eBusiness Enterprise Risk Management

صفحه 1:
eBusiness Enterprise Risk Management 

صفحه 2:
Enterprise Risk Management Definition Enterprise Risk Management (ERM) is the capability to protect enterprise value by managing risk: - With a coordinated and systematic approach, - Organization-wide, and - Across all types of risk. - DelCreo, inc. 

صفحه 3:
Business Risk Profiling: Risk Drivers op DelCreo, Ine. nem 

صفحه 4:
Business Impact Assessment a i + Detailed Risk Analysis agement FRareholder Value Level Risks That Matter DelCreo, inc. ‘An Enterprise Risk Management Company * Management challenges the numbers - Make it “real” for senior management - Typical abbroach/ measures often do not line up with how CEO, CFO, ClO evaluate their business and make decisions 

صفحه 5:
Practical Application: Hewlett-Packard ERM ‏ورهار زا خای إن يلكلا اقم‎ World-Class {Coordination among risk functions to increase coverage and decreas ost ‘Enable business | ease time to market *Alignment with bu: strategies and objecti *Consistent and organ wide processes *World-class risk management tools *Focus on risks that impa stakeholder value Source: Hewlett-Packard - Used 2 DelCreo, inc. with permission ‘An Enterprise Risk Management Company 

صفحه 6:
eBusiness: So What? “The ‘telephone’ has too many shortcomings to be seriously considered a means of communication. ~ Western Union Internal Memo, 1876 “This wireless music box has no imaginable commercial value. Who would pay for a message sent to nobody in particular?” = David Sarnoff’s associates in response to his urgings for investment in Radio in the 1920's “Who the hell wants to hear actors talk 2" - Harry M. Warner, Warner Bros, 1927 “There is no reason for any individuals to have a computer in their home.” - Ken Olsen, President, Chairman and Founder of DEC, 1977 “Heavier-than-air flying machines are impossible.” ~ Lord Kelvin, President, Royal Society 1895 “airplanes are interesting toys but of no military value. - Marshall Ferdinand Foch, Professor of Strategy, Ecole Superiure de Guerre DelCreo, inc. ‘An Enterprise Risk Management Company 

صفحه 7:
eBusiness Trends Real Time Enterprise Low Tech, High Impact High Tech, Low Cost Cyber-Activism - DelCreo, inc. 

صفحه 8:
“Real Time” Enterprise “Ciscoize” and “Dellize” Every Business Adaptive architecture, evolvable applications Federation NOT integration Architecture to connect architectures Rapid , incremental implementation Instantaneous “financials”, metrics, supply chain, customer support.... موه له ‎“Gpoctcaevus trcosuctiva Pov‏ سس مومت وا نحص رحس “A DelCreo, inc. Se Risk Management Company 

صفحه 9:
Low Tech, High Impact Terrorists have employed low tech weapons to inflict massive physical or psychological damage - Box cutters - Envelopes Infrastructure is vulnerable to unsophisticated attacks Identify assets at risk Strategic Initiatives - People - Process ~ Information Systems Physical Infrastructure Geography Organization Products - Flows (supplies, information, electricity, cash, etc.) Focus risk assessment on how the asset may be impacted - DelCreo, inc. ‘An Enterprise Risk Management Company 

صفحه 10:
High Tech, Low Cost Sophisticated technologies/tools that may be employed as weapons of Mass Destruction/Interruption - Biological and chemical weapons - Technology Technologies/tools that have the ability to inflict massive damage are getting cheaper every day Sophisticated tools are increasingly affordable and are being used by competitors, customers, employees, litigation teams, etc. - DelCreo, inc. 

صفحه 11:
Cyber Activism * The Internet: “a powerful tool for communicating and coordinating action.” - Collection Publication Dialogue Coordination of action Direct lobbying of decision makers - DelCreo, inc. 

صفحه 12:
eRisks....Just a Few * Cyber terrorism ¢ Hactivism * Data Privacy * Critical Infrastructure Failure * Intangible Property * Third Parties - DelCreo, inc. nem 0 

صفحه 13:
Cyber terrorism “The convergence of terrorism and cyberspace” Definition - “Unlawful attacks and threats of attack against computers, networks, and information stored therein when done to intimidate or coerce a government or its people in furtherance of political or social objectives” - FBI Definition Tamil guerrillas send 800 emails a day to Sri Lankan embassies to “disrupt communications” NATO computers hit with e-mail bombs and denial- of-service attacks during 1999 Kosovo conflict Pro-Palestinian and pro-Israeli deface Israeli and Palestinian sites over a one month period in October, 2000. “A DelCreo, inc. Se Risk Management Company 

صفحه 14:
Hacktivism * Definition - Operations that exploit computers in ways that are unusual and often illegal to further social causes. * Methods - Virtual Sit-Ins and Blockades - E-Mail Bombs - Web Hacks and Computer Break-Ins - Computer Viruses and Worms - DelCreo, inc. 

صفحه 15:
Data Privacy Credit card information Identity theft Bio-Metrics Differences in Regulations - United States - Canada - European Union - Other - DelCreo, inc. 

صفحه 16:
Critical Infrastructure Failure * Today’s business system - Complex - Tightly coupled - Heavily dependent on infrastructure * Interconnectivity of infrastructure - Telecommunications - power generation and distribution - Transportation - Medical care - National defense - Other critical government services * Ripple effects of infrastructure failure 2 DelCreo, inc. ‘An Enterprise Risk Management Company 

صفحه 17:
Intangible Property * Mismanagement - Lost or theft by competitors - Inability to profit - Sharing without compensation * Poor use of risk management techniques - Insurance - Continuity planning - Business Controls * Complicated by increase in # of third parties and “virtual” supply chain - DelCreo, inc. 

صفحه 18:
Third Parties Risk appetite, strategy and sophistication variances Brand/reputation inequity Regulatory compliance complications Intangible property Contingency planning - DelCreo, inc. 

صفحه 19:
eBusiness Risk Management Risk Strategy Risk Committees Risk, Incident and Crisis Management Risk Management Intranet Portals Enterprise Risk Management - DelCreo, inc. 

صفحه 20:
Risk Strategy Accept Risk: Management decides to continue operations as is with a consensus to accept the inherent risks Transfer Risk: Management decides to transfer the risk from (for example) from one business unit to another or from one business area to a third party (i.e.. insurer) Eliminate Risk: Management decides to eliminate risk through the dissolution of a key business unit or operating area Acquire Risk: Management decides that the organization has a core competency managing this risk, and seeks to acquire additional risk of this type. Reduce Risk: Management decides to reduce current risks through improvement in controls and processes Share Risk: Management attempts to share risk through partnerships, outsourcing, or other risk sharing approaches “A DelCreo, inc. Se Risk Management Company 

صفحه 21:
Silos ٠ Silos exist in: - Functions and Business Units: + Corporate and operations + Foreign and domestic - Information Systems and Databases - Processes + Risk management + Strategic planning + Legal * Create processes, systems and tools to reach across silos to provide the “big picture” * Focus corporate risk management resources on what matters the most * Leverage the “silo” expertise through better coordination for complex risks - DelCreo, inc. ‘An Enterprise Risk Management Company 

صفحه 22:
Risk Committees Roles and Responsibilities Provide risk management program leadership, strategy implementation direction Develop risk classification and measurement systems Develop and implement escalation metrics and triggers Develop and monitor early warning systems, based on escalation metrics and triggers Develop and deliver organization wide risk management training Coordinates risk management activities - some functions may report to CRO, while others will be coordinated * Informal Groups * Enterprise Risk Council * Board of Directors - Audit Committee - Risk Committee - DelCreo, inc. ‘An Enterprise Risk Management Company 

صفحه 23:
What is Incident and Crisis Management? Event - An internal or external action or occurrence that may or may not impact the organization's stakeholders, processes, technology, infrastructure, brand or intangible property Incident - An unexpected, negative event involving potential damage to organization’s stakeholders, processes, technology, infrastructure, brand, or Intangible property Crisis - An unexpected, negative event that threatens the lives of stakeholders or could materially impairs the organization and it’s ability to operate 2 DelCreo, inc. ‘An Enterprise Risk Management Company 

صفحه 24:
Example: Objectives of an Incident & Crisis Management Program The incident and crisis management process is designed enhance our interactions with our customers. The following areas will be addressed: -Identify clear roles and responsibilities -Develop a consistent and coordinated approach -Improve communication to all stakeholders and media -Reduce incident reporting, verification and response time -Enable timely and efficient management of incidents -Leverage learnings and ensure process improvement - DelCreo, inc. ‘An Enterprise Risk Management Company 

صفحه 25:
Risk, Incident and Crisis 0 Monitor & resolve the “critical few” with the crisis management team Impact Crise: 11۳ Cae Monitor & resolve quickly at most ‎appropriate level using‏ سه ‎cent Monogamant Fi existing structure and‏ ‎processes ‎ ‎ ‎Risk Management and Business Controls ‎ ‎ ‎Assess potential impact of events and implement appropriate risk management & business controls ‎2 DelCreo, inc. ‎isk Management Company ‎Events ‎ ‎ ‎fen ‎ ‎ 

صفحه 26:
Practical Application: Hewlett-Packard ERM ‏ورهار زا خای إن يلكلا اقم‎ World-Class {Coordination among risk functions to increase coverage and decreas ost ‘Enable business | ease time to market *Alignment with bu: strategies and objecti *Consistent and organ wide processes *World-class risk management tools *Focus on risks that impa stakeholder value Source: Hewlett-Packard - Used 2 DelCreo, inc. with permission ‘An Enterprise Risk Management Company 

صفحه 27:
RISKWeb welcome Ouest FnanecNet | Supsort | Feedback: | sits Seoreh | Financial Resources | FIsieh can help wh ok hat could cause a business inerrution anor 0s of ‎Tangle ans mang ie assors‏ وج ‎(emul at we ‎(© kmondedge Base ise at ۳ - Leam mote about RISkewen and Rik at HP pccnerts nara ences, ‏۳ مه جر ‎Knzwladge Base- an atyourfingatips ibrar ofriskmansgamentizals, | [ere'resoures tha! can tie you‏ ‎Nene poles, cudelincs and leading practices. Use iio derth, evaluate ard_| [tescond Franage risks Fr your specic business model, process, geograchr or ‏2 عمسم ا ‏0000| لسرعاسة صا تلعصيت له عد عرست ‎outes These peaplehav‏ ۸ ‎| ‘denis, evaluate and manage ihe isk you ae cyto face, Usha ‏مومع‎ ‏مج وود مم ی ام و وی یز‎ ۳ ‎eee esate,‏ تلوت ‎Felated 2 skmanagernent 31H,‏ مساق ‎ ‎istieh Forums -Callavorals inal ime, Share best practices, Poo! Ideas and resources, ‎| ‏و دامع‎ - eve ou cvertrougrtaetthe ‎ ‎FRectster- Register now and gels handsome leather HP card case a5 a ThankYou ‏ع« ,2282/2120 مس ‎with permission ‘An Enterprise Risk Management Company ‎ ‎ ‎ ‎ ‎ ‎ 

صفحه 28:
RiskWeb: Knowledge Base FinanceNet | Support | Feedback | site search | Financial Resources Hore + Knowllodge Base 1 Define your business situation by difling down through the ndex * Home below. Discover results that are relevant to your unique + Risk at HP business situation! =e ‏هجو موم‎ . ‏سس‎ netlist. thet Business Model ‏ماب موه‎ et ‏سوت وه‎ eran te nioectn ad dre Tae BUST Chik ‏وج ده‎ reser cal aa stone ‏هدوت مره چم مه و‎ Cred ck ‏تایب‎ ‏و‎ eure meee terre ‏اس ا‎ ‏سد اديه نما معي يده سر‎ se ‏عسي‎ ات Franca Infataion Technalagy ‏م3 اونما‎ Custane! Fechy- consume Chane Custer Fecrng- Censurrer-Cirect, leinal rations and Support Incident management RISK Wab Forume aa Research and Cevelopment Lesa [Ravan noomaye 0 2 ‏سس سوم‎ ise Business Processictiity ‏ی امد‎ 0 00 Wavkets and custerers Procuct ‘orton Print w 02, Deven Visor and Sto egultoryLedisttive ‏سس‎ ‎Decign Preucts and Servings ‏تس‎ Powered ey Utrasee Mat end Set Securty ‏ات‎ and Deliver for Wanutacturny ——_Supoly cheln 2 DelCreo, inc. ‘An Enterprise Risk Management Company Source: Hewlett-Packard - Used with permission 

صفحه 29:
RiskWeb: Resource Center FinanceNet | Support | Feedback | site Search | Financial Resources Things happen - auto natura dsacters, theft secur ct. the intermation andres het can nelp you prep ancrsopand ts ineido ۳۳۳0۳ ۳ Contra Parte: w Foversd by tase Explore RISKWeb's Resource Center. These peaple have the experience and expertise to help you identity, evaluate and manage the risks you are likely to face. Use them Stari by selecting a risk type, business madel or process. HP people with expertise in the area you select will be drawn forn the RiskWWeb database. Flesource Daiahase ‏ود‎ ‎Discover the breadth of HP people available to help you manage risks so you Can move more confidently toward reaching your business objectves: Listof HP RIskWe0 Spunsers, Business Models Served Risk Types Addressed ‏مه‎ Brand Customer Facing ausiness-Charnels busness Partners Gustomer Facing: Busiress- Drect- Corporate Cre Rsk Customer Facing: Businaes Drect Lage Customer و ۳۳ | Sze Enver DelCreo, inc. ‘An Enterprise Risk Management Company Home + Resaurces + Home Rieke at HD. + Comments: ‏یمه‎ RISKWeb Forums + Register Source: Hewlett-Packard - Used with permission 

صفحه 30:
RiskWeb: Discussion Forums Financenet | support | Feedback | site Search | Financial Resources ae @ RishWeb Forums real time colaboratior ar ۳7 ۲۳7۳7۲7 Ears Celtoberat im rea ine, Shere bec pactose, Potions eneonueeaRISKWob Forme io they ee Recister with RISKWeb Forums. Here, you can. 5 - loin a moderated risk-related discussion Pact a cuestion and get answeis fiom other Farum members Subrnit documents that you want to chare Get eleris when there is new information on tagics you select Create « community around a specie topic and share files Find others who share cimilar isk rrenayement challenges Test ideas amang calleegues Forums Search There ae ourenty 0 members Joggedt In ‘Todays Active ‏امه اققا دده عي ی هنت و‎ jean durment, dankerae Search | Fe + Losin ‏م‎ net as aceon (General Fisk Managemen! discussion aiea 1 ‏تدم م4‎ - DelCreo, inc. Source: Hewlett-Packard - Used = ‘An Enterprise Risk Management Company with permission 

صفحه 31:
ERM ۱ ‎١ Oty‏ سس ۲ ۱۱ مه شوه من ‎i‏ ‏سس ‎ee ea‏ | 2 ‎eae‏ ‎ee‏ سوه ‘ = ‎Scatter 1۸‏ + یم = ‎‘Rek Orig s‏ : سس یو 5 سا ‎es‏ ‏_— ‏یه ‎os ‘rare‏ — سوه ‎Se |.‏ = سس ‎One sm‏ + ‎ae <=‏ سر سس ‎[oes‏ ‏سوم ‎ers‏ ‎Sasi DS a‏ ‎a DelCreo, Inc. :‏ = الع | ‎