERM and Decision Making
PRIMA ANNUAL CONFERENCES June 3–6, 2018 PRIMA 2018 Annual Conference Indianapolis, IN Indiana Convention Center June 9–12, 2019 PRIMA 2019 Annual Conference Orlando, FL Gaylord Palms June 14–17, 2020 PRIMA 2020 Annual Conference Nashville, TN Gaylord Opryland
PRIMA INSTITUTE October 9–13, 2017 San Antonio, TX
Keep up with what’s happening at PRIMA and connect with your risk management peers!
ENTERPRISE RISK MANAGEMENT TRAINING November 14–15, 2017 San Diego, CA
Visit us at www.facebook.com/primacentral.
OCTOBER 2017 | PUBLIC RISK
19
OCTOBER IS CYBERSECURITY AWARENESS MONTH!
When it comes to a cyberattack, it’s not a matter of IF, but WHEN. PRIMA offers free cybersecurity resources designed to equip risk management professionals with the knowledge, skills and ability to proactively protect their entities.
Visit primacentral.org and check out free cybersecurity webinars from the Department of Homeland Security, including a cyber resilience review presentation.
TIME TO TEST OUR LIMITS!
You’ve relied upon our financial security and underwriting skill for a long time.
Visit our website at www.GenesisInsurance.com
And along the way, you’ve challenged us to do more. Well, we’ve been listening, and we’re proud to announce a new, more “can do” approach to your business. We’re actively seeking expanded opportunities. So whether you’re seeking broader coverage, new jurisdictions, or aggregate deductibles, we hear you, and it’s time to test our limits. Let’s talk. We’ll fly high together!
Genesis Insurance Company is licensed in the District of Columbia, Puerto Rico and all states. Genesis Insurance Company has its principal business in Stamford, CT and operates under NAIC Number 0031-38962
A.M. Best A++ XV
S&P AA+
A Berkshire Hathaway Company