Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 IMS ERMEA NextGen NextGen Enterprise Risk Management V3.51 Enterprise RiskMosiac © – Connecting the Dots Across the Enterprise Ken Kepchar ESEP, CISSP.

Published byKristopher Phelps Modified over 9 years ago

Similar presentations

Presentation on theme: "1 IMS ERMEA NextGen NextGen Enterprise Risk Management V3.51 Enterprise RiskMosiac © – Connecting the Dots Across the Enterprise Ken Kepchar ESEP, CISSP."— Presentation transcript:

1 1 IMS ERMEA NextGen NextGen Enterprise Risk Management V3.51 Enterprise RiskMosiac © – Connecting the Dots Across the Enterprise Ken Kepchar ESEP, CISSP EagleView Associates LLC eagleview2@cox.net 703-346-7706 (Cell) Paul Abramson PDA Associates Pda-associates@comcast.net 508-358-7654 (O)508-341-6450 (Cell)

2 2 IMS ERMEA NextGen Why an Adjustment in Our Thinking? Traditional System-Centric Risk Management Practices Enterprise (System-of-Systems) Risk Management Practices Resources are typically within organization responsible for System delivery. Resources typically are across organizations responsible for component System(s). There is a shared set of objectives across the program to baseline uncertainty against. Stakeholders probably have competing objectives or goals. Organization usually hierarchical with well defined risk & governance processes. Participants usually act independently without common risk or governance processes or approaches. Singular Risk Plan with risk treatment focused on single risks. Multiple Risk Plans - Risk treatment focus must shift to “portfolios” for measures to be shared and mutually effective. Risk efforts bounded by System boundaries or program scope. Risk efforts need to address interdependencies across the component Systems or organizations. Root cause factors defined as performance (technical), schedule, or cost. Root cause factors need to reflect the added complexity introduced by Enterprise relationships.

3 3 IMS ERMEA NextGen Multi-tiered Strategic Risk Management Approach Traceability and transparency of risk-based decisions Organization-wide risk awareness LEVEL 3 Implementation System (Solution) LEVEL 2 Mission / Business Process (NSIP - Segment) LEVEL 1 Enterprise (NextGen) STRATEGIC RISK FOCUS TACTICAL RISK FOCUS Enterprise Risk Management StrategyEnterprise Risk Management Strategy Enterprise Architecture Enterprise Architecture ERM Plan ERM Plan Transformational & Enabling ProgramsTransformational & Enabling Programs

4 4 IMS ERMEA NextGen Definition of Enterprise Risk It degrades stakeholder benefit stream or business case It impairs ATC capability delivery – either performance, schedule, and/or cost It affects cross-cutting factors at the NextGen level (environmental, safety, information security, economic, international) It stems from level of readiness – either from a technology or integration perspective. A risk is considered an enterprise risk if it directly impacts the objectives of the System-of-Systems by affecting more than one system (program), domain, or stakeholder or cannot be completely addressed by a single organization. For example: Consequently, the purpose of Enterprise Risk Management is to protect and enhance the value of the Enterprise portfolio by addressing risks that cut across more than one organization

5 5 IMS ERMEA NextGen Integration Framework Ensuring the complete NextGen trade space is considered Identifying and understanding the relationships and interdependencies across operational domains, factoring in enablers and cross-cutting factors to provide a common NextGen operational picture Helping characterize the issues from a global perspective and formulate mitigation strategies to reduce integration barriers Providing more accurate and comprehensive guidance for both policy-makers and researchers about the feasibility and desirability of initiatives

6 6 IMS ERMEA NextGen Enterprise Risk Management Framework Spans the Full Life Cycle Increasing Degree of Maturity Stage in Life Cycle Initial Investment Decision Basic Research Investment Activities Applied Research/System Development Level of Uncertainty (Life Cycle Phase Dependent) Increasing Uncertainty Time Initial Operating Capability Final Investment Decision SoS Capability Operations (External) Acceptance (Programmatic) Implementation Prototyping, Demos and other Risk Reduction Activities Acquisition and Implementation Activities

7 7 IMS ERMEA NextGen Risk : A future situation or circumstance which creates uncertainties about achieving Enterprise objectives. Opportunity : A future situation or circumstance with a realistic (non-zero nor 100 percent) likelihood/probability of occurring and which may create a favorable outcome toward advancing Enterprise objectives Enterprise Risk Management Framework Risk Board Decision What Can Go Wrong? Or What Can Improve an Outcome? Identify Risk/ Opportunity How Big Is the Risk or Opportunity? Analyze Risk/ Opportunity How Can You Reduce the Risk and/or Maximize the Outcome? Select Approach Are all the necessary elements in place for execution ? Implement Decision Monitor and Track Results (Mgmt Visibility) How Are Things Going? Enterprise Risk Management Plan Enterprise Risk Management Plan Program Execution Planning Operational Experience

8 8 IMS ERMEA NextGen NextGen Capabilities Integration Technology Enablers NextGen Performance Operational Considerations Programmatic Implementation Resources & Cost Schedule & Progress System Performance Organization (External) Acceptance Harmonization Environment Social/Economic Equity Stakeholder & User Satisfaction Program Health (Solution Development) Business Factors (NextGen Operation) Three Pillars - Tailoring Enterprise Risk Categories to NextGen Choice driven by (singular) Root Cause Traditional System-centric Causes

9 9 IMS ERMEA NextGen Organizing the Enterprise Risk Register by Root Cause Risk register analyzed to determine root cause affinities -For each risk, a “root cause” identified per the 17 root caused factors in the NextGen ERM Breakdown Structure) After analysis of the Risk Register, risks are assigned to groups, or portfolios for further analysis Legend: The number of risks in each category is shown in ( ) The colored numbers are the ranking of the cause by number of risks listed in that portfolio

10 10 IMS ERMEA NextGen Enterprise Risk Board (ERB) The NextGen Enterprise Risk Board guides enterprise risk management efforts Membership reflects the Enterprise community at large – representation from each contributing stakeholder For each risk portfolio, the Board selects: –Priority –Mitigation strategy –Organization of primary mitigation responsibility (OPR) Shared Governance process ensure a common, complete understanding before implementing mitigations and coordinating with stakeholders ERB does NOT dictate specific actions or approaches – Individual OPR practices, policies, and procedures will govern

11 11 IMS ERMEA NextGen Risk Portfolio and Risk Cause Tables Helping the ERB prioritize Individual risks are left to individual stakeholders/domains Enterprise interactions are addressed by ERB Risk register needs to support analysis at the interdependency level

12 12 IMS ERMEA NextGen Helping the ERB prioritize – NextGen Example

13 13 IMS ERMEA NextGen Drilling Down into Graphics Output Clicks on a connection will highlight the connection and reveal source data in table Clicks on a box will display data behind a particular item Line color also indicates level of risks being connected to Risks shown as rectangles with color of box dependent up risk level (red, yellow green) Risk Causes shown as tan rectangles with Rectangle Halo Symbol Risk Portfolio shown in Blue with Round Halo Symbol Filters can be set up to display only red, or green, or yellow risks

14 14 IMS ERMEA NextGen World Economic Forum Report In its 2011 edition of the World Economic Forum (Global Risks 2011 Sixth Edition (http://riskreport.weforum.org/)), Risk Interconnection Maps (RIMs) were used to visualize risks, using colors and links to define risk portfolios and interdependencieshttp://riskreport.weforum.org/) The WEF web site allows interactive viewing of the RIM via a proprietary Data Explorer.

15 15 IMS ERMEA NextGen Risk information in the Enterprise Risk Register must be presented in a manner that visually reinforces risk treatment at the portfolio level rather than for individual risks. This visualization can be used to facilitate collaborative risk model construction and analysis, and developing insights into relationships of risks and how they aggregate Organizing risks into “portfolios” appears to be useful for grouping and then explaining risk priorities, risk mitigation strategies, and resource assignments. A traditional Risk Register needs to extended to contain information about interactions, hierarchies, or linkages between risks to support Enterprise risk management. Risk analysis only provides the basis for decision making – a common governance model across the Enterprise is required to effectively treat risks to the benefit of all stakeholders involved. Conclusions

Download ppt "1 IMS ERMEA NextGen NextGen Enterprise Risk Management V3.51 Enterprise RiskMosiac © – Connecting the Dots Across the Enterprise Ken Kepchar ESEP, CISSP."

Similar presentations

Chapter 3 E-Strategy.

Chapter 3 E-Strategy.
Introduction to Monitoring and Evaluation

Introduction to Monitoring and Evaluation
© 2009 The MITRE Corporation. All rights Reserved. Evolutionary Strategies for the Development of a SOA-Enabled USMC Enterprise Mohamed Hussein, Ph.D.

© 2009 The MITRE Corporation. All rights Reserved. Evolutionary Strategies for the Development of a SOA-Enabled USMC Enterprise Mohamed Hussein, Ph.D.
Program Management Overview (An Introduction)

Program Management Overview (An Introduction)
TechMIS LLC Proprietary Tracking Requirements And Compliance Engineering (TRACE ) Steve Collier/B. Squires/TechMIS LLC An affordable and user friendly.

TechMIS LLC Proprietary Tracking Requirements And Compliance Engineering (TRACE ) Steve Collier/B. Squires/TechMIS LLC An affordable and user friendly.
The Executive’s Guide to Strategic C H A N G E Leadership.

The Executive’s Guide to Strategic C H A N G E Leadership.
Chapter 3: The Project Management Process Groups

Chapter 3: The Project Management Process Groups
61 What is hazard risk management?. 62 Emergency risk management is “a systematic process that produces a range of measures that contribute to the well.

61 What is hazard risk management?. 62 Emergency risk management is “a systematic process that produces a range of measures that contribute to the well.
Investment Management Concepts Portfolio Management | Segment Architecture March 25, 2009 Adrienne Walker and Kshemendra Paul

Investment Management Concepts Portfolio Management | Segment Architecture March 25, 2009 Adrienne Walker and Kshemendra Paul
Project Human Resource Management

Project Human Resource Management
What is Business Analysis Planning & Monitoring?

What is Business Analysis Planning & Monitoring?
Life Cycle Overview & Resources. Life Cycle Management What is it? Integrated concept for managing goods and services towards more sustainable production.

Life Cycle Overview & Resources. Life Cycle Management What is it? Integrated concept for managing goods and services towards more sustainable production.
THE REGIONAL MUNICIPALITY OF YORK Information Technology Strategy & 5 Year Plan.

THE REGIONAL MUNICIPALITY OF YORK Information Technology Strategy & 5 Year Plan.
Chapter 10 Contemporary Project Management Kloppenborg

Chapter 10 Contemporary Project Management Kloppenborg
NIST Special Publication Revision 1

NIST Special Publication Revision 1
Business Analysis and Essential Competencies

Business Analysis and Essential Competencies
The Challenge of IT-Business Alignment

The Challenge of IT-Business Alignment
Certificate IV in Project Management Introduction to Project Management Course Number 17871 Qualification Code BSB41507.

Certificate IV in Project Management Introduction to Project Management Course Number Qualification Code BSB41507.
CSI - Introduction General Understanding. What is ITSM and what is its Value? ITSM is a set of specialized organizational capabilities for providing value.

CSI - Introduction General Understanding. What is ITSM and what is its Value? ITSM is a set of specialized organizational capabilities for providing value.
December 14, 2011/Office of the NIH CIO Operational Analysis – What Does It Mean To The Project Manager? NIH Project Management Community of Excellence.

December 14, 2011/Office of the NIH CIO Operational Analysis – What Does It Mean To The Project Manager? NIH Project Management Community of Excellence.

Similar presentations

Ads by Google