Project Management Institute New York City Chapter January 2014 Chapter Meeting How to Develop Successful Enterprise Risk and Vendor Management Programs Christina S. Kite Senior Vice President Corporate Group Strategy and Operations Federal Reserve Bank of New York January 15, 2014 1
Opening Thought. They don t put brakes in race cars so they can go slower; they put brakes in race cars so they can go faster. 2
Introduction to Risk Businesses continuously seek to forecast tomorrow in order to make better decisions today. Risk Management is the process of dealing with uncertainty. 3
Introduction to Risk Effective Risk Management includes: Identifying and recognizing sources of uncertainty; Measuring and assessing the frequency of occurrence and severity impact of the risk; and, Evaluating alternative approaches to wear, transfer, mitigate, or take advantage of the risk 4
New Approach to Managing Risk Increasing business complexity, globalization, competition, innovation and technological advances Financial crisis and the inability to quantify and understand the risk early enough to avoid the impact Increased focus on Corporate Governance and Shareholder value protection and creation New regulatory and reporting requirements Eighty percent of the risks can not be transferred through traditional insurance products Expanded set of sophisticated risk management tools and big data capabilities available and growing 5
Approach to Risk Management Business Risk Monitoring Risk Responsiveness Risk Tolerance and Appetite Business Risk Analytics Risk Assessment Compliance Business Resilience Insurance Infrastructure Enterprise Risk Management Innovation Community Employees Disciplined Decision Making Risk Taking and Timing Business & Technology Innovation 6
Key Partnerships: Network of Networks BOARD Oversight and Sponsorship Full Board Compensation Committee Audit Committee RISK OWNERS Measure, Manage and Improve Business Unit Executives Line Management Outsourced 3 rd Parties EXECUTIVE MANAGEMENT Policy, Strategy and Appetite CFO, COO and CGO CEO and Operating Group Auditors RISK MANAGEMENT Monitor, Report and Educate Global Risk Officer Risk Review Group External Risk Partners 7
Integrated Risk Strategy Program Identify inter and intra-enterprise-wide risks and opportunities Assess the magnitude of risks and opportunities Aggregate business unit risk assessments and determine risk tolerance and appetite Communicate key risks and risk response strategies Empower business units in risk management Embed risk consideration in long range planning, budgeting and forecasting processes 8
Integrated Approach to Risk Management Info HR Security Finance (FP&A, Tax, SOX) Audit Sales Risk Review Group Tax ERM Quality Legal Engineering And Mfg IT Risk Assessments Coordinated approach to conduct interviews and use outcomes to drive initiatives and work flow (i.e., ERM initiatives, Audit Plan, etc.). Risk Review Group Oversight body to share information that is comprised of a cross functional team. Risk Analytics Database that is developed to capture and categorize risks as well as predict new risks for scenario analysis. Improves the overall management and tracking of risk but, more importantly, analyzes the trends, patterns and interdependencies among risks. 9
Ecosystem Risk Management Customers, Shareholders, and Investors Risk Process Response Ecosystem Risk Management Risk Quantification Partners, Suppliers and Vendors Regulators, Government and Community 10
Vendor Management - Risk Category? Strategic Risk Competitors Business Model and Portfolio Reputation and Brand Intellectual Property Strategic Partners Cash Flow Interest Rate Credit Rating Debt Financial Risk VENDOR MANAGEMENT External Risk Regulatory Disease Weather Legal Business Process Information Security Human Resources Supply Chain Operational Risk 11
Vendor Management Considerations VENDOR CRITICALITY and SEGMENTATION PERFORMANCE MEASUREMENT and MONITORING VENDOR RISK MANAGEMENT INFORMATION CLASSIFICATION AND SHARING GLOBALIZATION CONTRACT INCENTIVES vs PENALTIES 12
Robust Vendor Management Program Resilient Create a vendor readiness state that leads to less volatility, greater predictability and fewer surprises. Make the capability scalable, flexible, modular and agile. Integrated Identify vendor concentrations, criticality and interdependencies as well as offsetting risk patterns to optimize scarce resources and to ensure superior vendor performance and value. Adaptable Design a vendor management program whose approach is real time, driven by dynamic data and the ability to self-correct. 13
Vendor Management Program Capability Culture Ensure the vendor or partner understands the organization s risk appetite, performance expectations and common language Strategy Link to overall strategic mission of the organization, including risk appetite, performance standards, and measurement framework Process Tools Understand and assign clear roles and responsibilities, develop consistent performance assessment methodologies and outline communication channels and escalation paths Develop real-time performance measurement monitoring including governance and reporting that is transparent and consistent 14
Closing Thought. Organizations make money taking risk. They also lose money taking the wrong risks. Create efficiencies and gain value from integrating existing risk management activities including designing a culturally acceptable process for managing vendor risk. 15
Thank You.? 16