Transcript Enterprise Risk Management and BCP

Enterprise Risk Management
and Business Continuity
Planning
Mark Carey, CPA, CISA
President
866.335.2736 x8431
[email protected]
www.delcreo.com
BCP Experience
• Business impact assessment
• Functional versus process view
• Standard Business continuity planning
methodologies and “Body of Knowledge” neglect
“Program” elements
• How does BCP fit in the broader picture of
managing risk for a company?
• Benchmarking/Leading Practice/Example Plans
Enterprise Risk Management Definition
Enterprise Risk Management (ERM) is the
capability to protect enterprise value by
managing risk:
– With a coordinated and systematic approach,
– Organization-wide, and
– Across all types of risk.
Business Risk Profiling: Risk Drivers
Strategic
•
•
•
•
•
•
•
•
•
•
•
•
Macro Trends
Competitor
Economic
Resource Allocation
Program/Project
Organization
Structure
Strategic Planning
Governance
Brand/Reputation
Ethics
Crisis
Partnerships/JVs
Operational
• Processes
• Physical Assets
• Technology
Infrastructure
• Business
Interruption
• Legal
• Human Resources
• Environmental
• Hazard
Stakeholder
•
•
•
•
•
•
•
Customers
Line Employees
Management
Suppliers
Government
Partners
Community
Financial
•
•
•
•
•
•
Market
Accounting
Credit
Cash Management
Taxes
Regulatory
Compliance
Intangible
•
•
•
•
•
Knowledge
Intellectual Property
Information Systems
Databases
Information for
Decision Making
Business Impact Assessment
• Management
challenges the
numbers
– Make it “real” for
senior
management
– Typical
approach/
measures often
do not line up
with how CEO,
CFO, CIO
evaluate their
business and
make decisions
Shareholder Value Levers
Risks That Matter
Growth
• Accelerate growth in current
businesses
• Drive adoption of next
generation appliances, eservices and infrastructure in
high growth markets
• Customer Facing Business
Models
• Value Web and Organizational
Efficiency
• Streamline decentralized
operating model
• Total Customer experience
approach
• Virtual Supply Chain
• Partnerships and Alliances
• e-Business Infrastructure
Capital
• Take advantage of
strong
balance sheet
Market Variables
• Create e-services
ecosystems - place HP at
the center
Risk Management Culture and
Infrastructure
RISK MANAGEMENT CULTURE
AND INFRASTRUCTURE
•
•
•
•
•
•
Risk Strategy
Risk Management Processes
Technology
Functions
Culture and Capability
Governance
IMPROVEMENT INITIATIVES
• Venture Capital Investments
• Human Resource
• Organizational
Change/Allocation of
Resources
• Intellectual Property
• Senior Management Validation and
Support
• eRisk Rapid Response (eR3)
Process
• Risk Coverage Mapping
• Risk Management Workbench
• Detailed Risk Analysis
• eBusiness Risk Management
Benchmark
Function versus Process View
External Environment
CEO
Materials
Information
Service
Information
After Sales Support
Treasury
Research
Risk
Management
Sales
Operations
Operations
Accounting
Graphics
Product/Process Design
Outputs
People
Products
Gaining New Business
Information
Technology
Marketing
Manufacturing
Human
Resources
Human
Resources
Executive
Support Processes
Communications
Capital
Primary Processes
Internal Environment
BCP Methodologies and Body of Knowledge
• Focused on developing a plan
• What is missing:
– Process improvement tools
• Process Modeling and Improvement
– Program management
• Value Drivers
• Strategic Planning and Alignment (Personal and
Department/Function)
• Reporting
• Knowledge Management
– Program implementation
• Implementation
• Organizational Change
Strategic Planning
• Are we in alignment with organizational value
drivers and strategies
• Can we implement our strategy effectively?
• Do we have the right
–
–
–
–
Organizational structure
Tools
Metrics
“Go to market” approach?