Category Archives: Enterprise Risk Management

ERM at S. Claus, Inc.

Posted on by

During the summer months, the North Pole’s post office (Zip Code 00000) is usually a placid place. But when the calendar turns to October 1, the pace of activity quickens. Letters from boys and girls around the world start arriving in droves signifying the building excitement of the young customer base of the largest employer in the company town, S. Claus, Inc. Hundreds of letters a day arrive in October, thousands in November and millions during the second and third weeks in December and each one must be carefully sorted and checked twice by the audit and compliance department as part of an automatic appeal process.

Each letter contains lists chock full of special requests for the person who made the North Pole so famous: a certain Mr. S. Claus, chairman and CEO of S. Claus, Inc. Mr. Claus expects perfection so everyone working at the company is focused on the mission-critical fourth-quarter deadline. There can be no identification and delivery mistakes and no disappointed customers.

Achieving a goal of 100% perfection required that S. Claus, Inc. adopt and implement the enterprise risk management (ERM) process. Mr. Claus assumed the duties of chief risk officer and an ERM charter was drafted that set the tone at the top: there is no tolerance for risk. The S. Claus board-level risk committee, executive risk committee and internal audit group work together. S. Claus with the understanding that success results from embedding the ERM process into a carefully crafted strategic plan.

buy estrace online metabolicleader.com/p7pmm/img/jpg/estrace.html no prescription pharmacy

Both the unacceptable downside of failure and the upside gain resulting from efforts to increase their customer base have been analyzed and incorporated into actionable items.

The ERM process recently paid off when an enterprise-wide risk identification and assessment noted that there could be some kinks in the supply chain. Supply chain risks are considered mission critical by Mr. Claus and always appear in the upper right red quadrant of a specially designed risk heat map. Amid rumors of a possible shut down of hundreds of local post offices around the United States, Mr. Claus had a private meeting with the U.S. Post Master General to discuss the problem.

After the meeting, Mr. Claus determined that the issue was moving toward resolution and this particular supply chain risk could be re-plotted in the yellow segment of the heat map labeled “proceed, but with vigilance.”

One item on the risk map is of deepening concern, however, because it has been migrating from green to yellow to red far more frequently than ever before. It is a unique supply chain risk – the growing popularity of smartphones and tablets. Every time a new model is announced, usually in the third quarter, holiday demand escalates rapidly. The concern is that these high-tech gadgets are among the few items that are outsourced because the workforce of elves is busy making more traditional items (hula hoops are still big in some corners of the world). Nevertheless, quality must be maintained. The S. Claus brand name is considered priceless and cannot be put in jeopardy.

buy female cialis online metabolicleader.com/p7pmm/img/jpg/female-cialis.html no prescription pharmacy

So procedures have been put in place to ensure that these products meet the same standards as anything else that S. Claus, Inc. produces.

Another important risk management issue is the curious relationship between S. Claus, Inc. and the temporary “helpers” located around the world. The foreign exchange exposures are enormous. There has been a great deal of volatility this year, especially in Europe, and Mr. Claus has had to employ a hedging strategy to take advantage of any upside gain while also protecting the downside risk, since that is, in essence, risk management.

buy antabuse online metabolicleader.com/p7pmm/img/jpg/antabuse.html no prescription pharmacy

RIMS ERM Conference 2012 Comes to San Antonio

Posted on by

Earlier this week, the second annual RIMS ERM Conference 2012 was held in San Antonio. With a theme of “Transforming Vision into Value,” attendees took in two days worth of educational sessions and discussions designed to provide them with the necessary expertise to develop and enhance enterprise risk management programs in their organizations.

Author and leadership expert Robert Stevenson set the tone in a keynote address that stressed the importance of looking at risk strategically as a means of ensuring perhaps the most valuable organizational commodity: its own survival. Stevenson pointed out that between 1985 and 2000, more than 90 companies have been pushed off the Fortune 500 and that the top 10 employers in 1960 have all completely changed today. What this demonstrated said Stevenson was that “future success is not inevitable because of past triumphs.” For risk managers, then, it is imperative that they remind their organizations that success is never final and that they need to pay attention to risk whether they like it or not. “If you don’t like paying attention to risk,” he said, “you will hate paying attention to extinction.”

So in order to avoid being blindsided, organizations need to adopt a wider perspective regarding risk, which naturally leads to ERM as a means to not only address threats, but to take advantage of opportunities.  To that end, subsequent sessions delved into a wide range of topics with experts offering practical advice on things like incorporating scenarios into strategic planning or using key risk indicators and root cause analysis to refine risk assessment. Presenters also shared their stories of how they were able to achieve ERM success in their organizations, giving attendees the opportunity to see theory in action and learn from the accomplishments of their risk management peers.

In an effort to recognize one of these success stories, the conference was highlighted by the presentation of the 2012 ERM Award of Distinction, which went to the YMCA of Greater Toronto for its sophisticated risk intelligence program. The program incorporated strategic risk tools and techniques including a collaborative project risk assessment that was aligned with the organization’s mission, vision and strategic plan objectives to produce an average 25% growth in monthly membership sales at one of its health, fitness and recreation centers, with phased replication and reach in other communities.

Sysco Corporation also received an honorable mention for successfully implementing an ERM program that helped transform the organization’s business culture from siloed businesses to a cohesive and interconnected network of companies focused on uncovering otherwise untapped opportunities.

“Enterprise risk management has become an increasingly important organizational competency that not only protects organizations from detrimental risks but has proven to help identify positive risks that can lead to profitable opportunities,” said Carol Fox, RIMS Director of Strategic and Enterprise Risk Practice. “The YMCA of Greater Toronto and Sysco Corporation are shining examples of how risk management can create value for an organization and their work is truly deserving of this honor.”

In all, the conference proved to a valuable learning experience for all who attended. The following are some of the images from San Antonio.

Robert Stevenson addresses the crowd.

 

Monica Merrifield, vice president, risk intelligence for the YMCA of Greater Toronto (second from left), received the ERM Award of Distinction.

 

The Solutions Showcase gathered ERM service providers.

 

Brian Thelen, general auditor and CRO, General Motors (left) and Joseph Ghammashi, senior vice president and CRO, CorporateOne FCU

 

Attendees gained valuable insight into ERM program development.

The Key to an Effective ERM Program

Posted on by

What is the key to an effective ERM program?

Culture.

That’s according to Diana Del Bel Beluz of Risk Wise, Inc. Her session at the 2012 RIMS Canada Conference focused on the culture of an organization and how it can make or break a company’s ERM program.

“What is enterprise risk?” she asked. “Events or circumstances that could influence either the organization’s ability to achieve its mission or strategic objectives or its reputation, strength and viability.”

The purpose of risk management:

  • Establish strategic context
  • Monitor and review risks
  • Respond to risks
  • Identify risks
  • Assess and prioritize risks

“We do these things to communicate and align to risk appetite,” said Del Bel Belluz.

She stressed that corporate culture is the actions of leaders — observable artifacts, shared values and tacit assumptions.

online pharmacy vidalista with best prices today in the USA

It is this culture, she says, that is the number one ingredient for effective risk management

But what is risk management? “The culture, processes and structures that are directed towards realizing potential opportunities whilst managing adverse effects,” said Del Bel Belluz.

To her, the traits of a healthy risk culture are:

  • Accountability — “It’s not about blaming, it’s about understanding why it went right or why it went wrong.”
  • Open and inquiring
  • Performance oriented
  • Prepared and ready
  • Collaborative
  • Vigilant
  • Innovative
  • Adaptable and resilient

“To implement sustainable risk management you need to create a plan, have a strategy, create buy-in and have implementation — leadership, communication, for example, educating, listening, coaching,” she stressed.

There are three sources of resistance, however. They are:

  • Rational 20% — the business case (costs, benefits)
  • Emotional 60% — self-interest, fear, comfort, attachment
  • Political 20% — shift in power structure

Del Bel Belluz then breaks down the categories of resistance:

Rational resistance

  • Establish urgency
  • Form guiding coalition
  • Create vision
  • Communicate vision
  • Empower employees to act
  • Generate short term wins
  • Consolidate gains and produce more change
  • Anchor new approaches

Emotional resistance

“You have to revert down to the bottom of the hierarchy when dealing with emotional resistance,” said Del Bel Belluz.

Political resistance

To best explain political resistance, Del Bel Belluz referred to a famous quote from Niccoló Machiavelli, which states:

There is nothing more difficult to execute, nor more dubious of success, nor more dangerous to administer than to introduce a new system of things: for he who introduces it has all those who profit from the old system as his enemies, and he has only lukewarm allies in all those who might profit from the new system.

Whether you fully agree with Del Bel Belluz or not, one thing is certain — culture most definitely plays a part in establishing an effective enterprise risk management program. How much of part depends on the company. But those who feel culture is insignificant to ERM may find, sooner or later, that their program is deeply flawed.

Managing the Risk of Cyberattacks: When Will Boards Learn?

Posted on by

Even after the many cyberattacks initiated by Anonymous and Lulzsec, it seems boards are still not exercising appropriate governance over the privacy and security of their digital assets, that’s according to a new study by Carnegie Mellon CyLab entitled “Governance of Enterprise Security.”

The study says that “even though there are some improvements in key ‘regular’ board governance practices, less than one-third of the respondents are undertaking basic responsibilities for cyber governance. The 2012 gains against the 2010 and 2008 findings are not significant and appear to be attributable to slight shifts between ‘occasionally,’ ‘rarely,’ and ‘never.'”

A look at the numbers:

And even with the advancement of enterprise risk management throughout organizations, it seems there is still a disconnect between boards and senior executives understanding that privacy and security and IT risks are a part of ERM. A whopping 58% of those surveyed said their board did not review the organization’s insurance coverage for cyber-related risks.

buy abilify online www.dino-dds.com/wp-content/uploads/2023/10/abilify.html no prescription pharmacy

The survey proved that they do not have full-time senior level personnel in place to manage privacy and security risks.

Less than two-thirds of the Forbes Global 2000 companies surveyed have full-time personnel in key roles responsible for privacy and security in a manner that is consistent with internationally accepted best practices and standards.

buy antabuse online www.dino-dds.com/wp-content/uploads/2023/10/antabuse.html no prescription pharmacy

Moreover, the common practice of assigning security personnel both privacy and security responsibilities creates segregation of duties issues at line responsibility levels.

Though there are signs of progress compared to previous years, the 2012 CyLab survey shows a serious lack of attention at the top in regards to cybersecurity.

buy wellbutrin online www.dino-dds.com/wp-content/uploads/2023/10/wellbutrin.html no prescription pharmacy