SlideShare a Scribd company logo

Extended Enterprise Risk Management (ERM) | R N Marwah & Co. LLP - Chartered Accountants

Download as PPTX, PDF
R N Marwah & Co. LLP - Chartered Accountants
R N Marwah & Co. LLP - Chartered Accountants

The document discusses extended enterprise risk management (XERM). It defines XERM as an end-to-end approach to systematically identify risks across a company's extended enterprise in order to proactively address vulnerabilities. It identifies four key capabilities for XERM - strategy and governance, people, process, and technology. It also provides a framework for assessing the maturity of a company's extended enterprise risk management program.

Small Business & Entrepreneurship
1 of 26
December 13, 2019 MANAGING EXTENDED ENTERPRISE RISK
2 Agenda  Understanding XERM  Need for XERM  Holistic Approach for XERM  Four cornerstone capabilities  Maturity of Extended Enterprise Program EXTENDED ENTERPRISE RISK MANAGEMENT
EXTENDED ENTERPRISE RISK MANAGEMENT 3 The Extended Enterprise ● Globalized business environment - no company is an island. ● Ecosystem of company comprises an exceedingly large number of third parties - including customers, partners, agents, affiliates, vendors, and service providers. ● “THE EXTENDED ENTERPRISE.” ● The reach of the extended enterprise is poised to expand. Private bank sourcing customer through DSA provided with asset serviced through service providers. Data entry in one system by separate team of outsourced manpower and funding by BANK by entry in another system. Documents scanning and storage by different operators at third party location.
EXTENDED ENTERPRISE RISK MANAGEMENT 4 Fragmented Approach – Existing Mechanism ● Exposure to the actions of third parties to be managed in a strategic and proactive manner. ● Most companies cover key items i.e. regulatory compliance or cyber security ● No conscious and consistent link to strategy. ● Fragmented approach - when not guided by an all-encompassing vision – is no longer sufficient to mitigate interconnected third-party risks at enterprise level ● Consequences of non – managing exist - which are escalating.
EXTENDED ENTERPRISE RISK MANAGEMENT 5 Some Examples ● An outsourced vendor for transaction processing decides to exit the business and provides little notice or transitional support ● An important distributor does not provide the amount of prime shelf space that had been agreed upon and instead leads with a competitor’s product ● A contracted supplier does not deliver merchandise on-time, thus disappointing customers and damaging the company’s brand reputation ● A customer organizes a boycott of the company’s products via social media ● A critical vendor takes more new accounts than it can handle, degrading service levels / disrupting process ● A sales agent routinely favors a competitor, causing revenue and market share to decline in an important region ● Several franchisees do not spend co-op advertising dollars as instructed, resulting in a poor consumer response to holiday promotions
EXTENDED ENTERPRISE RISK MANAGEMENT 6 Challenges ● Formulating strategies for managing the extended enterprise and driving performance at the same time? ● Justify the investment required to implement those strategies through a coordinated program? … what should the company do…
EXTENDED ENTERPRISE RISK MANAGEMENT 7 Extended Enterprise Risk Management ● Answers lie in expanding one’s view of Extended Enterprise Risk Management (XERM) <<<VALUE CREATION AS WELL AS VALUE PROTECTION>>> ● XERM - An end-to-end approach for sensing risks systematically throughout the extended enterprise so that vulnerabilities can be addressed proactively. ● XERM – ● A proactive lever for driving business performance ● A reactive means of protecting existing worth (some believe so).
EXTENDED ENTERPRISE RISK MANAGEMENT 8 What is XERM ● XERM is ● the practice of anticipating and managing ● exposures associated with third parties ● across the organization’s full range of operations ● optimizing the value delivered by the third-party ecosystem.
EXTENDED ENTERPRISE RISK MANAGEMENT 9 Elevating XERM ● Three forces elevating the need for XERM are: ● social media accelerates stakeholder reactions to third-party events, rapidly raising brand awareness, or conversely inflicting immediate reputational damage, if an incident goes viral; ● the stakes are much higher, often affecting profitability for better or worse; and ● companies are using outsourcing to a greater degree for both core and non-core processes. ● Third- party incidents can dramatically impact business performance—positively or negatively—by affecting: ● cost ● service quality ● revenue ● brand
EXTENDED ENTERPRISE RISK MANAGEMENT 10 Cost: Escalation vs. containment ● A third-party incident can cost them dearly. By how much – not sure? ● Downside losses: several ways of incurring unnecessary expenses - fines, restitution, opportunity costs of business loss (existing customers / new), new business in the wake of a disruptive event. ● Regulatory non-compliance: Pressure is unlikely to ease anytime soon since regulatory scrutiny and associated penalties are intensifying throughout the world. ● Customers can take their business elsewhere if they feel disappointed or betrayed even for offending action of a third party. ● Cyber security is another area of top concern. ● Bad publicity, ● Cost of a data breach is escalating, and if a third party is involved, it makes matters worse. ● Supply chain disruption – mostly tied to third parties
EXTENDED ENTERPRISE RISK MANAGEMENT 11 Service quality: Degradation vs. optimization ● Pressure from boards and the C-Suite for managing contracts and performance to optimize returns for the extended enterprise. ● Vendor management is often neglected in terms of resource allocation. ● Market is currently underinvested in the area of vendor management - tools, methods and processes. ● Reported dissatisfaction with vendor performance. ● Service providers are: ● Being reactive rather than proactive and ● Delivering poor service despite achieving service levels ● Customer Angle ● Companies face challenge in collecting contracted fees, royalties, etc.. ● Customers also have a tendency to underutilize or overutilize licensed assets like software license.
EXTENDED ENTERPRISE RISK MANAGEMENT 12 Revenue: Contraction vs. expansion ● Dissatisfied customers can take their business elsewhere. ● Consumers avoid doing business with organizations after a security breach. ● Driving away customers is an unpleasant prospect.
EXTENDED ENTERPRISE RISK MANAGEMENT 13 Brand: Diminishment vs. enhancement ● Every type of third-party exposure is an all-embracing risk: threat of brand damage. ● In interconnected world, trust equals value. ● On average more than 25% wealth of a company’s market value is directly attributable to its reputation. ● Companies are concerned about their readiness ● Least prepared to manage reputation risk drivers in areas beyond their direct control - such as third-party ethics and competitive attacks.
EXTENDED ENTERPRISE RISK MANAGEMENT 14 Leveraging Three Lines of Defense ● Companies are not aware how to leverage the “three lines of defense” for managing risk and driving performance: ● First line of defense: The business unit, which owns the third-party relationship and is accountable for managing associated risks in alignment with policies and procedures. ● Second line of defense: Centralized governance program for XERM, for establishing and enforcing policies / processes to ensure that third parties are managed consistently by the business. ● Third line of defense: Internal audit, for the most critical extended enterprise risks and controls as well as performing independent assessments.
EXTENDED ENTERPRISE RISK MANAGEMENT 15 Business Objective Business Objective Growth / innovation Client experience Cost reduction Improved time to market Risk and compliance management
EXTENDED ENTERPRISE RISK MANAGEMENT 16 Risk Domain Risk Domain Contractual risk Credit risk Business continuity risk Operations risk Reputation risk Geopolitica l risk Strategic risk Financial risk Complianc e/legal risk Cyber risk Intellectual Property risk Quality risk
EXTENDED ENTERPRISE RISK MANAGEMENT 17 Operating Model Operating Model Components Governance and oversight: The operating model, committees, and roles and responsibilities for managing the extended enterprise Policies and standards: Management’s expectations of standards and processes to be used, to manage the extended enterprise and its related risks Risk culture: Tone at the top, clarity on risk appetite, appropriate training and awareness to promote positive risk cultureTools and technology: Use of tools and technology, predictive and risk analytics that enhance extended enterprise risk management processes Management processes: Processes to manage risks and improve performance across the third-party lifecycle Risk metrics and dashboard: Use of internal and external data to measure and visualize risks and performance of extended enterprise, tailored towards multiple levels of management
EXTENDED ENTERPRISE RISK MANAGEMENT 18 Third Part Relationship Cycle Third-party relationship lifecycle Plan, evaluate and select Contract and on- board Manage and monitor Terminate and off- board
EXTENDED ENTERPRISE RISK MANAGEMENT 19 Four cornerstone capabilities ● Companies often believe they cannot take an end-to-end approach to manage XERM as: ● securing executive sponsorship and getting people to take ownership can be an uphill climb. ● the task is too vast and they do not have the expertise and resources to build, execute and sustain a comprehensive third-party oversight program. ● These barriers are more perception than reality. ● It is neither necessary nor possible to do everything at once. ● It is rather a matter of identifying some practical steps to take toward establishing an XERM program or evolving an existing one. Most organizations can get a sense of what those steps might be by considering the extent to which they have developed four cornerstone capabilities – as explained:
EXTENDED ENTERPRISE RISK MANAGEMENT 20 Strategy and governance: Creating an agile and flexible governance model ● Does your organization link its risk management practices to value drivers? ● Does it have a formal strategy and governance model for managing third- party risk? ● Does it understand where the breakpoints are in its third-party relationships? ● Does it have a prescribed means of assessing and staying ahead of them? ● Does your organization proactively seek to bridge the gap between business executives and compliance and risk professionals?
EXTENDED ENTERPRISE RISK MANAGEMENT 21 People: Managing relationships, compliance and regulations ● Does your company have dedicated roles for managing third-party risk across the extended enterprise? ● Has your organization aligned and strengthened its three lines of defense? ● Does executive ownership exist at the enterprise level? ● Are employees keeping up with emerging regulatory requirements? ● Are your third parties keeping up?
EXTENDED ENTERPRISE RISK MANAGEMENT 22 Process: Navigating events that shape the extended enterprise ● Does your organization react to third-party events or does it actively seek to prevent them? ● Are risk management processes standardized across the enterprise and integrated with tools and data? ● Does your organization regularly consider how evolving technologies, market trends, and disruptive forces present opportunities and challenges to its third-party relationships? ● Does your organization have appropriate contracts in place with its third parties? ● Do you know if they are meeting expectations and complying with their contractual commitments? ● Can you readily assess the appropriateness of future delivery models? ● Are executives confident in their decisions to outsource or insource, build, or buy?
EXTENDED ENTERPRISE RISK MANAGEMENT 23 Technology: Using data and analytics to make informed decisions ● What tools and technologies does your organization leverage to make informed decisions about its third- party relationships? ● What data does your organization already have access to? ● Can leaders make real-time decisions? ● If so, what key performance indicators does your organization monitor and analyze to support those decisions?
EXTENDED ENTERPRISE RISK MANAGEMENT 24 Conclusion ● If answer is “no” to most of these questions: ● The company’s XERM program is in the earlier stages of development. ● Organization may be managing some third-party risks on an ad-hoc basis, using a few off-the-shelf tools, and perhaps beginning to implement dedicated roles and processes. ● More “yes” answers means: ● It is further along the path toward integration and optimization —later stages of maturity ● Generally characterized by greater use of customized tools, proactive monitoring and decision-making, and the connection of leading practices to value drivers.
EXTENDED ENTERPRISE RISK MANAGEMENT 25 Maturity of extended enterprise program Capabilities Initial Managed Defined Integrated Optimized Strategy and governance  Risk taking for quick fix benefits  No formal governance  Minimal effort in reducing risk  Risk taking for short term benefits  Focus on preventing issues  Riskaligns with medium-term enterprise - wide benefits  Focuson preventing issues and creating value  Intelligent risk taking, aligned with enterprise strategy  State-of-the-art practices, linked to value drivers  Extended enterprise embedded in strategic planning and decision making People  Individual effort  Little management input  Lack of training  Responsibilities built into existing roles  Increased input from management  Dedicated roles  Invested executives within each silo  Some trainingoffered  Awareness of value of extended enterprise across the organization  Enterprise-wide roles  Executive ownership at the enterprise level  Trained professionals with defined roles throughout the lifecycle  Executive champions on both sides, aligning service delivery to strategic objectives Process  Few activities defined  Fire - fighting mode  Defined processes in siloes  Functional, reactive problem solving  Coordinated processes across the business  Monitoring and alerting leveraging dashboards, with some proactive issue resolution  Fully standardized processes, integrated with tools and data  Proactive decision - making using analytics, improving bottom-line and performance  Processes aligned with strategy, integrated into third parties  Continuous improvement and proactive responsiveness  Leveraging predictive and sensing analytics, tools and dashboards Technology  Simple and least expensive tools used, ad-hoc  Off-the-shelf tools used for problem solving  Limited access to third-party data  Adapted tools used for reporting and monitoring  Customized tools, used for tactical decision making  Value-additive tools  Internal data centralized and easily accessible  Highly - customized decision support tools  Integrated external data sources that enhance insights  Tools and analytics are key value driver and differentiator
26 Looking for commencing a journey towards operational excellence… EXTENDED ENTERPRISE RISK MANAGEMENT

Recommended

Credit Risk Hedging Under Basel 2 & 3
Credit Risk Hedging Under Basel 2 & 3Credit Risk Hedging Under Basel 2 & 3
Credit Risk Hedging Under Basel 2 & 3
Dr. Emmanuel ABOLO, fica,fnimn,ficn,sirm
 
Business Continuity Management-The Case for Return on Investment-white paper
Business Continuity Management-The Case for Return on Investment-white paperBusiness Continuity Management-The Case for Return on Investment-white paper
Business Continuity Management-The Case for Return on Investment-white paper
Greg Cybulski, CBCP, ARM
 
GRC15620_Report_-_Third_party_risk_exposing_the_gaps
GRC15620_Report_-_Third_party_risk_exposing_the_gapsGRC15620_Report_-_Third_party_risk_exposing_the_gaps
GRC15620_Report_-_Third_party_risk_exposing_the_gaps
Kate Tomlinson
 
RISK-INFORMED DECISION-MAKING PROCESS FOR CORPORATE SUSTAINABLE DEVELOPMENT
RISK-INFORMED DECISION-MAKING PROCESS FOR CORPORATE SUSTAINABLE DEVELOPMENTRISK-INFORMED DECISION-MAKING PROCESS FOR CORPORATE SUSTAINABLE DEVELOPMENT
RISK-INFORMED DECISION-MAKING PROCESS FOR CORPORATE SUSTAINABLE DEVELOPMENT
Dr. Emmanuel ABOLO, fica,fnimn,ficn,sirm
 
Operation risk management in Private Equity firms
Operation risk management in Private Equity firmsOperation risk management in Private Equity firms
Operation risk management in Private Equity firms
Joseph Kariuki
 
Corporate Risk Management
Corporate Risk ManagementCorporate Risk Management
Corporate Risk Management
Shravan Bhumkar
 
Strategic risk management
Strategic risk managementStrategic risk management
Strategic risk management
Karim Farag
 
Corporate risk management
Corporate risk managementCorporate risk management
Corporate risk management
Praxiom
 

Recommended

Credit Risk Hedging Under Basel 2 & 3
Credit Risk Hedging Under Basel 2 & 3Credit Risk Hedging Under Basel 2 & 3
Credit Risk Hedging Under Basel 2 & 3
Dr. Emmanuel ABOLO, fica,fnimn,ficn,sirm
 
Business Continuity Management-The Case for Return on Investment-white paper
Business Continuity Management-The Case for Return on Investment-white paperBusiness Continuity Management-The Case for Return on Investment-white paper
Business Continuity Management-The Case for Return on Investment-white paper
Greg Cybulski, CBCP, ARM
 
GRC15620_Report_-_Third_party_risk_exposing_the_gaps
GRC15620_Report_-_Third_party_risk_exposing_the_gapsGRC15620_Report_-_Third_party_risk_exposing_the_gaps
GRC15620_Report_-_Third_party_risk_exposing_the_gaps
Kate Tomlinson
 
RISK-INFORMED DECISION-MAKING PROCESS FOR CORPORATE SUSTAINABLE DEVELOPMENT
RISK-INFORMED DECISION-MAKING PROCESS FOR CORPORATE SUSTAINABLE DEVELOPMENTRISK-INFORMED DECISION-MAKING PROCESS FOR CORPORATE SUSTAINABLE DEVELOPMENT
RISK-INFORMED DECISION-MAKING PROCESS FOR CORPORATE SUSTAINABLE DEVELOPMENT
Dr. Emmanuel ABOLO, fica,fnimn,ficn,sirm
 
Operation risk management in Private Equity firms
Operation risk management in Private Equity firmsOperation risk management in Private Equity firms
Operation risk management in Private Equity firms
Joseph Kariuki
 
Corporate Risk Management
Corporate Risk ManagementCorporate Risk Management
Corporate Risk Management
Shravan Bhumkar
 
Strategic risk management
Strategic risk managementStrategic risk management
Strategic risk management
Karim Farag
 
Corporate risk management
Corporate risk managementCorporate risk management
Corporate risk management
Praxiom
 
Managing Risks in Turbulent Times by Dr. Emmanuel Moore ABOLO
Managing Risks in Turbulent Times by Dr. Emmanuel Moore ABOLOManaging Risks in Turbulent Times by Dr. Emmanuel Moore ABOLO
Managing Risks in Turbulent Times by Dr. Emmanuel Moore ABOLO
Dr. Emmanuel ABOLO, fica,fnimn,ficn,sirm
 
Operational Risk Measurement
Operational Risk MeasurementOperational Risk Measurement
Operational Risk Measurement
Dr. Emmanuel ABOLO, fica,fnimn,ficn,sirm
 
ORM Operational Risks Management
ORM Operational Risks ManagementORM Operational Risks Management
ORM Operational Risks Management
Tariq minhas
 
corporate risk management
corporate risk management corporate risk management
corporate risk management
Universiti Malaysia Pahang
 
Enterprise Risk Management White Paper
Enterprise Risk Management White PaperEnterprise Risk Management White Paper
Enterprise Risk Management White Paper
Shadowlit Ndou Sidija
 
COSO Vs ERM - NMIMS INDORE
COSO Vs ERM - NMIMS INDORECOSO Vs ERM - NMIMS INDORE
COSO Vs ERM - NMIMS INDORE
Naresh Parandhaman
 
Why Community-based Financial Institutions Should Practice Enterprise Risk Ma...
Why Community-based Financial Institutions Should Practice Enterprise Risk Ma...Why Community-based Financial Institutions Should Practice Enterprise Risk Ma...
Why Community-based Financial Institutions Should Practice Enterprise Risk Ma...
WolfPAC - Integrated Risk Management
 
Operational risk management (orm)
Operational risk management (orm)Operational risk management (orm)
Operational risk management (orm)
Bushra Angbeen
 
COSO VS ERM -
COSO VS ERM - COSO VS ERM -
COSO VS ERM -
Naresh Parandhaman
 
How to Build an Enterprise Risk Management Framework
How to Build an Enterprise Risk Management FrameworkHow to Build an Enterprise Risk Management Framework
How to Build an Enterprise Risk Management Framework
Colleen Beck-Domanico
 
Intro to ERM
Intro to ERMIntro to ERM
Intro to ERM
John Glenn
 
Modern operational risk
Modern operational riskModern operational risk
Modern operational risk
Saifullah Malik
 
ERM-Enterprise Risk Management
ERM-Enterprise Risk ManagementERM-Enterprise Risk Management
ERM-Enterprise Risk Management
Jorge Vaz Girão , CISA, PMP, PMDPro I, ERMCP
 
ERM Presentation
ERM PresentationERM Presentation
ERM Presentation
H Contrex
 
Level 2
Level 2Level 2
Level 2
GWC GROUP
 
Enterprise Risk Management for the Digital Transformation Age
Enterprise Risk Management for the Digital Transformation AgeEnterprise Risk Management for the Digital Transformation Age
Enterprise Risk Management for the Digital Transformation Age
Career Communications Group
 
Risk transfer strategy.
Risk transfer strategy.Risk transfer strategy.
Risk transfer strategy.
Ignacio Reclusa
 
Contracts risk management notes bagamoyo 2.12.2017 final v1
Contracts risk management notes bagamoyo 2.12.2017 final v1Contracts risk management notes bagamoyo 2.12.2017 final v1
Contracts risk management notes bagamoyo 2.12.2017 final v1
EMAC Consulting Group
 
Tools &amp;Techniques for Effective Risk Management V3.0
Tools &amp;Techniques for Effective Risk Management V3.0Tools &amp;Techniques for Effective Risk Management V3.0
Tools &amp;Techniques for Effective Risk Management V3.0
cgautam
 
Third-Party Risk Management: How to Identify, Assess & Act
Third-Party Risk Management: How to Identify, Assess & ActThird-Party Risk Management: How to Identify, Assess & Act
Third-Party Risk Management: How to Identify, Assess & Act
TrustArc
 
Third-Party Risk Management: Implementing a Strategy
Third-Party Risk Management: Implementing a StrategyThird-Party Risk Management: Implementing a Strategy
Third-Party Risk Management: Implementing a Strategy
NICSA
 
Enterprise Risk Management: Minimizing Exposure, Fostering Innovation and Acc...
Enterprise Risk Management: Minimizing Exposure, Fostering Innovation and Acc...Enterprise Risk Management: Minimizing Exposure, Fostering Innovation and Acc...
Enterprise Risk Management: Minimizing Exposure, Fostering Innovation and Acc...
Cognizant
 

More Related Content

What's hot

ORM Operational Risks Management
ORM Operational Risks ManagementORM Operational Risks Management
ORM Operational Risks Management
Tariq minhas
 
Enterprise Risk Management White Paper
Enterprise Risk Management White PaperEnterprise Risk Management White Paper
Enterprise Risk Management White Paper
Shadowlit Ndou Sidija
 
Operational risk management (orm)
Operational risk management (orm)Operational risk management (orm)
Operational risk management (orm)
Bushra Angbeen
 
ERM-Enterprise Risk Management
ERM-Enterprise Risk ManagementERM-Enterprise Risk Management
ERM-Enterprise Risk Management
Jorge Vaz Girão , CISA, PMP, PMDPro I, ERMCP
 
Enterprise Risk Management for the Digital Transformation Age
Enterprise Risk Management for the Digital Transformation AgeEnterprise Risk Management for the Digital Transformation Age
Enterprise Risk Management for the Digital Transformation Age
Career Communications Group
 

What's hot (19)

Managing Risks in Turbulent Times by Dr. Emmanuel Moore ABOLO
Managing Risks in Turbulent Times by Dr. Emmanuel Moore ABOLOManaging Risks in Turbulent Times by Dr. Emmanuel Moore ABOLO
Managing Risks in Turbulent Times by Dr. Emmanuel Moore ABOLO
 
Operational Risk Measurement
Operational Risk MeasurementOperational Risk Measurement
Operational Risk Measurement
 
ORM Operational Risks Management
ORM Operational Risks ManagementORM Operational Risks Management
ORM Operational Risks Management
 
corporate risk management
corporate risk management corporate risk management
corporate risk management
 
Enterprise Risk Management White Paper
Enterprise Risk Management White PaperEnterprise Risk Management White Paper
Enterprise Risk Management White Paper
 
COSO Vs ERM - NMIMS INDORE
COSO Vs ERM - NMIMS INDORECOSO Vs ERM - NMIMS INDORE
COSO Vs ERM - NMIMS INDORE
 
Why Community-based Financial Institutions Should Practice Enterprise Risk Ma...
Why Community-based Financial Institutions Should Practice Enterprise Risk Ma...Why Community-based Financial Institutions Should Practice Enterprise Risk Ma...
Why Community-based Financial Institutions Should Practice Enterprise Risk Ma...
 
Operational risk management (orm)
Operational risk management (orm)Operational risk management (orm)
Operational risk management (orm)
 
COSO VS ERM -
COSO VS ERM - COSO VS ERM -
COSO VS ERM -
 
How to Build an Enterprise Risk Management Framework
How to Build an Enterprise Risk Management FrameworkHow to Build an Enterprise Risk Management Framework
How to Build an Enterprise Risk Management Framework
 
Intro to ERM
Intro to ERMIntro to ERM
Intro to ERM
 
Modern operational risk
Modern operational riskModern operational risk
Modern operational risk
 
ERM-Enterprise Risk Management
ERM-Enterprise Risk ManagementERM-Enterprise Risk Management
ERM-Enterprise Risk Management
 
ERM Presentation
ERM PresentationERM Presentation
ERM Presentation
 
Level 2
Level 2Level 2
Level 2
 
Enterprise Risk Management for the Digital Transformation Age
Enterprise Risk Management for the Digital Transformation AgeEnterprise Risk Management for the Digital Transformation Age
Enterprise Risk Management for the Digital Transformation Age
 
Risk transfer strategy.
Risk transfer strategy.Risk transfer strategy.
Risk transfer strategy.
 
Contracts risk management notes bagamoyo 2.12.2017 final v1
Contracts risk management notes bagamoyo 2.12.2017 final v1Contracts risk management notes bagamoyo 2.12.2017 final v1
Contracts risk management notes bagamoyo 2.12.2017 final v1
 
Tools &amp;Techniques for Effective Risk Management V3.0
Tools &amp;Techniques for Effective Risk Management V3.0Tools &amp;Techniques for Effective Risk Management V3.0
Tools &amp;Techniques for Effective Risk Management V3.0
 

Similar to Extended Enterprise Risk Management (ERM) | R N Marwah & Co. LLP - Chartered Accountants

Third-Party Risk Management: How to Identify, Assess & Act
Third-Party Risk Management: How to Identify, Assess & ActThird-Party Risk Management: How to Identify, Assess & Act
Third-Party Risk Management: How to Identify, Assess & Act
TrustArc
 
CM Introduction 081414
CM Introduction 081414CM Introduction 081414
CM Introduction 081414
aidanc5
 
Power your businesswith risk informed decisions
Power your businesswith risk informed decisionsPower your businesswith risk informed decisions
Power your businesswith risk informed decisions
Alireza Ghahrood
 
138 مبادرة #تواصل_تطوير المحاضرة ال 138 من المبادرة دكتور مهندس / أكرم حسن اس...
138 مبادرة #تواصل_تطوير المحاضرة ال 138 من المبادرة دكتور مهندس / أكرم حسن اس...138 مبادرة #تواصل_تطوير المحاضرة ال 138 من المبادرة دكتور مهندس / أكرم حسن اس...
138 مبادرة #تواصل_تطوير المحاضرة ال 138 من المبادرة دكتور مهندس / أكرم حسن اس...
Egyptian Engineers Association
 
Riskpro insurance advisory services 2013
Riskpro insurance advisory services 2013Riskpro insurance advisory services 2013
Riskpro insurance advisory services 2013
Nidhi Gupta
 
Riskpro insurance advisory services 2013
Riskpro insurance advisory services 2013Riskpro insurance advisory services 2013
Riskpro insurance advisory services 2013
Nidhi Gupta
 
Vendor risk management 2013
Vendor risk management 2013Vendor risk management 2013
Vendor risk management 2013
Nidhi Gupta
 
Vendor risk management 2013
Vendor risk management 2013Vendor risk management 2013
Vendor risk management 2013
Nidhi Gupta
 
Innovation connections quick guide managing ict risk for business pdf
Innovation connections quick guide managing ict risk for business pdfInnovation connections quick guide managing ict risk for business pdf
Innovation connections quick guide managing ict risk for business pdf
Abdulbasit Almauly
 

Similar to Extended Enterprise Risk Management (ERM) | R N Marwah & Co. LLP - Chartered Accountants (20)

Third-Party Risk Management: How to Identify, Assess & Act
Third-Party Risk Management: How to Identify, Assess & ActThird-Party Risk Management: How to Identify, Assess & Act
Third-Party Risk Management: How to Identify, Assess & Act
 
Third-Party Risk Management: Implementing a Strategy
Third-Party Risk Management: Implementing a StrategyThird-Party Risk Management: Implementing a Strategy
Third-Party Risk Management: Implementing a Strategy
 
Enterprise Risk Management: Minimizing Exposure, Fostering Innovation and Acc...
Enterprise Risk Management: Minimizing Exposure, Fostering Innovation and Acc...Enterprise Risk Management: Minimizing Exposure, Fostering Innovation and Acc...
Enterprise Risk Management: Minimizing Exposure, Fostering Innovation and Acc...
 
CM Introduction 081414
CM Introduction 081414CM Introduction 081414
CM Introduction 081414
 
How AGCO implemented an Supply Chain Risk management solution to save millions
How AGCO implemented an Supply Chain Risk management solution to save millionsHow AGCO implemented an Supply Chain Risk management solution to save millions
How AGCO implemented an Supply Chain Risk management solution to save millions
 
Proactive Risk Management: An Introduction to the Importance of Proactive Ris...
Proactive Risk Management: An Introduction to the Importance of Proactive Ris...Proactive Risk Management: An Introduction to the Importance of Proactive Ris...
Proactive Risk Management: An Introduction to the Importance of Proactive Ris...
 
Governance, Risk management and Compliance Integrated Systems
Governance, Risk management and Compliance Integrated SystemsGovernance, Risk management and Compliance Integrated Systems
Governance, Risk management and Compliance Integrated Systems
 
Power your businesswith risk informed decisions
Power your businesswith risk informed decisionsPower your businesswith risk informed decisions
Power your businesswith risk informed decisions
 
138 مبادرة #تواصل_تطوير المحاضرة ال 138 من المبادرة دكتور مهندس / أكرم حسن اس...
138 مبادرة #تواصل_تطوير المحاضرة ال 138 من المبادرة دكتور مهندس / أكرم حسن اس...138 مبادرة #تواصل_تطوير المحاضرة ال 138 من المبادرة دكتور مهندس / أكرم حسن اس...
138 مبادرة #تواصل_تطوير المحاضرة ال 138 من المبادرة دكتور مهندس / أكرم حسن اس...
 
Risk Management and Risk Transfer
Risk Management and Risk TransferRisk Management and Risk Transfer
Risk Management and Risk Transfer
 
Riskpro insurance advisory services 2013
Riskpro insurance advisory services 2013Riskpro insurance advisory services 2013
Riskpro insurance advisory services 2013
 
Riskpro insurance advisory services 2013
Riskpro insurance advisory services 2013Riskpro insurance advisory services 2013
Riskpro insurance advisory services 2013
 
Riskpro insurance advisory services 2013
Riskpro insurance advisory services 2013Riskpro insurance advisory services 2013
Riskpro insurance advisory services 2013
 
The 5 Steps to Managing Third-party Risk
The 5 Steps to Managing Third-party RiskThe 5 Steps to Managing Third-party Risk
The 5 Steps to Managing Third-party Risk
 
Vendor risk management 2013
Vendor risk management 2013Vendor risk management 2013
Vendor risk management 2013
 
Vendor risk management 2013
Vendor risk management 2013Vendor risk management 2013
Vendor risk management 2013
 
Vendor risk management 2013
Vendor risk management 2013Vendor risk management 2013
Vendor risk management 2013
 
Vendor risk management 2013
Vendor risk management 2013Vendor risk management 2013
Vendor risk management 2013
 
Innovation connections quick guide managing ict risk for business pdf
Innovation connections quick guide managing ict risk for business pdfInnovation connections quick guide managing ict risk for business pdf
Innovation connections quick guide managing ict risk for business pdf
 
How To Integrate Business Risk & IT Risk
How To Integrate Business Risk & IT Risk How To Integrate Business Risk & IT Risk
How To Integrate Business Risk & IT Risk
 

Recently uploaded

Enabling Business Users to Interpret Data Through Self-Service Analytics (2).pdf
Enabling Business Users to Interpret Data Through Self-Service Analytics (2).pdfEnabling Business Users to Interpret Data Through Self-Service Analytics (2).pdf
Enabling Business Users to Interpret Data Through Self-Service Analytics (2).pdf
Smartinfologiks
 
JAIPUR CALL GIRLS SERVICE REAL HOT SEXY 👯 CALL GIRLS IN JAIPUR BOOK YOUR DREA...
JAIPUR CALL GIRLS SERVICE REAL HOT SEXY 👯 CALL GIRLS IN JAIPUR BOOK YOUR DREA...JAIPUR CALL GIRLS SERVICE REAL HOT SEXY 👯 CALL GIRLS IN JAIPUR BOOK YOUR DREA...
JAIPUR CALL GIRLS SERVICE REAL HOT SEXY 👯 CALL GIRLS IN JAIPUR BOOK YOUR DREA...
Escorts service
 
+971565801893>>Safe and original mtp kit for sale in Dubai>>+971565801893
+971565801893>>Safe and original mtp kit for sale in Dubai>>+971565801893+971565801893>>Safe and original mtp kit for sale in Dubai>>+971565801893
+971565801893>>Safe and original mtp kit for sale in Dubai>>+971565801893
Health
 
Jual Obat Aborsi Bojonegoro ( Asli No.1 ) 085657271886 Obat Penggugur Kandung...
Jual Obat Aborsi Bojonegoro ( Asli No.1 ) 085657271886 Obat Penggugur Kandung...Jual Obat Aborsi Bojonegoro ( Asli No.1 ) 085657271886 Obat Penggugur Kandung...
Jual Obat Aborsi Bojonegoro ( Asli No.1 ) 085657271886 Obat Penggugur Kandung...
ZurliaSoop
 
EV Electric Vehicle Startup Pitch Deck- StartupSprouts.in
EV Electric Vehicle Startup Pitch Deck- StartupSprouts.inEV Electric Vehicle Startup Pitch Deck- StartupSprouts.in
EV Electric Vehicle Startup Pitch Deck- StartupSprouts.in
StartupSprouts.in
 
Shareholders Agreement Template for Compulsorily Convertible Debt Funding- St...
Shareholders Agreement Template for Compulsorily Convertible Debt Funding- St...Shareholders Agreement Template for Compulsorily Convertible Debt Funding- St...
Shareholders Agreement Template for Compulsorily Convertible Debt Funding- St...
StartupSprouts.in
 
Indian Call girl in Dubai 0508644382 Dubai Call girls
Indian Call girl in Dubai 0508644382 Dubai Call girlsIndian Call girl in Dubai 0508644382 Dubai Call girls
Indian Call girl in Dubai 0508644382 Dubai Call girls
Monica Sydney
 

Recently uploaded (12)

Enabling Business Users to Interpret Data Through Self-Service Analytics (2).pdf
Enabling Business Users to Interpret Data Through Self-Service Analytics (2).pdfEnabling Business Users to Interpret Data Through Self-Service Analytics (2).pdf
Enabling Business Users to Interpret Data Through Self-Service Analytics (2).pdf
 
JAIPUR CALL GIRLS SERVICE REAL HOT SEXY 👯 CALL GIRLS IN JAIPUR BOOK YOUR DREA...
JAIPUR CALL GIRLS SERVICE REAL HOT SEXY 👯 CALL GIRLS IN JAIPUR BOOK YOUR DREA...JAIPUR CALL GIRLS SERVICE REAL HOT SEXY 👯 CALL GIRLS IN JAIPUR BOOK YOUR DREA...
JAIPUR CALL GIRLS SERVICE REAL HOT SEXY 👯 CALL GIRLS IN JAIPUR BOOK YOUR DREA...
 
+971565801893>>Safe and original mtp kit for sale in Dubai>>+971565801893
+971565801893>>Safe and original mtp kit for sale in Dubai>>+971565801893+971565801893>>Safe and original mtp kit for sale in Dubai>>+971565801893
+971565801893>>Safe and original mtp kit for sale in Dubai>>+971565801893
 
Famedesired Project portfolio1 . Fullsail
Famedesired Project portfolio1 . FullsailFamedesired Project portfolio1 . Fullsail
Famedesired Project portfolio1 . Fullsail
 
Jual Obat Aborsi Bojonegoro ( Asli No.1 ) 085657271886 Obat Penggugur Kandung...
Jual Obat Aborsi Bojonegoro ( Asli No.1 ) 085657271886 Obat Penggugur Kandung...Jual Obat Aborsi Bojonegoro ( Asli No.1 ) 085657271886 Obat Penggugur Kandung...
Jual Obat Aborsi Bojonegoro ( Asli No.1 ) 085657271886 Obat Penggugur Kandung...
 
NEON LIGHT CITY pitch deck for the new PC game
NEON LIGHT CITY pitch deck for the new PC gameNEON LIGHT CITY pitch deck for the new PC game
NEON LIGHT CITY pitch deck for the new PC game
 
Dàni Velvet Personal Brand Exploration (1).pptx
Dàni Velvet Personal Brand Exploration (1).pptxDàni Velvet Personal Brand Exploration (1).pptx
Dàni Velvet Personal Brand Exploration (1).pptx
 
How to structure your pitch - B4i template
How to structure your pitch - B4i templateHow to structure your pitch - B4i template
How to structure your pitch - B4i template
 
How Multicultural Toys Helps in Child Development.pptx
How Multicultural Toys Helps in Child Development.pptxHow Multicultural Toys Helps in Child Development.pptx
How Multicultural Toys Helps in Child Development.pptx
 
EV Electric Vehicle Startup Pitch Deck- StartupSprouts.in
EV Electric Vehicle Startup Pitch Deck- StartupSprouts.inEV Electric Vehicle Startup Pitch Deck- StartupSprouts.in
EV Electric Vehicle Startup Pitch Deck- StartupSprouts.in
 
Shareholders Agreement Template for Compulsorily Convertible Debt Funding- St...
Shareholders Agreement Template for Compulsorily Convertible Debt Funding- St...Shareholders Agreement Template for Compulsorily Convertible Debt Funding- St...
Shareholders Agreement Template for Compulsorily Convertible Debt Funding- St...
 
Indian Call girl in Dubai 0508644382 Dubai Call girls
Indian Call girl in Dubai 0508644382 Dubai Call girlsIndian Call girl in Dubai 0508644382 Dubai Call girls
Indian Call girl in Dubai 0508644382 Dubai Call girls
 

Extended Enterprise Risk Management (ERM) | R N Marwah & Co. LLP - Chartered Accountants

  • 1. December 13, 2019 MANAGING EXTENDED ENTERPRISE RISK
  • 2. 2 Agenda  Understanding XERM  Need for XERM  Holistic Approach for XERM  Four cornerstone capabilities  Maturity of Extended Enterprise Program EXTENDED ENTERPRISE RISK MANAGEMENT
  • 3. EXTENDED ENTERPRISE RISK MANAGEMENT 3 The Extended Enterprise ● Globalized business environment - no company is an island. ● Ecosystem of company comprises an exceedingly large number of third parties - including customers, partners, agents, affiliates, vendors, and service providers. ● “THE EXTENDED ENTERPRISE.” ● The reach of the extended enterprise is poised to expand. Private bank sourcing customer through DSA provided with asset serviced through service providers. Data entry in one system by separate team of outsourced manpower and funding by BANK by entry in another system. Documents scanning and storage by different operators at third party location.
  • 4. EXTENDED ENTERPRISE RISK MANAGEMENT 4 Fragmented Approach – Existing Mechanism ● Exposure to the actions of third parties to be managed in a strategic and proactive manner. ● Most companies cover key items i.e. regulatory compliance or cyber security ● No conscious and consistent link to strategy. ● Fragmented approach - when not guided by an all-encompassing vision – is no longer sufficient to mitigate interconnected third-party risks at enterprise level ● Consequences of non – managing exist - which are escalating.
  • 5. EXTENDED ENTERPRISE RISK MANAGEMENT 5 Some Examples ● An outsourced vendor for transaction processing decides to exit the business and provides little notice or transitional support ● An important distributor does not provide the amount of prime shelf space that had been agreed upon and instead leads with a competitor’s product ● A contracted supplier does not deliver merchandise on-time, thus disappointing customers and damaging the company’s brand reputation ● A customer organizes a boycott of the company’s products via social media ● A critical vendor takes more new accounts than it can handle, degrading service levels / disrupting process ● A sales agent routinely favors a competitor, causing revenue and market share to decline in an important region ● Several franchisees do not spend co-op advertising dollars as instructed, resulting in a poor consumer response to holiday promotions
  • 6. EXTENDED ENTERPRISE RISK MANAGEMENT 6 Challenges ● Formulating strategies for managing the extended enterprise and driving performance at the same time? ● Justify the investment required to implement those strategies through a coordinated program? … what should the company do…
  • 7. EXTENDED ENTERPRISE RISK MANAGEMENT 7 Extended Enterprise Risk Management ● Answers lie in expanding one’s view of Extended Enterprise Risk Management (XERM) <<<VALUE CREATION AS WELL AS VALUE PROTECTION>>> ● XERM - An end-to-end approach for sensing risks systematically throughout the extended enterprise so that vulnerabilities can be addressed proactively. ● XERM – ● A proactive lever for driving business performance ● A reactive means of protecting existing worth (some believe so).
  • 8. EXTENDED ENTERPRISE RISK MANAGEMENT 8 What is XERM ● XERM is ● the practice of anticipating and managing ● exposures associated with third parties ● across the organization’s full range of operations ● optimizing the value delivered by the third-party ecosystem.
  • 9. EXTENDED ENTERPRISE RISK MANAGEMENT 9 Elevating XERM ● Three forces elevating the need for XERM are: ● social media accelerates stakeholder reactions to third-party events, rapidly raising brand awareness, or conversely inflicting immediate reputational damage, if an incident goes viral; ● the stakes are much higher, often affecting profitability for better or worse; and ● companies are using outsourcing to a greater degree for both core and non-core processes. ● Third- party incidents can dramatically impact business performance—positively or negatively—by affecting: ● cost ● service quality ● revenue ● brand
  • 10. EXTENDED ENTERPRISE RISK MANAGEMENT 10 Cost: Escalation vs. containment ● A third-party incident can cost them dearly. By how much – not sure? ● Downside losses: several ways of incurring unnecessary expenses - fines, restitution, opportunity costs of business loss (existing customers / new), new business in the wake of a disruptive event. ● Regulatory non-compliance: Pressure is unlikely to ease anytime soon since regulatory scrutiny and associated penalties are intensifying throughout the world. ● Customers can take their business elsewhere if they feel disappointed or betrayed even for offending action of a third party. ● Cyber security is another area of top concern. ● Bad publicity, ● Cost of a data breach is escalating, and if a third party is involved, it makes matters worse. ● Supply chain disruption – mostly tied to third parties
  • 11. EXTENDED ENTERPRISE RISK MANAGEMENT 11 Service quality: Degradation vs. optimization ● Pressure from boards and the C-Suite for managing contracts and performance to optimize returns for the extended enterprise. ● Vendor management is often neglected in terms of resource allocation. ● Market is currently underinvested in the area of vendor management - tools, methods and processes. ● Reported dissatisfaction with vendor performance. ● Service providers are: ● Being reactive rather than proactive and ● Delivering poor service despite achieving service levels ● Customer Angle ● Companies face challenge in collecting contracted fees, royalties, etc.. ● Customers also have a tendency to underutilize or overutilize licensed assets like software license.
  • 12. EXTENDED ENTERPRISE RISK MANAGEMENT 12 Revenue: Contraction vs. expansion ● Dissatisfied customers can take their business elsewhere. ● Consumers avoid doing business with organizations after a security breach. ● Driving away customers is an unpleasant prospect.
  • 13. EXTENDED ENTERPRISE RISK MANAGEMENT 13 Brand: Diminishment vs. enhancement ● Every type of third-party exposure is an all-embracing risk: threat of brand damage. ● In interconnected world, trust equals value. ● On average more than 25% wealth of a company’s market value is directly attributable to its reputation. ● Companies are concerned about their readiness ● Least prepared to manage reputation risk drivers in areas beyond their direct control - such as third-party ethics and competitive attacks.
  • 14. EXTENDED ENTERPRISE RISK MANAGEMENT 14 Leveraging Three Lines of Defense ● Companies are not aware how to leverage the “three lines of defense” for managing risk and driving performance: ● First line of defense: The business unit, which owns the third-party relationship and is accountable for managing associated risks in alignment with policies and procedures. ● Second line of defense: Centralized governance program for XERM, for establishing and enforcing policies / processes to ensure that third parties are managed consistently by the business. ● Third line of defense: Internal audit, for the most critical extended enterprise risks and controls as well as performing independent assessments.
  • 15. EXTENDED ENTERPRISE RISK MANAGEMENT 15 Business Objective Business Objective Growth / innovation Client experience Cost reduction Improved time to market Risk and compliance management
  • 16. EXTENDED ENTERPRISE RISK MANAGEMENT 16 Risk Domain Risk Domain Contractual risk Credit risk Business continuity risk Operations risk Reputation risk Geopolitica l risk Strategic risk Financial risk Complianc e/legal risk Cyber risk Intellectual Property risk Quality risk
  • 17. EXTENDED ENTERPRISE RISK MANAGEMENT 17 Operating Model Operating Model Components Governance and oversight: The operating model, committees, and roles and responsibilities for managing the extended enterprise Policies and standards: Management’s expectations of standards and processes to be used, to manage the extended enterprise and its related risks Risk culture: Tone at the top, clarity on risk appetite, appropriate training and awareness to promote positive risk cultureTools and technology: Use of tools and technology, predictive and risk analytics that enhance extended enterprise risk management processes Management processes: Processes to manage risks and improve performance across the third-party lifecycle Risk metrics and dashboard: Use of internal and external data to measure and visualize risks and performance of extended enterprise, tailored towards multiple levels of management
  • 18. EXTENDED ENTERPRISE RISK MANAGEMENT 18 Third Part Relationship Cycle Third-party relationship lifecycle Plan, evaluate and select Contract and on- board Manage and monitor Terminate and off- board
  • 19. EXTENDED ENTERPRISE RISK MANAGEMENT 19 Four cornerstone capabilities ● Companies often believe they cannot take an end-to-end approach to manage XERM as: ● securing executive sponsorship and getting people to take ownership can be an uphill climb. ● the task is too vast and they do not have the expertise and resources to build, execute and sustain a comprehensive third-party oversight program. ● These barriers are more perception than reality. ● It is neither necessary nor possible to do everything at once. ● It is rather a matter of identifying some practical steps to take toward establishing an XERM program or evolving an existing one. Most organizations can get a sense of what those steps might be by considering the extent to which they have developed four cornerstone capabilities – as explained:
  • 20. EXTENDED ENTERPRISE RISK MANAGEMENT 20 Strategy and governance: Creating an agile and flexible governance model ● Does your organization link its risk management practices to value drivers? ● Does it have a formal strategy and governance model for managing third- party risk? ● Does it understand where the breakpoints are in its third-party relationships? ● Does it have a prescribed means of assessing and staying ahead of them? ● Does your organization proactively seek to bridge the gap between business executives and compliance and risk professionals?
  • 21. EXTENDED ENTERPRISE RISK MANAGEMENT 21 People: Managing relationships, compliance and regulations ● Does your company have dedicated roles for managing third-party risk across the extended enterprise? ● Has your organization aligned and strengthened its three lines of defense? ● Does executive ownership exist at the enterprise level? ● Are employees keeping up with emerging regulatory requirements? ● Are your third parties keeping up?
  • 22. EXTENDED ENTERPRISE RISK MANAGEMENT 22 Process: Navigating events that shape the extended enterprise ● Does your organization react to third-party events or does it actively seek to prevent them? ● Are risk management processes standardized across the enterprise and integrated with tools and data? ● Does your organization regularly consider how evolving technologies, market trends, and disruptive forces present opportunities and challenges to its third-party relationships? ● Does your organization have appropriate contracts in place with its third parties? ● Do you know if they are meeting expectations and complying with their contractual commitments? ● Can you readily assess the appropriateness of future delivery models? ● Are executives confident in their decisions to outsource or insource, build, or buy?
  • 23. EXTENDED ENTERPRISE RISK MANAGEMENT 23 Technology: Using data and analytics to make informed decisions ● What tools and technologies does your organization leverage to make informed decisions about its third- party relationships? ● What data does your organization already have access to? ● Can leaders make real-time decisions? ● If so, what key performance indicators does your organization monitor and analyze to support those decisions?
  • 24. EXTENDED ENTERPRISE RISK MANAGEMENT 24 Conclusion ● If answer is “no” to most of these questions: ● The company’s XERM program is in the earlier stages of development. ● Organization may be managing some third-party risks on an ad-hoc basis, using a few off-the-shelf tools, and perhaps beginning to implement dedicated roles and processes. ● More “yes” answers means: ● It is further along the path toward integration and optimization —later stages of maturity ● Generally characterized by greater use of customized tools, proactive monitoring and decision-making, and the connection of leading practices to value drivers.
  • 25. EXTENDED ENTERPRISE RISK MANAGEMENT 25 Maturity of extended enterprise program Capabilities Initial Managed Defined Integrated Optimized Strategy and governance  Risk taking for quick fix benefits  No formal governance  Minimal effort in reducing risk  Risk taking for short term benefits  Focus on preventing issues  Riskaligns with medium-term enterprise - wide benefits  Focuson preventing issues and creating value  Intelligent risk taking, aligned with enterprise strategy  State-of-the-art practices, linked to value drivers  Extended enterprise embedded in strategic planning and decision making People  Individual effort  Little management input  Lack of training  Responsibilities built into existing roles  Increased input from management  Dedicated roles  Invested executives within each silo  Some trainingoffered  Awareness of value of extended enterprise across the organization  Enterprise-wide roles  Executive ownership at the enterprise level  Trained professionals with defined roles throughout the lifecycle  Executive champions on both sides, aligning service delivery to strategic objectives Process  Few activities defined  Fire - fighting mode  Defined processes in siloes  Functional, reactive problem solving  Coordinated processes across the business  Monitoring and alerting leveraging dashboards, with some proactive issue resolution  Fully standardized processes, integrated with tools and data  Proactive decision - making using analytics, improving bottom-line and performance  Processes aligned with strategy, integrated into third parties  Continuous improvement and proactive responsiveness  Leveraging predictive and sensing analytics, tools and dashboards Technology  Simple and least expensive tools used, ad-hoc  Off-the-shelf tools used for problem solving  Limited access to third-party data  Adapted tools used for reporting and monitoring  Customized tools, used for tactical decision making  Value-additive tools  Internal data centralized and easily accessible  Highly - customized decision support tools  Integrated external data sources that enhance insights  Tools and analytics are key value driver and differentiator
  • 26. 26 Looking for commencing a journey towards operational excellence… EXTENDED ENTERPRISE RISK MANAGEMENT