1 / 22

A COLLECTION OF DISCUSSION GROUP RESPONSES

FINANCE PRACTICE CFO EXECUTIVE BOARD TM. 01 June 2009. A COLLECTION OF DISCUSSION GROUP RESPONSES. INDEX OF DISCUSSIONS. INDEX OF DISCUSSIONS (CONTINUED). DISCUSSION GROUPS IN THE TERRAIN. Asian Market Discussion Group Cash Management Discussion Group Finance HR Discussion Group

qamra
Télécharger la présentation

A COLLECTION OF DISCUSSION GROUP RESPONSES

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. FINANCE PRACTICE CFO EXECUTIVE BOARDTM 01 June 2009 A COLLECTION OF DISCUSSION GROUP RESPONSES

  2. INDEX OF DISCUSSIONS © 2009 The Corporate Executive Board Company. All Rights Reserved.

  3. INDEX OF DISCUSSIONS (CONTINUED) © 2009 The Corporate Executive Board Company. All Rights Reserved.

  4. DISCUSSION GROUPS IN THE TERRAIN • Asian Market Discussion Group • Cash Management Discussion Group • Finance HR Discussion Group • Finance IT Discussion Group • Finance Operations Discussion Group • Financial Planning and Analysis Discussion Group • Financial Services CFO Peer Group • Mergers, Acquisitions, and Alliances • Risk Management Implementation Discussion Group • India Finance Discussion Group • Shareholder and Board Relations Discussion Group • To subscribe to any of these groups, write to Bishwapriyo at bchakraborty@executiveboard.com © 2009 The Corporate Executive Board Company. All Rights Reserved.

  5. ROLE OF ERM DIRECTOR May 18, 2009 Question What are the roles and responsibilities of the ERM Director in the risk management process? Does the ERM Director have only a "reporting" role or does he have the authority to manage certain risks? Does the ERM Director actively help management in mitigating certain risks? Answers from Our Members • Issue—Role, responsibility and authority of the ERM Director in the risk management process • Key Takeaways • 57% of the respondents have an ERM Director in charge of the risk management process • The remaining companies have ERM VP, CRO or Manager ERM in charge of the risk management process • “The ERM Director is responsible for the risk management framework and process. This role focuses specifically on: • Framework content, currency and business application; • Board and Executive Reporting and • Risk Program management (administrative scheduling). • The ERM Director has a reporting role and should not manage specific risks unless they fall within their sphere of expertise. It is imperative that local management maintain accountability and responsibility for the development and execution of risk mitigation (under the guidance of the risk management function). • The ERM Director and their team must facilitate the risk management process to provide assurance that all things reasonably practicable are considered when formulating mitigation plans. This includes guiding the business in defining their risk appetite which will be used in determining which risks are acceptable and which risks require further action.” • Corporate Risk Manager |Utilities Is your ERM Director responsible for the risk management process? n = 7. • Other roles in charge of risk management processes include: • ERM VP • CRO • Manager ERM Click here to access the discussion thread © 2009 The Corporate Executive Board Company. All Rights Reserved. © 2009 The Corporate Executive Board Company. All Rights Reserved. 5

  6. ROLE OF ERM DIRECTOR (CONTINUED) May 18, 2009 Answers from Our Members (Continued) “We do not have an ERM Director, we have a CRO and a Manager ERM. The CRO reports directly to the CEO and is responsible for the development and implementation of ERM policies, framework and communication with the Executive Council, Audit Committee, and Board. The CRO ensures that adequate funding and resources are provided to ensure the effectiveness of ERM framework. The CRO is the Chairman of the Risk Committee. The CRO provides education in the ERM process to individual business unit leaders and ensures overall embedding of ERM in the strategic planning and business development process. The Manager of Enterprise Risk Management reports to the CRO and provides support to the CRO, Executive Management and the Board with analyses, reports and objective assessments associated with the company’s ERM program. The Manager of ERM also develops, coordinates and manages the processes related to the execution of the ERM program. The Manager of ERM works closely with business units and corporate staff to understand and communicate the ERM framework, risk treatment strategies, accountabilities and measurements.” Manager ERM | Manufacturing “The general duties with regard to ERM is to ensure that the major risks are adequately represented and communicated to executive management and the board. There is also a direct linkage between the risks represented in the ERM effort and the risk disclosures in the 10K. There is the responsibility to directly manage certain risks for which the expertise is centralized within the risk management organization. Other risks are best left to be directly managed by the functions with the specific expertise. The risk management staff has broadly diverse skills (engineering, finance, economics) and as such is used to help quantify risks and facilitate mitigation strategies for many risks in the business.” Vice President and Chief Risk Officer | Utilities © 2009 The Corporate Executive Board Company. All Rights Reserved. © 2009 The Corporate Executive Board Company. All Rights Reserved. 6

  7. MILEAGE REIMBURSEMENT VS. VEHICLE ALLOWANCE May 05, 2009 • Issue—Deciding between Reimbursement and Allowances for Employees with frequent travel. • Key Takeaways • 60% of the respondents do not offer vehicle allowances in lieu of mileage reimbursement Answers from Our Members Question We have many individuals that travel frequently.  This being the case, we often have individuals submitting mileage reimbursement totaling more than $800 per month.  We are interested in changing from mileage reimbursement to vehicle allowances.  Does your company offer vehicle allowances in lieu of mileage reimbursement, and if so, what amount do you pay per month to employees that are eligible?  Also, we hear that there are companies that specialize in managing vehicle services.  Is anyone aware of such services, and if so, what has your experience been with them? “Going to an allowance can result in an unintended consequence. The allowance would most likely have to be considered taxable income. So, the driver will only see 60-65% of the actual reimbursement amount, and you, the company, will pay payroll taxes on this. One option could be an "accountable" plan where employees log and report on business miles can be advantageous to both employer and employee. Be it an accountable "allowance", true mileage based, or a combination, that portion of expense reimbursement that is less than or equal to the prevailing IRS mileage rate is non-taxable business expense. The rate of reimbursement may consist of components such as depreciation, repairs, insurance, etc. These programs can be outsourced and managed very efficiently. Companies like ours have been doing this for over 60 years, they have it down to a science. Typically, managed fleet programs operate at 34-36 cents per mile, depending on the vehicle and application. These programs can also include fuel cards, maintenance, accident management services, etc. that reduce the administrative work from operating a fleet of company-provided vehicles.” Director, Corporate Finance | Financial Services Do you offer vehicle allowances in lieu of mileage reimbursement? n = 10. © 2009 The Corporate Executive Board Company. All Rights Reserved. Click here to participate in this discussion

  8. BUDGET CYCLE TIME May 04, 2009 Answers from Our Members Question We are interested in benchmarking budget cycle time. To that end, we wanted to enquire if you measure your budget cycle time?  If so, how long does it take to complete the budget? Any information, suggestion on the topic would be very helpful. • Issue—Benchmarking Budget Cycle • Key Takeaways • 64% of the respondents take 3-6 months to complete their budget • 29% of the respondents take three months to complete their budget • 7% of the respondents take two months to complete their budget “We don't measure it per se, but our normal cycle is about 6 months beginning to end and breaks out about like this: Month 1-2 - High level, sr. leadership discussions about trends, markets, technology and competitors. Goal setting; expectation setting. No detailed roll ups. Month 3-4 - Business work on actions needed to meet goals and/or float revised proposals - informal presentations and discussions. Month 5 - More formal presentations and discussions with sr leadership including CFO, CEO and board of directors approval of budget. Month 6 - First month of the new year. Roll forward for opening balance sheet currency rates and any extremely unusual year end events that effect the targets.” Senior Executive | Fortune 500 How long does it take to complete your budget? “Our fiscal year is April to March. Our budget process starts in December, but this is mostly planning, assigning responsibilities, setting timelines, etc. By the end of December, the planning is complete. January to February the budget is put together, it is reviewed by the Executive Management team in March and finalized before the end of April. Including planning time, it runs 4 months, but it is really only 2 months of "all hands on deck" effort. Having the budget completed before the end of our first fiscal month (April) was something we strived for and achieved two years ago. In prior years, we would still be working on the budget up until the end of our first fiscal quarter (June).” Senior Executive | Fortune 500 n = 14. © 2009 The Corporate Executive Board Company. All Rights Reserved. Click here to participate in this discussion

  9. EXPENSE LIMITATIONS PER DAY May 05, 2009 Answers from Our Members Question We are considering implementing basic meal rates on a per meal or per day basis for travelers and individuals dining at the company's expense.  To that end, we would be interested in the following information: 1. Does your company have such a policy, and if so what are the per meal rates?  2. How much does your company allow per day for meals when traveling? a) Less than $40 per day b) $41 - $60 per day c) $61 - $75 per day d) More than $75 per day 3. Also, how do you handle travel to places where meals are typically more costly (NYC, Los Angeles, etc.)?  Does your company have an increased meal allowance in such places? Any additional comments / suggestions would be greatly appreciated. • Issue—Daily Expense Limitations. • Key Takeaways • 89% of the respondents have a policy on meal reimbursements • 50% of companies who have a policy provide an increased meal allowance for employees at more expensive locations • 21.5 % of the respondents allow $41-60 to their employees as meal allowances “Maximum daily meal allowance while traveling: When we travel on company business, we are reimbursed for actual meal expenses up to a daily maximum amount called a daily allowance. The allowance is per day and cannot be averaged over several days. The daily allowance includes meals, beverages, gratuities, tips and any snacks or mini bar charges each day.  A detailed receipt (not just the total from the charge card receipt) is required for any meal expense over $25. In some cities, expenses for meals can be much lower than the maximum amount allowed by the policy. We ask associates to use good judgment when selecting restaurants so the cost is appropriate to the location. Here are the full day meal reimbursement amounts, based on travel location: New York City - $102 , Columbus, Ohio - $57 , All California cities and Aspen, Colorado, Boston, Massachusetts, Miami, Florida, Seattle, Washington and Washington D.C. - $87, All locations in Canada - $87 , All locations in Asia - $115 All locations in Europe - $115, All other locations worldwide - $57 Senior Executive | Fortune 500 What meal reimbursement slabs do you use? “An option is to use the Federal Travel Regulation (FTR) maximum per diem rates for meals and incidentals. The FTR is the regulation contained in 41 Code of Federal Regulations (CFR), Chapters 300 through 304, that implements statutory requirements and Executive branch policies for travel by federal civilian employees and others authorized to travel at government expense, such as federal government contractors. Maximum per diem rates are established relative to the location to which a person is traveling. The current rates for travel within the U.S. can be accessed on line at: http://www.gsa.gov/perdiem” Senior Executive | Fortune 500 n = 28. © 2009 The Corporate Executive Board Company. All Rights Reserved. Click here to participate in this discussion

  10. FINANCE HEADCOUNT May 06, 2009 Question We are a Financial Services company, currently undergoing a centralization effort for Finance and are interested in information regarding Finance headcount. Specifically: a) What is your company's total and Finance headcount today (for Finance, include corporate, business, and shared services)? ____ Company-Wide FTEs _____ Finance FTEs b) What percentage of your total finance headcount works for the corporate center? ____% - Do the numbers above include transaction processing? Yes / No c) What percentage of your total finance headcount is embedded in the business?____% - Do the numbers above include transaction processing? Yes / No - If no, what percentage of your finance staff work in a separate shared services center or outsourcing arrangement? ____% How many company-wide FTEs do you have in total? Issues—Finance Headcount to support a centralization effort of the Finance function. • Key Takeaways • 35% of the respondents have over 20000 total FTEs and approximately 100 to 500 Finance FTEs • 46% of respondents have 0-20% of Finance FTEs working for the corporate center • 33% of respondents have 0-20% of Finance FTEs embedded in the business • 46% of respondents have 0-20% of Finance FTEs working for the Shared Service Center • Trends in Transaction Processing: • 50% of the responding companies include Transaction Processing in their Finance FTEs working for the corporate center • 50% of the responding companies include Transaction Processing in their Finance FTEs embedded in the business Avg. Total FTE’s in FS companies: 6325 FTEs n = 20. How many Finance FTEs do you have in your company? Avg. Finance FTE’s in FS companies: 163 FTEs n = 20. Click here to participate in this discussion © 2009 The Corporate Executive Board Company. All Rights Reserved. © 2009 The Corporate Executive Board Company. All Rights Reserved. 10

  11. FINANCE HEADCOUNT (CONTINUED) May 06, 2009 What is the % of Finance FTEs working for the corporate center ? What is the % of Finance FTEs working in the Shared Service Center? n = 20. n = 20. Answers from Our Members What is the % of Finance FTEs embedded in the business ? “Below some figures regarding our Group: - we do not have shared services yet, this is a starting project (we plan regional centers) but go decision not taken - total finance staff = 830 - Corporate staff = 90 (incl. 4 working on transaction processing) - the 830 can be split in: > 370 accounting (transaction processing) > 100 project accounting & control > 120 budget & control > 80 cash management & financing > 30 CFO & Financial Controllers > 40 tax > 90 others.” Energy Company n = 20. © 2009 The Corporate Executive Board Company. All Rights Reserved. © 2009 The Corporate Executive Board Company. All Rights Reserved. 11

  12. FINANCE HEADCOUNT (CONTINUED) May 06, 2009 Answers from Our Members (Continued) “Moderator - you might suggest to the person asking the question that they frame it in terms of: % providing specialist services (tax, treasury etc, typically centralized); % providing business support (typically those in the business segments); and % providing transaction services (typically a shared services - either in Corporate or close to business). For us, it's about: a) 34500 Company-Wide FTEs, 950 Finance FTEs b) 6% and No c) 94% and Yes about 2/3rds of 94% Transportation Company “a) 12,000 Company-Wide FTEs , 250 Finance FTEs. This is a recent change with the line of business planning and budgeting headcount centralized in Finance. Global Procurement, Vendor Management and the Enterprise Project Management Office have also recently been centralized into Finance. Prior to these moves, the Finance team headcount was 180 which included tax, management & reg reporting, accounting services, planning, budgeting, M&A, Treasury, AP, IR, SOX and compliance and our Lean initiative b) 75% and Yes. We have two locations for Finance - corporate a the smaller group at another location that mainly handles the transaction processing for our banks corporate handles the transaction processing at the parent level. c) 10% and Yes. Each line of business has Finance headcount for planning and budgeting purposes. 5% finance staff work in a separate shared services center or outsourcing arrangement, as AP is outsourced.” Financial Services Company “109,000 total company employees; ~3,000 finance b) ~300 of 3,000, so 10%, at corporate - no transaction processing. (100 tax; 90 specialized accounting and external reporting; 70 internal audit; 40 treasury - the businesses do not have these functions) a) Remaining 90% (or 2,700) are in the businesses. Yes, the majority of transaction processing is included in these figures however most payroll processing activity is in our HR function rather than finance. But collections, disbursements, travel expense processing, etc are in the finance function. Conglomerate Company © 2009 The Corporate Executive Board Company. All Rights Reserved. © 2009 The Corporate Executive Board Company. All Rights Reserved. 12

  13. BOARD LEVEL RISK COMMITTEES April 23, 2009 Question We are interested in the roles and responsibilities of Board-level risk committees at other organizations. Specifically: Do these Board committees engage in oversight of management's risk governance or get involved in approval of specific business strategies and limits on business activities? Any insights/information would be highly appreciated. Answers from Our Members • Issue—Role, responsibilities and existence of Board Level Risk Committees. • Key Takeaways • None of the responding companies have a Board Level Risk Committee. • Oversight of the Risk function include: • In 2/5 responding companies, the oversight/ monitoring of Risk function is done by Audit Committee • In 2/5 responding companies, the oversight/ monitoring of Risk function is done by the full Board • 1/5 responding company is of the view that oversight/ monitoring of Risk function is done by either the Audit Committee or the full Board “I do think there is a subtle but important distinction between a committee which oversees "risk" and one which oversees "risk management". From previous experience with a big4 firm, all too often terms of reference were not sufficiently clear. My preference / guidance to clients would be to carefully consider why the committee was required – i.e., what gap in the existing committee structure was it trying to fill, or supplement by differential focus. ie1 it is a core executive and board responsibility to actively discuss risk - arguably within Exec / strategic planning discussions or the Board itself. Bringing this type of discussion into a risk committee could actually inhibit embedding of risk within management and/or oversight routines. ie2 the risk committee focus needs to be aligned with the audit committee. Overseeing risk management systems and risk governance is by default an audit committee responsibility. I would be interested in examples of where a clean and sustainable line could be drawn between the responsibilities of a Board Risk and Board Audit committee. Overall - outside Financial Services where there are specific technical matters, I was never a big fan of (optional) risk committees as they often served to confuse rather than enhance discussion and accountability for risk, and the scope and authority of other (mandated) committees. Corporate Risk Manager |Utilities Does your company have a Board Level Risk Committee? n = 5. Click here to participate in this discussion © 2009 The Corporate Executive Board Company. All Rights Reserved. © 2009 The Corporate Executive Board Company. All Rights Reserved. 13

  14. CORPORATE VS. INDIVIDUAL LIABILITY FOR T&E CARDS April 17, 2009 • Issue—Liability for T&E Cards. • Key Takeaways • 59% of the respondents use Individual liability for T&E Cards • 41% of the respondents use Individual liability for T&E Cards Answers from Our Members Question We are evaluating corporate vs. individual liability for T&E cards.  To that end, we are interested in other company practices on the same. Which do you currently use and why? “Although we tell our employees when they initially request a T&E card that they are individually liable, the company is in fact liable for the expenses. Our reimbursement process is for the employee to pay the card balance directly and submit an expense report for business related charges. (Note also that although the card is supposed to be limited to business related expenses only, we haven't enforced this. We do this because some of our employees who require a card do not have sufficient creditworthiness to secure a card on their own. Unfortunately, this sometimes causes issues when employees do not make their payments in a timely manner, as severely delinquent balances can ultimately be charged off to the company and deducted from our rebate. On a few occasions, we have had employees leave the company with unpaid balances, which per state law, we are not permitted to deduct from their final paycheck. Senior Executive | Fortune 500 What does your company utilize - Corporate vs. Individual Liability for T&E Cards? n = 22. Click here to participate in this discussion © 2009 The Corporate Executive Board Company. All Rights Reserved.

  15. Chief Financial Risk Officer April 14, 2009 Question Does your company have a Chief Financial Risk Officer? If yes, what are the responsibilities of the role? Specifically, how is it different from a Chief Risk Officer? Answers from Our Members Issue—Roles and responsibilities of a Chief Financial Risk Officer. “Effectively NO. The CFO is (following same principles at group and division) the Chief Risk Officer for the division and by default also the Chief Financial Risk Officer. How does this work out in practice. We have a number of key players managing the principle financial risks - treasury; supplier/customer financials; performance; insurance; etc. The CFO (and me as the Head of Risk Management for division) coordinates and brings it all together.” Head of Risk Management and Internal Control | Aerospace/Defense • Key Takeaways • None of the responding companies have a Chief Financial Risk Officer. • Trends in heading the Risk function include : • In 4/8 responding companies, the responsibility for Risk Management lies with the Chief Risk Officer • In 4/8 responding companies, the responsibility for Risk Management lies with the Chief Financial Officer Does your company have a Chief Financial Risk Officer? “We have a Chief Risk Officer and take an integrated approach to risks. We believe having a stand-alone Chief Financial Risk Officer or any other chief officer for specific risks creates gaps and overlaps. It also makes it difficult to aggregate risks into an enterprise-wide risk profile and adjust positions between risks. Our CRO office has expertise in all the specific risks that we face.” Senior Executive | Insurance “No Chief Financial Risk Officer. We have these related chiefs: Chief Financial Officer , Chief Privacy Officer Chief Information Security Officer and Chief Risk Officer” Senior Executive | Fortune 500 n = 8. © 2009 The Corporate Executive Board Company. All Rights Reserved. © 2009 The Corporate Executive Board Company. All Rights Reserved. 15 Click here to access the discussion thread

  16. SHARED SERVICE CENTER FOR HR AND ACCOUNTING March 31, 2009 Answers from Our Members • Issue—Whether to run separate Shared Service Centers for HR and Accounting. • Key Takeaways • 75% of the respondents have separate shared service centers for HR and Accounting • 17% of the respondents have consolidated shared service centers for HR and Accounting • 8% of the respondents have only Accounting shared service centers “My company's Shared Service model is structured such that the individual shared services (HR; Accounting; Operations, e-Business; Advanced Engineering and Technology; Mergers and Acquisitions ) report separately and directly into our CEO, similar to our three Business Units. This structure has been in place since 1999, and is functioning very well. This model has been attributed with contributing several points of improved Operating Margin.I know companies have successfully consolidated shared services under one organization and have established more of a customer - supplier internal arrangement with the Business Units. We tend to have each of the Businesses partnering with individual shared services, The major shared services (e.g..HR; Operations; e-Business) have identified a Business Relationship Manager position to ensure this partnership is effective, acting as a key member of the Senior Leadership team in the Business Unit.” Senior Executive | Fortune 500 Question We are interested in knowing if other companies run a separate Shared Service Center (SSR) for HR and / or Accounting of if they are normally consolidated. Do you run a SSR for HR and Accounting? “We have been running a financial shared service unit for our US units since 2003 with a great deal of success. We also have a shared employee recruitment center which has been up since 2004, again a success. The financial shared services structure enabled us to comply with SOX much easier than if the work was dispersed, as most of the transactional controls are within one group. A key to success for our FSS unit has been a common systems platform, as all of the units we have included are on the same platform, which lends itself to common process, policy, and controls. Communication and standardization are also critical. Do not underestimate the change management element of this effort.” Senior Executive | Fortune 500 n = 24. © 2009 The Corporate Executive Board Company. All Rights Reserved. Click here to participate in this discussion

  17. Risk Databases March 24, 2009 Answers from Our Members Question We are interested in feedback/information around Risk Databases. Specifically: What software platforms others use to identify, track and report risks? Do you use Excel or other software to track risks? How does senior management access the information? Any feedback/suggestions would be highly appreciated. Issue—Software to identify, track and report risks. “1. An ERM software was recently implemented at our company to enhance and automate our risk management process. We used a web-based software called CATSWeb. CATSWeb was designed to help firms track issues and actions from identification through disposition and corrective action. Our company uses CATSWeb to identify and record risks that may be of concern to our company and to mitigate the risk depending on likelihood and impact. In the case where the risk is mitigated, individual Risk Mitigation Plans in CATSWeb for each identified risks are created. Using the CATSWeb software helps us search the database across years and risk types (Strategic, Operational, Financial) for certain risks, key words, by Risk Owner etc. 2. We also Hyperion software to create reports that are distributed to senior management. The purpose of Hyperion is to automate the process of creating Risk Scorecards and Heat Maps using the risk data that is stored in CATSWeb. Senior management can, but does not use the CATSWeb software directly. Director of Enterprise Risk Management | Utilities • Key Takeaways • 72% companies continue to use Internal or Excel-based risk databases. • Other highlighted Databases / software include OpenPages, Axentis, Curra, Methodware, KnowRisk, RMSS and EMERSON • Trends in senior management information access include: • 1/7 responding companies’ senior management would have real-time access to risk reports via Archer • 5/7 responding companies send manually extracted PPT/PDF updates to the senior management on a regular basis • 1/7 responding companies use Hyperion to extract risk reports Risk Database/Software used? n = 7. Click here to access the discussion thread © 2009 The Corporate Executive Board Company. All Rights Reserved. © 2009 The Corporate Executive Board Company. All Rights Reserved. 17

  18. Risk Databases (CONTINUED) March 23, 2009 Answers from Our Members (Continued) “1. STARS; however, it has been very challenging for Property Risks. Casualty works just fine. The big issue with this program is that Casualty and Property work on the same platform, so the fields are shared, and this creates confusion for running reports. We are checking the EMERSON system, for this is a system that you can customize in accordance with your needs. Property and Casualty are totally independent.. Before we used excel; however, file was getting bigger and difficult to manage. Excel is a great tool if your claims frequency is not high. 2. They request the reports to the Risk Management department directly.” Senior Executive | Fortune 500 “Depends on state of maturity. We took a poll of some firms a while back and found that most people are using spreadsheets and IBM Lotus Notes team rooms. Those drowning in spreadsheets are using general purpose workflow packages such as IBM's FileNet or Oracle's Stellant to organize and gain efficiency. Others have picked special purpose tools like OpenPages or Axentis. Then there is the group that is seeing governance, risk and compliance as using similar information to what is used for business performance management, so they are building off solutions such as IBM's Cognos or offerings from SAP. Many of these have role based views for managers and everyone else.” Senior Executive | Fortune 500 © 2009 The Corporate Executive Board Company. All Rights Reserved. © 2009 The Corporate Executive Board Company. All Rights Reserved. 18

  19. Reporting Risks to the Board March 10, 2009 • Question • We are interested in company practices around reporting the following risks (see listing below) to the Board of Directors or Subcommittee of the Board?  • Specifically, which risks are reported to/managed by which Subcommittee of the Board.   • Risk Category  • Investment Risk (Credit, Market)       • Legal/Compliance Risk  • Operational Risk        • Financial Risk (Liquidity, Financial Reporting, Tax)  • Strategic Risk • Product Risk   • Reputation Risk    • IT/Systems Risk        • Issue—Reporting of specific risks to Board or its sub-committees. • Key Takeaways • In 83% of the responding companies, the Audit Committee is responsible to report/manage all risks to the Board • 66% of the responding companies report risks on a quarterly basis Reporting frequency? n = 12. Additional Risk categories highlighted by respondents include: Socio-political Risk Supply chain Risk Environmental Risk Strategic Risk Competitive Risk Property risk Global Economic Risk International Country Risk Disruptive Technology Risk External Hazards Risk Innovation Risk People Risk Physical Risk Political Risk 3rd Party Risk All risks are reported to/managed by? n = 12. Click here to access the discussion thread © 2009 The Corporate Executive Board Company. All Rights Reserved. © 2009 The Corporate Executive Board Company. All Rights Reserved. 19

  20. Reporting Risks to the Board (CONTINUED) March 10, 2009 Answers from Our Members (Continued) “Quarterly, the Audit Committee of our Board of Directors receives/reviews updates to the Company's enterprise risk profile. This covers the full spectrum of enterprise key risks including those noted in your question but also includes things such as security (IT, Network and physical) risks, regulatory/political intervention risks, competition risks, global economic risks, exchange rate risk, customer/supplier viability risks, international country risk, disruptive technology risk, external hazards risks, and operational execution/delivery risks. In addition, as part of the standing Audit Committee agenda, on a quarterly basis, detailed information is provided with respect to: Investment Risk (Credit, Market), Legal/Compliance Risk, Financial Risk (Liquidity, Financial Reporting, Tax), IT/Systems Risk (as it pertains to major systems upgrades and/or technology build outs), and HR Risk (specific to Health and Safety).The Audit Committee also receives regular quarterly updates on Financing items such as Hedging, Share repurchases, Public Debt Issuance, Derivatives, and Guarantees and Indemnities; Ethics reporting; business continuity planning; property risk management; and environment risk management and corporate social responsibility updates. CONTINUED….. CONTINUED….. It should be noted that other board committees monitor and address certain risk categories to a deeper degree, for example our Pension Committee provides oversight and governance to the associated pension plan risks, the HR&C committee provides oversight to risks associated with human resources, compensation and succession planning, and the corporate governance committee provides oversight to ongoing monitoring and adoption of corporate governance good practices and to the delegation of authority (and policy parameters) between the board and management. Last, our key risks are vitally linked with our strategic planning process and so the full board has a view into each of the risks as it participates with our executive leadership team in our ongoing strategic planning process/activities. CFO |Telecommunications © 2009 The Corporate Executive Board Company. All Rights Reserved. © 2009 The Corporate Executive Board Company. All Rights Reserved. 20

  21. Reporting Risks to the Board (CONTINUED) March 10, 2009 Answers from Our Members (Continued) “We track eight categories of risk: 1) credit, 2) liquidity, 3) interest rate, 4) platform (IT), 5) operations (transactional performance, financial controls, etc.), 6) compliance, 7) strategic (including reputational), and 8) legal. The Finance Committee has primary responsibility for overseeing liquidity and interest rate risk. The Audit and Risk Committee oversee the other six areas. Each quarter a risk report is prepared by the Chief Risk Officer drawing on inputs by each "risk stewards" that measures conditions and reports on mitigation initiatives in each risk area. In addition, the report identifies and reports on the "Top 10" risks at the moment. The report is reviewed in depth by the Audit and Risk Committee and then distributed to the full board with comments (during the board meeting) by the Chairman of the Audit and Risk Committee. At least once a year, the Chief Risk Officer makes an substantive presentation on risk management conditions, process, organization and activities to the full board. Credit performance is reviewed at each board meeting.” Director, Chairman of Audit & Risk Committee | Financial Services “We have a well developed risk reporting and management process that we do "bottoms -up' twice a year. We collect the risks granularly from all levels of the organization and then we combine and collate the risks at the summary level. We hold an overall Senior-level management review and match the "bottoms-up" risks to a "tops - down" list also. We then rank the risks on a relative basis (net of mitigation actions). We report on each of the categorized risks that are detailed in your question and also some additional risks (perhaps more applicable to our situation) such as "socio-political, supply chain, environmental, strategic and competitive risks.We report in a detailed fashion to the Audit Committee and in summary form to the overall BOD. The detailed review is restricted to the highest ranked risks that are categorized as the most likely and with the highest impact based on the combined score from those two characteristics.The BOD are very active in their review and evaluation and have added much value by suggesting enhancements and additions..” CFO |Computer Hardware © 2009 The Corporate Executive Board Company. All Rights Reserved. © 2009 The Corporate Executive Board Company. All Rights Reserved. 21

  22. LEGAL CAVEAT COPIES AND COPYRIGHT As always, members are welcome to an unlimited number of copies of the materials contained within this handout. Furthermore, members may copy any graphic herein for their own internal purpose. The Corporate Executive Board requests only that members retain the copyright mark on all pages produced. Please contact your Member Support Center at +1-866-913-8102 for any help we may provide. The pages herein are the property of the Corporate Executive Board. Beyond the membership, no copyrighted materials of the Corporate Executive Board may be reproduced without prior approval. The CFO Executive Board has worked to ensure the accuracy of the information it provides to its members. This report relies upon data obtained from many sources, however, and the CFO Executive Board cannot guarantee the accuracy of the information or its analysis in all cases. Furthermore, the CFO Executive Board is not engaged in rendering legal, accounting, or other professional services. Its reports should not be construed as professional advice on any particular set of facts or circumstances. Members requiring such services are advised to consult an appropriate professional. Neither the Corporate Executive Board nor its programs are responsible for any claims or losses that may arise from a) any errors or omissions in their reports, whether caused by the CFO Executive Board or its sources, or b) reliance upon any recommendation made by the CFO Executive Board.

More Related