Presentation is loading. Please wait.

Presentation is loading. Please wait.

EBusiness Enterprise Risk Management Mark Carey, CPA, CISA President Toll free: 866.335.2736 x101 International: 001.801.756.4180 x101

Similar presentations


Presentation on theme: "EBusiness Enterprise Risk Management Mark Carey, CPA, CISA President Toll free: 866.335.2736 x101 International: 001.801.756.4180 x101"— Presentation transcript:

1 eBusiness Enterprise Risk Management Mark Carey, CPA, CISA President Toll free: 866.335.2736 x101 International: 001.801.756.4180 x101 mark@delcreo.com www.delcreo.com

2 Enterprise Risk Management Definition Enterprise Risk Management (ERM) is the capability to protect enterprise value by managing risk: –With a coordinated and systematic approach, –Organization-wide, and –Across all types of risk.

3 Business Risk Profiling: Risk Drivers StrategicOperationalStakeholderFinancialIntangible Macro Trends Competitor Economic Resource Allocation Program/Project Organization Structure Strategic Planning Governance Brand/Reputation Ethics Crisis Partnerships/JVs Processes Physical Assets Technology Infrastructure Business Interruption Legal Human Resources Environmental Hazard Customers Line Employees Management Suppliers Government Partners Community Market Accounting Credit Cash Management Taxes Regulatory Compliance Knowledge Intellectual Property Information Systems Databases Information for Decision Making

4 Business Impact Assessment Management challenges the numbers –Make it “real” for senior management –Typical approach/ measures often do not line up with how CEO, CFO, CIO evaluate their business and make decisions Shareholder Value Levers Risks That Matter Growth Accelerate growth in current businesses Drive adoption of next generation appliances, e- services and infrastructure in high growth markets Cost and Efficiency Value Web and Organizational Efficiency Streamline decentralized operating model Total Customer experience approach Capital Take advantage of strong balance sheet Market Variables Create e-services ecosystems - place HP at the center Risk Management Culture and Infrastructure RISK MANAGEMENT CULTURE AND INFRASTRUCTURE Risk Strategy Risk Management Processes Technology Functions Culture and Capability Governance IMPROVEMENT INITIATIVES Senior Management Validation and Support eRisk Rapid Response (eR 3 ) Process Risk Coverage Mapping Risk Management Workbench Detailed Risk Analysis eBusiness Risk Management Benchmark Customer Facing Business Models Virtual Supply Chain Partnerships and Alliances e-Business Infrastructure Venture Capital Investments Human Resource Organizational Change/Allocation of Resources Intellectual Property

5 eBusiness: So What? “The ‘telephone’ has too many shortcomings to be seriously considered a means of communication.” –Western Union Internal Memo, 1876 “This wireless music box has no imaginable commercial value. Who would pay for a message sent to nobody in particular?” –David Sarnoff’s associates in response to his urgings for investment in Radio in the 1920’s “Who the hell wants to hear actors talk ?” – Harry M. Warner, Warner Bros, 1927 “There is no reason for any individuals to have a computer in their home.” – Ken Olsen, President, Chairman and Founder of DEC, 1977 “Heavier-than-air flying machines are impossible.” – Lord Kelvin, President, Royal Society 1895 “Airplanes are interesting toys but of no military value.” –Marshall Ferdinand Foch, Professor of Strategy, Ecole Superiure de Guerre

6 eBusiness Trends Real Time Enterprise Low Tech, High Impact High Tech, Low Cost Cyber-Activism

7 “Real Time” Enterprise “Ciscoize” and “Dellize” Every Business Adaptive architecture, evolvable applications Federation NOT integration Architecture to connect architectures Rapid, incremental implementation Instantaneous “financials”, metrics, supply chain, customer support.… “Spontaneous transaction flow and information transparency throughout the extended enterprise” Customized from presentation “TECH WRECK or TECH TREND: Perspectives on Technology Investing”, Vinod Kholsa, Kleiner Perkins Caufield & Byers, September, 2001

8 Low Tech, High Impact Terrorists have employed low tech weapons to inflict massive physical or psychological damage –Box cutters –Envelopes Infrastructure is vulnerable to unsophisticated attacks Identify assets at risk –Strategic Initiatives –People –Process –Information Systems –Physical Infrastructure –Geography –Organization –Products –Flows (supplies, information, electricity, cash, etc.) Focus risk assessment on how the asset may be impacted

9 High Tech, Low Cost Sophisticated technologies/tools that may be employed as weapons of Mass Destruction/Interruption –Biological and chemical weapons –Technology Technologies/tools that have the ability to inflict massive damage are getting cheaper every day Sophisticated tools are increasingly affordable and are being used by competitors, customers, employees, litigation teams, etc.

10 Cyber Activism The Internet: “a powerful tool for communicating and coordinating action.” –Collection –Publication –Dialogue –Coordination of action –Direct lobbying of decision makers

11 eRisks….Just a Few Cyber terrorism Hactivism Data Privacy Critical Infrastructure Failure Intangible Property Third Parties

12 Cyber terrorism “The convergence of terrorism and cyberspace” Definition –“Unlawful attacks and threats of attack against computers, networks, and information stored therein when done to intimidate or coerce a government or its people in furtherance of political or social objectives” – FBI Definition Tamil guerrillas send 800 emails a day to Sri Lankan embassies to “disrupt communications” NATO computers hit with e-mail bombs and denial-of- service attacks during 1999 Kosovo conflict Pro-Palestinian and pro-Israeli deface Israeli and Palestinian sites over a one month period in October, 2000.

13 Hacktivism Definition –Operations that exploit computers in ways that are unusual and often illegal to further social causes. Methods –Virtual Sit-Ins and Blockades –E-Mail Bombs –Web Hacks and Computer Break-Ins –Computer Viruses and Worms

14 Data Privacy Credit card information Identity theft Bio-Metrics Differences in Regulations –United States –Canada –European Union –Other

15 Critical Infrastructure Failure Today’s business system –Complex –Tightly coupled –Heavily dependent on infrastructure Interconnectivity of infrastructure –Telecommunications –power generation and distribution –Transportation –Medical care –National defense –Other critical government services Ripple effects of infrastructure failure

16 Intangible Property Mismanagement –Lost or theft by competitors –Inability to profit –Sharing without compensation Poor use of risk management techniques –Insurance –Continuity planning –Business Controls Complicated by increase in # of third parties and “virtual” supply chain

17 Third Parties Risk appetite, strategy and sophistication variances Brand/reputation inequity Regulatory compliance complications Intangible property Contingency planning

18 eBusiness Risk Management Risk Strategy Risk Committees Risk, Incident and Crisis Management Risk Management Intranet Portals Enterprise Risk Management

19 Risk Strategy Accept Risk: Management decides to continue operations as is with a consensus to accept the inherent risks Transfer Risk: Management decides to transfer the risk from (for example) from one business unit to another or from one business area to a third party (i.e.. insurer) Eliminate Risk: Management decides to eliminate risk through the dissolution of a key business unit or operating area Acquire Risk: Management decides that the organization has a core competency managing this risk, and seeks to acquire additional risk of this type. Reduce Risk: Management decides to reduce current risks through improvement in controls and processes Share Risk: Management attempts to share risk through partnerships, outsourcing, or other risk sharing approaches

20 Silos Silos exist in: –Functions and Business Units : Corporate and operations Foreign and domestic –Information Systems and Databases –Processes Risk management Strategic planning Legal Create processes, systems and tools to reach across silos to provide the “big picture” Focus corporate risk management resources on what matters the most Leverage the “silo” expertise through better coordination for complex risks

21 Risk Committees Informal Groups Enterprise Risk Council Board of Directors –Audit Committee –Risk Committee Roles and Responsibilities Provide risk management program leadership, strategy and implementation direction Develop risk classification and measurement systems Develop and implement escalation metrics and triggers Develop and monitor early warning systems, based on escalation metrics and triggers Develop and deliver organization wide risk management training Coordinates risk management activities – some functions may report to CRO, while others will be coordinated

22 What is Incident and Crisis Management? Event - An internal or external action or occurrence that may or may not impact the organization’s stakeholders, processes, technology, infrastructure, brand or intangible property Incident - An unexpected, negative event involving potential damage to organization’s stakeholders, processes, technology, infrastructure, brand, or intangible property Crisis - An unexpected, negative event that threatens the lives of stakeholders or could materially impairs the organization and it’s ability to operate

23 Example: Objectives of an Incident & Crisis Management Program The incident and crisis management process is designed enhance our interactions with our customers. The following areas will be addressed: –Identify clear roles and responsibilities –Develop a consistent and coordinated approach –Improve communication to all stakeholders and media –Reduce incident reporting, verification and response time –Enable timely and efficient management of incidents –Leverage learnings and ensure process improvement

24 Risk Management Intranet Portal Risk Function and Business Collaboration Risk Knowledgebase Risk Resources and Subject Matter Experts Discussion Forums

25 Tools RiskWeb Early Warning System Assessment and Quantification tools Culture Knowledge Mgmt Metrics Training Communication Assess Risk Treat Risk Monitor & Report Enterprise-wide Integration Strategic Planning Programs/PMO Processes Functions Risk Management Process Allocation of Capital Control Cost Drive Innovation Manage Growth Risk Attributes Lifecycle Individual Portfolio Qualitative Quantitative Organization Enterprise Risk Committee CRO or ERM Manager Risk Strategy & Appetite Internal Audit Risk Mgmt IT Security ERM BCP Legal EH&S Risk Strategy Appetite Prioritize Treatment Approach Program Strategy Develop Deploy Continuously Improve Risk Functions Business Objectives Risk Drivers Strategy Capability Capability Functions Process Organization Culture Tools Enterprise- Wide Integration Risk Attributes Risks Strategic Operational Stakeholder Financial Intangible ERM Framework


Download ppt "EBusiness Enterprise Risk Management Mark Carey, CPA, CISA President Toll free: 866.335.2736 x101 International: 001.801.756.4180 x101"

Similar presentations


Ads by Google