In the age of social media and Instagram, people are becoming more and more influenced by the lifestyles they see on social media. This gives a rise to aspirations to attain wealth and live a very comfortable if not a luxurious life. Not everyone is blessed with a good amount of wealth, born in an affluent family or have a high income. It is good to work hard towards your goals and achieve success over time but even though most people want to become wealthy, they just don't get it. We all have seen a prince marrying an ordinary woman in fairy tales. In Korean drama, it is very common to see an extremely rich man marrying an ordinary woman or vice versa. Marrying a rich man/woman can be a shortcut for someone to escape poverty and attain the desired level of wealth and financial freedom. During my consultations, several people come up to me with these questions and through this article I want to guide you to find the best approach for your life based on your planetary placemen...
Holistic Technology
Holistic (holistic technology) is
an approach to IT management that is concerned with
viewing and treating a complex computer system as a single entity.
Just as a holistic approach to medicine treats
each patient as an integrated system and considers how the mind affects the
body, a holistic approach to technology focuses on the interdependence of
system components.
Holistic approaches include:
o
Systems
thinking - a
holistic approach to analysis that focuses on the way that a system's
constituent parts interrelate, how systems work over time and how they work
within the context of even larger systems.
o
Process
Centric BPM - a
holistic approach to BPM that centers on business
processes themselves,
rather than individual elements such as documents, workflow or people.
o
Information
governance - a
holistic approach to managing corporate information by implementing processes, roles, controls and metrics that treat
information as a valuable business asset.
o
Supply
chain sustainability -
a holistic perspective of supply chain processes and technologies that go
beyond the focus of delivery, inventory and traditional views of cost.
o
Enterprise
risk management - a
holistic approach to planning, organizing, leading, and controlling an
organization's activities in order to minimize the effects of risk on capital
and earnings.
System Thinking
“System thinking has been defined as an approach to problem solving that attempts to balance holistic thinking and reductionist
thinking. By taking the overall system as well as its parts into account
systems thinking is designed to avoid potentially contributing to further
development of unintended consequences.”
System
thinking is a management discipline that concerns an understanding of a system
by examining the linkages and interactions between the components that comprise
the entirety of that defined system.
The whole system is a systems
thinking view of the complete organisation in relation to its environment. It
provides a means of understanding, analysing and talking about the design and
construction of the organisation as an integrated, complex composition of many
interconnected systems (human and non-human) that need to work together for the
whole to function successfully.
Whole systems are composed of
systems, the basic unit, which comprise several entities (e.g. policies,
processes, practices and people) and may be broken down into further
sub-systems. Systems may be thought about as having clear external boundaries
(closed) or having links with their environment (open). An open systems
perspective is the more common and realistic.
The boundaries of a whole system
may be chosen and defined at a level suitable for the particular purpose under
consideration; e.g. the education system or a complete school system.
Similarly, systems can be chosen
and defined at different levels and can operate alongside each other as well as
hierarchically; e.g. the finance system, the decision-making system, the
accountability system.
An
organisation as an entity can suffer systemic failure. This occurs in the whole
system or high-level system where there is a failure between and within the
system elements that need to work together for overall success.
Factors in systemic failure may
include confused goals, weak system-wide understanding, flawed design,
individual incentives that encourage loyalty to sub-ordinate (rather than
super-ordinate) goals, inadequate feedback, poor cooperation, lack of
accountability, etc.
Whole system success requires a
performance management system that is pitched above the level of individual
systems and their functional leadership. Features may include group or
team-level goal-setting, development, incentives, communication, reviews,
rewards, accountability. The aim is to focus on what binds individuals together
and what binds systems together rather than functional silo performance.
Whole system failure may co-exist
alongside functional success. The leadership of silos may individually be
successful but not be sufficiently integrated into the whole system owing to a
shortcoming of systems design, management or understanding.
A whole system can succeed only
through managers collaborating in and across a number of functional systems.
The whole system can fail only if leadership at the level of the whole system
fails, and where several senior managers are involved. Hence, such failure may
be labelled a systemic failure of leadership.
In cases of systemic failure,
individual executives who operate at a lower sub-system level may be free of
responsibility and blame. They may argue (correctly) that it was the wider
system that failed. They may claim that particular systems that integrate with
their own work let them down. However, responsibility and accountability for
the successful design and running of the (integrated) ‘whole system’ should
rest somewhere.
Understanding
and anticipating how the whole system is intended to work, actually works, and
how it may buckle under pressure, can practically elude and defeat most
executives. To avoid censure for this tough challenge, they sometimes seek
recourse to the often hollow mantra “lessons will be/have been learned”. They
also try to divert attention and reassure investors by referring to a single
bad apple (e.g. a ‘rogue trader’), behind which usually lurks a systemic
failure.
The leadership challenge is
accentuated by the realisation that for every legitimate, official or
consciously designed system (which is intended to be and is supposedly
rational) there is a shadow system. The shadow system is where all the
non-rational issues reside; e.g. politics, trust, hopes, ambitions, greed,
favours, power struggles, etc.
The
system can confuse, overpower, block, and fail leadership. But leadership can
fail the system. A major failure of leadership within, across or down an
organisation is referred to as ‘systemic’.
Several ways to think of and define a
system include:
·
a system is composed of parts
·
a system is other than the sum of its
parts
·
all the parts of a system must be
related (directly or indirectly), else there are really two or more distinct
systems
·
a system is encapsulated (has a
boundary)
·
a system can be nested inside another
system
·
a system can overlap with another
system
·
a system is bounded in time, but may
be intermittently operational
·
a system is bounded in space, though
the parts are not necessarily co-located
·
a system receives input from, and
sends output into, the wider environment
·
a system consists of processes that
transform inputs into outputs
·
a system is autonomous in fulfilling
its purpose (a car is not a system. A car with a driver is a system)
The systems thinking approach
incorporates several tenets:
·
Interdependence of
objects and their attributes – independent elements can never constitute a
system
·
Holism – emergent properties not
possible to detect by analysis should
be possible to define by a holistic approach
·
Inputs and
outputs – in a closed system inputs
are determined once and constant; in an open system additional
inputs are admitted from the environment
·
Transformation of inputs into outputs –
the process by which the goals are obtained
·
Multifinality – attaining alternative
objectives from the same inputs (divergence)
A treatise on systems thinking ought
to address many issues including:
·
Encapsulation of a system in space
and/or in time
·
Active and passive systems (or
structures)
·
Transformation by an activity system
of inputs into outputs
·
Persistent and transient systems
·
Evolution, the effects of time
passing, the life histories of systems and their parts.
·
Design and designers.
Using the tenet of
"multifinality", a supermarket could be considered a:
·
"Profit making system" from
the perspective of management and owners
·
"Distribution system" from
the perspective of the suppliers
·
"Employment system" from
the perspective of employees
·
"Materials supply system"
from the perspective of customers
·
"Entertainment system" from
the perspective of loiterers
·
"Social system" from the
perspective of local residents
·
"Dating system" from the
perspective of single customers
Process Centric Business Processing Model
“Process-centric business
process management is a holistic approach to BPM that
centers on business processes themselves, rather than individual elements such as
documents, workflow or people.”
Business
process modelling in systems engineering is the activity of representing
processes of
an enterprise, so that the current process may be analyzed or improved. BPM is
typically performed by business analysts, who provide expertise in the modeling
discipline; by subject matter experts, who have specialized knowledge of the
processes being modeled; or more commonly by a team comprising both.
Alternatively, the process model can be derived directly from events' logs
using process
mining tools.
The business objective is often to
increase process speed or reduce cycle time; to increase quality; or to reduce
costs, such as labor, materials, scrap, or capital costs. In practice, a
management decision to invest in business process modeling is often motivated
by the need to document requirements for an information technology project.
A business
model is
a framework for creating economic, social, and/or other forms of value. The
term 'business model' is thus used for a broad range of informal and formal
descriptions to represent core aspects of a business, including purpose,
offerings, strategies, infrastructure, organizational structures, trading
practices, and operational processes and policies.
In the most basic sense, a business
model is the method of doing business by which a company can sustain itself.
That is, generate revenue. The business model spells-out how a company makes
money by specifying where it is positioned in the value
chain.
A business
process is
a collection of related, structured activities or tasks that
produce a specific service or product (serve a particular goal) for a
particular customer or customers. There are three main types of business
processes:
1.
Management processes, that govern the
operation of a system. Typical management processes include corporate
governance and strategic
management.
2.
Operational processes, that constitute
the core business and
create the primary value stream. Typical operational processes are purchasing, manufacturing, marketing,
and sales.
3.
Supporting processes, that support the
core processes. Examples include accounting, recruitment,
and technical support.
A business process
can be decomposed into several sub-processes, which have their own attributes,
but also contribute to achieving the goal of the super-process. The analysis of
business processes typically includes the mapping of processes and sub-processes
down to activity level. A business process model is a model of
one or more business processes, and defines the ways in which operations are
carried out to accomplish the intended objectives of an organization. Such a
model remains an abstraction and depends on the intended use of the model. It
can describe the workflow or the integration between business processes. It can
be constructed in multiple levels.
A workflow is a depiction of a
sequence of operations, declared as work of a person, of a simple or complex
mechanism, of a group of persons, of
an organization of staff, or of machines. Workflow may be seen as any
abstraction of real work, segregated into workshare, work split or other types
of ordering. For control purposes, workflow may be a view of real work under a
chosen aspect.
The artifact-centric
business process model has
emerged as a holistic approach for modeling business processes, as it provides
a highly flexible solution to capture operational specifications of business
processes. It particularly focuses on describing the data of business
processes, known as "artifacts", by characterizing business-relevant
data objects, their lifecycles, and related services. The artifact-centric
process modelling approach fosters the automation of the business operations
and supports the flexibility of the workflow enactment and evolution.
Modeling and
simulation functionality allows for pre-execution "what-if" modeling
and simulation. Post-execution optimization is available based on the analysis
of actual as-performed metrics.
Some business process modeling
techniques are:
·
Extended Business Modeling Language
(xBML)
BPM suite software provides programming
interfaces (web services, application program interfaces (APIs)) which allow
enterprise applications to be built to leverage the BPM engine. This component is
often referenced as the engine of the BPM suite.
Programming languages that are being
introduced for BPM include:
Some vendor-specific languages:
Other technologies related to business
process modeling include model-driven architecture and service-oriented architecture.
A business reference model is a reference model,
concentrating on the functional and organizational aspects of an enterprise, service organization or government
agency. In general a reference
model is
a model of something that embodies the basic goal or idea of something and can
then be looked at as a reference for various purposes. A business reference
model is a means to describe the business operations of an organization,
independent of the organizational structure that perform them. Other types of
business reference model can also depict the relationship between the business
processes, business functions, and the business area's business reference
model. These reference
models can
be constructed in layers, and offer a foundation for the analysis of service
components, technology, data, and performance.
The most familiar business reference
model is the Business Reference Model of the US federal government. That model
is a function-driven framework for
describing the business operations of the federal government independent of the
agencies that perform them. The Business Reference Model provides an organized,
hierarchical construct for describing the day-to-day business operations of the
federal government. While many models exist for describing organizations – organizational charts, location maps, etc. –
this model presents the business using a functionally driven approach.
A business
model, which may be considered an elaboration of a business process model,
typically shows business data and business organizations as well as business
processes. By showing business processes and their information flows, a
business model allows business stakeholders to define, understand, and validate
their business enterprise. The data model part of the business
model shows how business information is stored, which is useful for developing software
code. See the figure on the right for an example of the interaction between
business process models and data models.
Usually a business
model is created after conducting an interview, which is part of the business
analysis process.
The interview consists of a facilitator asking a series of questions to extract
information about the subject business process. The interviewer is referred to
as a facilitator to emphasize that it is the participants, not the facilitator,
who provide the business process information. Although the facilitator should
have some knowledge of the subject business process, but this is not as
important as the mastery of a pragmatic and rigorous method interviewing
business experts. The method is important because for most enterprises a team
of facilitators is needed to collect information across the enterprise, and the
findings of all the interviewers must be compiled and integrated once
completed.
Business models are
developed as defining either the current state of the process, in which case
the final product is called the "as is" snapshot model, or a concept
of what the process should become, resulting in a "to be" model. By
comparing and contrasting "as is" and "to be" models the
business analysts can determine if the existing business processes and
information systems are sound and only need minor modifications, or if
reengineering is required to correct problems or improve efficiency.
Consequently, business process modeling and subsequent analysis can be used to
fundamentally reshape the way an enterprise conducts its operations.
Business process management is a field of management focused on aligning organizations with the wants and needs of
clients. It is a holistic management approach that
promotes business effectiveness and efficiency while striving for innovation,
flexibility and integration with technology. As organizations strive for
attainment of their objectives, business process management attempts to
continuously improve processes - the process to define, measure and improve
your processes – a "process optimization" process.
Business process reengineering (BPR) aims to improve
the efficiency and
effectiveness of the processes that exist within and
across organizations. It examines business processes from a "clean
slate" perspective to determine how best to construct them.
Business process
reengineering (BPR) began as a private sector technique to help organizations
fundamentally rethink how they do their work. A key stimulus for reengineering
has been the development and deployment of sophisticated information systems
and networks. Leading organizations use this technology to support innovative
business processes, rather than refining current ways of doing work.
Information Governance
“Information governance, or IG, is the set of multi-disciplinary structures, policies,
procedures, processes and controls implemented to manage information at an
enterprise level, supporting an organization's immediate and future regulatory,
legal, risk, environmental and operational requirements.”
Information
governance should determine the balance point between two potentially divergent
organizational goals: extracting value from information and reducing the
potential risk of information. Information governance reduces organizational
risk in the fields of compliance, operational transparency, and reducing
expenditures associated with e-discovery and litigation response. An
organization can establish a consistent and logical framework for employees to
handle data through their information governance policies and procedures.
Information governance encompasses more than traditional records management. It
incorporates information security and protection, compliance, data governance, electronic discovery, risk management, privacy, data storage and archiving, knowledge management,
business operations and management, audit, analytics, IT management, master data management, enterprise architecture, business intelligence, big data, data science, and finance.
Records management deals with the creation, retention and storage and disposition of records.
A record can either be a physical, tangible object, or digital information such
as a database, application data, and e-mail. The lifecycle was historically viewed as the point of creation to
the eventual disposal of a record. As data generation exploded in recent
decades, and regulations and compliance issues increased, traditional records
management failed to keep pace. A more comprehensive platform for managing records
and information became necessary to address all phases of the lifecycle, which
led to the advent of information governance.
In 2003 the Department
of Health in England introduced the concept of broad-based information
governance into the National Health Service, publishing version 1 of an online
performance assessment tool with supporting guidance. The NHS IG Toolkit[5] is now used by over
30,000 NHS and partner organisations, supported by an e-learning platform with
some 650,000 users.
In 2008, ARMA International introduced the
Generally Accepted Recordkeeping Principles®, or "The Principles"[6] and the subsequent
"The Principles" Information Governance Maturity Model.[7] "The
Principles" identify the critical hallmarks of information governance. As
such, they apply to all sizes of organizations, in all types of industries, and
in both the private and public sectors. Multi-national organizations can also
use "The Principles" to establish consistent practices across a
variety of business units. ARMA International recognized that a clear statement
of "Generally Accepted Recordkeeping Principles" ("The
Principles") would guide:
·
CEOs in determining how to protect their
organizations in the use of information assets;
·
Legislators in crafting legislation
meant to hold organizations accountable; and
·
Records management professionals in
designing comprehensive and effective records management programs.
Information governance goes beyond
retention and disposition to include privacy, access controls, and other
compliance issues. In electronic discovery, or e-discovery, relevant data in
the form of electronically stored information is searched for by
attorneys and placed on legal hold.
IG includes consideration of how this data is held and controlled for
e-discovery, and also provides a platform for defensible disposition and
compliance. Additionally, metadata often accompanies
electronically stored data and can be of great value to the enterprise if
stored and managed correctly.
To address retention and disposition,
Records Management and Enterprise Content Management applications were
developed. Sometimes detached search engines or home-grown policy definition tools
were created. These were often employed at a departmental or divisional level;
rarely were tools used across the enterprise. While these tools were used to
define policies, they lacked the ability to enforce those policies. Monitoring
for compliance with policies was increasingly challenging. Since information
governance addresses so much more than traditional records management, several
software solutions have emerged to include the vast array of issues facing
records managers.
Other available tools include:
·
ARMA International Next Level Information Governance Assessment (
Based upon the Generally Accepted Recordkeeping Principles)
·
ARMA Generally Accepted Recordkeeping
Principles
·
EDRM Information Governance Reference
Model
·
Information Coalition Information
Governance Model
·
NHS Information Governance Toolkit
Key to Information Governance are the regulations and
laws that help to define corporate policies. Some of these regulations include:
Supply Chain Sustainability
“Supply chain sustainability is
a business issue affecting an organization’s supply chain or logistics network in terms of environmental, risk, and
waste costs. There is a growing need for integrating environmentally sound
choices into supply-chain management.”
Sustainability in the supply chain
is increasingly seen among high-level executives as essential to delivering
long-term profitability and has replaced monetary cost, value, and speed as the
dominant topic of discussion among purchasing and supply professionals.
Supply chains are critical links
that connect an organization’s inputs to its outputs. Traditional challenges
have included lowering costs, ensuring just-in-time delivery, and
shrinking transportation times to allow better reaction to business challenges.
However, the increasing environmental costs of these networks and growing
consumer pressure for eco-friendly products has led many organizations to look
at supply chain sustainability as a new measure of profitable logistics
management. This shift is
reflected by an understanding that sustainable supply chains frequently mean
profitable supply chains.
One of the key
requirements of successful sustainable supply chains is collaboration. The practice of collaboration — such as sharing
distribution to reduce waste by ensuring that half-empty vehicles do not get
sent out and that deliveries to the same address are on the same truck — is not
widespread because many companies fear a loss of commercial control by working
with others. Investment in alternative modes of transportation — such as use of canals and airships — can play an important role in helping companies reduce the
cost and environmental impact of their deliveries.[6] Collaboration platforms are emerging because of the fear of a loss of
commercial control and competitive advantage by working closely with other
companies.
Many
companies are limited to measuring the sustainability of their own business
operations and are unable to extend this evaluation to their suppliers and
customers. This makes determining their true environmental costs highly
challenging and reduces their ability to remove waste from the supply chains.
However much progress has been made in defining supply chain sustainability and
benchmarking tools are now available that enable sustainability action plans to
be developed and implemented.
In 2008, The Future Laboratory produced a ranking
system for the different levels of sustainability being achieved by
organization. This was called the Three Tiers of Sustainability:
Tier 1: Getting the basics right
This is the base level and is the stage
in which the majority of organizations are at. Companies employ simple measures
such as switching lights and PCs off when left idle, recycling paper, and using
greener forms of travel with the purpose of reducing the day-to-day carbon
footprint. Some companies also employ self-service technologies such as
centralized procurement and teleconferencing.
Tier 2: Learning to think sustainably
This is the second level, where
companies begin to realize the need to embed sustainability into supply chain
operations. Companies tend to achieve this level when they assess their impact
across a local range of operations. In terms of the supply chain, this could
involve supplier management, product design, manufacturing rationalization, and
distribution optimization.
Tier 3: The science of sustainability
The third tier of supply chain
sustainability uses auditing and benchmarks to provide a framework for
governing sustainable supply chain operations. This gives clarity around the
environmental impact of adjustments to supply chain agility, flexibility, and
cost in the supply chain network. Moving
towards this level means being driven by the current climate (in which
companies recognize cost savings through green operations as being significant)
as well as pushing emerging regulations and standards at both an industry and
governmental level.
Application of Sustainability
Companies looking to implement
sustainable strategies down its supply chain should also look upstream. To
elaborate, if a company is able to choose between various suppliers, it can for
example use its purchasing power to get its suppliers in compliance with its
green supply chain standards. In managing suppliers, companies must measure
that inputs from suppliers are of high quality, and the usage of water and
energy is minimised leading to less pollution, defects and over production.
They also must audit their supplier base and make sure that they are improving
the supply chain metrics
Enterprise Risk Management
“Enterprise risk management (ERM)
is the process of planning, organizing, leading, and controlling the activities
of an organization in order to minimize the effects of risk on an
organization's capital and earnings. Enterprise risk management expands the
process to include not just risks associated with accidental losses, but also
financial, strategic, operational, and other risks.”
Enterprise
risk management in business includes the methods
and processes used by organizations to manage risks and seize opportunities
related to the achievement of their objectives. ERM provides a framework for risk
management, which typically involves identifying particular events or
circumstances relevant to the organization's objectives (risks and
opportunities), assessing them in terms of likelihood and magnitude of impact,
determining a response strategy, and monitoring progress. By identifying and
proactively addressing risks and opportunities, business enterprises protect
and create value for their stakeholders, including owners, employees,
customers, regulators, and society overall.
ERM can also be described as a
risk-based approach to managing an enterprise, integrating concepts of internal
control, the Sarbanes–Oxley Act, and strategic planning. ERM is evolving to address
the needs of various stakeholders, who want to understand the broad spectrum of
risks facing complex organizations to ensure they are appropriately managed.
Regulators and debt rating agencies have increased their scrutiny on the risk
management processes of companies.
There are various important ERM frameworks, each of
which describes an approach for identifying, analysing, responding to, and
monitoring risks and opportunities, within the internal and external
environment facing the enterprise. Management selects a risk response
strategy for specific risks identified and analysed, which may
include:
1. Avoidance:
exiting the activities giving rise to risk
2. Reduction:
taking action to reduce the likelihood or impact related to the risk
3. Alternative
Actions: deciding and considering other feasible steps to minimize risks.
4. Share or
Insure: transferring or sharing a portion of the risk, to finance it
5. Accept:
no action is taken, due to a cost/benefit decision
Monitoring is typically performed by management as
part of its internal control activities, such as review of analytical reports
or management committee meetings with relevant experts, to understand how the
risk response strategy is working and whether the objectives are being
achieved.
The risk types and
examples include:
·
Hazard risk : Liability
torts, Property damage, Natural catastrophe
·
Financial risk
: Pricing
risk, Asset risk, Currency risk, Liquidity risk
·
Operational
risk : Customer
satisfaction, Product failure, Integrity, Reputational risk; Internal Poaching;
Knowledge drain
·
Strategic
risks : Competition,
Social trend, Capital availability
The risk management process involves:
1.
Establishing
Context: This
includes an understanding of the current conditions in which the organization operates
on an internal, external and risk management context.
2.
Identifying
Risks: This
includes the documentation of the material threats to the organization’s
achievement of its objectives and the representation of areas that the
organization may exploit for competitive advantage.
3.
Quantifying
Risks: This
includes the calibration and, if possible, creation of probability
distributions of outcomes for each material risk.
4.
Integrating
Risks: This
includes the aggregation of all risk distributions, reflecting correlations and
portfolio effects, and the formulation of the results in terms of impact on the
organization’s key performance metrics.
5.
Assessing/Prioritizing
Risks: This
includes the determination of the contribution of each risk to the aggregate
risk profile, and appropriate prioritization.
6.
Treating/Exploiting
Risks: This
includes the development of strategies for controlling and exploiting the
various risks.
7.
Monitoring and
Reviewing: This
includes the continual measurement and monitoring of the risk environment and
the performance of the risk management strategies.
The COSO "Enterprise Risk
Management-Integrated Framework" published in 2004 defines ERM as a
"…process, effected by an entity's board of directors, management, and
other personnel, applied in strategy setting and across the enterprise,
designed to identify potential events that may affect the entity, and manage
risk to be within its risk
appetite, to provide reasonable assurance regarding the achievement of
entity objectives."[4]
The COSO ERM Framework has eight
Components and four objectives categories. It is an expansion of the COSO Internal
Control-Integrated Framework published in 1992 and amended in 1994. The
eight components - additional components highlighted - are:
·
Authority and pledge to the ERM
·
RISK Management policy
·
Mixer of ERM in the institution
·
Risk Assessment
·
Risk Response
·
communication and reporting
·
Information and Communication
·
Monitoring
The four objectives categories -
additional components highlighted - are:
·
Strategy -
high-level goals, aligned with and supporting the organization's mission
·
Operations - effective and efficient use
of resources
·
Financial Reporting - reliability of
operational and financial reporting
·
Compliance - compliance with applicable
laws and regulations
Goals of an ERM program
Organizations by nature manage risks and
have a variety of existing departments or functions ("risk
functions") that identify and manage particular risks. However, each risk
function varies in capability and how it coordinates with other risk functions.
A central goal and challenge of ERM is improving this capability and
coordination, while integrating the output to provide a unified picture of risk
for stakeholders and improving the organization's ability to manage the risks
effectively.
Typical risk functions
The primary risk functions in large
corporations that may participate in an ERM program typically include:
·
Strategic planning - identifies external
threats and competitive opportunities, along with strategic initiatives to
address them
·
Marketing - understands the target
customer to ensure product/service alignment with customer requirements
·
Compliance & Ethics - monitors
compliance with code of conduct and directs fraud investigations
·
Accounting / Financial compliance -
directs the Sarbanes-Oxley Section 302 and 404 assessment, which identifies
financial reporting risks
·
Law Department - manages litigation and analyses
emerging legal trends that may impact the organization
·
Insurance - ensures the proper insurance
coverage for the organization
·
Treasury - ensures cash is sufficient to
meet business needs, while managing risk related to commodity pricing or
foreign exchange
·
Operational Quality Assurance - verifies
operational output is within tolerances
·
Operations management - ensures the
business runs day-to-day and that related barriers are surfaced for resolution
·
Credit - ensures any credit provided to
customers is appropriate to their ability to pay
·
Customer service - ensures customer
complaints are handled promptly and root causes are reported to operations for
resolution
·
Internal audit - evaluates the
effectiveness of each of the above risk functions and recommends improvements
Common challenges in ERM implementation
Various consulting firms offer
suggestions for how to implement an ERM program. Common topics and
challenges include:
·
Identifying executive sponsors for ERM.
·
Establishing a common risk language or
glossary.
·
Identifying and describing the risks in
a "risk inventory".
·
Implementing a risk-ranking methodology
to prioritize risks within and across functions.
·
Establishing a risk committee and or Chief
Risk Officer (CRO)
to coordinate certain activities of the risk functions.
·
Establishing ownership for particular
risks and responses.
·
Demonstrating the cost-benefit of the
risk management effort.
·
Developing action plans to ensure the
risks are appropriately managed.
·
Developing consolidated reporting for
various stakeholders.
·
Monitoring the results of actions taken
to mitigate risk.
·
Ensuring efficient risk coverage by
internal auditors, consulting teams, and other evaluating entities.
·
Developing a technical ERM framework
that enables secure participation by 3rd parties and remote employees