Scribd Logo
Upload

Welcome to Scribd!

  • Cisco - ERM at Cisco Presentation

    Uploaded by

    Nick Tanaka
    176 views17 pages
    Cisco Public a majority of companies are choosing Enterprise Risk Management (erm) ERM efforts are still in their infancy at many companies and face many constraints. It takes three to five years to fully integrate and operationalize advanced risk practices. The cost of developing and building an ERM framework is not insubstantial.

    Original Description:

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Cisco Public a majority of companies are choosing Enterprise Risk Management (erm) ERM efforts are still in their infancy at many companies and face many constraints. It takes three to five years to fully integrate and operationalize advanced risk practices. The cost of developing and building an ERM framework is not insubstantial.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    176 views17 pages

    Cisco - ERM at Cisco Presentation

    Uploaded by

    Nick Tanaka
    Cisco Public a majority of companies are choosing Enterprise Risk Management (erm) ERM efforts are still in their infancy at many companies and face many constraints. It takes three to five years to fully integrate and operationalize advanced risk practices. The cost of developing and building an ERM framework is not insubstantial.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 17

    Enterprise Risk Management at Cisco

    NC State University Rob Rolfsen Director, Global Risk Management March 23, 2007

    2006 Cisco Systems, Inc. All rights reserved.

    Cisco Public

    Agenda
    Growing Importance of ERM Ciscos ERM Program Our ERM Process FY07 Plans Success Story

    2006 Cisco Systems, Inc. All rights reserved.

    Cisco Public

    The Growing Influence of Risk Management


    A majority of companies are choosing ERM Have rejected Preparing/ Developing/ Implementing and ERM is seen as an increasingly important responsibility

    Board

    29%

    36%

    35%

    9%

    CEO

    39%

    29%

    32%

    35%
    Positively disposed

    56%

    CFO Internal audit

    46%

    38%

    16%

    50%

    30%

    19%

    Degree of Importance

    Very high

    Significant

    Somewhat or less

    Conference Board/Mercer Oliver Wyman survey


    2006 Cisco Systems, Inc. All rights reserved.

    Cisco Public

    Primary Drivers for Implementing ERM*


    Rank 1 2 3 4 5 Driver Corporate governance requirements Greater understanding of strategic and operating risks Regulatory pressures Board request Competitive advantage Percent 66% 60 53 51 41

    * Multiple answers allowed

    Conference Board/Mercer Oliver Wyman survey


    2006 Cisco Systems, Inc. All rights reserved.

    Cisco Public

    Highest Priority ERM Objectives*


    Ensure risk issues are explicitly considered in decision making Avoid surprises and predictable failures Align risk exposures and mitigation programs Institute more rigorous risk measurement Integrate ERM into other corporate practices like strategic planning 44% 40 24 19 17

    * Multiple answers allowed

    Conference Board/Mercer Oliver Wyman survey


    2006 Cisco Systems, Inc. All rights reserved.

    Cisco Public

    At Most Companies, ERM is Still a Work in Progress


    ERM efforts are still in their infancy at many companies and face many constraints Depending on the company, it takes three to five years to fully integrate and operationalize advanced risk practices The cost of developing and building an ERM framework is not insubstantial Many firms consider specific risks within certain business units, but they rarely examine risk strategies at the company-wide level

    Conference Board/Mercer Oliver Wyman survey


    2006 Cisco Systems, Inc. All rights reserved.

    Cisco Public

    Ciscos ERM Organization


    Led by Chris Kite, VP, Global Risk Management/Workplace Resources Dotted line reporting into the Board of Directors Virtual Multi-disciplined global team Corporate Executive Sponsors Randy Pond COO Dennis Powell - CFO Meet Regularly with Executive Sponsors and Risk Review Group RRG = ICS, IT, Finance, HR & Supply Chain Report Quarterly to Audit Committee and Investment Committee

    2006 Cisco Systems, Inc. All rights reserved.

    Cisco Public

    ERM at Cisco

    2006 Cisco Systems, Inc. All rights reserved.

    Cisco Public

    Enterprise Risk Management


    PROTECT
    How Do I Reduce Business Risk?
    Risk Analysis Risk Assessment Business Continuity Planning Business Resilience

    OPTIMIZE
    Is my current Risk level in control?
    Business Risk Monitoring Risk Responsiveness Tolerance
    Controllable Risks Non-Controllable Risks

    GROW
    How Do I take more Intelligent Risks ?
    Disciplined Decision Making Risk Timing Business & Technology Innovation Increased Shareholder Value Industry Leadership

    Corporate Strategy ERM


    2006 Cisco Systems, Inc. All rights reserved.

    Cisco Public

    Ciscos Integrated ERM Framework


    Integrate ERM in Corporate Compliance and Governance Activities
    Integrate key risk processes and systems Understand Ciscos risk appetite Sustain a risk-based approach to improving and managing Corporate compliance and governance Use Risk Review Group to increase multi-disciplinary risk education, awareness and information sharing
    Sarbanes Oxley (SOX) Risk Management (RM) Internal Controls (ICS)

    Finance Planning and Analysis (FP&A)

    2006 Cisco Systems, Inc. All rights reserved.

    Cisco Public

    10

    Ciscos ERM Process


    Determine priorities for ERM via Risk Review Group and Board Identify Executive Sponsor in area to be assessed Interview key executives in multiple functional areas re: their perceptions of key risks facing the company and their quantification of the probability, severity and current management effectiveness at managing the risk the discussion is the most important aspect Consolidate interview results, identify key risks and report back to Executive Sponsor and collect feedback Share final report with Corporate Executive Sponsors and Audit Committee Facilitate discussions/workshops with risk owners wrt decisions re: identified key risks Track progress via Ops Reviews, Risk Review Group, Internal Audit Schedule and integrate with business planning
    2006 Cisco Systems, Inc. All rights reserved.

    Cisco Public

    11

    Assessment Criteria: Probability, Severity and Management Effectiveness


    Probability 1.00 2.00 3.00 4.00 Remote Possible Probable Almost Certain 1.00 2.00 3.00 4.00 Severity - Annual Impact to Cisco Profitability <$35M or Insignificant $35M - $150M or Minimal $150M - $1B or Significant > $1B or Catastrophic

    Management Effectiveness 4.00 3.00 2.00 1.00 Assessment completed. Mitigation is in place. Reporting and Monitoring in place. Assessment completed. Mitigation is in place. Reporting and Monitoring not in place. Assessment completed. Mitigation is not place. Reporting and Monitoring not in place. Assessment not completed. Mitigation not in place. Reporting and Monitoring not in place.

    2006 Cisco Systems, Inc. All rights reserved.

    Cisco Public

    12

    Business Risk Inventory


    EXTERNAL RISKS EXTERNAL RISKS
    Capital Availability Capital Availability Competitor Competitor Customer Needs Customer Needs Disease Disease Economy Economy Financial Markets Financial Markets

    Industry Industry Legal Legal Natural Hazard/Catastrophe Natural Hazard/Catastrophe


    INTERNAL RISKS INTERNAL RISKS

    Regulatory Technological Innovation Regulatory Technological Innovation Shareholder Relations Terrorism Shareholder Relations Terrorism Sovereign/Political Sovereign/Political

    Strategic Strategic

    Operational Operational

    Financial Financial

    Process Brand/Reputation Business Model Business Portfolio Delivery Channels Intellectual Property Marketplace Organization Structure Planning Product Life Cycle Resource Allocation Social Responsibility Alignment Business Interruption Capacity Change Response Compliance Contract Commitment Customer Satisfaction Cycle Time Management Information Accounting Information Budgeting & Forecasting Completeness/Accuracy Investment Evaluation Pension Fund Regulatory Reporting Taxation Sarbanes Oxley Efficiency Environmental Health & Safety Knowledge Management Measurement Partnering

    Performance Gap Physical Security Product Development Product Liability Product/Service Failure Product/Service Pricing

    Relationship Mgmt Strategy Implementation Sourcing Supply Chain Transaction Processing

    Cash Flow Collateral Commodities Concentration Counterparty Credit Default Equity Financial Instruments Foreign Exchange Interest Rate Liquidity Modeling Opportunity Cost

    Human Capital Accountability Change Readiness Communications Competencies/Skills Empowerment Hiring/Retention Leadership Outsourcing Performance Incentives Succession Planning Training/Development INDUSTRY

    Integrity Conflict of Interest Employee Fraud Ethical Decision Making Illegal Acts Management Fraud Third-Party Fraud Unauthorized Acts

    Technology

    Access Availability Capacity Data Integrity e-Commerce Infrastructure Relevance Reliability

    SPECIFIC RISKS

    Turnbull \030117vb.ppt

    2006 Cisco Systems, Inc. All rights reserved.

    Cisco Public

    13

    FY07 ERM Objectives


    Enhance understanding of risks affecting theatres & subsidiaries & the drivers of those risks Raise the level of ERM awareness & education within Cisco & externally Integrate risk management with existing processes investment management, strategic planning & business development Continue to integrate risk management with line management processes

    2006 Cisco Systems, Inc. All rights reserved.

    Cisco Public

    14

    ERM Success Story


    ERM group invited to participate in workshops with the Emerging Markets Group to help executives understand the risks the company faced. Emerging Markets (EM) sales team asked ERM to help build risk into its decision-making models. As part of the overall go-to-market strategy, an Emerging Countries Council was put in place to govern doing business in these developing countries. Risk, specifically safety and security and ethics risks are quantified and discussed as part of the overall decision making process. Developed ten key quantifiable variables to help drive a more risk-informed decision-making process.
    Macroeconomic credit, interest rates, foreign exchange, Political and Ethical fraud and competitor, expropriation Operational regulatory, complexity, health & safety Strategic early mover advantage, marketplace (partners), brand reputation/IP

    The ultimate goal is to be able to allocate resources more effectively and to answer the question of in which countries should the company be devoting which resources.

    2006 Cisco Systems, Inc. All rights reserved.

    Cisco Public

    15

    Emerging Markets Risk Analysis

    2006 Cisco Systems, Inc. All rights reserved.

    Cisco Public

    16

    2006 Cisco Systems, Inc. All rights reserved.

    Cisco Public

    17

    You might also like