Establishes the office of risk assessment and management within the office of general services to determine the state's potential exposure to liability for its acts and omissions; such office shall also advise state agencies on proper risk management techniques and procedures.
STATE OF NEW YORK
________________________________________________________________________
7416
2017-2018 Regular Sessions
IN ASSEMBLY
April 25, 2017
___________
Introduced by M. of A. TITONE, MORELLE, LUPARDO, JAFFEE -- Multi-Spon-
sored by -- M. of A. BRAUNSTEIN, COLTON -- read once and referred to
the Committee on Governmental Operations
AN ACT to amend the executive law, in relation to establishing the
office of risk assessment and management
The People of the State of New York, represented in Senate and Assem-bly, do enact as follows:
1 Section 1. The executive law is amended by adding a new article 10-A
2 to read as follows:
3 ARTICLE 10-A
4 OFFICE OF RISK ASSESSMENT AND MANAGEMENT
5 Section 204. Definitions.
6 205. Office of risk assessment and management; qualifications of
7 risk manager.
8 206. Functions and duties of the office.
9 207. Board of risk assessment and management.
10 § 204. Definitions. For the purposes of this article:
11 1. "Enterprise risk management" shall mean a strategic discipline that
12 supports the achievement of the state's objectives by addressing the
13 full spectrum of its risks and manages the combined impact of those
14 risks as an interrelated risk portfolio.
15 2. "Local government" shall mean any county, city, town, village,
16 supervisory district, school district, fire district, improvement
17 district or special district.
18 3. "Office" shall mean the office of risk assessment and management
19 established pursuant to section two hundred five of this article.
20 4. "Risk manager" shall mean the risk manager of the office.
21 5. "State agency" shall mean any department, division, board, commis-
22 sion, bureau, office or other agency of the state.
23 § 205. Office of risk assessment and management; qualifications of
24 risk manager. 1. There shall be established within the office of general
EXPLANATION--Matter in italics (underscored) is new; matter in brackets
[] is old law to be omitted.
LBD11029-01-7
A. 7416 2
1 services, an office of risk assessment and management. There shall be
2 appointed by the commissioner of general services the risk manager of
3 the office, who shall be charged with the duty of administering the
4 office. The commissioner of general services shall fix compensation of
5 the risk manager within the amounts appropriated therefor.
6 2. The risk manager shall have the following qualifications:
7 (a) an understanding of and the ability to apply the generally
8 accepted principles, standards and techniques utilized for the identifi-
9 cation, assessment and management of enterprise risk; and
10 (b) sufficient experience in identifying, assessing and managing
11 enterprise risk exposures that present the breadth and level of complex-
12 ity of issues that can reasonably be expected to be raised during the
13 course of state operations.
14 3. Every risk manager shall have acquired his or her qualifications,
15 as required by subdivision two of this section, through appropriate
16 education and relevant risk management experience on behalf of a commer-
17 cial or governmental organization.
18 § 206. Functions and duties of the office. 1. The function of the
19 office shall be:
20 (a) to determine the potential exposure of the state to liability and
21 financial loss arising from its acts and omissions, from the ownership,
22 control or use of its real and personal property, or conduct or actions
23 of its employees or agents;
24 (b) to establish and coordinate business continuity programs for
25 essential state functions and services;
26 (c) to implement risk management programs to manage the state's expo-
27 sure to risk in the most cost effective manner including, but not limit-
28 ed to, programs to reduce the likelihood and potential cost of loss
29 events, and the purchase of insurance or other risk sharing arrangements
30 where appropriate; and
31 (d) to coordinate and support the risk management programs of all
32 state agencies.
33 2. The risk manager and office shall fulfill their functions and
34 duties by:
35 (a) conducting a study of the state's risk exposures on an ongoing
36 basis. Such study shall include:
37 (i) practices and procedures of all state agencies, as they pertain
38 to, impact upon, cause or deter damage or loss to: physical property
39 owned or controlled by the state, or physical injuries sustained by
40 state employees, persons receiving services from the state or members of
41 the general public;
42 (ii) the actions, claim settlements, and claims settlement processes
43 related to actions in the court of claims, and in federal and state
44 courts of competent jurisdictions as they relate to the disposition of
45 matters against the state. Furthermore, for the purpose of determining
46 past, present and future exposures to liability, the nature and magni-
47 tude of such exposures, and the techniques for reducing the cost of
48 managing and settling claims arising from such exposures;
49 (iii) the essential operations and service functions of the state, and
50 the procedures necessary to maintain or restore such operations and
51 functions to the required level following an emergency event;
52 (iv) the potential future liabilities arising from existing or
53 proposed state operations or functions;
54 (v) the preparation of an inventory of all real property owned or
55 leased, for a period of time of more than five years, by all state agen-
A. 7416 3
1 cies, and to ascertain past, present and potential future liability
2 exposures and the nature of those exposures; and
3 (vi) the design and implementation of appropriate cost effective tech-
4 niques and programs to reduce the cost of the state's exposure to
5 liability and financial loss arising from its operations or the owner-
6 ship, control or use of real and personal property, including recommend-
7 ing steps and procedures to be implemented by individual state agencies.
8 The risk manager, in the performance of such study, shall enjoy the
9 full cooperation and assistance of state agencies and the court of
10 claims; and
11 (b) recommending and implementing the appropriate risk management and
12 business continuity programs as shall be necessary.
13 3. Such study and recommendations shall be completed and sent to the
14 governor, comptroller, attorney general, executive officer of each state
15 agency included therein, temporary president of the senate, speaker of
16 the assembly, minority leader of the senate and minority leader of the
17 assembly no later than eighteen months after the effective date of this
18 article. The study and recommendations shall be revised and updated as
19 is periodically deemed appropriate by the risk manager; provided, howev-
20 er, that such study and recommendations shall be revised and updated not
21 less than once every five years.
22 4. The office shall advise the various state agencies on proper enter-
23 prise risk management techniques and procedures, and the implementation
24 thereof, for the purpose of reducing exposures to liability and finan-
25 cial loss, or the disruption of essential state operations and func-
26 tions, as well as all responsibilities and duties of the bureau of
27 insurance in the office of general services. Those agencies involved in
28 or responsible for the construction or maintenance of structures or
29 roadways, the care and custody of persons more than in temporary quar-
30 ters, the provision of services of the general public, and those agen-
31 cies with vehicles assigned for their use, shall undergo detailed enter-
32 prise risk management analysis and, wherever practicable and after the
33 agency is granted an opportunity to review and appeal the findings and
34 recommendations of such analysis, implement the recommendations of the
35 risk manager within one hundred eighty days of the date that such recom-
36 mendations are agreed to by the executive officer of such agency.
37 5. The risk manager shall file an annual report on the activities of
38 the office with the governor, comptroller, attorney general, temporary
39 president of the senate, speaker of the assembly, the minority leaders
40 of the senate and assembly, senate finance committee and assembly ways
41 and means committee, no later than one hundred eighty days after the
42 completion of the calendar year to which the report refers.
43 6. Any public benefit corporation, public authority or local govern-
44 ment may contract for the services of the risk manager and the office in
45 the event that such public benefit corporation, public authority or
46 local government is without internal risk assessment and enterprise risk
47 management services, or wishes to supplement such internal services with
48 the services provided by the risk manager and the office.
49 7. The risk manager may review, study and enter into a relationship
50 with: (a) outside vendors or consultants with expertise in risk manage-
51 ment, claims management or safety management, and (b) captive insurance
52 companies, as defined in subsection (c) of section seven thousand two of
53 the insurance law, or other risk sharing entities to reduce personal
54 injury or property damage liability claims and payments, either on an
55 annual basis or over a longer period of time, for all state agencies, or
A. 7416 4
1 an individual state agency, public benefit corporation, public authority
2 or local government.
3 § 207. Board of risk assessment and management. 1. There is hereby
4 established, within the office, a state board of risk assessment and
5 management. The board, to be comprised of the risk manager, the commis-
6 sioner of general services, the chair of the state insurance fund, the
7 president of the state civil service commission, the director of the
8 office of employee relations, the director of the division of the budg-
9 et, and a representative of each of the public employee organizations
10 with the three largest memberships. Such board shall meet quarterly for
11 the purpose of examining current methods of enterprise risk management
12 and control deployed by the state, and review instances of difficulty in
13 deploying sound risk assessment and enterprise risk management proce-
14 dures.
15 2. A summary of the proceedings of the board, with recommendations for
16 improvement of the state's risk management practices and procedures,
17 shall be included in the annual report of the risk manager. The risk
18 manager shall take into consideration the recommendations periodically
19 made by the board in conducting his or her management and abatement of
20 potential liability activities.
21 § 2. This act shall take effect on the one hundred eightieth day after
22 it shall have become a law, except that any rules and regulations neces-
23 sary for the timely implementation of this act on its effective date
24 shall be promulgated on or before such date.
