Enterprise Risk Management Framework

Enterprise Risk Management Frameworks
Business Transformation Value Proposition – Advisory Consulting
EA-envision: Enterprise Risk Management Framework

Qui ne risque rien n'a rien…..

EA-envision
Sources
Strategic Enterprise Foresight – Strategy & Planning – EA-envision™
Management Framework Future Architecture Landscape ™

Strategic Analysis Five Visions of the Future™ Technology Futures™
Framework

Futures Framework Thinking About the Future™ Peter Bishop and Andy Hines
University of Houston in Texas™

Eltville Model Five Views of the Future™ Future Management Group™

Horizon Scanning 21 Drivers for the 21st Century™ Outsights™

Applied Future Studies Infinite Futures Wendy Schultz

Transhumanism Natasha Vita-More Extropy Institute, President
Cultural Strategist Futurist Arts & Culture, Founder

Brainstorming Advanced 'Kaleidoscope Businessballs.com
Brainstorming'© technique

Massive Change The Massive Change Project Bruce Mau Design and the Institute
Without Boundaries

Foresight and Precognition The Sixth Sense Kees Van der Heijden
Precognition Jeffry Palmer
Precognition: Sensing the Future Rita Berkowitz, Deborah S. Romaine

EA-envision: Strategic Enterprise Management Framework


Eltville Model
Outsights 21 Drivers for the 21st Centaury
COSO Risk Management Framework
Basle II
Solvency II
Sarbanes-Oxley
International Financial Reporting Standards


Futures Studies
Foresight – Strategy & Planning – Future Landscape – Advisory Consulting
EA-envision: Strategic Enterprise Risk Management Framework

Changement est vieux comme le monde….. changement est aussi vieux que le temps.

EA-envision
The Management of Uncertainty

• It has long been recognized that one of the most important competitive
factors for any organization to master is the management of uncertainty.

• Uncertainty is the major intangible factor contributing towards the risk of
failure in every process, at every level, in every type of business.

• Managing business uncertainty may involve introducing, developing and
implementing strategic enterprise management frameworks for –

– Corporate Foresight and Business Strategy
– Business Planning and Forecasting
– Business Transformation
– Enterprise Architecture
– Enterprise Risk Management
– Enterprise Performance Management
– Enterprise Governance, Reporting and Controls


EA-envision
Futures Studies

• Futures Studies, Foresight, or Futurology is the practice and art of
postulating possible, probable, and preferable futures . Futures studies
(colloquially called "Futures" by many of the field's practitioners) seeks to
understand what is likely to continue, what is likely to change, and what is
novel. Part of the discipline thus seeks a systematic and pattern-based
understanding of past and present, and to determine the likelihood of future
events and trends.

• Futures is an interdisciplinary curriculum, studying yesterday's and today's
changes, and aggregating and analyzing both lay and professional
strategies, bets and opinions with respect to tomorrow. It includes analyzing
the sources, patterns, and causes of change and stability in the attempt to
develop foresight and to map possible futures.

• Around the world the field is variously referred to as futures studies,
strategic foresight, futurology, futuristics, futures thinking, futuring,
futuribles (in France, the latter is also the name of the important 20th
century foresight journal published only in French), and prospectiva (in
Spain and Latin America). Futures studies (and one of its sub-disciplines,
strategic foresight) are the academic field's most commonly used terms in
the English-speaking world.

EA-envision
Futures Studies Framework

Futures Studies

Political Economic Ethnographic & Environmental Science &
Strategic Sociology and
Science and Futures Demographic Futures Technology
Foresight Human Futures
Policy Futures Futures Horizons

Human Identity. Science and Society
Foundations, History
History and Culture Futures
and Philosophy of Political Science Economic Theory Demographics Earth Sciences
12. Outsights 17. Outsights
Prediction
Identity Science and Society

Future Frameworks, Economic Planning Religion, Values and Bio-Technology and
Paradigms, Methods Policy Studies and Strategy Beliefs Psychographics Life Sciences
Medical Science
& Techniques

Future Strategy, Urbanisation and the
Philosophy and Sustainability and Sustainability and
Planning, Governance, Law Growth of Cities
Ethical Studies Ethnographics Renewable Renewable
Forecasting, and Order 21. Outsights
Resources (1) Resources (2)
Modelling & Analysis Urbanisation

Peace and Conflict
Shaping the Future - Corporate Finance Nano-Technology
Studies Psychology and Global Massive
Planned and and Strategic Biographics and
1. Outsights War, Patterns of Behaviour Change
Managed Outcomes Investment Artificial Intelligence
Terrorism, Security

Financial Markets Transhumanism
Threat Assessment & Information and
Military Science and Traded The Arts
Risk Management Communication
Instruments Natasha Vita-Moore

Innovation and
Business Communications and Weapons and
Entrepreneurial
Administration Media Studies Countermeasures
Studies

Futures Collaboration
Networking & Cosmology and
Knowledge Space Science
Management

EA-envision
Foresight
• In Futures Studies, the term " Foresight" embraces: -
– Critical thinking concerning long-term policy development,
– Debate and consultation to create wider stakeholder participation,
– Shaping the future - by influencing public policy and strategic direction

• Foresight is being applied to strategic activities in the public as well as the
private sector, and underlines the need to link every activity or project with
any kind of future dimension to action today in order to make a planned,
integrated future impact (“shaping the future”).

• Foresight differs from much futures research and strategic planning. It
encompasses a range of approaches that combine the three components
mentioned above, which may be recast as: -
– futures (forecasting, forward thinking, perspectives),
– planning (strategic analysis, priority setting), and
– networking (participatory, dialogic) tools and orientations.

• Much futures research has been academic, but Foresight programmes
were designed to influence policy - often R&D policy. Much technology
policy had been very elitist; Foresight attempts to go beyond the normal
bounds and gather widely distributed intelligence

EA-envision
Foresight
• Foresight draws on traditions of work in long-range forecasting and strategic
planning, horizontal policymaking and democratic planning, horizon scanning
and futures studies - but was also highly influenced by systemic approaches to
innovation studies, global design, science and technology policy, and analysis
of "critical technologies“ and “cultural evolution".

• Many of the methods that are commonly associated with Foresight - Delphi
surveys, scenario workshops, etc. - derive from the futures field. So does the
fact that Foresight is concerned with: -

– The longer-term - futures that are usually at least 10 years away (though there are
some exceptions to this, especially in its use in private business). Since Foresight is
action-oriented (the planning link) it will rarely be oriented to perspectives beyond a
few decades out (though where decisions like aircraft design, power station
construction or other major infrastructural decisions are concerned, then the
planning horizon may well be half a century).

– Alternative futures: it is helpful to examine alternative paths of development, not
just what is currently believed to be most likely or business as usual. Often
Foresight will construct multiple scenarios. These may be an interim step on the way
to creating what may be known as positive visions, success scenarios, aspirational
futures. Sometimes alternative scenarios will be a major part of the output of
Foresight work, with the decision about what fuure to build being left to other
mechanisms.

EA-envision
Strategic Foresight

• Strategic Foresight is the ability to create and maintain a high-quality,
coherent and functional forward view, and to use the insights arising in useful
organisational ways. For example to detect adverse conditions, guide policy,
shape strategy, and to explore new markets, products and services. It
represents a fusion of futures methods with those of strategic management
(Slaughter (1999), p.287).
• Strategic Envisioning – Future outcomes, goals and objectives are
determined via Strategic Foresight and are defined by design, planning and
management - so that the future becomes realistic and achievable. Possible
futures may comply with our preferred options - and therefore our vision of an
ideal future and desired outcomes could thus be fulfilled
– Positivism – articulating a single, preferred vision of the future. The future will
conform to our preferred options - thus our vision of an ideal future and desired
outcomes will be fulfilled.
– Futurism – assessing possible, probable and alternative futures – selecting those
futures offering conditions that best fit our strategic goals and objectives for
achieving a preferred and desired future. Filtering for a more detailed analysis may
be achieved by discounting isolated outliers and focusing upon those closely
clustered future descriptions which best support our desired future outcomes,
goals and objectives.


Strategic Foresight Framework EA-envision

EA-envision
Forecasting
• Forecasting is the process of estimation in unknown situations.
Prediction is a similar, but more general term. Both can refer to
estimation of time series, cross-sectional or longitudinal data.

• Usage can differ between areas of application: for example in
hydrology, the terms "forecast" and "forecasting" are sometimes
reserved for estimates of values at certain specific future times,
while the term "prediction" is used for more general estimates, such
as the number of times floods will occur over a long period.

• Risk and uncertainty are central to forecasting and prediction.
Forecasting is used in the practice of in every day business
forecasting for manufacturing companies. The discipline of demand
planning, also sometimes referred to as supply chain forecasting,
embraces both statistical forecasting and a consensus process.

• Forecasting is commonly used in discussion of time-series data.


Forecasting approach - Time series methods
• Categories of forecasting methods
– Time series methods
– Causal / economic methods
– Judgemental Methods
– Other Methods
• Forecasting accuracy
• Applications of forecasting
• External links
• References

• Time series methods use historical / time variant data as a mathematical
basis for projecting future outcomes.
– Moving average
– Exponential smoothing
– Extrapolation
– Linear prediction
– Trend estimation
– Growth curve


EA-envision
Time series methods – Moving average
• In statistics, a moving average or rolling average is one of a family of
similar techniques used to analyze time series data. It is applied in
finance and especially in technical analysis. It can also be used as a
generic smoothing operation, in which case the raw data need not be a
time series.

• A moving average series can be calculated for any time series. In
finance it is most often applied to stock prices, returns or trading
volumes. Moving averages are used to smooth out short-term
fluctuations, thus highlighting longer-term trends or cycles. The
threshold between short-term and long-term depends on the
application, and the parameters of the moving average will be set
accordingly.

• Mathematically, each of these moving averages is an example of a
convolution. These averages are also similar to the low-pass filters
used in signal processing.


Time series methods – Exponential smoothing
• In statistics, exponential smoothing refers to a particular type of moving
average technique applied to time series data, either to produce smoothed
data for presentation, or to make forecasts. The time series data themselves
are a sequence of observations. The observed phenomenon may be an
essentially random process, or it may be an orderly, but noisy, process.

• Exponential smoothing is commonly applied to financial market and economic
data, but it can be used with any discrete set of repeated measurements. The
raw data sequence is often represented by {xt}, and the output of the
exponential smoothing algorithm is commonly written as {st} which may be
regarded as our best estimate of what the next value of x will be. When the
sequence of observations begins at time t = 0, the simplest form of exponential
smoothing is given by the formulas

• where α is the smoothing factor, and 0 < α < 1.

EA-envision
Time series methods – Extrapolation
• In mathematics, extrapolation is the process of constructing new data points outside a
discrete set of known data points. It is similar to the process of interpolation, which
constructs new points between known points, but its results are often less meaningful,
and are subject to greater uncertainty .

• A sound choice of which extrapolation method to apply relies on a prior knowledge of
the process that created the existing data points. Crucial questions are for example if the
data can be assumed to be continuous, smooth, possibly periodic etc: -
– Linear extrapolation
– Polynomial extrapolation
– Conic extrapolation
– French curve extrapolation

• Quality of extrapolation - typically, the quality of a particular method of extrapolation is
limited by the assumptions about the function made by the method. If the method
assumes the data are smooth, then a non-smooth function will be poorly extrapolated.

• Extrapolation in the complex plane - in complex analysis, a problem of extrapolation may
be converted into an interpolation problem by the change of variable. This transform
exchanges the part of the complex plane inside the unit circle with the part of the
complex plane outside of the unit circle. In particular, the compactification point at infinity
is mapped to the origin and vice versa. Care must be taken with this transform however,
since the original function may have had "features", for example poles and other
singularities, at infinity that were not evident from the sampled data.

Horizon Scanning EA-envision

• Horizon Scanning is an important technique for establishing a sound knowledge
base for planning and decision-making. Anticipating and preparing for future threats,
challenges, trends and opportunities is an essential component of any organisation's
long-term sustainability strategy.

• What is horizon scanning?
Horizon Scanning is defined by the UK Government Office for Science as:
'the systematic examination of potential threats, opportunities and likely future
developments, including (but not restricted to) those at the margins of current thinking
and planning.‘

• Horizon Scanning may explore novel and unexpected issues as well as persistent
problems or trends. The government's Chief Scientific Adviser is encouraging
Departments to undertake horizon scanning in a structured and auditable manner.

• Horizon Scanning enables organisations to anticipate and prepare for new risks and
opportunities by looking at trends and information in the medium- to long-term future.

• The government's Horizon Scanning Centre of Excellence, part of the Foresight
Directorate in the Department for Innovation, Universities and Skills, has the role of
supporting Departmental activities and facilitating cross-departmental collaboration.


EA-envision
21 Drivers for the 21st Century

The Outsights Technique “21 Drivers for the 21st Century” is a provocative
and future-orientated scan of the 21 key forces shaping this century - from the
rise of the BRICs to the challenges of resource availability and the explosion
of information.

1. War, Terrorism and Insecurity 12. Identity
2. Layers of Power 13. Consumerism
3. Economic and Financial Stability 14. Network and Connectivity
4. BRICS and Emerging Powers 15. Space
5. The 5 Flows of Globalisation 16. Science Futures
6. Intellectual Property Rights 17. Science and Society
7. Health 18. Resource Availability
8. Mobility 19. Climate Change
9. Population 20. Environmental Degradation
10. Trust and reputation 21. Urbanisation
11. Values and Beliefs

EA-envision
Scenarios

• Scenarios are specially constructed stories about the future - each one
portraying a distinct, challenging and plausible world in which we might one
day live and work - and for which we need to anticipate, plan and prepare.

• The Outsights Technique emphasises collaborative scenario building with
internal clients and stakeholders. Embedding a new way of thinking about
the future in the organisation is essential if full value is to be achieved – a
fundamental principle of the “enabling, not dictating” approach

• The Outsights Technique promotes the development and execution of
purposeful action plans so that the valuable learning experience from
“outside-in” scenario planning enables building profitable business change.

• The Outsights Technique develops scenarios at the geographical level; at
the business segment, unit and product level, and for specific threats, risks
and challenges facing organisations. Scenarios add value to organisations
in many ways: - future management, business strategy, managing change,
managing risk and communicating strategy throughout an organisation.


EA-envision
Strategy Scenarios

• Strategy Scenarios provide a shared context and clarity on those
issues shaping the future in which decision makers can make difficult
choices about opportunity exploitation and risk management strategies.

• The Outsights Technique helps stakeholders stand back, take stock
and seek fresh points of view: -

– Facilitation of the internal debate exploring stakeholder value, opportunity
exploitation and risk management
– Sounding board for business innovation and strategy
– Stakeholder engagement and the communication of the process with the
wider partner, stakeholder and employee community
– Review of specific opportunity exploitation and risk management agendas
– Surfacing diverse opinions from internal and external stakeholders to
identify needs for strategic content, clarity, perspective and action


EA-envision
Managing Change Scenarios

• Strategy Scenarios provide a shared context and clarity on those issues
shaping the future in which decision makers can make difficult choices.

• Managing Change Scenario thinking can compel a wide range of people to
open up to new options and change their own images of reality by sharing and
discussing assumptions on what is shaping the world.

• The Outsights Technique translates what is learnt into action in the following
ways to achieve sustainable change and risk management : -

– Providing the content and insight needed to understand changes in the
outside world (Drivers of Change, Scenario Building, Risk Categories)

– Designing and running processes to push change and risk management
down from the organisational level to the individual level – thus delivering
personal accountability (Strategy & Planning, Budgeting & Forecasting,
Change Management, Risk Management, Performance Management)


Business Transformation Value Proposition – Advisory Consulting
EA-envision: Enterprise Risk Management Framework

Qui ne risque rien n'a rien…..
…..

EA-envision
Risk Management
• What is Risk Management ?
Risk Management is a structured approach to managing uncertainty through
foresight and planning. A risk is related to a specific threat (or group of related
threats) managed through a sequence of activities using various resources: -

• Risk Research – Risk Identification – Risk Prioritization – Risk Assessment –
Risk Management Strategies – Risk Planning – Risk Mitigation

• Risk Management Strategies may include: -
– transferring the risk to another party
– avoiding the risk
– reducing the negative effect of the risk
– accepting part or all of the consequences of a particular risk .

• In an ideal Risk Management Scenario, a prioritization process ranks those risks
with the greatest potential loss and the greatest probability of occurring to be handled
first - and risks with lower probability of occurrence and lower consequential losses
are then handled in descending order

• In practice this prioritization can be challenging. Comparing and balancing the overall
threat of risks with a high probability of occurrence but lower loss - versus risks with
higher potential loss but lower probability of occurrence - can often be misleading.


EA-envision
Enterprise Risk Management

• Enterprise Risk Management or ERM includes the methods and
processes used by organizations to manage risks or seize opportunities
related to the achievement of their objectives. Enterprise Risk Management
provides a framework for risk management, which typically involves
identifying particular events or circumstances relevant to the organization's
objectives like risks and opportunities, assessing them in terms of likelihood
and magnitude of impact, determining a response strategy, and monitoring
progress. By identifying and proactively addressing risks and opportunities,
business enterprises protect and create value for their stakeholders,
including owners, employees, customers, regulators, and society overall.

• Enterprise Risk Management can also be described as a risk-based
approach to managing an enterprise, integrating concepts of strategic
planning, operations management, and internal control. Enterprise Risk
Management is evolving to address the needs of various stakeholders, who
want to understand the broad spectrum of risks facing complex
organizations to ensure they are appropriately managed. Regulators and
debt rating agencies have increased their scrutiny on the risk management
processes of companies.



• Enterprise Risk Management Frameworks describe an approach for
identifying, analyzing, responding to, and monitoring risks or
opportunities, within the internal and external environment facing the
enterprise. Management selects a risk response strategy for specific
risks identified and analyzed, which may include: -

– Avoidance: exiting the activities giving rise to risk
– Reduction: taking action to reduce the likelihood or impact of a risk
– Transfer: - sharing or insuring a portion of the risk, to mitigate or reduce it
– Accept: no action is taken, due to a cost/benefit decision

• Monitoring is typically performed by management as part of its internal
control activities, such as review of analytical reports or management
committee meetings with relevant experts, to understand how the risk
response strategy is working and whether the objectives are being met
or targets achieved.


COSO Enterprise Risk Management Framework

• The COSO Enterprise Risk Management Framework has eight Components
and four objectives categories. The eight components are: -

1. Internal Environment
2. Objective Setting
3. Event Identification
4. Risk Assessment
5. Risk Response
6. Control Activities
7. Information and Communication
8. Monitoring

• The four objectives categories - additional components highlighted are: -

1. Strategy - high-level goals, aligned with and supporting the organization's mission
2. Operations - effective and efficient use of resources
3. Financial Reporting - reliability of operational and financial reporting
4. Compliance - compliance with applicable laws and regulations

Enterprise Risk Management Framework Development


Enterprise Risk Management Framework Development
1. Framing and Scoping the Risk Management Study
– Risk Research – evaluating and understanding the problem domain

2. Decide Risk Appetite and Risk Mitigation Strategies
– Risk Identification – identifying applicable threats and Risk Categories

3. Determine Risk Organization Structure and Governance Methods
– Risk Prioritization – ordering and prioritising threats by probability / magnitude

4. Develop Risk Management Framework Structure, Methods and Metrics
– Risk Assessment – comparing and balancing the individual threat posed by each risk item in
the ordered and prioritized consolidated enterprise risk register

5. Design Risk Management Framework Reporting and Controls
– Risk Planning – assessing the overall threat contained within the risk register

6. Design Risk Management Framework Model and Processes
– Risk Management Strategies – transferring, avoiding, reducing or accepting risk

7. Deploy Risk Management Framework Infrastructure and Systems
– Risk Mitigation – introduce Risk Management processes, systems and controls

8. Implement Risk Management Framework
– Risk Implementation – start managing risk by reducing uncertainty through the targeted
application of strategic foresight, planning and forecasting and enterprise risk management
processes, systems and controls

Enterprise Risk Management Framework

EA-envision
Executive Summary

• The underlying premise of Enterprise Risk Management is that every
enterprise exists to provide value for its stakeholders. All entities face
uncertainty, and the challenge for management is to determine how much
uncertainty to accept as it strives to grow stakeholder value. Uncertainty
presents both risk and opportunity, with the potential to erode or enhance
value. Enterprise risk management enables management to effectively deal
with uncertainty and associated risk and opportunity, enhancing the capacity
to build value.

• Enterprise Risk Management value is maximized when management sets
strategy and objectives to strike an optimal balance between growth and
return goals and related risks, and efficiently and effectively deploys
resources in pursuit of the enterprise’s objectives.

• These capabilities inherent in enterprise risk management help management
achieve the enterprise’s performance and profitability targets and prevent
loss of resources. Enterprise Risk Management helps ensure effective
reporting and compliance with laws and regulations, and helps avoid damage
to the enterprise’s reputation and associated consequences. In sum,
enterprise risk management helps an enterprise get to where it wants to go,
avoiding pitfalls and surprises along the way.

EA-envision
Executive Summary (continued)

• Events – Risks and Opportunities. Events can have negative impact, positive impact, or
both. Events with a negative impact represent risks, which can prevent value creation or
erode existing value. Events with positive impact may offset negative impacts or represent
opportunities. Opportunities are the possibility that an event will occur and positively affect
the achievement of objectives, supporting value creation or preservation. Management
channels opportunities back to its strategy or objective-setting processes, formulating
plans to seize the opportunities.

• Enterprise Risk Management defined - Enterprise Risk Management deals with risks and
opportunities affecting value creation or preservation – and is described as follows: -

– Enterprise Risk Management is a process, implemented by an enterprise’s board of
directors, management and other personnel, and is applied both in strategy setting
and in every operational activity across the entire enterprise - designed to identify
potential threat events that may impact upon the enterprise, to manage those threats
within its risk appetite and tolerances - in order to provide reasonable comfort and
assurance towards the achievement of operational and strategic enterprise objectives.

• This Enterprise Risk Management definition is purposefully broad. It captures key
concepts fundamental to how companies and other organizations manage risk, providing a
basis for application across organizations, industries, and sectors. It focuses directly on
achievement of objectives established by a particular enterprise and provides a basis for
defining enterprise risk management effectiveness.

EA-envision
Executive Summary (continued)

• The definition reflects certain fundamental concepts. Enterprise Risk Management is: -

– A process group, ongoing and flowing through an entire enterprise
– Effected by people at every level within an organization
– Applied in strategy setting, planning, forecasting and operational management
– Applied across the whole enterprise, at every segment and unit, and includes taking
an enterprise level portfolio view of risk
– Designed to identify potential events that, if they occur, will affect the enterprise and
to manage risk within its risk appetite
– Able to provide reasonable Risk Management assurance to an enterprise’s
management and board of directors
– Geared to achievement of objectives in one or more separate but overlapping
categories

• This definition is purposefully broad. It captures key concepts fundamental to how
companies and other organizations manage risk, providing a basis for application across
organizations, industries, and sectors. It focuses directly on achievement of objectives
established by a particular enterprise and provides a basis for defining Enterprise Risk
Management.


EA-envision
Enterprise Risk Management - Values

• Aligning risk appetite and risk management strategy – Management considers the
enterprise’s capability to absorb risk (risk appetite) in evaluating strategic alternatives,
setting related objectives, and developing mechanisms to manage related risk groups.

• Enhancing risk response decisions – Enterprise Risk Management provides the rigor
to identify and select among alternative risk scenarios and responses –identification and
assessment of threats, risk avoidance, risk reduction, risk sharing and risk acceptance.

• Reducing operational surprises and losses – Entities gain enhanced capability to
identify potential threat events and establish threat responses - reducing their exposure
to surprises and “black swan” events and their associated unplanned costs or losses.

• Identifying and managing multiple and cross-enterprise risks – Every enterprise
faces a myriad of risks affecting different parts of the organization, and Enterprise Risk
Management facilitates effective response to the interrelated impacts, and integrated
management of multiple threat scenarios and exposure to groups of related risks.

• Seizing opportunities – By considering and mitigating a full range of potential threat
events, management is well positioned to identify and proactively realise opportunities.

• Improving deployment of capital – Obtaining robust risk exposure information allows
management to effectively assess overall capital needs and enhance capital allocation.

EA-envision
Trade Risk Breakdown Structure


EA-envision
Primary Risk Functions

• The primary risk functions in large corporations that may participate in an
Enterprise Risk Management program typically include: -
– Strategic planning - identifies competitive opportunities and external
threats, along with strategic initiatives to address them
– Marketing - understands the target customer to ensure product/service
alignment with customer requirements
– Regulatory and Statutory Compliance – provides governance and
monitors compliance with code of conduct and initiates money
laundering and fraud investigations
– Accounting / Financial Compliance - directs the Sarbanes-Oxley
Section 302 and 404 assessment, which identifies financial reporting
risks, and Basle II / Solvency II compliance.
– Legal Service Department - manages litigation and analyzes emerging
legal trends that may impact upon the organization
– Insurance - ensures the proper insurance coverage for the organization
– Treasury - ensures cash is sufficient to meet business needs, while
managing risk related to commodity pricing or foreign exchange


EA-envision
Primary Risk Functions

– Operational Quality Assurance - verifies operational output is within
tolerances
– Operations Management - ensures the business runs day-to-day and
that related barriers are surfaced for resolution
– Credit Management - ensures any credit provided to customers is
appropriate to their ability to repay the advance
– Customer Services - ensures customer complaints are handled
promptly and root causes are reported to operations for resolution
– Information Technology – follows Clinger-Cohen guidelines for due
diligence in IT Procurement, implements Intelligent Agents and Alerts,
Digital Dashboards and Reporting for Risk Controls and Risk Incident
Capture / Event Identification and Risk Monitoring / Reporting
– Internal audit - evaluates Risk Event Identification / Incident Capture
and Risk Controls and Risk Monitoring and Reporting and directs non-
compliance and fraud investigations
– Risk Management – maintains the Enterprise Risk Management
Framework and evaluates the effectiveness of each of the above risk
functions and recommends improvements

EA-envision
Enterprise Risk Management - Structure

• Risk Management is a structured approach to managing uncertainty through foresight
and planning. A risk is related to a specific threat (or group of related threats) managed
through a sequence of activities using various resources: -

– Risk Research – evaluating and understanding the problem domain
– Risk Identification – identifying applicable threats
– Risk Prioritization – ordering and prioritising threats by risk probability / magnitude
– Risk Assessment – comparing and balancing the individual threat posed by each risk
item in the ordered and prioritized risk register
– Risk Management Strategies – transferring, avoiding, reducing or accepting risk
– Risk Planning – assessing the overall threat contained within the consolidated risk
register
– Risk Mitigation – reducing uncertainty through the foresight and planning process


Enterprise Risk Management – Structure (continued)

• Risk Management strategies may include the following: -

– Transferring the risk to another party
– Avoiding the risk altogether
– Reducing the negative effect of the risk
– Accepting part or all of the consequences of any particular risk.

• In an ideal Risk Management Scenario, a prioritization process ranks those
risks with the greatest potential loss and the greatest probability of occurring
to be handled first -and risks with lower probability of occurrence and lower
consequential losses are then handled in descending order

• In practice this prioritization can be challenging. Comparing and balancing the
overall threat of risks with a high probability of occurrence but lower loss -
versus risks with higher potential loss but lower probability of occurrence - can
often appear misleading.

EA-envision
Intangible Risk Management

• Intangible Risk Management hypothesises a different type of threat - a risk that has a
100% probability of occurring but is ignored by the organization due to the failure to
recognise a threat category, or the inability to identify a risk group or specific item: -

– Process-engagement Risk may pose a threat when processes are ineffective,
incomplete or broken and operational procedures are misapplied (or not applied).
– Knowledge Risk may materialise when insufficient knowledge is available in a threat
domain, or a deficient level of knowledge is applied to a threat situation,.
– Relationship Risk may occur when group dynamics are disrupted, morale breaks
down, or communication, collaboration and team-working become ineffective.

• Intangible Risk Management allows risk managers to release immediate value from the
identification and reduction of those hidden risks that reduce quality and output thus
impacting on performance, productivity, profitability and sustainable growth.

• Intangible Risks may impact to reduce the productivity of knowledge workers, decrease
cost effectiveness, erode performance, service and quality whilst acting to compromise
the organisations reputation, goodwill, trust, brand value, market share and earnings.


EA-envision
Opportunity Cost Management

• Risk Management also faces difficulties in providing sufficient enterprise resources or
allocating those resources appropriately. This is the concept of Opportunity Cost: -

– Resources denied to risk management that could have been deployed more
profitably on managing and avoiding risk.
– Resources over-expended on risk management that could have been spent
elsewhere in the business on more profitable applications.

• Ideal Risk Management Scenarios minimizes spending whilst maximizing the
reduction of the negative effects of risks: -

– Prioritisation ranks those risks with the greatest potential loss and / or the greatest
probability of occurrence -to be treated first
– Those Prioritised Risks with a lower probability of occurrence and lower
consequential losses are then handled in descending order
– Risk Management seeks to balance and optimise the overall threat impact of risks
with a high probability of occurrence but lower loss -versus risks with greater
potential loss but lower probability of occurrence

EA-envision
Establishing the Risk Context

• Establishing the risk context involves the following: -
– Researching the types of risk apparent in any given interest domain
– Identification of all of the risks in the selected domain of interest
– Evaluating And Prioritising of all of the risks in the risk domain
– Defining a Risk Framework for the E2E risk management approach,
activity & strategies
– Planning the Risk Framework approach to risk management : -
• Mapping out the risk management strategies and process
• Determine the scope of the risk management study
• Confirm the identity and objectives of stakeholders
• Select the basis upon which risks will be evaluated
• Manage constraints –time, scope, knowledge, resources.
– Developing an Analysis of risks involved in the process.
– Mitigation of Risks using all available technological, human and
organizational resources and techniques.


EA-envision
Risk Identification

After establishing the context, the next step in the process of managing risk is to
identify individual potential Threat Scenarios. Risks are threat events that, when
triggered, cause problems. Hence, risk identification can start with the source of
problems, or with the problem itself.

1. Source analysis Risk sources may be internal or external to the system that is
the target of risk management. Examples of risk sources are: stakeholders of a
project, employees of a company or the weather over an airport.

2. Problem analysis Risks are related to identified threats. For example: the threat
of losing money, the threat of abuse of privacy information or the threat of
accidents and casualties. The threats may exist with various entities, most
important with shareholders, customers and legislative bodies such as the
government.

When either source or problem is known, then the events that a source may trigger or
the events that can lead to a problem can be investigated. For example: stakeholders
withdrawing during a project may endanger funding of the project; privacy information
may be stolen by employees even within a closed network; lightning striking a Boeing
747 during takeoff may cause onboard instrumentation to fail…..

Risk Identification (continued) EA-envision

The chosen method of identifying risks may depend on culture, industry
practice and compliance. The identification methods are formed by
templates or the development of templates for identifying source, problem
or event. Common risk identification methods include: -

3. Objectives-based risk identification Organizations and project teams have
objectives. Any event that may endanger achieving an objective partly or
completely is identified as risk. Objective-based risk identification is at the basis
of COSO's Enterprise Risk Management -Integrated Framework

4. Scenario-based risk identification In scenario analysis different scenarios are
created. The scenarios may be the alternative ways to achieve an objective, or
an analysis of the interaction of forces in, for example, a market or battle. Any
event that triggers an undesired scenario alternative is identified as risk -see
Futures Studiesfor methodology used by Futurists.

5. Taxonomy-based risk identification The taxonomy in taxonomy-based risk
identification is a breakdown of possible risk sources. Based on the taxonomy
and knowledge of best practices, a questionnaire is compiled. The answers to
the questions reveal risks. Taxonomy-based risk identification in software
industry can be found in CMU/SEI-93-TR-6.


EA-envision
Risk Identification (continued)

The chosen method of identifying risks may depend on culture, industry
practice and compliance. The identification methods are formed by
templates or the development of templates for identifying source, problem
or event. Common risk identification methods include: -

6. Common-risk Checking n several industries lists with known risks are
available. Each risk in the list can be checked for application to a particular
situation. An example of known risks in the software industry is the Common
Vulnerability and Exposures list found at http://cve.mitre.org.

7. Risk Charting This method combines the above approaches by listing
Resources at risk, Threats to those resources Modifying Factors which may
increase or reduce the risk and Consequences it is wished to avoid. Creating a
matrix under these headings enables a variety of approaches. One can begin
with resources and consider the threats they are exposed to and the
consequences of each. Alternatively one can start with the threats and examine
which resources they would affect, or one can begin with the consequences and
determine which combination of threats and resources would be involved to
bring them about.


EA-envision
Risk Management Strategies

• Event Risk Management strategies are focused on risks stemming from physical causes
like natural disasters or fires, accidents, death

• Legal Risk Management strategies are focused on risks stemming from legal causes
like lawsuits and prosecution that are mainly operational and due diligence risks.

• Financial Risk Management, on the other hand, focuses on risks that can be managed
using traded financial instruments like market risks, credit risks, liquidity risks or
insurance risks.

• The objective of Risk Management is to reduce different risks related to a pre-selected
domain to the level accepted by the public, the company, the company's regulator, the
shareholders, the board of directors, the risk committee, the management, etc.

• Risk may refer to numerous types of threats caused by environment, technology,
humans, organizations, regulations, compliances, best practices, standards,
methodologies and politics. On the other hand risk involves all means available for
humans, or in particular, for a risk management entity like person, staff, organization

EA-envision
Risk Categories
• Operational risk is defined as the risk of loss resulting from broken, inadequate or failed
processes, people and systems - or from unforeseen “Black Swan” external actions or events

• Credit risk is the risk of loss due to a debtor's non-payment of a loan or other line of credit,
either the principal or interest like the coupon or both.

• Market risk is the risk that the value of an investment will decrease due to moves in market
factors. The four standard market risk factors are:
– Equity risk is the risk that asset, instrument, contract, share or stock prices will change
– Interest rate risk is the risk that interest rates will change
– Currency risk is the risk that foreign exchange rates will change
– Commodity risk is the risk that commodity prices like grains, metals, oil, gas, energy etc. will change

• Illiquidity risk arises from situations in which a party interested in trading an asset cannot do so
because no counterparty in the market wishes to trade for that asset – leading to negative value.

• Insurance risk is a risk of failure to meet underwriting criteria for re-insurance. The concept of
insurable risk underlies nearly all insurance underwriting decisions.

• Reputational risk is the potential for negative publicity or costly litigation, leading to loss of
reputation, fall in revenue, defection from the customer base or the loss, imprisonment or exit of
key employees or defection or detention of business partners or loss of channels-to-market.

• Competitive risk is the possibility of loss from a firm's negative growth in market share,
revenue, loss of competitiveness or dominance, or decline in desirability of product and service
portfolios due to market shift, competitive pressure or key employee defection to competitors.

EA-envision
Risk Categories
• Strategic Risk Management examines the possibility or risk that a “Black Swan” action or
event – an unanticipated or unexpected threat – will adversely affect the firm's ability to achieve
its objectives. In this context Strategic Risk Management - managing strategic risk - involves:
– identifying key threats as well as strategic assumptions both implicit and explicit and determining the
level of strategic vulnerabilities associated with each
– making the correct decisions over sustained periods of time that result in maximum value protection
and efficient coverage of opportunities
– ensuring that the decision-making processes are resilient, robust and effective given the complexity of
risk scenarios and uncertainties of the models involved, and
– charting a tight and accurate course towards achieving objectives once those decisions are made

• Legal risk is the risk associated with the impact on cash flow or debt service of a defect in the
contract document – Legal risk in Basel II and Solvency II is included within operational risk

• Regulatory risk is the risk associated with the potential for Regulatory Compliance related to
changes to rules governing a given type of instrument, market, industry sector or regulatory
domain to impact subject contracts, assets, instruments, stocks and investments.

• Statutory risk is the risk associated with the potential for Statutory Compliance related to
changes to laws and legislation for a given industry, economy, or type of trade to impact upon
subject contracts, assets, instruments, stocks and investments.

• Systemic risk is the overarching market risk or the threat of risk that cannot be mitigated or
diverted, as opposed to "idiosyncratic risk", which is specific to individual contracts, assets,
instruments, stocks and investments. It refers to change across the whole market or economy.
– Risk of international conflict or war is the probability of loss from threats of global geo-political conflict
– Risk of global Massive Global Change is the probability of loss from global climatic and environmental
threats

EA-envision
Risk Identification

EA-envision
Achievement of Objectives

• Within the context of an enterprise’s established mission or vision, management
establishes strategic objectives, selects strategy, and sets aligned objectives
cascading through the enterprise. This enterprise risk management framework is
geared to achieving an enterprise’s objectives, set forth in four categories: -

– Strategic – high-level goals, aligned with and supporting its mission
– Operations – effective and efficient use of its resources
– Reporting – reliability of reporting
– Governance – compliance with applicable laws and regulations.

• This categorization of enterprise objectives allows a focus on separate aspects of
enterprise risk management. These distinct but overlapping categories – a particular
objective can fall into more than one category – address different enterprise needs
and may be the direct responsibility of different executives. This categorization also
allows distinctions between what can be expected from each category of objectives.
Another category, safeguarding of resources, used by some entities, also is
described


EA-envision
Components of Enterprise Risk Management

Enterprise Risk Management consists of eight interrelated components.
These are derived from the way management runs an enterprise and are
integrated with the management process. These components are: -

1. Internal Environment – The internal environment encompasses the tone
of an organization, and sets the basis for how risk is viewed and
addressed by an entity’s people, including risk management philosophy
and risk appetite, integrity and ethical values, and the environment in
which they operate: -

2. Objective Setting – Objectives must exist before management can
identify potential events affecting their achievement. Enterprise risk
management ensures that management has in place a process to set
objectives and that the chosen objectives support and align with the
entity’s mission and are consistent with its risk appetite.

3. Event Identification – Internal and external events affecting achievement
of an entity’s objectives must be identified, distinguishing between risks
and opportunities. Opportunities are channelled back to management’s
strategy or objective-setting processes.

EA-envision
Components of Enterprise Risk Management

Enterprise Risk Management components (continued): -

4. Risk Assessment – Risks are analyzed, considering likelihood and
impact, as a basis for determining how they should be managed. Risks
are assessed on an inherent and a residual basis.

5. Risk Response – Management selects risk responses – avoiding,
accepting, reducing, or sharing risk – developing a set of actions to align
risks with the entity’s risk tolerances and risk appetite.

6. Control Activities – Policies and procedures are established and
implemented to help ensure the risk responses are effectively carried out.

7. Information and Communication – Relevant information is identified,
captured, and communicated in a form and timeframe that enable people
to carry out their responsibilities. Effective communication also occurs in a
broader sense, flowing down, across, and up the entity.

8. Monitoring – The entirety of enterprise risk management is monitored
and modifications made as necessary. Monitoring is accomplished
through ongoing management activities, separate evaluations, or both.

EA-envision
Relationship of Objectives and Components

• Enterprise risk management is not strictly a serial process, where one
component affects only the next. It is a multidirectional, iterative process
in which almost any component can and does influence another.

• There is a direct relationship between objectives, which are what an entity
strives to achieve, and enterprise risk management components, which
represent what is needed to achieve them.

• The four objectives categories – strategic, operations, reporting, and
compliance – are represented by the vertical columns, the eight
components by horizontal rows, and an entity’s organisational units by the
third dimension.

• This depiction portrays the ability to focus on the entirety of a business
entity’s Enterprise Risk Management, or by objectives category,
component, entity organisation unit, or any subset, dimension, viewpoint
or view thereof.

• The relationship of risk objectives & components is depicted as a three-
dimensional matrix - drawn in the form of a cube.

EA-envision
Relationship of Objectives and Components

• The relationship of the enterprise structure, risk objectives and risk components
may be depicted as a three-dimensional matrix - drawn in the form of a cube.

Enterprise Risk Management Framework Dimensions
• Risk Dimensions • Risk Categories
– Risk Categories – Strategic
– Risk Components – Operational
– Organisation Units – Financial
– Risk Management Process – People
– Statutory and Regulatory Reporting
and Compliance

• Risk Components • Risk Management Processes
– Threat Environments – Threat Analysis
– Objective Setting – Risk Identification
– Event Identification – Risk Prioritization
– Threat Assessment – Risk Assessment
– Threat Response – Risk Management Strategies
– Control Activities – Risk Planning
– Information and Communication – Risk Mitigation
– Monitoring – Risk Communication and Event
Reporting
– Risk Monitoring and Control


Operational Risk
Operational Risk Value Proposition – Advisory Consulting

Si nous faisons la même vieille chose, de la même vieille manière, nous obtiendrons toujours les mêmes vieux résultats…..

EA-envision
Categories Of Risk

Categories Of Risk. The risks faced by an organisation should be classified
in relation to its unique organisation activities. There are a number of
commonly used risk categories which help to group risks according to the
various aspects of the organisation and its activities: -

The following are examples of some frequently used Risk Categories: -

– Strategic – Operational
– Operational – Credit
– Reporting – Market
• Equity Risk
– Compliance • Interet Rate Risk
• Risk Management and Governance • Currency Risk
• Statutory and Regulatory Compliance • Comodity Risk
– Liquidity
– Financial – Insurance
– Human Resources – Reputational
– Process – Cumpetitive
– Technology – External


EA-envision
Categories Of Risk
The list below summarises the most common categories of risk and
some indication of the possible effects: -

• External Risk
– Infrastructure: - transport for staff, power supply, suppliers, business
relationships with partners, dependency on internet and email
– Economic: - interest rates, exchange rates, inflation
– Legal and Regulatory: - e.g. health and safety legislation
– Environmental: - fuel consumption, pollution
– Political: - possible political constraints like a change of government
– Market: - competition and supply of goods
– "Act of God“ Natural Disaster: - fire, flood, drought, pandemic, landslide,
earthquake, volcanic eruption, tsunami, impact of deep space object
• Reputation Risk
– Public Reputation: - Reputation, brand loyalty and and goodwill towards
the organisation and consequential external effects
– Personal Reputation: - Reputation and behaviour of the officers of the
organisation and consequential external effects


EA-envision
Categories Of Risk

• Internal – Operational / Organisational

– Policy: appropriateness and quality of policy decisions

– Operational: procedures employed to achieve particular objectives

– Information: adequacy of information used for decision making

– Transferable: risks that may be transferred, or transfer of risks at
inappropriate cost

– Technological: use of technology to achieve objectives

– Project: project planning and management procedures

– Innovation: exploitation of opportunities to make gains

– Personnel: availability and retention of suitable staff

– Health and Safety: well-being of people

EA-envision
Categories Of Risk

• Financial

– Budgetary - availability and allocation of resources
– Fraud or theft: - unproductive loss of assets and resources
– Insurable - potential areas of loss that can be insured against
– Capital investment - making appropriate investment decisions
– Liability - the right to sue or be sued in certain circumstances
– External Finance (Trade) Risk – Market Risk / Credit Risk /
Interest Rate Risk / Liquidity Risk
– Internal Finance (Operational) Risk

• Internal Reputation

– Staff morale and goodwill, internal reputation of the organisation
and consequent internal effects


EA-envision
Categories Of Risk

• There may be a degree of overlap between some of these categories, they are
suggested in order to help ensure that you do not overlook important risks. Try
to put each risk in the category, which is most relevant. Some organisations may
find they can amalgamate some of these categories and some may find they
need extra ones-
– Strategic - This allows you to look at external risks, which may affect your
organisation such as changes in the environment in which you operate. It
also lets you look at setting organisational objectives and ensuring you set
the right ones and then meet them.
– Operational - This looks at the risks, which arise from the services you
deliver or the activities you carry out.
– Financial - This covers financial risks facing the organisation in terms of
internal systems, planning, funding etc.
– People - Review risks associated with both the employment of staff and the
involvement of volunteers.
– Regulatory - This category looks at the legislative framework within which
your organisation operates.
– Governance - This category allows you to review the risks, which are part of
the management of the organisation.


EA-envision
Risk Categories - examples

• Category of Risk Relating to... External Threats
– Infrastructure such as transport systems, utilities and power supply
systems, suppliers, business relationships with partners, dependency
on internet and email service providers
– Economic factors such as commodity prices, interest rates, availability
of funds and credit, exchange rates, inflation and liquidity risk
– Legal and regulatory – statutory regulation which if complied with will
reduce risk of litigation (e.g. Clinger-Cohen Act, Sarbanes-Oxley Act)
– Environmental Issues such as fuel consumption, pollution
– Political - possible political constraints such as change of government
– Market Issues such as competition and supply of goods
– ‘Act of God’ - natural disasters such as fire, flood, earthquake

• Category of Risk Relating to... Human Resources
– Recruitment – availability, recruitment and retention of suitable staff,
– Personnel – training, motivation and morale of staff
– Health and safety – laws and regulations which if complied with should
reduce hazards and increase security and well-being of employees

EA-envision
Risk Categories - examples

• Category of Risk Relating to... Financial Risk
– Budgetary - availability of resources or the allocation of resources
– Fraud or theft - unproductive loss of resources
– Insurable - potential areas of loss which can be insured against
– Capital investment - making appropriate investment decisions
– Liability - right to sue or to be sued in certain circumstances

• Category of Risk Relating to... Internal Activity Risk
– Policy - appropriateness and quality of policy decisions
– Strategic - exploitation of opportunities to achieve strategic objectives
– Operational - procedures employed to achieve particular objectives
– Information - adequacy of information used for decision making
– Reputation - public reputation of the organisation and consequent effects
– Transferable risks - risks which may be transferred to other parties. Transfer
of inappropriate cost risks
– Technological - use of technology to achieve objectives
– Project - Project planning and management procedures – innovation
– Business Transformation Risk - Risk Breakdown Structure

EA-envision
Project Risk Breakdown Structure

• Solution Risk
– Requirements – Clarity and Scope
– Technology – Selection and Implementation
– Performance and Reliability
• Business Continuity and Disaster Recovery
• Volumes and Capacity
• Application and Integration Complexity
• Quality and Usability

• External Risk
– Business Partners, Vendors and Suppliers – Performance and
Relationships
– Financials – Business Model, Cost Model and Pricing
– Compliance - Legal / Contractual and Statutory / Regulatory


EA-envision
Project Risk Breakdown Structure

• Project Management Risk
– Project Dependencies
– Resources and Prioritization
– Financials - Budgets and Funding
– Timeline – Milestones and Deliverables
– Change Management – People, Process and Technology
– Compliance – Architecture and Security Principles, Policies and Standards
– Customer Satisfaction and Benefits Realisation

• Unforeseeable Risk
– Internal Threats / Change in Direction – Strategy, Sponsorship, Budgets, Project
Cancellation
– External Threats – Military, Political, Economic, Industrial, Social, Ecological,
Environmental


EA-envision
Organisation Dimensions

• Organisation Dimensions • Organisation Categories
– Organisation Structure and – Strategic Management
Establishment – Operational Management
– Jobs and Descriptions – Financial Management
– Roles and Responsibilities – Human Resource Management
– Human Resources – Statutory and Regulatory Reporting and
Compliance

• Organisation Components • Organisation – Business Structure
– Internal Environment – Enterprise
– Objective Setting – Division
– Event Identification – Segment
– Talent Acquisition – Strategic Business Unit
– Talent Management • Organisation – Legal Structure
– Control Activities – Enterprise
– Information and Communication – Group
– Monitoring – Company
– Subsidiary


EA-envision
Organisation – Business Structure


EA-envision
Strategic Business Units Defined
• Why Strategic Business Unit Structure?
– A Strategic Business Unit is agile, flexible, responsive and highly focused. It has a very strong
internal synergy and exists to exploit highly specific business opportunities and associated
revenue streams.

• Strategic Business Unit Defined
– A Strategic Business Unit is a business unit having a clear set of customers and competitors. An
SBU can be independently planned / managed within the organization and has profit and loss
responsibility
– Composition varies from enterprise to enterprise. In larger organizations, an SBU could be a
company, a product, a range or a complete product line. In smaller organizations, it might be the
entire enterprise.

• Strategic Business Unit
– Although SBUs vary dramatically in size, form and function they all share some common
characteristics. Every SBU is an enterprise business unit that is tasked to develop business
strategies and investment plans targeted at generating highly focused business opportunities and
associated revenue streams.
• is either a single business or collection of closely related businesses with strong internal
synergy
• has its own clearly identifiable strategy, investment plan, products, customers and
competitors
• has at its head a single manager who is accountable for its entire operations and
performance
• is a business unit that can be independently planned and managed within the organization
– all SBUs are a single business (or collection of businesses), have their own products, customers
competitors and a manager accountable for operations, and can be independently planned /
managed

EA-envision
Business Segments Defined
• Why Divisional Structure?
– As organizations grow larger, they become less agile, focused, flexible or responsive
and more remote. They distance people from each other, and begin to consume
more cash and energy than they release.
• Division Defined
– A Group or Division is a business segment containing a number of logically related
SBUs . A division has internal investment responsibility within the enterprise and
provides central services to its “client” SBUs.
– Segmental scope varies from organization to organization. In larger organizations, a
segment could be a company group, division - or a complete product range. In
smaller organizations, it might be the plc.
• Business Segment
– Segments are a collections of businesses that have their own investment strategies
and an executive board accountable for operational performance. They can be
independently invested or divested.
– Divisions are significant organization segments that are targeted to develop
organizational investment strategies aimed at generating multiple, logically related
future business opportunities / revenue streams.
• is a collection of logically related and coordinated strategic business units
• has its own clearly identifiable purpose and identity along with internal synergies
and cohesion
• has at its head an executive board accountable for investment decisions and
performance
• is a business area that can be independently planned for and managed within
the organization

Business Programmes – the challenge EA-envision

• Business Programmes – Business Transformation Programmes and their associated
Processes, Enterprise Services, COTS Applications and Integration Architecture are very
complex, high cost / high risk investments and are becoming increasingly difficult to
understand and manage. They encompass a huge mass of detail and depend upon the
success of a large number of embedded, mission-critical business and technology decisions.

• Enterprise Architecture – There is an overarching responsibility to understand the many
impacts of these decisions and get them right first time – or risk potentially catastrophic
business interruption or failure if we get these decisions wrong. A structured Enterprise
Architecture and Service-oriented Architecture Framework guides us successfully through
architecting, designing and delivering Enterprise Services via the Enterprise Service Bus.


Business Transformation Risk Breakdown Structure

EA-envision
Business Transformation
• What are the detailed business strategies of the enterprise and how should these be
implemented (Business Strategy Development and Organizational Change) ?
– Business Strategy Development: - Mission – Businesses Drivers – Strategies – Outcomes –
Goals – Objectives
• What processes the enterprise executes, how they are integrated, and how they
contribute to the strategy of the organization (Business Process Management) ?
• How human resources are being utilized and whether there is optimum use of skills
and resources available across processes and functions (Human Resource
Management) ?
• To what extent the organization establishment is a proper reflection of appropriate
roles and responsibilities, in order to effectively and efficiently carry out all work
(Organization Management) ?
• What IT applications are available in the enterprise , how they interface and what
processes and functions they support (IT Portfolio Management) ?
• How the performance of each process, each function and each individual (CSF’s, KPI’s
and metrics) adds up to the organization’s overall performance (Enterprise Performance
Management) ?
• What business and technology projects are currently underway, how they enable
business change, what processes and IT applications do they change and have impact
upon and how this contributes to the strategy of the organization (Business Program
Management and Project Portfolio Management) ?
– Strategic Technology Enablers: - ERP – CRM – Process Orchestration – Collaboration –
Enterprise Services

Systemic Risk
Systemic Risk Value Proposition – Advisory Consulting

Si nous faisons la même vieille chose, de la même vieille manière, nous obtiendrons toujours les mêmes vieux résultats…..

External Threats

External Threats

Military Political Economic Social Demographic Technology Environment

Federations and Trust and Technology
War Identity Population Geographic
Alliances Reputation Futures

National
Networking and Information and
Terrorism Layers of Power Economic Health Climate Change
Connectivity Communication
Stability

Weapons and
Lawlessness and Financial Markets Ecological
National Security Mobility Wealth Countermeasure
Civil Unrest Stability Degradation
s

Extremism and BRICS and
Consumerism Urbanization Science Futures Natural Disasters
Polarisation Emerging Powers

Sustainability and
Values and Individualism and
Globalization Renewable Geological
Beliefs Tribalism
Resources

Fashion and Aspirations and Oceanography Natural
Trends Desires and Space Resources

Cosmology and
History and
Deep Space
Culture
Objects

EA-envision
Global Massive Change
• Global Massive Change is an evaluation of global capacities and
limitations. It encompasses both utopian and dystopian possibilities
of the emerging world future state, in which climate, the environment,
ecology and geology are dominated by human manipulation: -

– Human impact is now the major factor in climate change.
– Species extinction rate is now greater than in the late Permian mass
extinction event – in which 90% of all species were eliminated
– Man now moves more rock and earth than do all geological processes.

Climate Change
• Most scientists agree that global warming presents the greatest threat to the
environment. There is little doubt that the Earth is heating up. In the last century the
average temperature has climbed about 0.6 degrees Celsius (about 1 degree
Fahrenheit) around the world.

• From the melting of the ice cap on Mount Kilimanjaro, Africa's tallest peak, to the loss
of tropical coral reefs as oceans become warmer, the effects of global warming are
often clear. Just as the evidence is irrefutable that temperatures have risen in the
last century, it's also well established that carbon dioxide in the Earth's atmosphere
has increased about 30 percent, enhancing the atmosphere's ability to trap heat.

• The exact link, if any, between the increase in carbon dioxide emissions and the
higher temperatures is still under debate. Most scientists believe that humans, by
burning fossil fuels such as coal and petroleum, are largely to blame for the increase
in carbon dioxide. But some scientists also point to natural causes, such as volcanic
activity.

• The current rate of warning is unprecedented, however. It is apparently the fastest
warming rate in millions of years, suggesting it probably is not a natural occurrence.
And most scientists believe the rise in temperatures will in fact accelerate. The United
Nations-sponsored Intergovernmental Panel on Climate Change (IPCC) reported in
2001 that the average temperature is likely to increase by between 1.4 and 5.8
degrees Celsius (2.5 and 10.4 degrees Fahrenheit) by the year 2100.

Climate Change
• Since our entire climatic system is fundamentally driven by energy from the
sun, it stands to reason that if the sun's energy output were to change, then
so would the climate. Since the advent of space-borne measurements in the
late 1970s, solar output has indeed been shown to vary. With now 28 years
of reliable satellite observations there is confirmation of earlier suggestions
of an 11 (and 22) year cycle of irradiance related to sunspots but no longer
term trend in these data.

• Based on paleoclimatic (proxy) reconstructions of solar irradiance there is
suggestion of a trend of about +0.12 W/m2 since 1750 which is about half of
the estimate given in the last IPCC report in 2001. There is though, a great
deal of uncertainty in estimates of solar irradiance beyond what can be
measured by satellites, and still the contribution of direct solar irradiance
forcing is small compared to the greenhouse gas component. However, our
understanding of the indirect effects of changes in solar output and
feedbacks in the climate system is minimal. There is much need to refine
our understanding of key natural forcing mechanisms of the climate,
including solar irradiance changes, in order to reduce uncertainty in our
projections of future climate change.

Climate Change
• In addition to changes in energy from the sun itself, the Earth's position and
orientation relative to the sun (our orbit) also varies slightly, thereby bringing
us closer and further away from the sun in predictable cycles (Milankovitch
Cycles). Variations in these cycles are believed to be the cause of Earth's
ice-ages (glacial episodes). One factor of particular importance for the
development of glaciations is the amount of radiation received at high
northern latitudes in the summer.

• Diminishing radiation at these latitudes during the summer months would
have enabled winter snow and ice cover to persist throughout the year,
eventually leading to a permanent snow- or icepack. Over several centuries,
it may be possible to observe the effect of these orbital parameters. While
Milankovitch Cycles have tremendous value in explaining ice-ages and
long-term climatic changes on the earth, there are other factors which have
very high impact on the decade-century timescale. However for the
prediction of climate change in the 21st century, these long-term factors will
be far less significant than other changes - such a radiative forcing from
greenhouse gases.

Climate Change
• Indirect indicators of global warming such as ice borehole temperatures, snow cover,
and glacier recession data, are in substantial agreement with the more direct indicators
of recent warmth. Evidence such as changes in glacial mass balance (the amount of
snow and ice contained in a glacier) is useful since it not only provides qualitative
support for meteorological data, but glaciers are often found in places too remote to
support meteorological stations. The records of glacial advance and retreat often
extend back further than weather station records, and glaciers are usually at much
higher altitudes than weather stations, allowing scientists more insight into temperature
changes prevalent higher in the atmosphere - though extending the Antarctic sea-ice
record back in time is more difficult due to the lack of direct observations in this part of
the world.

• Large-scale measurements of sea-ice have only been possible since the satellite era,
but through looking at a number of different satellite estimates, it has been determined
that September Arctic sea ice has decreased between 1973 and 2007 at a rate of
about -10% +/- 0.3% per decade. Sea ice extent for September for 2007 was by far the
lowest on record at 4.28 million square kilometres, eclipsing the previous record low
sea ice extent by 23%. Sea ice in the Antarctic has shown very little trend over the
same period, or even a slight increase from 1979 to 1995.

• In 1995, however, Larsen Ice Shelf A disintegrated. In 2002 the whole of the Larsen
Ice Shelf B disappeared in just a few weeks – an area the size of Rhode Island in the
USA. The mechanism is thought to be summer liquid water pooling at the surface,
filtering down cracks and crevices and subsequently freezing – shattering the ice sheet

Global Warming

• Clouds are an important indicator of climate change. Surface-based observations of cloud
cover suggest increases in total cloud cover over many continental regions – including
areas of increased urbanization such as tropical Africa and southern Asia. This increase
since 1950 is consistent with regional increases in precipitation for the same period.
However, despite regional variation, analyses of cloud cover over land for the period 1976-
2003 shows little statistically significant overall global change.

• An enhanced greenhouse effect would be expected to cause cooling in higher parts of the
atmosphere because the increased "blanketing" effect in the lower atmosphere holds in
more heat, allowing less to reach the upper atmosphere. Cooling of the lower stratosphere
(about 49,000-79,500 ft.) since 1979 is shown by both satellite Microwave Sounding Unit
and weather balloon data, but is larger in weather balloon data (most likely this is due to
unidentified / uncorrected data errors).

• Relatively cool surface and tropospheric temperatures, and a relatively warmer lower
stratosphere, were observed in 1992 and 1993, due to atmospheric volcanic dust following
the 1991 eruption of Mount Pinatubo. The warming reappeared in 1994. A dramatic global
warming took place in 1998 - at least partly associated with the record El Niño. This
warming episode was consistent from the surface right to the top of the troposphere.

Enterprise Risk Management Framework

Recomendados

Recomendados

Mais conteúdo relacionado

Mais procurados

Mais procurados (20)

Semelhante a Enterprise Risk Management Framework

Semelhante a Enterprise Risk Management Framework (20)

Mais de Nigel Tebbutt

Mais de Nigel Tebbutt (9)

Enterprise Risk Management Framework