John Sidwell - Enhanced Enterprise Risk Management

Enhanced Enterprise Risk Management

Enhanced Enterprise Risk Management

John Sidwell and Peter Hlavnicka

Enhanced Enterprise Risk Management

Copyright Business Expert Press, LLC, 2023.

Cover design by Charlene Kronstedt

Interior design by Exeter Premedia Services Private Ltd., Chennai, India

All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any meanselectronic, mechanical, photocopy, recording, or any other except for brief quotations, not to exceed 400 words, without the prior permission of the publisher.

First published in 2022 by

Business Expert Press, LLC

222 East 46th Street, New York, NY 10017

www.businessexpertpress.com

ISBN-13: 978-1-63742-398-1 (paperback)

ISBN-13: 978-1-63742-399-8 (e-book)

Business Expert Press Business Law and Corporate Risk Management Collection

First edition: 2022

10 9 8 7 6 5 4 3 2 1

Description

The performance and survival of a business in a global economy depends on understanding and managing the risksboth external and those embedded within its operations.

It is vital to identify and prioritize significant risks and detect the weakest points. Adding other elements to an essential ERM program, such as PESTLE and Porters Five Forces, treatment plans, scorecards, the three lines of defense (3LoD) components, and process improvements (Six Sigma, 8D, etc.) significantly increases the ERM success rate.

The authors outline a comprehensive strategy for designing and implementing a robust and successful ERM programthat is not just successful in implementation but also in yielding enormous returns for the organizations that implemented this enhanced ERM program.

Keywords

Enterprise risk management; ERM; risks; lines of defense; 3LoD; COSO; governance; stress testing; evaluation; measurement; assessment; response; reporting; framework; PESTLE; Porters Five Forces; internal audit; process improvement; scorecards; heat maps; finance

Contents

The most useful ERM program I have ever seen. I have asked the other companies on which I am a board member to emulate your exact program.Thomas McDaniel, Audit Committee Chairman at SunPower Corporation, former Executive Vice President, Chief Financial Officer and Treasurer of Edison International

I have personally served on 12 corporate boards. On two of those companies, I worked with John where he was the chief internal auditor. He was outstanding. In both companies, he put an ERM plan into place that was outstanding. It was well structured, covered all of our major risks and, best of all, it was a plan that management bought into and owned. John is a true expert in designing and implementing ERM plans and, now with this book, in sharing with others what he knows. As I have taught corporate governance, accounting and auditing at three major universities (U of Illinois, Stanford, and BYU), I have learned that there are five key elements to having a successful company: (1) having the right leaders in place, (2) having a strategic plan and mission in place that is bought into by everyone in the organization, (3) implementing processes to accomplish the plans and mission, (4) mitigating the risks that keep you from accomplishing your plan, and (5) excellent communication processes throughout the organization to ensure that everyone in the organization is on the same page. It is often the fourth of these success elements that fails (mitigating risks) that Johns excellent ERM work addresses. I strongly recommend this book to anyone interested in understanding and mitigating their risks so their organizations can be more successful.W. Steve Albrecht, PhD, MBA, CPA, CIA, and CFE; Professor Emeritus University of Illinois, Stanford, and Brigham Young University

While most ERM programs are sufficient in identifying business risks, Johns program successfully focused on the Treatment Plans to mitigate the risks. In volatile/dynamic industries and a world of heightened geopolitical risks, this program is excellent and brought life to our risk management process and had a significant impact on the organization.Thad Trent, Executive Vice President and Chief Financial Officer On Semiconductor Corporation, former Executive Vice President and Chief Financial Officer Cypress Semiconductor Corporation

John was a pioneer and early adopter of the three lines of defense and ERM. He built a framework that involved the leaders and staff across the company to identify risks, both known and previously unknown to the executive team. Importantly, he was able to use a common sense approach to quantify and rank the risks and track the trending of the various risks. With the closed loop process, tracking and managing mitigation plans protects the shareholders and stakeholders.Chuck Boynton, Executive Vice President and Chief Financial Officer Poly, former Executive Vice President and Chief Financial Officer SunPower Corporation

As a serial founder, Board Director, Venture Capitalist, and Adjunct Faculty Member, I have spent more than two decades on the frontiers of reputation risk management, cyber risk governance, and Enterprise Risk Management. Ive signed off on many variations of ERM programs. Few have served as an orienteering guide to navigate our complex geopolitical, ecological, and social landscape.

ERM failures I have observed in the industry were because the organizations struggled with having a clear ERM objective and structure applicable to the specific needs of their company and industry. Others were due to the leadership taking on too much risk, believing the market would react positively to their message of apparent unbridled commercial growthat any cost. Their strategies lacked globally responsible leadership, citizenship, board of directors endorsement, or alignment with executive leadership team support. Others simply tried to implement too many changes at the same time. Especially in these complex times, navigating shades of gray has never been more critical.

Through a journey from conception to birth, the growth and success of an ERM program, John and Peter lay out the path for ERM practitioners to followstep by step. They provide a robust, practical approach to the discipline, empowering you to identify and quantify your organizations strategic and operational risks. Investing your time in reading this book will provide you with an opportunity to learn from real-life case studies and examples of ERM best practices applicable across all industry sectors and business models.

ERM is core to supporting strategic planning, decision making, and reputation risk management.

If you follow the best practices provided in this book, the chances of establishing and implementing a successful ERM and reputation risk program at your company increase exponentially.

But dont let me hold you off any longer, so go ahead and enjoy your journey.

Leesa Soulodre, MBA, MiM
Adjunct Professor, Singapore Management University
(SMU), General Partner R3i Ventures Pte Limited

We would like to express our gratitude for the help of many individuals who made this book possible, as well as those who guided us and helped us on our journey.

We would like to thank the team at Business Expert Press including Scott Isenberg, Charlene Kronstedt, John Wood, Melissa Yeager, Sheri Dean, and Gunabala Saladi from Exeter for the talented editing and guidance during the production process.