1 Enterprise Risk Management David Whatley March 24, 2006 Enterprise Risk Management David Whatley March 24, 2006
You can do it. We can help. 2 Enterprise Risk Management by Many Other Names is Still Enterprise Risk Management
You can do it. We can help. 3 Risk Identification and Evaluation Built Into All Business Processes Assimilation of Results of Risk Management in Each Business: –Assure Risk Management Process is Executed –Risk Tolerance Levels Are Appropriate and Uniform –Determine Consolidated Risk of Enterprise –Measure vs. Level Approved by Board of Directors Enterprise Risk Management (ERM)
You can do it. We can help. 4 Board of Directors = Overview Process/Sets Risk Level Chief Executive Officer = Chief Risk Officer Senior Leadership Team = Risk Committee Business Processes Include Risk Assessments and Consideration of Risk in Decisions or are Risk Based Enterprise Risk Management Structure
You can do it. We can help. 5 Enterprise Risk Management The ERM Components Influences how strategies and goals are set, how activities are structured and how risks are identified, assessed and acted upon Creates a process for setting objectives, ensuring that those objectives are aligned with strategic goals and that those goals are consistent with risk appetite Considers internal and external factors that might affect strategy and achievement of business objectives Focuses on the likelihood and impact of potential events and their effects on objectives Evaluates risks for possible responses and their effects Ensures that risk responses are carried out efficiently via policies and procedures Involves the exchange of relevant data with internal and external parties so that they may identify, assess and respond appropriately to risk Ensures that the components of ERM are applied at all levels Internal Environment Objective Setting Event Identification Risk Assessment Risk Response Control Activities Information and Communication Monitoring
You can do it. We can help. 6 Activity DeliverableERM ComponentsTHD Activities ERM at The Home Depot (not all inclusive) ERM Components Internal EnvironmentTone at the Top Sarbanes-Oxley/404 Corporate Governance Entity Level Assessment Objective SettingStrategic Vision Strategic Initiatives Board of Directors (BOD) SOAR Risk ResponseStrategic Initiatives Internal Audit Plan Insurance Levels SOAR Internal Audit Liability Risk Analysis Event IdentificationLiability Risk Analysis SOAR Insurance Levels Strategic Initiatives Risk AssessmentSOAR Internal Audit Strategic Initiatives Internal Audit Plan Attestation of Fin. Reporting effectiveness SOP’s Standard Reconciliation Process Control ActivitiesSarbanes-Oxley/404 Corporate Compliance Information & CommunicationStrategic Initiative Issue Resolution Management Report Outs Quarterly Executive Council (QEC) Weekly President’s Call MonitoringSOAR Quarterly Executive Council Strategic Initiatives Strategic Initiative Issue Resolution
You can do it. We can help. 7 The Home Depot’s Risk Areas EVP – Merchandising/Marketing THD Risk AreaOversight Asset Management Customer Service Legal Finance/Accounting Human Resources External Factors Brand and Image Information Technology Supply Chain Growth Merchandising REEC BOD, QEC Supply Chain Council IT Advisory Council Growth Steering Comm. Branding Committee Audit Committee Innovative Council Leadership Development Compensation Committee Compliance Council Store Manager Council / / / / / / / / / / / / EVP – Bus. Development/Corp. Operations CEO EVP – IT/CIO EVP – Bus. Development/Corp. Operations EVP - CFO EVP – Merchandising/Marketing EVP - HR EVP – Secretary/General Counsel EVP – HD Stores Business Leader
You can do it. We can help. 8 The Home Depot Compliance Program is based upon the three-fold approach of: (1) prevent, (2) detect and (3) respond to potential issues. Taken together, these three components form a closed-loop cycle that reinforces compliant conduct throughout the Company. Home Depot Compliance Program
You can do it. We can help. 9 A Compliance Policy is maintained for each identified risk area of the Company’s business. Compliance Processes are developed under each Compliance Policy that establish mechanisms for Company conduct. Training educates and informs targeted associates about the Company’s Compliance Policies & related SOPs. Standard Operating Procedures (SOPs) Compliance Structure
You can do it. We can help. 10 Quarterly Reviews: Select policies or functional areas are reviewed quarterly Annual Compliance Reviews: Week-long enterprise-wide policy and functional area review with all Divisions, Subsidiaries and International Businesses Compliance Reviews
You can do it. We can help. 11 Compliance Review Components Risk Factor AssessmentLaws Update Other Updates Government Investigations Training Proposals Budget/Resource Allocations Incident Update Progress Monitoring Dashboard Use of Traffic Lights Major incidents and the divisions in which they occur are reported, along with the investigation details and resolutions
You can do it. We can help. 12 Risk-Based Compliance Monitoring Risk Management: Traffic Lights provide an efficient way of quickly determining the Company’s individual risk status. S A M P L E
You can do it. We can help. 13 Process Improvements: Any processes and/or procedures being developed and implemented to improve current operations and mitigate risks. Compliance Monitoring S A M P L E
You can do it. We can help. 14 Align SOAR with Strategic Vision SOAR Based on Strategy Voice of Customer Conversion Store Productivity New Locations New Service Categories New Channels New Businesses New Platforms New Geographies Customer Satisfaction Differentiated and Innovative Merchandise at Great Value Store Readiness Information Technology Leadership Development New Stores New Formats Home Depot Services Home Depot Direct Home Depot Supply –MRO* –Builder –Professional Supply Canada Mexico China Enhance CoreExtend BusinessExpand Market *MRO – Maintenance, Repair and Operations
You can do it. We can help. 15 Strategic Planning Entities #21 #22 #23 #24 & #59 #25 #26 #27E #27L #28 #29 #30 Store Formats AHS HD Supply/ ITB PRO / Tool Rental Canada Direct /eBusiness Operations / Stores (Supply Chain) IT Credit DEPARTMENTSOTHER BUSINESSES SOAR 2005 Marketing / Store Merchandising Human Resources Legal Finance Real Estate / Construction Merchandising / Divisions (late November to lock plan) FUNCTIONS / OPERATING PLANS 7 days in August Functional Reviews on an exception basis Operating Review 2 days in December Functional Reviews on an exception basis Operating Review 2 days in December
You can do it. We can help. 16 Proposed SOAR Calendar Process Key Meetings & Events Operating Plan Executive Team SOAR Activity M ar ch Oc to be r No ve mb er De ce mb er Au gu st Se pte mb er A pr il M ay Ju ne J ul y Fe br ua ry Strategic Planning Off-site to finalize plans Set strategic guidance/ Metrics ELT Game Changers SOAR current year Initiative update Progress Review SOAR I Strategy Reviews SOAR I Decisions SOAR II Operating Reviews Divisional Reviews ’06 Plan locked SOAR I Kick-off Space Planning Prework Targets & guidance set for teams Final Plans Due Inter- departmental reviews Teams designated SOAR II Kick-off Merchandising & Divisional working sessions Capital & G&A Decisions Strategic Planning
17 Q & A David Whatley net Q & A David Whatley net