A SUMMER INTERNSHIP REPORT ON
‘’ENTERPRISE RISK MANAGEMENT” UNDERTAKING
SUBMITTED IN THE PARTIAL FULFILLMENT OF THE REQUIREMENT FOR THE POST GRADUTAE DEGREE OF POST GRADUATE DIPLOMA IN MANAGEMENT
1|Page
ACKNOWLEDGEMENTS Research report acts as a bridge connecting the educational qualification and the Professional use .It is the path leading to success by shouldering responsibilities under the careful guidance of seniors and experienced personnel without fear and failure. My research report would have been impossible had certain people co-operated. I would like to acknowledge their support by thanking them from the inner of my heart for their unfailing help, guidance and encouragement. I am extremely thankful to our guide Mr. XYZ of under whose supervision I was able to accomplish the task by providing valuable guidance, suggestions and for encouragement throughout the course of study. I find my great honor to express gratitude to my profound gratitude, indebtedness and personal regards and thanks to my instructor Mrs. Minakshi Ray and Mrs. Uma Luthra, for their encouragement, guidance, moral support during the project and expressing a profound sense of gratitude to all teachers of the XYZ College.
Last but not the least I am highly thankful to the most valuable persons in our life, my parents. I am highly obliged to all of them for their care, love, encouragement and faith in me as they were always there to help me and come out of hard time.
2|Page
CERTIFICATE FROM FACULTY MENTOR This
is to certify
that
work
entitled
“ENTERPRISE
RISK
MANAGEMENT ” is a piece of work done by XYZ under my guidance and supervision for the final fulfillment of degree of PGDM in XYZ University. To the best of my knowledge and believe the project: A. Embodies the work of candidate himself. B. Has duly been completed. C. Fulfills the requirements of the rules and regulations relating to the final live project of the institute. D. It is up-to the standard both in respect of contents and languages for being referred to the examiner.
Prof. XYZ
Prof. XYZ
Faculty Mentor
Faculty Mentor (Industry)
3|Page
Executive summary The research is carried out on the topic “ENTERPRISE RISK MANAGEMENT” in which the primary objective was to understand the concept of risk, various types of risk to which the different sector of industries are exposed to, the main steps and frameworks followed by them to mitigate the risk. Through ERM, the clear linkage between business fundamentals and actuarial theory and practice should engage students and professionals from various backgrounds in the study of actuarial science a logical career strategy in a global business environment that has embraced ERM as a modern management discipline.
Then
major risk of ABB limited, current practices followed by them to mitigate risk in a
better way is thoroughly studied. The mitigation of risk is the major problem of every organization. Risk is the difference between the actual outcome and the expected outcome of result. In order to remove these risks organization tries many ways by which these gaps can be removed or can be shorted. ERM is the processes by which the whole company risk can be manage. ERM is the discipline by which an organization in any industry assesses, control, exploit, finances and monitors risk from all sources for the purpose of increasing the organization’s short and long term value to its stakeholders ERM may be specific for some of the organization as per there relative industry or there structure. 4|Page
For this firstly it is necessary to know what are the major risk that the organization has faced or facing and then all risk are divided according to their area and find out at which stage they are facing risk and how much critical they are. HEAT MAP is the better tool to understand all these risk. With heat map the likely hood of risk and the impact of that risk over the company are clearly defined. There are different ways to perform all this process and every company try to make the strategy for the organization so that their goal can be achieved. COSO is the basic frame work for the ERM Life cycle The COSO Framework provides understandings of the components of ERM. There are other frameworks as CoBit. Risk is evaluated and arranged in an order accordingly, whether they can be avoided, accepted or transferred. Finally based on their seriousness best method to mitigate them is implemented.
5|Page
CONTENTS
S.N
NAME OF CHAPTER
1.
Company profile
2.
Introduction
3. 4. 5.
What is risk
PAGE NO 5 7 10
Type of risk E.R.M. Process
12 22
6.
Different Case Study on E.R.M
25
7.
How to manage Risk
62
8.
S.O.A and C.O.S.O frame work
67
9.
COBIT Frame work
74
10.
Findings & conclusion
77
11.
Suggestion and Recommendation
80
6|Page
COMPANY PROFILE
7|Page
ABB Limited ABB is a leader in power and automation technologies that enable utility and industry customers to improve performance while lowering environmental impact. The ABB Group of companies operates in around 100 countries and employs about 120,000 people. Power Products are the key components to transmit and distribute electricity. The division incorporates ABB's manufacturing network for transformers, switchgear, circuit breakers, and cables and associated equipment. It also offers all the services needed to ensure products' performance and extend their lifespan. The division is subdivided into three business units. Power Systems offers turnkey systems and services for power transmission and distribution grids, and for power plants. Substations and substation automation systems are key areas. Additional highlights include flexible alternating current transmission systems (FACTS), high-voltage direct current (HVDC) systems and network management systems. In power generation, Power Systems offers the instrumentation, control and electrification of power plants. The division is subdivided into four businesses . The main focus of this ABB business is to prove This ABB business serves customers with energy efficient and reliable products to improve customers' productivity, including drives, motors and generators, low voltage products, instrumentation and analytical, and power electronics.
8|Page
More than one million products are shipped daily to end customers and channel partners, spanning a wide range of industry and utility operations, plus commercial and residential building side customers with integrated solutions for control, plant optimization, and industry-specific application knowledge. The industries served include oil and gas, power, chemicals and pharmaceuticals, pulp and paper, metals and minerals, marine and turbo charging. Key customer benefits include improved asset productivity and energy savings. ABB (www.abb.com) is a leader in power and automation technologies that enable utility and industry customers to improve performance while lowering environmental impact. The ABB Group of companies operates in around 100 countries and employs about 120,000 people.
Power Products Power Products are the key components to transmit and distribute electricity. The division incorporates ABB's manufacturing network for transformers, switchgear, circuit breakers, cables and associated equipment. It also offers all the services needed to ensure products' performance and extend their lifespan. The division is subdivided into three business units.
9|Page
Power Systems Power Systems offers turnkey systems and services for power transmission and distribution grids, and for power plants. Substations and substation automation systems are key areas. Additional highlights include flexible alternating current transmission systems (FACTS), high-voltage direct current (HVDC) systems and network management systems. In power generation, Power Systems offers the instrumentation, control and electrification of power plants. The division is subdivided into four business units.
Automation Products This ABB business serves customers with energy efficient and reliable products to improve customers' productivity, including drives, motors and generators, low voltage products, instrumentation and analytical, and power electronics. More than one million products are shipped daily to end customers and channel partners, spanning a wide range of industry and utility operations, plus commercial and residential buildings.
10 | P a g e
Process Automation The main focus of this ABB business is to provide customers with integrated solutions for control, plant optimization, and industry-specific application knowledge. The industries served include oil and gas, power, chemicals and pharmaceuticals, pulp and paper, metals and minerals, marine and turbo charging. Key customer benefits include improved asset productivity and energy savings.
Robotics ABB is a leading supplier of industrial robots - also providing robot software, peripheral equipment, modular manufacturing cells and service for tasks such as welding, handling, assembly, painting and finishing, picking, packing, palletizing and machine tending. Key markets include automotive, plastics, metal fabrication, foundry, electronics, machine tools, pharmaceutical and food and beverage industries. A strong solutions focus helps manufacturers improve productivity, product quality and worker safety. ABB has installed more than 160,000 robots worldwide. 11 | P a g e
RESEARCH METHODOLOGY
12 | P a g e
OBJECTIVES Understanding the concept of enterprise risk management Study of different type of risk in respect of different industries Study the different framework of E.R.M Prioritize the different risk as per there impact and likelihood How to mitigate that risk GIVE SUGGESTION BASED ON THE STUDY TO MITIGATE RISK IN A BETTER WAY
13 | P a g e
Type of data To full the study we have gathered information from secondary data Source: The data is collected from the internet, books , journals ,and from the company web site and annual report published by company.
14 | P a g e
ENTERPRISE RISK MANAGEMENT ERM emphasize a comprehensive view of risk and risk management and the view that risk management can be value-creating, in addition to a risk-mitigating process. Several text and periodicals have introduced concepts such as “strategic risk management”, “integrated risk management and “Holistic risk management. These concepts are similar to ERM.
Enterprise risk management deals with risks and opportunities affecting value creation or preservation, is defined as follows:
“Enterprise risk management is a process, effected by an entity’s board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.”
The definition reflects certain fundamental concepts. Enterprise risk management is:
•
A process, ongoing and flowing through an entity
•
Effected by people at every level of an organization
•
Applied in strategy setting
15 | P a g e
•
Applied across the enterprise, at every level and unit, and includes taking an entity level portfolio view of risk
•
Designed to identify potential events that, if they occur, will affect the entity and to manage risk within its risk appetite
•
Able to provide reasonable assurance to an entity’s management and board of directors
•
Geared to achievement of objectives in one or more separate but overlapping categories
This definition is broad. It captures key concepts fundamental to how companies and other organizations manage risk, providing a basis for application across organizations, industries, and sectors. It focuses directly on achievement of objectives established by a particular entity and provides a basis for defining enterprise risk management effectiveness.
The CAS Committee on Enterprise Risk management has adopted the following definition of ERM: “ERM is the discipline by which an organization in any industry assesses, control, exploit, finances and monitors risk from all sources for the purpose of increasing the organization’s short and long term value to its stakeholders.”
16 | P a g e
Implicit in this definition is the recognition of ERM as a strategic Decision support framework for management and to improves decision-making at all levels of organization.
Enterprise risk management helps management achieve the entity’s performance and profitability targets and prevent loss of resources. Enterprise risk management helps ensure effective reporting and compliance with laws and regulations, and helps avoid damage to the entity’s reputation and associated consequences. In sum, enterprise risk management helps an entity get to where it wants to go and avoid pitfalls and surprises along the way.
Risk: Risk can be defined as “the threat or probability that an action or event, will adversely or beneficially affect an organization’s ability to achieve its objectives” In simple terms risk is “Uncertainty of Outcome”, either from pursuing a future positive opportunity, or an existing negative threat in trying to achieve a current objective.
Business risks are greater today than ever Because of the following reasons: •
17 | P a g e
Globalization means increased exposure to international events
•
Need for efficiencies, innovation and differentiation to compete
•
We now know the unthinkable can happen
•
Financial reporting is now a risk area
•
Application is uneven at companies applying “EWRM
Why is Business risk a priority? Points of view from a recent survey •
many executives see an array of ever-increasing business risk
•
Business risk management practices require improvement
•
Substantial revision in business risk management have either been made or will be made
•
Senior executives want more confidence that all potentially significant risks are identified and managed
Top five business issues •
Cost constraints
•
Security of data and privacy
•
Stakeholder returns
18 | P a g e
•
Managing business risk
•
Innovation
Key indicators of need of managing business risk •
Management wants increased confidence that all potentially significant risks are identified and managed Key decisions are made without a systematic evaluation of risk and reward trade-offs
•
Risk management isn’t integrated with strategic and business planning
•
Risks are not systematically identified, sourced, measured and managed
•
Units of the organization are managing similar risks differently
•
Inability to measure performance on a risk-adjusted basis
•
Capital investment process requires improvement
•
Increasing demands for more information relating to risks and internal controls from the board and investors
19 | P a g e
Type of Risk
Environmental
Process Risk
Risk
Information for Decision making Risk
Financial
Strategic
Empowerment Public Information Technology 20 | P a g e
Reporting
Governance Reputation Integrity Operation
Environmental Risk
Can be due to the following reasons: Competitor
Customer wants
Technological Innovations
Sensitivity
Share holders expectation
Capital Availability
Sovereign/political
Legal
Regulatory
Industry
Financial market
Catastrophic Loss
1)
Process Risk
Financial Risk 21 | P a g e
Operational
a) Price :
Interest Rate
currency
Equity
commodity
Financial instrument
b) Liquidity :
Cash flow Opportunity cost Concentration
C) Credit:
Default Settlement
Concentration Collateral
Empowerment Risk Leadership
Authority Limit
Outsourcing
Performance Incentive
22 | P a g e
Change readiness
Communication
Information Technology Risk Integrity Availability
Access Infrastructure
Governance Risk Organizational culture Board effectiveness
Ethical behavior Succession planning
Reputation Risk Image and Branding Stake holder Relation
Integrity Risk Management fraud
Employee fraud
Third party fraud
Illegal Acts
23 | P a g e
Unauthorized Use
24 | P a g e
Operations Risk Customer satisfaction
Human resource
Knowledge capital
Product development
Efficiency
Capacity
Scalability
Performance gap
Cycle Time
Sourcing
Channel effectiveness
Partnering
Compliance
Business Interruption
Product/service failure
Environmental
Health and safety
Trade mark/Brand Erosion
2)
Information for Decision making Risk
Strategic Risk
Business Model Investment valuation/Evaluation 25 | P a g e
Business portfolio Organization structure
Measurement (Strategy)
Resource Allocation
Planning
Life Cycle
Environmental scan
Public Reporting Risk Financial Reporting Evaluation
Internal Control Evaluation
Executive certification
Taxation
Pension fund
Regulatory Reporting
Operation Risk Budget and planning
Product/Service pricing
Contract commitment
Measurement (operations) Alignment
Accounting Information
26 | P a g e
A scheme of the risks and how they inter-relate is as under:
27 | P a g e
Risk Universe is the ultimate risk elelment identification and plotting tool available
28 | P a g e
The Risk Universe
Risk Types (Perception – a different dimension) can also be classified as follows:
Identified risk:
That risk that has been determined to exist, using analytical tools. The time and Costs of analysis efforts, the quality of the risk management program, and the state of the technology involved affect the amount of risk that can be identified.
Unidentified risk:
That risk that has not yet been identified. Some risk is not identifiable or measurable, but is no less important for that.
Total risk:
The sum of identified and unidentified risk. Ideally, identified risk will comprise the larger proportion of the two.
29 | P a g e
Acceptable risk:
The part of identified risk that is allowed to persist after controls is applied. Risk can be determined acceptable when further efforts to reduce it would cause degradation of the probability of success of the operation, or when a point of diminishing returns has been reached.
Unacceptable risk:
That portion of identified risk that cannot be tolerated, but must be either eliminated or controlled.
Residual risk:
The portion of total risk that remains after management efforts have been employed. Residual risk comprises acceptable risk and unidentified risk.
30 | P a g e
Figure: Types of Risk
Total risk
Acceptable
Identified risk
=
Unacceptable
Unidentified risk Residual
31 | P a g e
Type of Risk and its Initial and Ultimate Effect
Type of Risk Quality Problem
Initial Effect Product recall, customer defection
Ultimate Effect Financial
Environmental
Bad publicity, customer disfavor and
Reputational Financial
pollution Health and
defection, court action, fines Bad publicity, worker compensation,
Reputational Human suffering,
Safety Injury
worker force dissatisfaction, statutory fines
financial losses
Fire
Harm to humans, loss of production and
Reputational Human sufferings,
Computer failure
assets Inability to take orders, process work or
financial losses Financial losses
Marketing Risk Fraud Security International
issue invoices, customer defection Revenue drops Theft of Money Theft of Money, assets or plans Foreign exchange losses
Financial losses Financial losses Financial losses Financial losses
Trading Political Risk
Foreign government appropriates assets,
Financial losses
prevents repatriation of profits
Type of Risk Marketing Risk Health and safety risk Environmental Risk
Benefit of proactive management Maintain market share Avid worker litigation, reduce insurance premium Avoid litigation from regulatory authorities,
Fire Risk
reduced premium Avoid risk of production, avoid going out of
32 | P a g e
Bomb threats Computer Risks
business, reduce premiums Avoid loss of life or destruction of a building Prevent inability to Invoice, lack of access to
Theft and fraud, Industrial Espionage
information Prevent loss of money, assets or concepts, loss of
Technical Risk
market share Avoid being left behind with obsolete manufacturing methods or technologies, avoid
Kidnap and ransom, extortion
production stoppage Safeguard managers abroad or at home, prevent
Product contamination (accidental
payment to criminals Avoid harming customers and prevent litigation.
and criminals)
Process Steps of ERM The following steps of the risk management process, which is based on those originally detailed in the Australian/New Zealand Standard in Risk Management (AS/NZS 4360), describe seven iterative elements.
Establish Context
Identify Risk
33 | P a g e
Analyze/ Quantify Risk
Integrate Risk
Assess/Priori tize Risks
Treat/Exploit Risk
Monitor and review
Establish Context This step includes External, Internal and Risk Management Contexts. The External Context starts with a definition of the relationship of the enterprise with its environment, including identification of the enterprise’s strengths, weaknesses, opportunities, and threats (“SWOT analysis”). This context-setting also identifies the various stakeholders (shareholders, employees, customers, community), as well as the communication policies with these stakeholders.
The Internal Context starts with an understanding of the overall objectives of the Enterprise, its strategies to achieve those objectives and its key performance Indicators. It also includes the organization’s oversight and governance structure.
The Risk Management Context identifies the risk categories of relevance to the Enterprise and the degree of coordination throughout the organization, including the adoption of common risk metrics.
Identify Risks – This step involves documenting the conditions and events (including “extreme events”) that represent material threats to the enterprise’s achievement of its objectives or 34 | P a g e
represent areas to exploit for competitive advantage.
Analyze/Quantify Risks – This step involves calibrating and, wherever possible, creating probability distributions of outcomes for each material risk.
This step provides necessary input for subsequent
steps, such as integrating and prioritizing risks.
Analysis techniques range along a
spectrum from qualitative to quantitative, with sensitivity analysis, scenario analysis, and/or simulation analysis applied where appropriate.
Integrate Risks – This step involves aggregating all risk distributions, reflecting correlations and portfolio effects, and expressing the results in terms of the impact on the enterprise’s key performance indicators (i.e., the “aggregate risk profile”).
Assess/Prioritize Risks – This step involves determining the contribution of each risk to the aggregate risk profile, and prioritizing accordingly, so that decisions can be made as to the appropriate treatment.
Treat/Exploit Risks – This step encompasses a number of different strategies, including decision as to avoid, retain (and finance), reduce, transfer, or exploit risk. For hazard risks, the prevalent transfer mechanism has been the insurance markets. Alternative risk transfer (ART) 35 | P a g e
markets have developed from these with a goal of striking a balance between risk retention and risk transfer.
With respect to financial risks, the capital markets have
exploded over the last several decades to assist companies in dealing with commodity, interest rate, and foreign exchange risk. Until recently, companies had no mechanisms to transfer operational or strategic risks, and simply had to avoid or retain these risks.
Monitor & Review – This step involves continual gauging of the risk environment and the performance of the risk management strategies. It also provides a context for considering risk that is scalable over a period of time (one quarter, one year, five years). The results of the ongoing reviews are fed back into the context-setting step and the cycle repeats.
ERM with respect to different Industries
36 | P a g e
37 | P a g e
ABN AMRO Bank (Case Study)
ABN AMRO Bank is Holland's leading bank. The company and its subsidiaries operate more than 800 offices in Holland and another 2,600 in 75 other countries. ABN AMRO faces many risks. These include interest rate risks, currency risks, equity risks, credit risks, liquidity risks and capital adequacy risks. The case outlines the risks and the mechanisms ABN AMRO employs to mitigate them.
Introduction
ABN AMRO was the product of a 1991 merger between the Netherland’s two largest banks-Aleman Bank Nederland (ABN) and Amsterdam-Rotterdam Bank (AMRO); respectively.ABN’s origin went back to Netherlands Trading Society, which had been founded in 1824, to finance business ventures in the Dutch colonies, in the East Indies. Although the firm weathered the First World War and the Depression, the Second World War was catastrophic. Germany occupied the homeland and Japan took over the Dutch East Indies.
38 | P a g e
In 1998, ABN AMRO bought Brazil’s Banco Real and Bandepe banks (and then closed their European and US offices). The next year, it began buying minority interests in banks in Italy. Also in 1999, the company decided to be a major player in European real estate with the acquisition of Bouwfonds Nederlandse Gemeenten, the Netherlands’ fifth largest mortage lender. As part of this effort, it expanded its mortgage-servicing portfolio with the purchase of Pitney Bowes subsidiary Atlantic Mortgage and Investment Corp.
Risk Governance
The Managing Board established the risk philosophy and policies for ABN AMRO under the guidance of the Supervisory Board. Responsibility for the overall implementation of risk policy lay with the Chief Financial Officer, who was a member of the Managing Board. Risk was managed through two principal departments: Group Risk Management (GRM) and Group Asset and Liability Management (GALM). GRM was responsible for the management of credit, country, market and operational risks and was also responsible for leading the assessment of the impact of the New Capital Accord (Basel II) and its implementation...
Credit Risk
Credit risk was inherent in ABN AMRO'S business. All commercial activities, which committed the bank, to engage in transactions involving credit risk, required prior 39 | P a g e
approval by authorized individuals or committees. The Managing Board delegated approval authority to GRM and further down to the SBUs. Decision authority was based on Global One Obligor Exposure (GOOE), which combined all direct and contingent credit limits to a given relationship globally, and the Uniform Counterparty Rating system (UCR), which was the risk rating of the individual counterparty.
Market Risk
Market risk was the possibility of movements in financial markets changing the value of the bank’s trading portfolios. Market risk arose from the bank trading on behalf of clients and on its own account.
In trading activities, risk arose both from open (unheeded) positions and from imperfect correlations between market positions that were intended to offset one another .ABN AMRO measured and monitored different market risk factors such as interest rate sensitivity, open currency position, stock prices, spread sensitivity, reeks(delta,gamma,vega,rho)
Operational Risk ABN AMRO defined operational risk as the risk of loss resulting from inadequate or failed internal processes, human behavior and systems or from external events. This definition
40 | P a g e
captured events such as IT problems, shortcomings in the organizational structure, and lapses in internal controls, human error, fraud, and external threats. ABN AMRO had established a dedicated Operational Risk Management (ORM) discipline in 2000 to manage operational risks.
Infosys (Case Study)
Infosys is one of India's most admired companies. It is well known for its transparency, high standards of corporate governance and innovations in financial reporting. An area where Infosys has been a trendsetter in recent times is de-risking. Infosys believes risks have to be systematically identified and managed in a proactive manner. Consequently, Infosys presents a wealth of information to its investors on the various risks it faces and the risk mitigation strategies it employs. This case provides a brief account of Infosys'' derisking strategies.
The board of directors was responsible for monitoring risk levels. The management council ensured implementation of mitigation measures. The audit committee provided feedback on the overall direction of the risk management policies. Risk Identification Infosys has listed what it believed were some of the important risks it faced. 41 | P a g e
Concentration Risks Infosys had taken various steps to prevent excessive concentration in any one vertical, technology, client or geographic area. Service concentration
Infosys had an array of service offerings across various horizontal and vertical business segments.
E-business exposure
Infosys' exposure to high-risk Internet start-up companies had been reduced significantly following the dotcom collapse. In view of this, the management believed this risk was not too high.
Legal and Statutory Risk
Contractual Liabilities
Infosys had an elaborate review and documentation process for contracts. The company 42 | P a g e
evaluated the legal risks involved in a contract and ascertained its legal responsibilities under the applicable laws of the contract. Infosys restricted its liabilities under the contract and covered the risks involved to the extent possible. Infosys had also taken sufficient insurance cover abroad to cover possible liabilities arising out of non-performance of contracts. The management reviewed this on a continuous basis and took corrective action. In general, Infosys did not enter into contracts that had open-ended legal obligations.
Human Resources Risk Manpower Development
Infosys considered people to be its key resource. The company had attempted to create a favorable work environment that encouraged innovation and rewarded merit. The company had developed a strong reputation for attracting engineers from India's most famous campuses.
Employees seemed to trust Infosys, as it did not sack any employee even during the peak of the IT slowdown. People were kept on the 'bench' for months but none were sacked. Infosys' attrition rate in 2002 was only 7.6% in an industry noted for high employee turnover. Operational Risk
43 | P a g e
Infosys believed risk management processes at the operational level were a key requirement for reducing uncertainty in delivering high-quality software solutions to clients within budgeted time and cost. Infosys used quality models such as the Software Engineering Institute’s Capability Maturity Model (SEI-CMM) to ensure that risks were identified and measures taken to mitigate them at the project planning stage. Infosys software development processes received Level 5 CMM certification. Only a few companies in the world had achieved this distinction. Infosys had achieved had guidelines for project leaders and module leaders on how risks could be identified and mitigated.
Financial Risk Foreign Currency Rate Fluctuations Infosys derived its revenues from 31 countries around the world. 87.7% of revenues in fiscal 2002 were dollar-denominated. All contracts were denominated in internationally tradable currencies. Infosys believed its exposure to local currencies, that were not tradable or which might depreciate sharply, was minimal.
44 | P a g e
Novartis (A world leader in Healthcare)
Novartis Facts • 20th largest company worldwide (based on market capitalization) • 2005 – 32.2 B in sales, 6.1 B in net income, 91,000 employees • 4th largest branded Pharma company & 2nd largest generic Pharma Company.
Purpose of Novartis To discover, develop and successfully market innovative products to cure diseases, to ease suffering and to enhance the quality of life. Also to provide a shareholder return that reflects outstanding performance and to adequately reward those who invest ideas and work in our company.
Risk-it isn’t always where you think it is The Major Global Risks to Novartis are as follows:
Economic • Oil prices/energy supply • Asset prices/Indebtedness • US Current Account deficit and US dollar • Coming fiscal crises • China 45 | P a g e
• Critical infrastructures
Societal • Regulation • Corporate governance • Intellectual Property rights • Organized crime • Global pandemics • Slow & Chronic Diseases (Industrialized world) •Epidemic disease (Developing world) •Liability Regimes
Environmental • Tropical cyclones • Earthquakes • Climate change • Loss of ecosystem services
Technological • Convergence of technologies • Nanotechnology • Electromagnetic fields • Pervasive computing 46 | P a g e
Geopolitical • Terrorism • European dislocation • Current and future hotspots
Novartis Risk Tools
• HSE Risk Portfolio – a matrix used to convey information on risk to
management
for decision-making
• Business Continuity Management –is the act of anticipating incidents which will affect mission critical functions and processes for the organization and ensuring that it responds to any incident in a planned and rehearsed manner.
• Product Stewardship - seeks to continuously ensure the active management of benefits and risks of our products by providing measures to protect and benefit consumers in line with our Corporate Citizenship commitment, and to manage the product-related risks of Novartis as a whole.
• Enterprise Risk Management - essential part of Novartis strategic management which aims to ensure that business, financial, legal, and reputation risks are appropriately
47 | P a g e
managed to reasonable assure the attainment of Novartis objectives and long-term business success.
48 | P a g e
Strategies for Reducing Risk
Examples of typical strategies for reducing risk include:
– Physical building and perimeter security – Fire detection and suppression systems – UPS systems (uninterruptable power supply) – Computer security systems (e.g. passwords, firewalls) – Regular backup of electronic data – secure storage of critical paper documents – minimizing ‘single points of failure’ – Regular maintenance of equipment – Employee screening procedures – Executive travel policies, etc.
49 | P a g e
Strategies for Reducing Impact
Examples of typical strategies for reducing impact include:
– developing ‘workaround’ procedures for loss of computer systems – developing contingency procedures for specific events (e.g. postal strike, Transportation problems) – splitting business operations between two or more locations – maintaining safety stock of raw materials at an alternate location – keeping finished inventory in more than one location – establishing alternate means of voice or data communication – pre-establishing outsourcing arrangements – Cross-training employees – developing executive succession plans, etc.
50 | P a g e
The major risks to Hospitality Sector
According to the Ernst & Young survey, decreasing guest demand and increasing attrition of booked business is the greatest anticipated business challenge cited by hotel executives during the next 12 months of operations. -One of the key challenges facing the hospitality sector is the high rate of taxes. In Delhi, for instance, there is a 12.5 per cent luxury tax as well as a 12 per cent VAT on food and beverages. -The high import duty is another challenge. On liquor, it is about 182 per cent and 35 per cent (including surcharge) on kitchen equipment. -The biggest challenge that it is facing is that of raising funds (mainly on the debt side). The hotel industry is a capital-intensive industry and it requires a huge amount of investment in terms of capital (both equity and debt). Today, equity has to be brought to the fore as a promoter's contribution for the start up of any venture. There is no seed capital available to the hotel industry, unlike other start up ventures in the IT and BPO sector .Raising debt is a major challenge faced by the industry. The industry is looked at as a real estate industry and all the norms of funding a real estate sector are made applicable to the hotel industry. The banks and financial institutions, most of them already having had a high exposure to the real estate sector, are not keen on funding the hotel industry. The industry badly requires funds by way of debt to build new hotels.
51 | P a g e
-Current Downturn: Hotel owners and management companies are accelerating efforts to fortify cash positions in a bid to survive the current downturn and to strategically position their businesses for mid-term and long-term growth, according to a survey by Ernst & Young LLP.
Many hotel enterprises have identified and continue to identify ways to more closely manage costs. They are intensifying their focus and practices around risks and controls, with an objective of emerging from the current downturn stronger.
-Reputation risks i.e., protecting Brand - Domain Names and Trade Marks Hotels, leisure groups, restaurants and public houses increasingly rely on domain names and brand recognition to maintain their market position. Those in the hospitality industry should be aware that the risk of 'brand hijacking' is very real when it comes to online brand promotion and that such abuse can have a severe effect on the value and image of a brand, with a consequent loss of revenue. For this reason, the owners of hotels and leisure groups should ensure that their intellectual property in all the important brand features of their establishments, such as the name, logo and domain name, is adequately protected.
52 | P a g e
Protection of IT Assets The protection of IT assets such as website applications, software and booking engines used in the course of business is major issue. To illustrate the point, consider a situation where a hotel outsources the development of its website to an external specialized company or contractor. Just because the hotel has paid this contractor to design its software to its specifications, this does not automatically make it the owner of the software. There may only be a license in place, which does not give our hypothetical hotel any ownership rights in the commissioned product. Carefully drafted agreements are essential. A written assignment of the software from the creator to the hotel is necessary if ownership of the software is to pass to the hotel.
-Data Protection Issues Part of the business of the hospitality industry involves accepting customer bookings, and taking bookings obviously involves obtaining and processing personal data. When a business collects stores or processes personal data, whether on a computer or in a structured filing system, it is subject to certain obligations under the Data Protection Acts, 1988 and 2003 as a data controller. Personal data means any information that relates to an identifiable living individual. Those involved in the hospitality industry should ensure that they are aware of their data protection obligations and train their staff to be aware of their responsibilities also. Failure to do so may result in prosecution by the Data Protection Commissioner, who can impose fines of up to €100,000. 53 | P a g e
Consumer Rights and Advertising The Consumer Protection Act 2007 was designed to protect consumers from misleading advertising and to ensure fair trade. The Act makes it an offence to make false claims about goods, services or prices and it applies equally to online advertising. The Act also bans practices that are unfair, aggressive or misleading or that would be likely to impair consumers' choices.
Hospitality Sector Facing Sex Discrimination Minefield HOTELIERS, restaurateurs and landlords are facing a potential legal minefield after new sex discrimination laws made them liable for the behavior of customers.
The new regulations mean that staff can sue their boss if a customer calls them ‘love’ or if they overhear or are the subject of sexist banter. Bosses who fail to protect their staff from sexual harassment by customers can face unlimited compensation claims.
The commission said the regulations are aimed at dealing with the "particular problem" of harassment in the hotel and restaurant trade, which employs 670,000 women.
54 | P a g e
The major risks to Retail Sector (Shopper’s Stop) Risks and Concerns:
Execution: The key risk to retail growth is execution risk. Shopper stop has a strong execution team and believe it has the capability to execute varied retail formats.
Employee retention: Modern retail is a new industry in India, which is only now gaining growth momentum because of the entry of new companies. Competition for reasonably experienced personnel has led to poaching between retailers. Company has lost some management personnel in the past year and has tried to stem the rise of attrition at the front end. Company believes that this problem will persist until the industry reaches a steady growth phase. ‘
Delay in store delivery: Majority of the new stores planned in malls and any delays in the construction of the malls will delay company's retail expansion plan.
High retail lease rentals: Rent is one of the largest components in a retail business' fixed costs, and the case is no different for Company. Strong economic growth in the past three years in India has led to a boom in real estate prices and with it, an increase in retail rentals.
Store renovations: In its constant attempt to deliver 'Nothing, But the Best' to it's customers your Company needs to renovate it's older stores. These renovations have a 55 | P a g e
substantial impact on cash flows. Renovated stores also go through a gestation cycle before th3y ramp up to original performance levels.
Government levies: Retail is currently not viewed as an industry in India. Hence there are certain levies on the business which are proving to be a very large burden as there are no modes for the industry to recover or pass on these levies. Chief amongst these levies is Service Tax on lease rentals,
Threat of new entrants: With India becoming an attractive retail market and the gradual increase in foreign participation in the sector, your Company expects many new entrants thus sharpening competition.
Competitive rivalry in the industry: There is intense rivalry among leading national retailers for new locations and quality real estate.
Economic slowdown: Retail is the 'last mile' and the impact of economic slowdown will be seeing a direct manifestation in lowered consumer spend.
Customer Entry: The opening of new stores coupled with attractive advertising enabled the Company to attract higher number of customers in new as well as existing stores. Retailers measure entry as footfalls, which is the number of people entering the stores. This is computed
56 | P a g e
through manual count in all stores during trading hours.
Supplier Risks: Broadly varied offering necessitates alliances with a large number of suppliers from various business sectors. In order to mitigate the risk involved, we enter into arrangements with vendors in various business formats such as Outrights Buy/Sale or return, Consignment & Concessionaire/Conducting arrangement.
57 | P a g e
Major Risk to Zara (Fashion House)
Major risk to Fashion industries
•
The export advantages of textile industry had cut down because of the cost enhancement in work force and the increased price in the raw material etc.
•
The international financial crisis further weakened the export competitiveness of textile industry, facing huge development challenges.
•
Besides selling relatively cheap clothes, which fit the times, the company maintains an iron grip on every link in its supply chain.
"If you produce what the street is already wearing, you minimize fashion risk,
•
Efficient supply chain, which is a unique strategy in the fashion industry.
•
Introduction of new designs and releasing new products in just a short time.
•
Competition in the fashion industry has always been tough.
58 | P a g e
•
Customer Value
Consumers respond differently in every country. Every customer in different country, have different values. Some customers value quality more than price, and vice versa. Because customers respond differently to a product, it is a vital key to understand the different response and customer values in order to build a successful retail brand across borders.
•
Design and Order Administration
•
Distribution
Centrally Managed Inventory – controlled and timely delivery of clothing to all stores across the world Reduced Design Cycle Time – timely response to items that sell well and ability to quickly alter or enter new designs Strong IT System – allows almost immediate communication of sales and inventory information across enterprise Logistics and Distribution – clothes move within hours to their destination, efficient scheduling of shipments
•
Flexibility of Delivery Systems to Meet Particular Customer Needs
59 | P a g e
The problem can be that nowadays, low cost fashion companies can possibly dominate the industry of today and in the future and the situation for competition in the fashion industry can amicably be on high demand on such products and services and that there is evidence of business risks as possible.
A consumer preference for brands with a global image, even when quality and value are not objectively superior, has been proposed as a reason for companies to consider global brands (Cited from, Shocker et al., 1994; Taylor and Raymond, 2000). Therefore, Fashion Company needs to identify the response of consumers worldwide to its global advertising for such specific consumer segment. For instance, the fashion industry for women is particularly relevant in terms of examining the feasibility of cross-national segmentation.
What they do “differently”
• No advertising • No approval of designs • Non replenishment of successful fashion items • Manufacturing in Europe • Own production • Too many designers • Copy everything 60 | P a g e
• New assortment every two weeks
Their strategy
• Own shops where possible, JV’s and franchises where needed. • Segmenting the market: Zara, Massimo Dutti, Pull & Bear, Stradivarius, Bershka, Ysho, Zara Home and Kiddy’s Class • Fashion is perishable, therefore it should be flexible: Time to market 2 weeks • Fashion is innovation and unique, make new and short volumes of products
– Immediate learning: 2 weeks to learn about consumer reactions – Average number of customer visits: 17 vs. 3 – Simple: 2 sizes of every design – Short: around 200 new designs every day – Simple: copy everything that is good – Simple: sourcing and marketing work together – Short and simple: air cargo outside Europe
Zara: Key processes • From design to delivery to stores: 2 weeks. • Design decisions, fast (less than one hour) and involving sales people. • From few collections per year to a continuous stream of new products: 25000 61 | P a g e
new products every year. • Ordering from stores is not done for new products, thus, shortening the cycle (Eliminating decisions). • Short production lots, scarcity and adapts to fashion needs. Manufacturing in Europe. • Fast information feedback from stores (story about 1 week soap opera).
Design
Traditional (Benetton)
Approval to stores and orders
Four collections
Presentation and delivery
Reviews by committees
Store manager know there Customers
manufacturing
Use outsiders and minimize transport costs
Total: 2 months Zara
Continuous Stream of
one meeting
Eliminate
one decision
decision
New products
Total: 2 weeks
62 | P a g e
In house production fast delivery
The major risks to ABB India
Market Risk Sales and EPS estimates lowered due to: a) Weak industrial cap ex outlook; b) Mix shift to power projects.
Currency Risk (Rapid change in the currency exchange ratio of all country, selection of one transaction forward & spot)
Statutory Compliance Risk (Environmental and social impact assessments that meet international standards manufacturing units have ISO 14001 certification)
Information System Risk (Brochures, posters and information material in many languages)
63 | P a g e
Operational risk including (India Inc sees oil prices to be the major downside risk strict policy on hiring of contractors, Check lists, and follow-up of performance)
Safety and health (Emergency preparedness, e.g. pandemics, avian flu Assess how well human rights are protected)
Environmental risk (Water management, rain-water harvesting Climate-related risks is increasing, carbon costs are being factored into company capital planning and corporate leaders are calling for mandatory caps on greenhouse gases (GHGs))
Social & culture risk (Should take care of particular country culture, take care of Sensitive countries and sensitive projects)
64 | P a g e
Challenges and Opportunities • Manage governance, risk, and compliance for 10,000 users across 14 countries in South Asia • Maintain country-specific workflows with centralized corporate oversight • Reduce costs of corporate governance and audits
Objectives Install a single, standardized governance solution for unified corporate governance
Responding to customer and market pressures today’s IM&C companies grapple with increasingly pressurized market conditions. Whether it’s a shift in consumer tastes or a surge in component costs, you are likely faced with many of the following challenges:
• Complex products. From PCs to heavy equipment, product complexity is propelled by customer demands. In this shifting environment, your enterprise must maximize the efficiency of manufacturing the product offerings while creating nimble processes that can respond to the market and customers’ demands.
65 | P a g e
• Virtual supply chains. With more and more links in the supply chain being outsourced to third parties—frequently operating offshore—it’s critical to coordinate resources among a changing matrix of partners and have clear line of sight into all components across the globe.
• Tight product margins. As your customers demand intricate and more advanced Product offerings, you’re feeling pressure to refine your cost structures, increase Flexibility and maximize resources. Under these conditions, you likely will consider new fulfillment options or a direct sales model to better manage prices and margins.
• Compressed cycle times. The era of developing products with a 12-month life cycle has vanished and has been replaced with a daily squeeze on your time-to-market and order cycle times. What’s missing? Visibility of your manufacturing processes to allow you to make crucial decisions and adjustments to your day-to-day operations. By implementing BearingPoint SAP All-in-One for IM&C, you can address these challenges head on and respond to the needs of your customers and the market today, while being positioned for future opportunities and requirements.
Safety of data traffic in industrial communication is a key issue to which we are devoting great attention
66 | P a g e
. For industrial plants, the security of communications to and from the outside world is an important criterion. Ultimately, it is the crucial factor in determining whether or not the Internet is accepted in automation. There is also a growing awareness of the importance of protective mechanisms against unauthorized or careless access from within the corporate network. Recent studies have shown that the risk of such attacks is greater than the risk of those from outside which seem to be held in such dread.
Application of Information Technology in Power Sector - New Initiatives & Programmes - Status of IT Applications - Enterprise Integrated Automation - New Requirements and Technologies - IT in Generation, including ERP Solutions, Energy Efficiency, Monitoring Systems, DCS, DMS, Material Management, Simulators, CFD
Risk Assessment in Power Distribution Business
- Physical destruction and Electronic intrusion threat - Exposure to potential sources of attacks- increasing use of automation, shift to standard protocols, open access to transmission system information, external connections, increased competition, downsizing, outside contractors 67 | P a g e
- Substations- the most significant information security vulnerability? - Sources of vulnerabilities- interconnections between control centers and corporate data networks, use of dial-up modems, Insider threat and use of public networks (PN), Communication networks, private infrastructure, public infrastructure vulnerabilities, Reduced skill level of O&M personnel - Clear threat identification combined with infrastructure vulnerability assessment - Guidelines for protective measures/ deterrents - Contingency analysis, redundant control centers, dial-back modems, and firewalls
- Information security function for the operational systems
Guidelines for Specification and Evaluation of Substation Automation System
- Modern substation automation solutions - Technical requirements for substation automation - Information management - System architecture - Impact of IEC 61850 - Project management and services - Engineering phase - Weighting & fulfillment of requirements - Qualitative evaluation
68 | P a g e
Different type of Risk to Siemens
Technology Risk The markets, in which Siemens operated, often saw rapid and significant changes due to the introduction of new technologies. To meet customer needs, Siemens had to continuously design new products, update existing products and develop new technologies. This required a significant commitment to research and development... Risk Related to Mergers, Acquisitions & Strategic Alliances Siemens' strategy involved divesting its interests in some businesses and strengthening other business areas through acquisitions, strategic alliances or joint ventures. Such transactions were inherently risky because of the difficulties of integrating people, operations, technologies and products...
Operational Risks
69 | P a g e
Siemens performed a significant portion of its business, especially large projects, under long-term contracts that were awarded on a competitive bidding basis. The profit margins on such fixed-priced contracts varied from original estimates as a result of changes in costs and productivity over time. Siemens sometimes had to bear the risk of cost overruns or contractual penalties caused by unexpected technological problems, unforeseen developments at the project sites, problems with subcontractors and other logistical difficulties. Some multi-year contracts also contained demanding installation and maintenance requirements, in addition to other performance criteria relating to timing, unit cost requirements and compliance with government regulations... Political Risks Changes in regulatory requirements, tariffs and other trade barriers and price or exchange controls might limit operations and make the repatriation of profits difficult. In addition, the uncertainty of the legal environment in some regions might limit Siemens' ability to enforce its rights... Environmental Risks Siemens might face liability for damage or remediation for environmental contamination at its facilities. To deal with such risks, Siemens maintained liability insurance at levels that it believed were appropriate and in accordance with industry practice... Legal Risks
70 | P a g e
Siemens was subject to numerous risks relating to legal proceedings. The company might become implicated in lawsuits, involving allegations of improper delivery of goods or services, product liability and product defects and quality problems and intellectual property infringement...
Human Resources Risk Competition for highly qualified management and technical personnel remained intense in the industries in which Siemens operated. In many of its businesses, Siemens needed highly skilled employees... Financial Risk Siemens' international operations, financing activities and investments exposed it to various financial market risks in the ordinary course of its business.
Market Risks Siemens' primary financial market risk exposures were: • Equity price risk from investments in marketable securities and asset swaps; • Foreign exchange rate risk, particularly due to movements in the dollar, the pound,
71 | P a g e
and the Swiss franc...
Different Type of Risk of GE
The GE Board of Directors oversees the risk management process through clearly established delegation of authority. Board and committee meeting agendas are jointly developed with management to cover risk topics presented to our Corporate Risk Committee, including environmental, compliance, liquidity, credit and market risks Risks management approach The risk management approach of GE has the following major tenets: a broad spread of risk based on managed exposure limits; senior, secured commercial financings, and a hold to maturity model with transactions underwritten to our "on-book" standards. Liquidity risk Liquidity risk is the risk of being unable to accommodate liability maturities, fund asset growth and meet contractual obligations through access to funding at reasonable market rates. Additional information about our liquidity and how we manage this risk can be found in the Financial Resources and Liquidity section of this Item. 72 | P a g e
Credit risks Credit risk is the risk of financial loss arising from a customer or counterparty failure to meet its contractual obligations. We face credit risk in our investing, lending and leasing activities and derivative financial instruments activities (see the Financial Resources and Liquidity and Critical Accounting Market risks Market risk is the potential loss in value of investment and other asset and liability portfolios, including financial instruments and residual values of leased assets. This risk is caused by changes in market variables, such as interest and currency exchange rates and equity and commodity prices. We are exposed to market risk in the normal course of our business operations as a result of our ongoing investing and funding activities. Additional information can be found in the Financial Resources and Liquidity. Government and regulatory risks Government and regulatory risk is the risk that the government or regulatory authorities will implement new laws or rules, amend existing laws or rules, or interpret or enforce them in ways that would cause us to have to change our business models or practices. 73 | P a g e
We manage these risks through the GECS Board, our Policy Compliance Review Board and our Corporate Risk Committee
Other risks Other risks include natural disasters, availability of necessary materials, guarantees of product performance and business interruption. These types of risks are often insurable, and success in managing these risks is ultimately determined by the balance between the level of risk retained or assumed and the cost of transferring risk to others.
74 | P a g e
Different Type of Risk AREVA NC AREVA is a world-leading company in nuclear energy. It is the only company with a presence in each industrial activity linked to nuclear energy: mining, chemistry, enrichment, combustibles, services, engineering, nuclear propulsion and reactors, treatment, recycling, stabilization, and dismantling. AREVA also claims to offer technological solutions for CO²-free energy; and produces earth leakage circuit breaker technologies. AREVA Risk Management Consulting is one of the UK's leading firms of consultants in the assessment and management of safety and environmental risks. It provides worldclass risk assessment to organizations undertaking high-hazard operations through a principled, innovative and reliable approach to work and people Operational risk
Criticality and the associated significant accident risks only concern activities that use or take place near fissile materials. This, as well as the difficulty in perceiving the physical phenomenon, calls for all operators to be properly informed in this area, in order for them to have the right reflexes and reactions before completing their activities.
75 | P a g e
Health and safety Risk is a fact of life in the nuclear industry, and there is no such thing as zero risk. However, AREVA NC and the regulatory authorities have placed top priority on risk management, beginning in the plant design phase, especially risks relating to the radioactivity
of
the
materials
processed.
For this reason in particular, it was decided to build highly automated, remotely operated facilities to shield site personnel from radiation completely. The result of this decision is extremely low dose rates to AREVA NC La Hague personnel since the early 1990s. Like many other industrial operations, the AREVA NC La Hague plant is allowed to release liquids and gases to the environment. The release levels are now so low that the impacts on the public and on the environment are deemed to be without health effects, according to the most recent scientific analyses and assessments performed by independent experts. AREVA NC's commitment for the future is to keep impacts from plant operations below a figure considered by experts to be synonymous with "zero impact", regardless of how operations may change.
A high priority on security and environment As a key player in the nuclear industry and a long-term reliable supplier, the Zirconium Business Unit has set high priority on security and environment, fulfilling AREVA's commitment to Sustainable Development. 76 | P a g e
Extensive efforts have been made in the area of security and environment. Few examples are given below All zirconium manufacturing sites are ISO 14001 certified. Jarrie and Duisburg sites achieved OHSAS 18001 certification in 2001 and 2005, respectively. Its equipment is environmentally friendly. As examples: Sponge process rejects 60% less liquid wastes than the usual processes. Investments on spent fluoro-nitric acid recycling station allow the recycling of 100% of waste nitric acid coming from the process in the Paimboeuf, Montreuil-Juigné and Rugles plants. The zirconium chips recycling program, started in 2003, aims at recycling the chips which are until now burnt or sold for use in other industries. The target is to achieve 80% of chips recycling thanks to new cleaning process.
Related to safety and security at work, a wide-ranging, large-scale action plan has been deployed throughout all plants in order to eradicate major zirconium fire risks:
A team composed of safety managers from the sites has been created. An exhaustive and precise inventory of all possible danger locations in terms of zirconium fire has been established
with
a
risk
evaluation.
Immediate
actions
(cleanings,
equipment
improvements, etc) have been thoroughly implemented. Training course has been
77 | P a g e
designed to explain the risks associated with the zirconium, the safety procedures to follow and the attitude to have when confronting a zirconium fire.
Major Risk to Alstom Risks in relation to market environment and Group activities
Market environment : Long-term evolution of Alstom’s markets is driven by a variety of complex and inter-related external factors, such as economic growth, public policies on environment and public transportation, price and Availability of the different sources of fuels. Short-term evolution of Alstom’s markets are also driven by the current financing constraints, uncertainty on economic growth, particularly on future demand of electricity and the impact of government stimulus packages. large international competitors and local players on prices, tenders’ quality, time to market, and customer service and face the current uncertain economic environment.
Contract execution: Alstom’s business includes major long-term contracts. The revenue, cash flow and profitability of a long-term project may vary significantly in accordance with the progress of that project and depending on a variety of factors, some of which are beyond the Group’s control, such as unanticipated technical problems with equipment being supplied, postponement or delays in contract implementation, financial difficulties of customers, withholding of payment by customers, performance defaults by or financial difficulties of 78 | P a g e
suppliers, subcontractors or consortium partners with whom Alstom is jointly liable, and unanticipated costs due to project modifications.
Design and use of complex technologies: Alstom is required to introduce new, highly sophisticated and technologically complex products on increasingly short time scales. This necessarily limits the time available for testing and increases the risk of product defects and their financial consequences. It is sometimes necessary to fine tune or modify products after Alstom begins manufacturing them or after its customers begin operating them. Because Alstom produces some of its products in series, it may need to make such modifications during the production cycle. the customer to terminate the contract or return the product if performance specifications or delivery schedules are not met. As a result of these contractual provisions and the time needed for the development, design and manufacturing of new products, problems encountered with Alstom’s products may result in material un-anticipated expenditures, including without limitation additional costs related to securing replacement parts and raw materials, delays and cost overruns in manufacturing, delivering and implementing modified products and the related negotiations or litigation with affected clients.
Costs and conditions to access to certain manufactured goods and raw materials: In the course of its business, Alstom uses raw materials and manufactured goods in amounts which vary according to the project and which may represent up to one third of the contract price. Given the difficulties and delays in the delivery of certain manufactured
79 | P a g e
goods and the significant volatility of raw materials prices, the Group cannot ensure that these elements will necessarily be fully reflected The financial and economic crisis has increased risks of failures of certain Alstom’s suppliers, Although the Group has an advanced system to detect these failures. Working capital management The structure and long term of Alstom’s projects results in payment of expenses before realization of revenue. As a result, Alstom’s ability to negotiate and collect customer advances is therefore an important element of its strategy, as it provides the Group with cash flow and allows it to manage its working capital. Conversely, any decrease in global orders intake volume could materially impact working capital evolution.
Management of human resources The success of development plans will depend in part on the Group’s ability to retain its employee base and recruit and integrate additional managers and skilled employees. The Group can give no assurance that it will be successful in developing and retaining its employee base as needed to accompany its business development.
Currency exchange, interest rate, credit and liquidity The Group is exposed mainly to currency exchange risks. The Group has a €1 billion revolving credit facility (the “Credit Facility”) maturing in March 2012 and extended for €942 million up to March 2013, which is fully undrawn. Pursuant to its bonds and guarantees programmers, the Group has a committed facility allowing the issuance of bonds and guarantees up to €8 billion up to July 2010 with an outstanding amount of €2.4 80 | P a g e
billion as of 31 March 2009 (the “Master Facility Agreement”) as well as bilateral lines for €5.1 billion As of 31 March 2009.The Credit Facility and the Master Facility Agreement are subject to financial covenants disclosed in consolidated financial Statements for the fiscal year ended 31 March 2009. Alstom complies with these covenants as at 31 March 2009 and does not anticipate any particular difficulty continuing to comply with these covenants. Group believes it has no major risk so as to access financial markets, if needed.
Disputes in the ordinary course of business The Group is engaged in several legal proceedings, mostly contract related disputes that have arisen in the ordinary course of business. Contract related disputes, often involving claims for contract delays or additional work, are common in the areas in which the Group operates, particularly for large, long-term projects
Allegations of anti-competitive activities and illegal payments The Group is subject to procedures for alleged anti-competitive practices described in Note 30.B to the consolidated financial statements for the fiscal year ended 31 March 2009. Any adverse development of these investigations and procedures may have a material adverse impact on the Group reputation, as well as on its results and financial position due notably to the significant amount of fines that can be ordered in this area. Certain current and former employees of the Group have been or are currently being investigated with respect to alleged illegal payments in various countries. The Group internal control rules and procedures to control the risks linked to illegal activities have 81 | P a g e
been constantly reinforced over the last years. Alstom actively strives to ensure that it appropriately addresses any problems that may arise.
Risks in relation to disposals, acquisitions and other external growth operations
The Group has disposed of a large number of its businesses and may continue to dispose some of them. As is customary, it has made and will make certain warranties regarding the businesses being sold. In some cases the Group has retained certain contracts and liabilities. As a result it may be required to bear increased costs on retained contracts and liabilities and to pay indemnities or purchase price adjustments to the acquirer, which could have a material adverse Alstom has completed and may continue to complete acquisitions of businesses or companies, as well as mergers and joint ventures. External growth operations include risks due to the difficulties that may arise in evaluating assets and liabilities relating to these operations, as well as in integrating people, activities, technologies and products.
Environmental, health and safety risks
The Group is subject to a broad range of environmental laws and regulations in each of the jurisdictions in which it operates. These laws and regulations impose increasingly stringent environmental protection standards regarding, among other things, air emissions, waste water discharges, the use and handling of hazardous waste or 82 | P a g e
materials, waste disposal practices and the remediation of environmental contamination. Alstom’s facilities must comply with permits, licenses or authorizations and are subject to regular inspections by competent authorities.
HOW TO MANAGE RISK
MANAGE Levels
•
Entity-level Controls (COSO – Gov Model) –
Entity-level controls are those controls that management relies upon to establish the appropriate “tone at the top” relative to financial reporting. An entity-level assessment for each control entity should be conducted as early as possible in the evaluation process
•
Process-Level Controls (COSO – Cont Model) –
Process level controls are usually directly involved with initiating, recording, processing or reporting transactions
•
General IT and Application Controls (CoBIT) –
General IT controls typically impact a number of individual applications and data in the technology environment
83 | P a g e
–
Application controls relate primarily to the controls programmed within an application that can be relied upon to mitigate business process-level risks
Control Levels – Examples of Entity-Level Controls COSO Frame work
Control Types •
Manual vs. System-based controls –
Manual controls predominantly depend upon the manual execution by one or more individuals
–
Automated controls predominantly rely upon programmed applications or IT systems to execute a step or perhaps prevent a transaction from occurring without manual decision or interaction
–
There are also system-dependant manual controls, e.g., controls that are manual (comparing one thing to another) but what is being compared is system-generated and not independently collaborated; therefore, the manual control is dependent on reliability of system processing
•
Preventive vs. Detective controls
84 | P a g e
–
Preventive controls, either people-based or systems-based, are designed to prevent errors or omissions from occurring and are generally positioned at the source of the risk within a business process
–
Detective controls are processes, either people-based or systems-based, that are designed to detect and correct an error (or fraud) or an omission within a timely manner prior to completion of a stated objective (e.g., begin the next transaction processing cycle, close the books, prepare final financial reports, etc.)
Control Reliability •
As transaction volumes increase and with increasingly complex calculations, systems-based controls are often more reliable than people-based controls because they are less prone to mistakes than human beings, if designed, operated, maintained and secured effectively
•
A shift toward an anticipatory, proactive approach to controlling risk requires greater use of preventive controls than the reactive ‘find and fix’ approach embodied in a detective control
•
Effectively designed controls that prevent risk at the source free up people resources to focus on the critical tasks of the business
85 | P a g e
Systems-Based, Preventive Control Systems-Based, Detective Control people-Based, Preventive Control People-Based, Detective Control
More reliable/desirable
NOTE: The above framework is intended to apply to process-level controls. It does not always apply at the entity-level, e.g., the internal audit function. More reliable/desirable
What is a Critical Control? Definitions: •
KEY CONTROL: An activity or task performed by management or other personnel designed to provide reasonable assurance regarding the achievement of certain objectives as well as mitigating the risk of an unanticipated outcome. Significant reliance is
86 | P a g e
placed upon this control’s effective design and operation. Upon failure of the key control, the risk of occurrence of an undesired activity would not be mitigated regardless of other controls identified. In other words, reasonable assurance of achieving the process’ objectives could not be obtained.
•
CRITICAL CONTROL: The FIRST subset of key controls; these controls have a pervasive impact on financial reporting (segregation of duties, system and data access, change controls, physical safeguards, authorizations, input controls, reconciliations, review process, etc.) and have the most direct impact on achieving financial statement assertions. Upon failure of a critical control, the risk of occurrence of an undesired activity would not be mitigated regardless of other controls identified within ANY process. Failure of critical controls would affect the ability of management to achieve not only process objectives, but also the company’s financial statement objectives.
Control Types •
Primary vs. secondary controls –
Primary controls are controls that are especially critical to the mitigation of risk and the ultimate achievement of one or more financial reporting assertions for each significant account balance, class of transactions and
87 | P a g e
disclosure; these are the controls that managers and process owners primarily rely on –
Secondary controls are important to the mitigation of risk and the ultimate achievement of one or more financial reporting assertions, but are not considered “critical” by management and process owners; while these controls are significant, there are compensating controls that also assist in achieving the assertions
•
Controls over routine processes vs. controls over non-routine processes –
Controls over routine processes are the manual and automated controls over transactions
–
Controls over non-routine processes are the manual and automated controls over estimates and period-end adjustments; these controls often address the greatest risks in the financial reporting process and are most susceptible to management override
Control Levels – Examples of Common Process-Level Control Activities
Pervasive Process-Level Controls*
Specific Process-Level Controls**
Establish and communicate objectives
Obtain prescribed approvals
Authorize and approve transaction/document control
Establish
88 | P a g e
Establish boundaries and limits processing/transmission control totals
Establish
Assign key task to quality people
Establish/verify sequencing
Establish accountability for results parameters
Validate against predefined
Measure performance performance
Test samples/assess process
Facilitate continuous learning
Recalculate computations
Segregate incompatible duties
Perform reconciliations
Restrict process system and data access
Match and compare
Create physical safeguard results for reasonableness
independently analyze
Implement process/systems change controls existence
independently verify
Maintain redundant/backup capabilities counterparties
Verify occurrence with Report and resolve exceptions Evaluate reserve requirement
*Controls affecting multiple processes, including entity-level and general IT controls
** Controls specific to a process, including programmed application controls
89 | P a g e
SOA and the COSO Framework Complying with SOA Section 404 in the Context of the COSO Framework The COSO Framework is recommended by the SEC as an accepted internal control framework to guide corporate compliance with SOA 404. COSO requires an entity-level (or “tone at the top”) internal control focus and an activity or process level focus (the right side of the cube), with the three objectives of effectiveness and efficiency of operations (including safeguarding of assets), reliability of financial reporting, and compliance with applicable laws and regulations (across the top of the cube). Our approach captures the five components of internal control: the control environment, risk assessment, control activities, information/communication, and monitoring.
90 | P a g e
The COSO ERM Framework •
Began over five years ago
•
COSO concluded a broadly recognized common structure for ERM is needed
•
Framework developed through input from many sources, including members of the five COSO organizations
•
Originally Authored by PwC
•
COSO-appointed advisory council provided input and guidance to the process
•
Was initiated in May 2001 before the events leading to The Sarbanes-Oxley Act of 2002
91 | P a g e
•
Speaks to many of the issues currently facing organizations •
How does an organization determine the appropriate level of risk for the value it seeks to create for stakeholders
•
How does an organization communicate its risk policy to stakeholders
•
Final Version released September 2004
•
Details essential components and concepts of enterprise risk management for all organizations, regardless of size
•
Identifies the interrelationships between enterprise risk management and internal control
•
Is intended to be comprehensive and holistic approach
•
Is intended for application across many sectors and organizations
ERM provides a pathway for supporting ongoing compliance AND moving beyond compliance
•
An enterprise-wide risk assessment process infuses the disclosure process with new risks more timely as they emerge
•
ERM builds upon the disclosure infrastructure to broaden the focus on transparency beyond financial reporting
92 | P a g e
•
ERM instills the discipline needed to continuously improve risk management capabilities
•
The COSO ERM Framework: –
Provides a much needed common language
–
Illustrates how ERM is built around the Internal Control – Integrated Framework
•
The COSO Framework provides an understanding of the components of ERM
Enterprise Risk Management: •
Is a process
•
Is effected by people
•
Is applied in strategy setting
•
Is applied across the enterprise
•
Is designed to identify potential events
•
Manages risks with risk appetite
93 | P a g e
•
Provides reasonable assurance
•
Supports achievement of objectives S CE IC ING AN EG I ON RT I T T O L A P RA MP ER RE ST CO OP
Internal Environment
Control Activities
SUBSIDIARY
Risk Response
DIVISION
Risk Assessment
ENTITY-LEVEL
Event Identification
BUSINESS UNIT
Objective Setting
Information & Communication Monitoring
The COSO ERM Framework – What’s the message?
•
There are a multitude of possible elements that make up an ERM solution – the COSO framework lists many of these elements
•
Companies have different objectives, strategies, structure, culture, risk appetite and financial wherewithal -- no two ERM solutions are alike
•
The specific policies, processes, skill sets, reports, methodologies and systems comprising the elements defining the solution for one company may differ from another company
94 | P a g e
•
Companies looking for off-the-shelf ERM solutions are setting themselves up for disappointment – in terms of what they find or the results they get
Starts from the premise that IT needs to deliver the information that the enterprise needs to achieve its objectives.
95 | P a g e
Promotes process focus and process ownership Divides IT into 34 processes belonging to four domains and provides a high level control objective for each Looks at fiduciary, quality and security needs of enterprises, providing seven information criteria that can be used to generically define what the business requires from IT •
Is supported by a set of over 300 detailed control objectives
96 | P a g e
ABB Risk Catalog
97 | P a g e
Risk Catalogue Risk Category
Risk Employment Market
Strategic Risk
External Risk
Suppliers Investors & Finance
What threats are we exposed to with respect to government organization in changes in law, SEC ruling, taxation, political decisions, etc.?
Customers
What threats are we facing towards our customers with respect to market behavior, pricing, standards, technology innovation, maturity, etc.?
Competitors
What threats are we exposed to regarding our competitors (e.g. business consolidations, financial strength, diversification, market development, market share, etc.)?
Business Model
What are the risks with respect to our business model (e.g. transparency, business intelligence, risk awareness of the underlying business model, planning risks, execution risks, quality of implementation, branding, etc.)?
Organization & Leadership
How do we organize our business and what are the underlying risks we are facing (e.g. organization structure, drive change process, responsibility, accountability, management capabilities, resource allocation, culture, communication, etc.)?
Business Portfolio
What business are we in; what business should we be in; what are the risks of our portfolio (e.g. life cycle, portfolio strategy, technology, etc.)?
Capacity
Operational Risk
What threats are we exposed to in the employment market (e.g. regulations, skill availability, trade unions, etc.)? What threats are we facing towards our suppliers (e.g. quality, financial strength, price development, single sourcing, supplier structure, etc.)? What threats are related to investors and financing our business (e.g. cost of finance, credibility, accessibility to loans, rating, etc.)?
Government & Regulatory
Effectiveness & Efficiency
98 | P a g e
Examples
Standardization
Do we have the right processes (e.g. customers, quality, costs, leadtimes) and are they implemented)? Do we have the volume of people, production facilities and finance we need? Are our products, services and solutions standardized? Do they meet set requirements?
Competence & Skills Do we have the right professional skills and are people trained? Information & Documentation
Do we have access to relevant and reliable information as input to our processes?
Are we in control of the operations? Do we manage risks? Do we get the right information as outputs? Are internal controls in place? Are we adherent Control & Monitoring to US-GAAP, to guidelines? Are forecasts credible? Books and records are integer? Cash flow, FX exposures, bank guarantees, taxes are managed? Asset & Safety
Are assets and intangibles secured, and are the people safe?
Integrity
Is the ethical climate promotional? Do we follow compliance guidelines?
Heat Map – assessment of likelihood and impact
99 | P a g e
SUGGESTIONS AND RECOMMENDATIONS Suggestions for reducing risk include: – Physical building and perimeter security – Fire detection and suppression systems – UPS systems (uninterruptable power supply) – Computer security systems (e.g. passwords, firewalls) – Regular backup of electronic data – secure storage of critical paper documents – minimizing ‘single points of failure’ – Regular maintenance of equipment – Employee screening procedures – Executive travel policies, etc. Suggestions for reducing impact include: – developing ‘workaround’ procedures for loss of computer systems – developing contingency procedures for specific events (e.g. postal strike, transportation problems) – splitting business operations between two or more locations – maintaining safety stock of raw materials at an alternate location – keeping finished inventory in more than one location – establishing alternate means of voice or data communication – pre-establishing outsourcing arrangements – Cross-training employees – developing executive succession plans, etc. Other suggestions -To undertook the SAP ERP project to unify its information systems. -Faced with a major liquidity crisis, a significant challenge was the fact that our existing financial software tools weren’t really up to the task. When we looked at the tools available on the market to help us, we found Hyperion Strategic Finance was the only product capable of handling our simulation requirements. There was really nothing else comparable.” 100 | P a g e
-Mitigating Risk through IT Asset Management. -In the Manufacturing Industry, workers and companies alike are exposed to risk constantly. These industries must meet a complex array of local, national and international regulations and standards that have given rise to new environmental concerns, quality standards and export compliance. IMPACT ERM is the leading technology used by manufacturing companies in the US and Europe to do all of the following: 1. 2.
Lower exposure to risks Reduce losses
3.
Improve quality
4.
Raise productivity
5.
Provide comprehensive operational risk analysis
6.
Execute management systems and compliance initiatives
Ways that Manufacturing Companies use IMPACT ERM -For manufacturing companies, IMPACT ERM is the ideal Operational Risk Management software solution – for single sites or across a worldwide enterprise. IMPACT can help organizations with Regulatory Compliance, Management System Execution and Analytics & Reporting. -Ten Ways to Help Mitigate and Control Credit Risk
In light of the problems in the economy, problems in the stock market, problems associated with lack of consumer confidence, and the increase in the number of business bankruptcies being filed - credit managers need to be even more careful about controlling credit risk. Here are ten ideas to help you to reduce risk - starting today:
101 | P a g e
1. 2.
Increase your department's participation in industry credit groups to gain additional insights about existing customers as well as potential new customers. Become more insistent about applicants signing personal guarantees as a condition of extending open account credit terms - especially to businesses that are fairly new.
3.
Request or require that customers provide financial statements more frequently than once a year. A lot can happen in a year - and out of date financial statements may provide the credit department with a false sense of security.
4.
If you are selling to a subsidiary of a company, and the subsidiary's financial condition or payment pattern is "disturbing" request or require the parent company to sign an inter-corporate guarantee.
5.
Increase the frequency of calls relating to past due balances, and eliminate grace periods before making the first of these collection calls.
6.
Insist/require/demand that your collection staff report to you any problems they encounter including: 1.
Disconnected phones
2.
Customers that will not accept their calls
3.
Customers that do not return messages
4.
Unrealistic payment commitments
5.
An outright refusal to make a payment commitment
6.
Customers that refuse to pay large past due balance because of small dollar disputes.
7.
Be more willing to use order holds as leverage to extract payment from a customer that has not made a payment, or even offered a reasonable payment commitment.
8.
If an account becomes seriously past due [for example more than 30 days past due] do not return to "business as usual" once the past due balance is paid. This situation should automatically trigger a review of the customer account
102 | P a g e
before a decision is made about whether or not to continue to offer open account terms and at what credit limit. 9.
Consider using credit insurance to help prevent catastrophic losses - but remember that credit insurance is not a cure-all. Usually, there are a number of customer accounts for which coverage will be denied in full or in part by the credit insurance carrier.
10.
Work closely with sales to determine the expected level of sales to each customer. Work proactively to try to qualify customers for the credit limits they require - and when you are unable to extend amount of credit requested make sure that the salesperson knows both the credit limit and the reason[s] for your concern about their customers' financial health and/or payment problems.
BIBLIOGRAPHY Book The complete guide to business risk management, 2 edition by kit sadgrove, page 8 & 9
Journals/Pdf file COSO, Enterprise Risk Management, Integrated Framework, Executive Summary, PV Casualty Actuarial Society, ERM Committee, Overview of ERM Process”, P 11-13, May 2003 Ernst & Young, Developing the Risk Universe NSW Departments of State and Regional Development, Risk Management for Small Businesses Reports and presentations of various risk consultants Report by Earnest & Young on risk management of various sectors
WEBSITES
www.google.co.in 103 | P a g e
www.wikipedia.org
www.icmrindia.org
www.abnamro.com
www.infosys.com
www.novartis.com
www.siemens.co.in
www.shoppersstop.com
www.ge.com
www.alstom.com
www.areva.com
www.zara.com
www.tajhotels.com
www.harvardbusiness.org
104 | P a g e