Post on 01-Apr-2018
transcript
1
Enterprise Risk Management David WhatleyMarch 24, 2006
You can do it. We can help.
2
Enterprise Risk Management by Many Other Names is Still Enterprise Risk
Management
You can do it. We can help.
3
Risk Identification and Evaluation Built Into All Business Processes
Assimilation of Results of Risk Management in Each Business:– Assure Risk Management Process is Executed– Risk Tolerance Levels Are Appropriate and
Uniform– Determine Consolidated Risk of Enterprise– Measure vs. Level Approved by Board of
Directors
Enterprise Risk Management (ERM)
You can do it. We can help.
4
Board of Directors = Overview Process/Sets Risk Level
Chief Executive Officer = Chief Risk Officer Senior Leadership Team = Risk Committee Business Processes Include Risk Assessments
and Consideration of Risk in Decisions or are Risk Based
Enterprise Risk Management Structure
You can do it. We can help.
5
Enterprise Risk ManagementThe ERM Components
• Influences how strategies and goals are set, how activities are structured and how risks are identified, assessed and acted upon
• Creates a process for setting objectives, ensuring that those objectives are aligned with strategic goals and that those goals are consistent with risk appetite
• Considers internal and external factors that might affect strategy and achievement of business objectives
• Focuses on the likelihood and impact of potential events and their effects on objectives
• Evaluates risks for possible responses and their effects
• Ensures that risk responses are carried out efficiently via policies and procedures
• Involves the exchange of relevant data with internal and external parties so that they may identify, assess and respond appropriately to risk
• Ensures that the components of ERM are applied at all levels
Internal Environment
Objective Setting
Event Identification
Risk Assessment
Risk Response
Control Activities
Information and Communication
Monitoring
You can do it. We can help.
6
Activity DeliverableERM Components THD ActivitiesERM at The Home Depot (not all inclusive)
ERM Components
• Internal Environment • Tone at the Top• Sarbanes-Oxley/404
• Corporate Governance• Entity Level Assessment
• Objective Setting • Strategic Vision• Strategic Initiatives
• Board of Directors (BOD)• SOAR
• Risk Response • Strategic Initiatives• Internal Audit Plan• Insurance Levels
• SOAR• Internal Audit• Liability Risk Analysis
• Event Identification • Liability Risk Analysis• SOAR
• Insurance Levels• Strategic Initiatives
• Risk Assessment • SOAR• Internal Audit
• Strategic Initiatives• Internal Audit Plan
• Attestation of Fin. Reporting effectiveness• SOP’s• Standard Reconciliation Process
• Control Activities • Sarbanes-Oxley/404• Corporate Compliance
• Information & Communication • Strategic Initiative Issue Resolution• Management Report Outs
• Quarterly Executive Council (QEC)• Weekly President’s Call
• Monitoring • SOAR• Quarterly Executive Council
• Strategic Initiatives• Strategic Initiative Issue Resolution
You can do it. We can help.
7
The Home Depot’s Risk Areas
• EVP – Merchandising/Marketing
• EVP – Merchandising/Marketing
THD Risk Area OversightAsset Management
Customer Service
Legal
Finance/Accounting
Human Resources
External Factors
Brand and Image
Information Technology
Supply Chain
Growth
Merchandising
REEC
BOD, QEC
Supply Chain Council
IT Advisory Council
Growth Steering Comm.
Branding Committee
Audit Committee
Innovative Council
Leadership Development Compensation Committee
Compliance Council
Store Manager Council
//
/
/
/
/
/
/
/
/
/
/
• EVP – Bus. Development/Corp. Operations
• CEO
• EVP – IT/CIO
• EVP – Bus. Development/Corp. Operations
• EVP - CFO
• EVP – Merchandising/Marketing
• EVP - HR
• EVP – Secretary/General Counsel
• EVP – HD Stores
Business Leader
You can do it. We can help.
8
The Home Depot Compliance Program is based upon the three-fold approach of: (1) prevent, (2) detect and (3) respond to potential issues. Taken together, these three components form a closed-loop cycle that reinforces compliant conduct throughout the Company.
Home Depot Compliance Program
You can do it. We can help.
9
• A Compliance Policy is maintained for each identified risk area of the Company’s business.
• Compliance Processes are developed under each Compliance Policy that establish mechanisms for Company conduct.
• Training educates and informs targeted associates about the Company’s Compliance Policies & related SOPs.
• Standard Operating Procedures (SOPs)
Compliance Structure
You can do it. We can help.
10
• Quarterly Reviews: Select policies or functional areas are reviewed quarterly
• Annual Compliance Reviews: Week-long enterprise-wide policy and functional area review with all Divisions, Subsidiaries and International Businesses
Compliance Reviews
You can do it. We can help.
11
Compliance Review Components
Risk Factor AssessmentLaws Update
Other Updates• Government Investigations
• Training Proposals
• Budget/Resource Allocations
Incident Update
• Progress Monitoring Dashboard
• Use of Traffic Lights
• Major incidents and the divisions in which they occur are reported, along with the investigation details and resolutions
You can do it. We can help.
12
2005 COMPLIANCE PLAN Home Depot U.S.A., Inc. : Safety
Risk Management – 3rd Quarter
METRIC RISK LEVEL
BENCH MARK
Q1 Q2 Q3 Q4 YTD TRAFFIC LIGHT
RISK
# of Incidents Low 0 0 0 0 0 G Sample Risk 1
# of Violations Low 0 0 0 0 0 G Sample Risk 2
Risk-Based Compliance Monitoring
Risk Management: Traffic Lights provide an efficient way of quickly determining the Company’s individual risk status.
S A M
P L E
You can do it. We can help.
13
2005 COMPLIANCE PLAN Home Depot U.S.A., Inc. : Benefits Process Improvements – 3rd Quarter
PROCESS IMPROVEMENT ACTION STEP COMPLETION DATE
STATUS TRAFFIC LIGHT
Process Improvement #1
G
Process Improvement #2
G
Process Improvements: Any processes and/or
procedures being developed and implemented to improve current operations and mitigate risks.
Compliance Monitoring
S A M
P L E
You can do it. We can help.
14
Align SOAR with Strategic Vision
SOAR Based on Strategy
Voice of CustomerConversion
Store Productivity
New LocationsNew Service Categories
New Channels
New BusinessesNew Platforms
New Geographies
Customer Satisfaction
Differentiated and Innovative Merchandise at Great Value
Store Readiness
Information Technology
Leadership Development
New Stores
New Formats
Home Depot Services
Home Depot Direct
Home Depot Supply– MRO*– Builder– Professional Supply
Canada
Mexico
China
Enhance Core Extend Business Expand Market
*MRO – Maintenance, Repair and Operations
You can do it. We can help.
15
Strategic Planning Entities
#21#22#23
#24 & #59#25#26
#27E#27L#28#29#30
Store Formats
• AHS• HD Supply/ ITB PRO /
Tool Rental
• Canada
• Direct /eBusiness• Operations / Stores
(Supply Chain)
• IT
• Credit
DEPARTMENTS OTHER BUSINESSES
SOAR 2005
• Marketing / Store Merchandising
• Human Resources
• Legal
• Finance
• Real Estate / Construction
• Merchandising / Divisions(late November to lock plan)
FUNCTIONS / OPERATING PLANS
7 days in AugustFunctional Reviews on an exception basis Operating Review 2 days in December
You can do it. We can help.
16
Proposed SOAR Calendar
ProcessProcess
Key Key Meetings Meetings & Events& Events
Operating PlanOperating Plan
Executive TeamSOAR Activity
March October November DecemberAugust SeptemberApril May June JulyFebruary
Strategic PlanningStrategic Planning
Off-site to finalize plans
Set strategicguidance/MetricsELT Game Changers
SOAR current year Initiative update
ProgressReview
ProgressReview
SOAR IStrategyReviews
SOAR IDecisions
SOAR IIOperatingReviews
DivisionalReviews
’06 Planlocked
SOAR IKick-off
Space PlanningPrework
Targets & guidance set for teams
Final PlansDue
Inter-departmental
reviews
Teams designated
SOAR IIKick-off
Merchandising & Divisional working
sessions
Capital & G&A Decisions
Strategic Planning
17
Q & A
David Whatley404-217-5720
kwhatley@bellsouth.net