The document discusses enterprise risk management (ERM), emphasizing its importance for organizations to identify and manage key risks effectively. It outlines the elements and benefits of a robust ERM program, including improved regulatory compliance, cost efficiency, and strategic decision-making. Additionally, it connects ERM with business continuity management (BCM) and highlights the need for a structured approach to address potential risks in the context of euro zone contingency planning.

1. Continuity and Resilience (CORE)
ISO 22301 BCM Consulting Firm
Presentations by our partners and
extended team of industry experts
Our Contact Details:
INDIA UAE
Continuity and Resilience
Level 15,Eros Corporate Tower
Nehru Place ,New Delhi-110019
Tel: +91 11 41055534/ +91 11 41613033
Fax: ++91 11 41055535
Email: neha@continuityandresilience.com
Continuity and Resilience
P. O. Box 127557
Abu Dhabi, United Arab Emirates
Mobile:+971 50 8460530
Tel: +971 2 8152831
Fax: +971 2 8152888
Email: info@continuityandresilience.com

2. Developing an Effective
Enterprise Risk Capability
Margaret J. Millett, MSBC, MBCP, MBCI
Director of eBay, Inc. Enterprise Resiliency

3. Agenda
1. What is Enterprise Risk Management (ERM)?
2. Why organizations should have an ERM Program
3. Competitive Imperative
4. Elements of an ERM Program
5. Connecting with Business Continuity Management (BCM)
6. Euro Zone Contingency Planning
7. Conclusion

4. What is Enterprise Risk
Management (ERM)?
“ERM is a process that is effected by an entity’s board of
directors, management and other personnel, and applied in
strategy setting and across the enterprise, designed to identify
potential events that may affect the entity, to manage risk to
be within its risk appetite, and to provide reasonable
assurance regarding the achievement of entity objectives.” [1]
[1] http
://www.coso.org/documents/COSO_ERM_ExecutiveSummary.pdf

5. Why organizations should
have an ERM Program
1. Key risks are not being sufficiently managed
2. Developing an effective ERM capability is a competitive
imperative
3. Actionable plans to mature ERM capability should be
developed and specific resources allocated to address the
gaps.

6. Competitive Imperative
1. An effective ERM program is a competitive imperative.
2. Many organizations that have recognized the need for an
ERM program have proceeded to implement various ERM
elements without a clear ERM strategy and
implementation plan.

7. Competitive Imperative
3. An ERM strategy and implementation plan should be
guided by the expected benefits and business case for the
program.
4. The clear articulation of expected benefits will enable a
company to develop appropriate timelines, budgets and
metrics.
5. Companies that skip the strategy development process
tend to use a haphazard approach to ERM
implementation, leading to a program that may not be
sustainable or achieve the desired benefits.

8. Elements of an ERM
Program
1. Avoidance of critical risks
2. Meeting regulatory requirements
3. Effectively managing the cost of its risk management
activities
4. Increasing speed to mark for new products and services
5. Improved pricing for risk
6. Lowering requirement for overall economic capital.

9. Avoidance of critical risks
Enterprise risk management can enable an organization’s
senior executives and the board to focus on important
prospective issues rather than reacting to unexpected risks..
Furthermore, modeling and discussing the correlation
between risk factors and business objectives can assist senior
management and the board in understanding the nature of
risk in their business, enhancing their ability to make strategic
choices and to maintain the organization’s risk profile within
acceptable limits. This is a particularly powerful driver for an
organization due to the critical risks that are currently not
being managed effectively.

10. Meeting regulatory
requirements
An effective enterprise risk management program can lead to
formal or informal favorable treatment by applicable
regulators through decreased oversight or greater flexibility
with capital requirements, product offerings, or access to
emerging markets.

11. Efficiently managing the
cost of its risk management
activities
A common framework and organization structure including
standardized processes, methods, tools to address regulatory
requirements, coordination of overlapping risk management
activities can provide substantial savings over the cost of
multiple stand-alone responses and solutions.

12. Increasing speed to market
for new products and
services
An effective ERM program can actually shorten time to market
with new products and services by accelerating an
organization’s ability to identify and address risk issues for new
products and services.

13. Improved pricing for risk
Enhanced risk identification and assessment capabilities can
provide front-line managers with the information necessary to
effectively assess risk and therefore accurately price the risks
associated with current or future products or services.

14. Lower requirement for
overall economic capital
A better understanding of risk across a firm enables a more
thorough understanding of the capital required to support a
given risk tolerance (for example, target credit rating or
solvency risk) thereby allowing more effective allocation of
capital across initiatives, business units as well as potentially
reducing overall capital requirements. This will become
increasingly more critical to an organization’s success as it
expands its business model.

15. Connecting with Business
Continuity Management (BCM)
Organizations may not have a formal ERM, but the fundamental
unpinning of such a program is in place. BCM relies on an
integrated, well-structured and functional Incident Command
System (ICS) to engage and mitigate serious business interruptions
and disasters. Representation from key corporate functions
required to effectively respond to crisis is found within the ICS and
include among others:
Corporate Business Continuity Corporate IT
Corporate Risk Global Human Resources
Corporate Counsel Corporate Communications

16. BCM Attributes of an ERM
1. Creating a consistent approach that uses common
terminology, standards, understandings and approaches for
identification of risks or risk-related opportunities
2. Establishing a framework by which organizationally
disparate functions can openly share concerns, ideas,
opinions and come to agreement – necessary to avoid
functional silos
3. Establishing a common analytical framework of tools,
procedures and techniques by which assessments can be
considered objectively and solely as a function of risk

17. BCM Attributes of an ERM
4. Empowering organizational change to create a sense of
ownership and responsibility for risk across the
organizational culture; one that is supported by senior
most levels of management
5. Managing the organization’s exposures to potentially
detrimental risks, and also, identifying potential
opportunities the result of risk for the purpose of achieving
organizational goals without impairing profitably.

18. Creating integrated ERM
1. A program champion – such as an member of the executive
leadership team than can influence and also, gain support
from the board of directors or the CEO
2. A vision for the program’s contribution to the organization
3. A strategic, tactical and operational plan that supports the
vision
4. A governing body that holds the ERM accountable and
provides guidance or endorsement (maybe the Business
Continuity Steering Committee)

19. Creating integrated ERM
5. A well defined and developed set of core foundation
elements on which the ERM is to be built
6. A slow, and methodical and phased approach that results in
visible accomplishment and return on investment (small
thought it may be at first)
7. Supporting technology for the purpose of creating,
sustaining and implementing analytical tools, analysis and
generation of useful information by decision makers.
8. A feedback mechanism by which results can be evaluated
and used in affecting organizational culture.

20. Euro Zone Contingency
Planning
The fear is not only Greece could be forced out, but it would
spread quickly to:
1.Ireland
2.Italy
3.Portugal
4.Spain
5.Any beyond
The countries above have been identified as PIIGS.

21. Euro Zone Contingency
Planning
• Legal issues associated with potential country exit and
various currency scenarios
• Potential increased losses for “payments not received”
• Potential issues with ability to settle transactions due not
being to process payments
• Risks associated with solvency of banking partners which
have deposited funds
• Potential product requirements should a country exit
• Ensure clear communications with customers &
stakeholders on the impacts if a country exits.

22. Euro Zone Contingency
Planning
• Protection of your company monetary assets
• IT and ability to convert (accounting) using new currencies
• Ability to pay vendors
• If impacted, company considerations:
 Reduced hours or terminations
 Staffing levels
 Closures

23. Euro Zone Contingency Planning
– Response Framework
1. Anticipation of events
2. Mitigation considerations
3. Resources and expertise
4. Monitoring
5. Communication
6. Deployment

24. Conclusion
Risk is unavoidable and is present in all parts of an
organization. Risk management allows for management and
decision making at all levels of the company. ERM allows for a
comprehensive approach to risks so they are no longer
managed in department silos.

25. Thank you
Margaret J. Millett, MSBC, MBCP, MBCI
Director of eBay, Inc. Enterprise Resiliency

26. Continuity and Resilience (CORE)
ISO 22301 BCM Consulting Firm
Presentations by our partners and
extended team of industry experts
Our Contact Details:
INDIA UAE
Continuity and Resilience
Level 15,Eros Corporate Tower
Nehru Place ,New Delhi-110019
Tel: +91 11 41055534/ +91 11 41613033
Fax: ++91 11 41055535
Email: neha@continuityandresilience.com
Continuity and Resilience
P. O. Box 127557
Abu Dhabi, United Arab Emirates
Mobile:+971 50 8460530
Tel: +971 2 8152831
Fax: +971 2 8152888
Email: info@continuityandresilience.com