Enterprise Risk Management and Business Continuity Planning

1. Enterprise Risk Management and Business Continuity Planning Mark Carey, CPA, CISA President 866.335.2736 x8431 mark@delcreo.com www.delcreo.com

2. BCP Experience • Business impact assessment • Functional versus process view • Standard Business continuity planning methodologies and “Body of Knowledge” neglect “Program” elements • How does BCP fit in the broader picture of managing risk for a company? • Benchmarking/Leading Practice/Example Plans

3. Enterprise Risk Management Definition Enterprise Risk Management (ERM) is the capability to protect enterprise value by managing risk: • With a coordinated and systematic approach, • Organization-wide, and • Across all types of risk.

4. Business Risk Profiling: Risk Drivers Strategic Operational Stakeholder Financial Intangible • Macro Trends • Competitor • Economic • Resource Allocation • Program/Project • Organization • Structure • Strategic Planning • Governance • Brand/Reputation • Ethics • Crisis • Partnerships/JVs • Processes • Physical Assets • Technology • Infrastructure • Business • Interruption • Legal • Human Resources • Environmental • Hazard • Customers • Line Employees • Management • Suppliers • Government • Partners • Community • Market • Accounting • Credit • Cash Management • Taxes • Regulatory • Compliance • Knowledge • Intellectual Property • Information Systems • Databases • Information for • Decision Making

5. Risks That Matter Risk Management Culture and Infrastructure Shareholder Value Levers • Customer Facing Business Models • Virtual Supply Chain • Partnerships and Alliances • e-Business Infrastructure • Venture Capital Investments • Human Resource • Organizational Change/Allocation of Resources • Intellectual Property • Growth • Accelerate growth in current businesses • Drive adoption of next generation appliances, e-services and infrastructure in high growth markets • RISK MANAGEMENT CULTURE AND INFRASTRUCTURE • Risk Strategy • Risk Management Processes • Technology • Functions • Culture and Capability • Governance • IMPROVEMENT INITIATIVES • Senior Management Validation and Support • eRisk Rapid Response (eR3) Process • Risk Coverage Mapping • Risk Management Workbench • Detailed Risk Analysis • eBusiness Risk Management Benchmark • Value Web and Organizational Efficiency • Streamline decentralized operating model • Total Customer experience approach • Capital • Take advantage of strong balance sheet • Market Variables • Create e-services ecosystems - place HP at the center Business Impact Assessment • Management challenges the numbers • Make it “real” for senior management • Typical approach/ measures often do not line up with how CEO, CFO, CIO evaluate their business and make decisions

6. People Primary Processes Stakeholders Stakeholders Inputs Service Function versus Process View External Environment CEO Internal Environment Executive Capital Products Manufacturing Gaining New Business HumanResources Marketing Product/Process Design Outputs Materials Operations Operations Information Information After Sales Support Graphics Sales Research Communications Risk Management Information Technology Human Resources Accounting Treasury Support Processes

7. BCP Methodologies and Body of Knowledge • Focused on developing a plan • What is missing: • Process improvement tools • Process Modeling and Improvement • Program management • Value Drivers • Strategic Planning and Alignment (Personal and Department/Function) • Reporting • Knowledge Management • Program implementation • Implementation • Organizational Change

8. Strategic Planning • Are we in alignment with organizational value drivers and strategies • Can we implement our strategy effectively? • Do we have the right • Organizational structure • Tools • Metrics • “Go to market” approach?