eBusiness Enterprise Risk Management
اسلاید 1: eBusiness Enterprise Risk ManagementMark Carey, CPA, CISAPresident866.335.2736 x8431mark@delcreo.comwww.delcreo.com
اسلاید 2: Enterprise Risk Management DefinitionEnterprise Risk Management (ERM) is the capability to protect enterprise value by managing risk:With a coordinated and systematic approach,Organization-wide, and Across all types of risk.
اسلاید 3: Business Risk Profiling: Risk DriversStrategicOperationalStakeholderFinancialIntangibleMacro TrendsCompetitorEconomicResource AllocationProgram/ProjectOrganization StructureStrategic PlanningGovernanceBrand/ReputationEthicsCrisis Partnerships/JVsProcessesPhysical AssetsTechnology InfrastructureBusiness InterruptionLegalHuman ResourcesEnvironmentalHazardCustomersLine EmployeesManagementSuppliersGovernmentPartnersCommunity MarketAccountingCreditCash ManagementTaxesRegulatory ComplianceKnowledgeIntellectual PropertyInformation SystemsDatabasesInformation for Decision Making
اسلاید 4: Business Impact AssessmentManagement challenges the numbersMake it “real” for senior managementTypical approach/ measures often do not line up with how CEO, CFO, CIO evaluate their business and make decisionsShareholder Value LeversRisks That MatterGrowthAccelerate growth in current businessesDrive adoption of next generation appliances, e-services and infrastructure in high growth markets Cost and EfficiencyValue Web and Organizational EfficiencyStreamline decentralized operating model Total Customer experience approachCapitalTake advantage of strong balance sheetMarket VariablesCreate e-services ecosystems - place HP at the centerRisk Management Culture and InfrastructureRISK MANAGEMENT CULTURE AND INFRASTRUCTURERisk StrategyRisk Management ProcessesTechnologyFunctionsCulture and CapabilityGovernanceIMPROVEMENT INITIATIVESSenior Management Validation and SupporteRisk Rapid Response (eR3) ProcessRisk Coverage MappingRisk Management WorkbenchDetailed Risk AnalysiseBusiness Risk Management BenchmarkCustomer Facing Business ModelsVirtual Supply ChainPartnerships and Alliancese-Business InfrastructureVenture Capital InvestmentsHuman ResourceOrganizational Change/Allocation of ResourcesIntellectual Property
اسلاید 5: EHSInternalAuditInsuranceIT SecurityPhysical SecurityLegalBCPGRMLegalITSecurityBCPLegalPhysical SecurityERMInternalAuditEHSRiskRiskRiskRiskRiskRiskRiskRisk Management ProcessRM ProcessRisk 1Risk 2Risk 3Risk 4Risk 5Risk 6Metrics and ReportingAssess RiskTreat RiskMonitor & ReportCoordination among risk functions to increase risk coverage and decrease costEnable business initiatives to address risks issues quickly to decrease time to marketAlignment with business strategies and objectivesConsistent and organization-wide processesWorld-class risk management toolsFocus on risks that impact stakeholder valueTraditionalCostAssuranceRevenueWorld-ClassTransformationKnowledge SourcesRiskWebRisk ManagementToolsRisk StrategyAnd FrameworkPractical Application: Hewlett-Packard ERM TransformationSource: Hewlett-Packard – Used with permission
اسلاید 6: eBusiness: So What?“The ‘telephone’ has too many shortcomings to be seriously considered a means of communication.” Western Union Internal Memo, 1876“This wireless music box has no imaginable commercial value. Who would pay for a message sent to nobody in particular?”David Sarnoff’s associates in response to his urgings for investment in Radio in the 1920’s“Who the hell wants to hear actors talk ?” Harry M. Warner, Warner Bros, 1927“There is no reason for any individuals to have a computer in their home.” Ken Olsen, President, Chairman and Founder of DEC, 1977“Heavier-than-air flying machines are impossible.” Lord Kelvin, President, Royal Society 1895“Airplanes are interesting toys but of no military value.”Marshall Ferdinand Foch, Professor of Strategy, Ecole Superiure de Guerre
اسلاید 7: eBusiness TrendsReal Time EnterpriseLow Tech, High ImpactHigh Tech, Low CostCyber-Activism
اسلاید 8: “Real Time” Enterprise“Ciscoize” and “Dellize” Every BusinessAdaptive architecture, evolvable applicationsFederation NOT integrationArchitecture to connect architecturesRapid , incremental implementationInstantaneous “financials”, metrics, supply chain, customer support.…“Spontaneous transaction flow and information transparency throughout the extended enterprise”Customized from presentation “TECH WRECK or TECH TREND: Perspectives on Technology Investing”,Vinod Kholsa, Kleiner Perkins Caufield & Byers, September, 2001
اسلاید 9: Low Tech, High ImpactTerrorists have employed low tech weapons to inflict massive physical or psychological damageBox cuttersEnvelopesInfrastructure is vulnerable to unsophisticated attacksIdentify assets at riskStrategic InitiativesPeopleProcessInformation SystemsPhysical InfrastructureGeographyOrganizationProductsFlows (supplies, information, electricity, cash, etc.)Focus risk assessment on how the asset may be impacted
اسلاید 10: High Tech, Low CostSophisticated technologies/tools that may be employed as weapons of Mass Destruction/InterruptionBiological and chemical weaponsTechnologyTechnologies/tools that have the ability to inflict massive damage are getting cheaper every daySophisticated tools are increasingly affordable and are being used by competitors, customers, employees, litigation teams, etc.
اسلاید 11: Cyber ActivismThe Internet: “a powerful tool for communicating and coordinating action.”CollectionPublicationDialogueCoordination of actionDirect lobbying of decision makers
اسلاید 12: eRisks….Just a FewCyber terrorismHactivismData PrivacyCritical Infrastructure FailureIntangible PropertyThird Parties
اسلاید 13: Cyber terrorism“The convergence of terrorism and cyberspace”Definition“Unlawful attacks and threats of attack against computers, networks, and information stored therein when done to intimidate or coerce a government or its people in furtherance of political or social objectives” – FBI DefinitionTamil guerrillas send 800 emails a day to Sri Lankan embassies to “disrupt communications”NATO computers hit with e-mail bombs and denial-of-service attacks during 1999 Kosovo conflictPro-Palestinian and pro-Israeli deface Israeli and Palestinian sites over a one month period in October, 2000.
اسلاید 14: HacktivismDefinitionOperations that exploit computers in ways that are unusual and often illegal to further social causes.MethodsVirtual Sit-Ins and BlockadesE-Mail BombsWeb Hacks and Computer Break-InsComputer Viruses and Worms
اسلاید 15: Data PrivacyCredit card informationIdentity theftBio-MetricsDifferences in RegulationsUnited StatesCanadaEuropean UnionOther
اسلاید 16: Critical Infrastructure FailureToday’s business systemComplexTightly coupledHeavily dependent on infrastructureInterconnectivity of infrastructureTelecommunicationspower generation and distributionTransportationMedical careNational defenseOther critical government servicesRipple effects of infrastructure failure
اسلاید 17: Intangible PropertyMismanagementLost or theft by competitorsInability to profitSharing without compensationPoor use of risk management techniquesInsuranceContinuity planningBusiness ControlsComplicated by increase in # of third parties and “virtual” supply chain
اسلاید 18: Third PartiesRisk appetite, strategy and sophistication variances Brand/reputation inequityRegulatory compliance complicationsIntangible propertyContingency planning
اسلاید 19: eBusiness Risk ManagementRisk StrategyRisk CommitteesRisk, Incident and Crisis ManagementRisk Management Intranet PortalsEnterprise Risk Management
اسلاید 20: Risk StrategyAccept Risk: Management decides to continue operations as is with a consensus to accept the inherent risksTransfer Risk: Management decides to transfer the risk from (for example) from one business unit to another or from one business area to a third party (i.e.. insurer)Eliminate Risk: Management decides to eliminate risk through the dissolution of a key business unit or operating areaAcquire Risk: Management decides that the organization has a core competency managing this risk, and seeks to acquire additional risk of this type.Reduce Risk: Management decides to reduce current risks through improvement in controls and processesShare Risk: Management attempts to share risk through partnerships, outsourcing, or other risk sharing approaches
اسلاید 21: SilosSilos exist in:Functions and Business Units: Corporate and operationsForeign and domesticInformation Systems and DatabasesProcessesRisk managementStrategic planningLegalCreate processes, systems and tools to reach across silos to provide the “big picture”Focus corporate risk management resources on what matters the mostLeverage the “silo” expertise through better coordination for complex risks
اسلاید 22: Risk CommitteesInformal GroupsEnterprise Risk CouncilBoard of DirectorsAudit CommitteeRisk CommitteeRoles and ResponsibilitiesProvide risk management program leadership, strategy and implementation directionDevelop risk classification and measurement systemsDevelop and implement escalation metrics and triggersDevelop and monitor early warning systems, based on escalation metrics and triggersDevelop and deliver organization wide risk management trainingCoordinates risk management activities – some functions may report to CRO, while others will be coordinated
اسلاید 23: What is Incident and Crisis Management?Event - An internal or external action or occurrence that may or may not impact the organization’s stakeholders, processes, technology, infrastructure, brand or intangible propertyIncident - An unexpected, negative event involving potential damage to organization’s stakeholders, processes, technology, infrastructure, brand, or intangible propertyCrisis - An unexpected, negative event that threatens the lives of stakeholders or could materially impairs the organization and it’s ability to operate
اسلاید 24: Example: Objectives of an Incident & Crisis Management ProgramThe incident and crisis management process is designed enhance our interactions with our customers. The following areas will be addressed:Identify clear roles and responsibilitiesDevelop a consistent and coordinated approachImprove communication to all stakeholders and mediaReduce incident reporting, verification and response timeEnable timely and efficient management of incidentsLeverage learnings and ensure process improvement
اسلاید 25: Risk, Incident and Crisis ManagementRisk Management and Business ControlsEventsIncidentsCrisesImpactMonitor & resolve the “critical few” with the crisis management teamAssess potential impact of events and implement appropriate risk management & business controlsMonitor & resolve quickly at most appropriate level using existing structure and processesIncident Management ProcessCrisis Management Process
اسلاید 26: EHSInternalAuditInsuranceIT SecurityPhysical SecurityLegalBCPGRMLegalITSecurityBCPLegalPhysical SecurityERMInternalAuditEHSRiskRiskRiskRiskRiskRiskRiskRisk Management ProcessRM ProcessRisk 1Risk 2Risk 3Risk 4Risk 5Risk 6Metrics and ReportingAssess RiskTreat RiskMonitor & ReportCoordination among risk functions to increase risk coverage and decrease costEnable business initiatives to address risks issues quickly to decrease time to marketAlignment with business strategies and objectivesConsistent and organization-wide processesWorld-class risk management toolsFocus on risks that impact stakeholder valueTraditionalCostAssuranceRevenueWorld-ClassTransformationKnowledge SourcesRiskWebRisk ManagementToolsRisk StrategyAnd FrameworkPractical Application: Hewlett-Packard ERM TransformationSource: Hewlett-Packard – Used with permission
اسلاید 27: Source: Hewlett-Packard – Used with permissionRiskWeb: Risk Function Collaboration
اسلاید 28: Source: Hewlett-Packard – Used with permissionRiskWeb: Knowledge Base
اسلاید 29: Source: Hewlett-Packard – Used with permissionRiskWeb: Resource Center
اسلاید 30: Source: Hewlett-Packard – Used with permissionRiskWeb: Discussion Forums
اسلاید 31: ToolsRiskWebEarly Warning SystemAssessment and Quantification toolsCultureKnowledge MgmtMetricsTrainingCommunicationAssess RiskTreat RiskMonitor & ReportEnterprise-wideIntegrationStrategic PlanningPrograms/PMOProcessesFunctionsRisk Management ProcessAllocation ofCapitalControl CostDrive InnovationManage Growth Risk AttributesLifecycleIndividualPortfolioQualitativeQuantitativeOrganizationEnterprise Risk CommitteeCRO or ERM ManagerRisk Strategy& AppetiteInternalAuditRiskMgmtITSecurityERMBCPLegalEH&SRisk StrategyAppetitePrioritizeTreatment ApproachProgram Strategy DevelopDeployContinuously ImproveRisk FunctionsBusiness Objectives Risk Drivers Strategy CapabilityCapabilityFunctionsProcessOrganizationCultureToolsEnterprise- Wide IntegrationRisk AttributesRisksStrategic OperationalStakeholderFinancialIntangibleERM Framework
نقد و بررسی ها
هیچ نظری برای این پاورپوینت نوشته نشده است.