•  
  •  
  •  
  •  
  •  
  •  

PRIMA's ERM Training Faculty

PRIMA's ERM training faculty were trained by world-leaders in public risk management. Each trainer has extensive enterprise-wide risk management (ERM) experience.

Through ERM they have added value to their entities, advanced their missions and spearheaded change in the public risk management industry. Together, they make up PRIMA’s ERM training faculty. Click on their names below to learn more about their experience and why they are excited to be a member of PRIMA's ERM training faculty.

 

Wendell Bosen, ARM-E, CPCU, RF

Dorothy Gjerdrum, ARM-P, CIRM

Shannon Gunderman, CPCU, ARM, AIS, CWCP

Lisanne Sison

Scott Wightman, ARM

Tim Wiseman, MBA, ARM-E

                                                                                                                            

 

Wendell Bosen, ARM-E, CPCU, RF

Wendell is a senior account executive for Moreton & Company, based in Salt Lake City, Utah where he is responsible for providing a variety of risk management services for public entities and other clients.

His previous experience includes serving as the director of risk management for Management & Training Corporation (MTC) where he had risk management responsibility for more than 10,000 employees operating local, state and federal prisons and department of labor job corps centers in twenty three states. While working for MTC, Wendell developed partial ERM programs that underscored risk management as vital to the organization’s mission and every employee as a risk manager.

Wendell’s professional accomplishments include chairing a business continuity committee, restructuring an insurance program saving millions of dollars annually, developing a malpractice insurance program, consulting in the creation of two claims management systems, helping establish a workers’ compensation pool and developing a variety of training resources for public entities.

Wendell has served on the board of his local CPCU and RIMS chapters. He served as the president of the Utah chapter of PRIMA in 2004-2005.

Wendell earned an associate of science degree in chemical engineering and a bachelor of arts degree in economics from Brigham Young University. He earned a master of business administration degree (MBA) from Westminster College of Salt Lake City and holds ARM-(P/E), ALCM, CPCU, designations and is a RIMS fellow (RF).

More information on Wendell

How do you currently use the ISO 31000 standard on your job?

At Moreton & Company, I often use as a resource for our clients ISO 31000 principles, framework, and process.  These clients range from some just beginning their risk management programs to those who want to strengthen their long-term formal ERM programs.

I incorporate into training and presentations the principles of the ISO 31000 standard, especially these three (1) risk management is an integral part of processes used to accomplishing an organization’s mission, (2) risk management is part of every employee’s decision making and (3) risk management facilitates continual improvement.

Any advice on how to get upper-management buy-in for incorporating the standard into an organization’s risk management program?

The ISO 31000 standard makes it clear that risk management programs and activities must be based on the entity’s unique mission or objectives. You can tell upper-management that ISO 31000 will add value to your organization by advancing your mission through risk management efforts. Quote the definition of “risk” directly from the standard (risk is defined as “effect of uncertainty on objectives”).  Many risk management activities are being done at all organizations, your goal is to explain the value of building on what you already have in place.

Why did you become an ISO 31000 Faculty member?

Throughout my 25 years in insurance and risk management, teaching adult professionals has been an important and fulfilling part of my work. I was the education chairperson for the local CPCU chapter for over ten years. I taught the Associate in Risk Management (ARM) classes for six years.  I have taught insurance classes at a local college and recently for a class of professionals preparing for the RMPE 352 exam (Risk Management for Public Entities). Even with my years as a practicing risk manager and teaching adult professionals, I am surprised, humbled and honored to be selected by PRIMA to teach classes on ISO 31000. I believe this opportunity will allow me to help risk managers make their communities better places to live, work and play. 

[top]

 

Dorothy Gjerdrum, ARM-P, CIRM

Dorothy is the senior managing director of the public sector division of Arthur J. Gallagher and Co. where she is responsible for resource development focusing on risk management, exposure identification, pool operations and enterprise risk management. She leads client outreach activities for more than 300 Gallagher insurance brokers and specialists and provides consulting risk management services for public sector and higher education clients.

Her previous experience includes serving as the risk manager for three self-insured pools for the New Mexico Association of Counties (NMAC). While at NMAC, Dorothy’s professional accomplishments included developing loss-sensitive contribution and allocation formulas, providing new coverage programs for members, including injunctive relief, land use and special events, developing the pool’s first coverage document in order to clarify coverage exclusions and conditions of insurance in addition to developing individualized training sessions to address sexual harassment and management.

While at Arthur J. Gallagher and Co. her professional accomplishments include developing and finishing numerous ERM implementation and consulting projects including the Colorado School Districts Self-Insurance Pool, the City-County of San Francisco, the New Mexico Association of Counties Insurance Pool,  the Florida College System Risk Management Consortium, the University of Vermont, the University of North Carolina at Charlotte, Johnson County Community College District in Kansas and Maricopa County Community College District in Arizona.

Dorothy currently serves as the Chair of the US Technical Advisory Group to ISO 31000 and its Implementation Guide, ISO 31004.  Dorothy has also served on the RIMS Standards Comparison Committee and as curriculum advisor for the National Alliance. She also served as a founding board member and treasure for County Reinsurance, Limited, a captive excess insurance company formed to provide reinsurance to county association pools nationwide. She is also a founding member of the New Mexico chapter of PRIMA.

Dorothy has a Bachelor of Arts degree from the College of St. Catherine and holds the ARM designation and has RMPE and CIRM certificates.

More information on Dorothy

How do you currently use the ISO 31000 standard on your job?

I provide consulting services to clients and use the ISO 31000 standard as my model.  I have used it to help clients identify gaps in current risk management programs, make plans to expand their risk management programs to incorporate ISO 31000 and as a guide for “best practices” in risk management.

I recently participated in a leadership meeting where we had to make a major structural service change.  We used the risk assessment process from ISO 31000. It helped us to be better informed and consider both threats and opportunities associated with the change.  I apply the standard in ways that are very formal and informal and it always helps me make better decisions and more informed choices.

Any advice on how to get upper-management buy-in for incorporating the standard into an organization’s risk management program?

Find out what upper-management cares about and the “language” they speak.  This might be the language of finance (efficiencies and bond rating) or the language of planning (strategy and risk to achieving it).  If they are reluctant or skeptical, try to elicit support for a pilot project to prove the concept.  That can help build support.  In addition to speaking their language, it would be helpful to know what their priorities are and then find ways that risk management can support those priorities and contribute to their success. 

Other people can help you with this as well.  When you find a “champion” or supporter, be sure you empower them to talk to others about what you’re doing, why it is important and what it can do for your organization.

Why did you become an ISO 31000 Faculty member?

My ERM clients needed training on how to implement ERM and how to educate others to support ERM.  That’s why I approached PRIMA and PERI to develop this training. I love training people and sharing ERM so being an ISO 31000 Faculty member is a natural fit for me!  I love the idea of a PRIMA faculty. I think it’s a great idea.  We can support each other and build the practice as we go.  That’s what public sector risk managers are good at!!

[top]

Shannon Gunderman, CPCU, ARM, AIS, CWCP

Shannon is the administrative services director for Yuma County in Arizona where he is responsible for overseeing the county’s property, liability, unemployment and workers’ compensation programs. He also directs the County’s loss control, safety and privacy programs to assure regulatory compliance and he supervises the conflict administrator’s office and is the county’s ERM project manager. Additionally, he serves as a leading member of both the county’s ERM committee and enterprise risk development team.

His previous experience includes working as a paralegal and risk manager with the county attorney where he was responsible for assisting attorneys in the practice of contract and agency, administrative, civil rights, property tax, tort, premise liability, employment practice and criminal laws.

His professional accomplishments include transitioning Yuma County from a commercially-insured workers ’ compensation program to a self-insured program, introducing and championing a pain management program that reduced claims and reduced the use of prescription medication, creating financial formulas that determined premium amounts that funded his self-insurance program and developing a method of premium allocation.

Shannon is a certified public manager through Arizona State University and holds his CPCU, ARM, AIC, CWCP designations. He is also a certified paralegal with the National Association of Legal Assistants and has a certificate in paralegal studies from the University of Arizona and a certificate in mediation from the Institute for Conflict Management.

More information on Shannon

How do you currently use the ISO 31000 standard on your job?

Most recently, I have utilized the ISO 31000 standard in my ERM project with the County. The process outlined in ISO 31000 has been invaluable in conducting educational workshops.  It is a simple, efficient, and consistent way to help diverse departments identify, analyze, evaluate, and treat their various risks. I also used several of the ISO 31000 principles to sell the idea of ERM to upper-management.

Any advice on how to get upper-management buy-in for incorporating the standard into an organization’s risk management program?

Since the private sector is geared toward the generation of profits and business survival, it is sometimes easier for these organizations to clearly see how ERM impacts their bottom lines. This creates a sense of urgency to develop an ERM program in order to preserve operations, protect assets, increase profits, and maintain compliance.

In the public sector, however, realizing a profit or maintaining entity sustainability are really not issues. For public entities, stretching the budgetary dollar to accomplish governmental mandates is usually a huge issue. Therefore creating an ERM message should emphasize at least two things: 1) ERM as an effective method of identifying and treating risks that affect the entity’s goals (mandated and otherwise) and 2) the value of ERM as a tool to locate opportunity in risk that has the potential to improve operations, protect assets, and better allocate limited resources.

Why did you become an ISO 31000 Faculty member?

I have been a risk management practitioner for over 15 years and feel that both ISO 31000 and the concept of ERM have done a lot to raise the profile of the risk management profession. Historically, risk managers have been viewed as procurers of insurance, safety inspectors, and claim adjusters. However, through the growth and development of ERM and the establishment of global standards like ISO 31000, risk managers are now seen as professionals that facilitate the identification and treatment of risks as well as assist in the discovery of opportunities in risk.

It’s an exciting time to be in the risk management field and I felt that with my knowledge, experience, training, and professional passion, I would be effective in teaching and advocating the valuable principles and guidelines of ISO 31000.

[top]

Lisanne Sison

Ms. Lisanne Sison, Director, Risk Management Consulting and Enterprise Risk Management Practice Lead, has 15 years of experience providing consulting services to a broad spectrum of entities that include state and local government departments and agencies, higher education institutions, not-for-profit organizations, health care institutions, technology companies, and K-12 private schools.

Lisanne has detailed experience related to ERM implementation and has played a key role in assisting her clients to implement various ERM frameworks. Her competencies include, but are not limited to, facilitation support and strategic planning assistance, risk identification, evaluation and quantification activities, the development of risk assessment tools and techniques, providing education and training on ERM frameworks and risk assessment techniques, and assisting with the development of ERM governance structures and new automated systems to help organizations proactively manage their risks using metrics.In addition to the technical duties described above, Lisanne has also provided facilitation support and strategic planning assistance to multiple committees, workgroups, and leadership groups across different organizations, to help guide their operations and/or their ERM programs.

In addition to her ERM expertise, Lisanne also has experience in a wide range of consulting projects covering business operation improvement and process reviews, audit assistance, regulatory compliance reviews (including research grant compliance requirements), procurement process reviews, business continuity management reviews, vendor selection assistance, and indirect cost rate development and activity based costing projects.

Prior to joining Bickmore, Lisanne was a Manager with KPMG LLP.In that capacity, she provided various consulting services to the public sector and higher education as part of their Advisory Services practice.

How do you currently use the ISO 31000 standard on your job?

As a consultant, I regularly use ISO 31000 as a road map to describe Enterprise Risk Management principles and processes. The standard is clear, straight forward, and the three parts to Figure 1 not only help communicate the key characteristics of ERM (e.g. – Creates and protects value, must be customized, must be dynamic, etc.), but also help illustrate what the process looks like in practice.

Any advice on how to get upper-management buy-in for incorporating the standard into an organization’s risk management program?

Organizations that lack a structured approach to identifying, prioritizing and evaluating uncertainty across their organization are often forced into either making decisions based on whoever has the loudest or most persistent voice in the organization, or reacting to an event that has already occurred. Both situations limit an organization’s ability to proactively align its risk management functions with the mission of the organization, resulting in increased cost, decreased efficiency, and diminished capacity to fulfil the organization’s purpose.

From my perspective, the purpose of Enterprise Risk Management is to provide a common ruler with which to measure uncertainty across an organization, and evaluate how effective the organization is at managing that uncertainty. By leveraging a consistent and rigorous approach, organizations, and especially senior leadership, are better prepared to identify key opportunities and threats to their mission, make better / more risk-aware decisions, and allocate their limited resources (e.g. – people, dollars and technology) to the areas of greatest need.

By communicating the value of effective risk management that is aligned with strategy and integrated with the decision-making process, they can get beyond seeing risk management as just a line item expense for insurance, and view risk management as a valued partner that is integral to the success of the organization.

Why did you become an ISO 31000 Faculty member?

Risk Management has often had a reputation as the department of “no”, or being the last hurdle to jump through on a checklist that requires a certificate of insurance before you get to the “fun” stuff. But I view Risk Management as a tool for organizations to take more risk in a smart way. You can’t innovate or evolve without taking risk, and I see ERM as an effective tool that enables organizations to better manage uncertainty in pursuit of their mission and objectives. I am honored to have the opportunity to share my knowledge and experience in a way that helps to simplify ERM as a discipline and gives Risk Managers the tools they need to elevate their engagement and enhance their value to their organizations.

Scott Wightman, ARM

Scott is the director of public sector and higher education practices for Arthur J. Gallagher & Co. in St. Louis, Missouri where he is responsible for managing a team of 13 professionals dedicated to serving more than 480 clients in K12 education, 40 higher education institutions and numerous cities, counties and special districts.

His previous experience involves serving as the first risk manager for a regional department store chain and then as director of risk management for Saint Louis University.

Scott’s professional accomplishments include leading the formation of the Missouri United School Insurance Council (MUSIC) in partnership with the Missouri Chapter of the Association of School Business Officials (MoASBO) and implementing numerous ERM programs in partnership with Dorothy Gjerdrum. Active with the University Risk Management and Insurance Association (URMIA), Scott has developed a comprehensive sample inventory of compliance and risk sources, organized under the headings of tax and finance, safety and security, research and healthcare, student disclosures and services and employment. 

 Scott has a Bachelor of Science degree in business administration from the University of Missouri and holds his ARM designation.

 

More information on Scott

How do you currently use the ISO 31000 standard on your job?

I use the standard to help our clients broaden their view of risk management and to embed its principles into their organizations.  It is very gratifying to see their reaction to the standard’s simplicity and direction in communicating its benefits.

Any advice on how to get upper-management buy-in for incorporating the standard into an organization’s risk management program?

The standard fits perfectly into existing management programs and always provides the missing piece of the puzzle – analyzing and measuring risks associated with the meeting of organizational objectives identified in the broader management process.  This is the gateway to educating senior managers on the proper role and position of risk management within the enterprise.

Why did you become an ISO 31000 Faculty member?

It is an exciting time in the history of risk management in the public and higher education sectors. The standard provides a wonderful tool for elevating the practice within the organization.  Risk managers belong at the table when senior management is considering major new initiatives and the understanding of ERM principles and practices is key to the invitation. I became a faculty member to help them get to that table.

[top]

Tim Wiseman, MBA, ARM-E

Tim is the assistant vice chancellor for enterprise risk management at East Carolina University (ECU) where he is responsible for developing, implementing and sustaining the university’s enterprise risk management program. He leads ECU’s effort to recognize, measure and assess business risk and control measures.  He advises senior administration officials on risk considerations related to strategic decision-making.

His previous experience includes serving as a finance corps officer and resource manager in the US Army where he was responsible for enterprise-wide risk management of financial controls, management internal controls, and fraud, waste and abuse detection and prevention.

His professional accomplishments include serving in the Army with distinction in both command and staff positions at all ranks and levels from captain to colonel, serving as ECU’s ERM advisor to the chancellor, senior leaders and the board of trustees, chairing a 40 member risk committee and establishing an effective two-year model for risk identification, assessment, treatment and monitoring/adjustment.

Tim has a Bachelor of Science degree in business administration from the University of Arkansas, an MBA from Syracuse University and a Masters of Science degree in national resource strategy from the National Defense University. He also holds the ARM-E designation.

More information on Tim

How do you currently use the ISO 31000 standard on your job?

I currently use the ISO 31000 as the basic point of departure for any risk discussions and activities.  Having a standard that has been designed and vetted outside of my organization is very valuable as it helps usher in acceptance of the principles and ideas associated with formal risk management for our organization.  I have also found the definitions and tools included in the ISO suite of references extremely useful.   Additionally, the principles serve as great descriptors to form the basis for organizational self-evaluation as to the maturity of ERM processes and holistic implementation of an effective ERM program. 

In my organization, we used a different model for our initial implementation of an enterprise-wide risk management program.  Once we had achieved our goals for initial implementation of a program, the ISO 31000 standard became the next most suitable primary reference for sustaining our implementation efforts and gaging our progress with maturing the program and creating value for the organization and its stakeholders.

Any advice on how to get upper-management buy-in for incorporating the standard into an organization’s risk management program?

The principles, framework, and process outlined in the standard provide a foundation from which the case for implementing an effective enterprise-wide risk management program can be made.  The solid presentation of the framework and process in the standard also elevates the conversations about risk to the strategic level without ignoring or lessening the importance of traditional risk management.  Having a clear model shifts the conversation with senior executives and board members from debates about what constitutes a risk to those with a focus on objective-setting and risk-informed strategic decision making. 

The “buy-in” is achieved by the stability having an accepted standard brings to the process.  Interpretational dissonance is reduced as a result, and executive-level dialogue becomes far more efficient and effective – translating to a more efficient use of limited resources.

Why did you become an ISO 31000 Faculty member?

I have a passion for applying contemporary risk management principles and the ISO 31000 framework to public sector, higher education and non-profit organizations.  These sectors can benefit tremendously from a more formal approach to enterprise-wide risk management and reducing institutional total cost of risk. 

Over the past few decades, the emphasis on risk management and governance has been primarily focused on the private/corporate sector.  I see the opportunity now to take the best practices in enterprise risk management exercised in the corporate sector, modify them appropriately for application in the public sector, higher education and non-profit environments, and apply the practices for positive effect. 

The ISO 31000 is a cornerstone reference to facilitate the transition for organizations to a more formal and effective holistic risk management approach and the related benefits that will accompany that change.  I felt that my experiences guiding a large university through the implementation of an enterprise risk management program over the past five years plus my experiences in managing change and transformation in large governmental organizations would be of benefit to students/trainees.  I am excited about being a part of an initiative to “jump start” ISO training and use within the public sector and higher education environments. 

[top]