Meet the ERM Faculty

PRIMA's Enterprise Risk Management Training faculty have extensive risk management and ERM experience. Through ERM they have added value to their entities, advanced their missions and spearheaded change in the public risk management industry.

Learn more about the faculty, their experience and why they are excited to be part of PRIMA's ERM Training faculty below.

Meet the ERM Faculty

Dorothy Gjerdrum

Shannon Gunderman

Lisanne Sison

Scott Wightman

slider-image

Dorothy Gjerdrum, ARM-P, CIRM

Dorothy is a managing director of the ERM Practice Group at Arthur J. Gallagher. She is also the senior managing director of Gallagher’s Public Sector Practice. She has more than 30 years of risk management experience and has been a speaker, author, and consultant on ERM since 2003. She has represented the U.S. at international meetings focused on the development of risk management standards since 2008.

As managing director of Gallagher’s ERM Practice Group, Dorothy leads the development of training and resource material focused on the implementation of ERM. She provides ERM consulting services to a variety of industries and clients, with expertise in K12 education (both public and private), higher education, public sector and nonprofit clients. A sample of ERM implementation and consulting projects include San Diego Zoo Global, the U of WY, the Pingry School, Chadwick School, San Francisco Unified School District, Dakota County MN, Maricopa County Community College District and Johnson County Community College District.

Prior to joining Gallagher, Dorothy was the risk manager of three self-insured pools for an association of county governments. During her tenure as a risk manager, she was recognized for her expertise in areas such as new coverage programs, the development of loss-focused training and prevention programs, reducing claims costs and innovative risk financing strategies. She helped form and served as a board member and treasurer of a reinsurance company for county association pools.

How do you currently use the ISO 31000 standard on your job?

I provide consulting services to clients and use the ISO 31000 standard as my model. I have used it to help clients identify gaps in current risk management programs, make plans to expand their risk management programs to incorporate ISO 31000 and as a guide for “best practices” in risk management.

I recently participated in a leadership meeting where we had to make a major structural service change. We used the risk assessment process from ISO 31000. It helped us to be better informed and consider both threats and opportunities associated with the change. I apply the standard in ways that are very formal and informal and it always helps me make better decisions and more informed choices.

Any advice on how to get upper-management buy-in for incorporating the standard into an organization’s risk management program?

Find out what upper-management cares about and the “language” they speak. This might be the language of finance (efficiencies and bond rating) or the language of planning (strategy and risk to achieving it). If they are reluctant or skeptical, try to elicit support for a pilot project to prove the concept. That can help build support. In addition to speaking their language, it would be helpful to know what their priorities are and then find ways that risk management can support those priorities and contribute to their success.

Other people can help you with this as well. When you find a “champion” or supporter, be sure you empower them to talk to others about what you’re doing, why it is important and what it can do for your organization.

Why did you become an ISO 31000 Faculty member?

My ERM clients needed training on how to implement ERM and how to educate others to support ERM. That’s why I approached PRIMA and PERI to develop this training. I love training people and sharing ERM so being an ISO 31000 Faculty member is a natural fit for me! I love the idea of a PRIMA faculty. I think it’s a great idea. We can support each other and build the practice as we go. That’s what public sector risk managers are good at!

slider-image

Shannon Gunderman, CPCU, ARM, AIS, CWCP

Shannon is the administrative services director for Yuma County in Arizona where he is responsible for overseeing the county’s property, liability, unemployment and workers’ compensation programs. He also directs the County’s loss control, safety and privacy programs to assure regulatory compliance and he supervises the conflict administrator’s office and is the county’s ERM project manager. Additionally, he serves as a leading member of both the county’s ERM committee and enterprise risk development team.

His previous experience includes working as a paralegal and risk manager with the county attorney where he was responsible for assisting attorneys in the practice of contract and agency, administrative, civil rights, property tax, tort, premise liability, employment practice and criminal laws.

His professional accomplishments include transitioning Yuma County from a commercially-insured workers ’ compensation program to a self-insured program, introducing and championing a pain management program that reduced claims and reduced the use of prescription medication, creating financial formulas that determined premium amounts that funded his self-insurance program and developing a method of premium allocation.

Shannon is a certified public manager through Arizona State University and holds his CPCU, ARM, AIC, CWCP designations. He is also a certified paralegal with the National Association of Legal Assistants and has a certificate in paralegal studies from the University of Arizona and a certificate in mediation from the Institute for Conflict Management.

How do you currently use the ISO 31000 standard on your job?

Most recently, I have utilized the ISO 31000 standard in my ERM project with the County. The process outlined in ISO 31000 has been invaluable in conducting educational workshops. It is a simple, efficient, and consistent way to help diverse departments identify, analyze, evaluate, and treat their various risks. I also used several of the ISO 31000 principles to sell the idea of ERM to upper-management.

Any advice on how to get upper-management buy-in for incorporating the standard into an organization’s risk management program?

Since the private sector is geared toward the generation of profits and business survival, it is sometimes easier for these organizations to clearly see how ERM impacts their bottom lines. This creates a sense of urgency to develop an ERM program in order to preserve operations, protect assets, increase profits, and maintain compliance.

In the public sector, however, realizing a profit or maintaining entity sustainability are really not issues. For public entities, stretching the budgetary dollar to accomplish governmental mandates is usually a huge issue. Therefore creating an ERM message should emphasize at least two things: 1) ERM as an effective method of identifying and treating risks that affect the entity’s goals (mandated and otherwise) and 2) the value of ERM as a tool to locate opportunity in risk that has the potential to improve operations, protect assets, and better allocate limited resources.

Why did you become an ISO 31000 Faculty member?

I have been a risk management practitioner for over 15 years and feel that both ISO 31000 and the concept of ERM have done a lot to raise the profile of the risk management profession. Historically, risk managers have been viewed as procurers of insurance, safety inspectors, and claim adjusters. However, through the growth and development of ERM and the establishment of global standards like ISO 31000, risk managers are now seen as professionals that facilitate the identification and treatment of risks as well as assist in the discovery of opportunities in risk.

It’s an exciting time to be in the risk management field and I felt that with my knowledge, experience, training, and professional passion, I would be effective in teaching and advocating the valuable principles and guidelines of ISO 31000.

slider-image

Lisanne Sison

Lisanne Sison is a Managing Director at Arthur J. Gallagher & Co. Public Sector. She has more than 15 years of experience providing consulting services to a broad spectrum of entities that include state and local government departments and agencies, higher education institutions, not-for-profit organizations, health care institutions, technology companies, and K-12 private schools.

Lisanne has detailed experience related to ERM implementation and has played a key role in assisting her clients to implement various ERM frameworks. Her competencies include, but are not limited to, facilitation support and strategic planning assistance, risk identification, evaluation and quantification activities, the development of risk assessment tools and techniques, providing education and training on ERM frameworks and risk assessment techniques, and assisting with the development of ERM governance structures and new automated systems to help organizations proactively manage their risks using metrics.In addition to the technical duties described above, Lisanne has also provided facilitation support and strategic planning assistance to multiple committees, workgroups, and leadership groups across different organizations, to help guide their operations and/or their ERM programs.

In addition to her ERM expertise, Lisanne also has experience in a wide range of consulting projects covering business operation improvement and process reviews, audit assistance, regulatory compliance reviews (including research grant compliance requirements), procurement process reviews, business continuity management reviews, vendor selection assistance, and indirect cost rate development and activity based costing projects.

How do you currently use the ISO 31000 standard on your job?

As a consultant, I regularly use ISO 31000 as a road map to describe Enterprise Risk Management principles and processes. The standard is clear, straight forward, and the three parts to Figure 1 not only help communicate the key characteristics of ERM (e.g. – Creates and protects value, must be customized, must be dynamic, etc.), but also help illustrate what the process looks like in practice.

Any advice on how to get upper-management buy-in for incorporating the standard into an organization’s risk management program?

Organizations that lack a structured approach to identifying, prioritizing and evaluating uncertainty across their organization are often forced into either making decisions based on whoever has the loudest or most persistent voice in the organization, or reacting to an event that has already occurred. Both situations limit an organization’s ability to proactively align its risk management functions with the mission of the organization, resulting in increased cost, decreased efficiency, and diminished capacity to fulfil the organization’s purpose.

From my perspective, the purpose of Enterprise Risk Management is to provide a common ruler with which to measure uncertainty across an organization, and evaluate how effective the organization is at managing that uncertainty. By leveraging a consistent and rigorous approach, organizations, and especially senior leadership, are better prepared to identify key opportunities and threats to their mission, make better / more risk-aware decisions, and allocate their limited resources (e.g. – people, dollars and technology) to the areas of greatest need.

By communicating the value of effective risk management that is aligned with strategy and integrated with the decision-making process, they can get beyond seeing risk management as just a line item expense for insurance, and view risk management as a valued partner that is integral to the success of the organization.

Why did you become an ISO 31000 Faculty member?

Risk Management has often had a reputation as the department of “no”, or being the last hurdle to jump through on a checklist that requires a certificate of insurance before you get to the “fun” stuff. But I view Risk Management as a tool for organizations to take more risk in a smart way. You can’t innovate or evolve without taking risk, and I see ERM as an effective tool that enables organizations to better manage uncertainty in pursuit of their mission and objectives. I am honored to have the opportunity to share my knowledge and experience in a way that helps to simplify ERM as a discipline and gives Risk Managers the tools they need to elevate their engagement and enhance their value to their organizations.

slider-image

Scott Wightman, ARM

Scott is the director of public sector and higher education practices for Arthur J. Gallagher & Co. in St. Louis, Missouri where he is responsible for managing a team of 13 professionals dedicated to serving more than 480 clients in K12 education, 40 higher education institutions and numerous cities, counties and special districts.

His previous experience involves serving as the first risk manager for a regional department store chain and then as director of risk management for Saint Louis University.

Scott’s professional accomplishments include leading the formation of the Missouri United School Insurance Council (MUSIC) in partnership with the Missouri Chapter of the Association of School Business Officials (MoASBO) and implementing numerous ERM programs in partnership with Dorothy Gjerdrum. Active with the University Risk Management and Insurance Association (URMIA), Scott has developed a comprehensive sample inventory of compliance and risk sources, organized under the headings of tax and finance, safety and security, research and healthcare, student disclosures and services and employment.

Scott has a Bachelor of Science degree in business administration from the University of Missouri and holds his ARM designation.

How do you currently use the ISO 31000 standard on your job?

I use the standard to help our clients broaden their view of risk management and to embed its principles into their organizations. It is very gratifying to see their reaction to the standard’s simplicity and direction in communicating its benefits.

Any advice on how to get upper-management buy-in for incorporating the standard into an organization’s risk management program?

The standard fits perfectly into existing management programs and always provides the missing piece of the puzzle – analyzing and measuring risks associated with the meeting of organizational objectives identified in the broader management process. This is the gateway to educating senior managers on the proper role and position of risk management within the enterprise.

Why did you become an ISO 31000 Faculty member?

It is an exciting time in the history of risk management in the public and higher education sectors. The standard provides a wonderful tool for elevating the practice within the organization. Risk managers belong at the table when senior management is considering major new initiatives and the understanding of ERM principles and practices is key to the invitation. I became a faculty member to help them get to that table.