1. Enterprise Risk Management & IT Implications BADM 559 Megan Kasbohm

2. ERM is….  A framework for managing risk  An ongoing and continuous process for companies to implement with controls  Broad concept that can be tailored to individual company needs  A tool for minimizing risks and maximizing opportunities

3. 8 ERM Components 1.Internal Environment : overall attitude of the firm- risk adverse, risk neutral or risk seeking 2.Existence of Objectives: objectives that align with overall company goals 3.Event Identification: Assess internal and external environment to identify potential risks 4.Risk Assessment: Determine likelihood and magnitude of potential risks 5.Risk Response Strategy: Choose how to strategically respond to significant risks 6.Control Activities: Implement controls to protect against identified risks 7.Communication: Communicate controls and strategies across all levels of the company 8.Monitoring: Continue to monitor the effectiveness of controls for risk management and make necessary changes.

4. IT & Risk Management  IT as an opportunity: IT can help companies minimize risks by implementing technology, ex: access logs for users  IT as a risk: IT can add risks, ex: information security from hackers  In today’s technological world, IT can cut costs, improve business processes and increase efficiency when used correctly

5. IT Usage Profiles  The Butler  Companies that are risk takers, or industry leaders, and tend to use IT for utility  Professional Service Companies  The Entrepreur  Companies that are risk takers, but use IT for strategic roles, as opposed to a utility role  Web B2C and consumer financial service companies  The Grinder  Companies that are risk adverse and employ IT for utility  Mineral extraction companies  The Team Player  Companies that are risk adverse and expect to use IT strategically, as opposed to for utility  Auto manufacturing companies and Deregulating utilities companies

6. Grant Thornton Case #1  Multinational Manufacturing Company  Company set an objective to provide global monitoring for print quality  New system helped them mitigate the risk of printing quality deterioration in expanding markets  Introduced additional risks such how the company will deal with expanding economies of scale  Management implemented a system that performs real-time quality system reporting to mitigate additional risk  Successful Implementation

7. Grant Thornton Case #2  Not-For-Profit company  Company set an objective to offer additional online services for certain customers  IT in this situation mitigates the risk of loosing customers to the growing online market  Also seizes the opportunity to reach out to a younger market  IT adds the high magnitude risk of hackers getting sensitive information  Company added user access logs to help guard against the risk of loss of security  Successful implenentation

8. SPSS Case  Involved in analytic software  Industry changes and developments required SPSS to update their IT portfolio  Started by setting a clear mission statement that included their new desire for growth and enterprise performance  Company needed a fundamental shift in culture and used a maturity model  SPSS was able to withstand the changing environment of the industry by drilling down to the fundamental issues and designing IT applications to support them  Successful Implementation

9. ICS/CITES Case  ICS Runs and operates seven computing labs across campus, division of CITES  Successfully uses IT applications to manage risks such as employee supervision  Needs to improve risk management and IT applications for customer service  CITES would benefit from working as company. They should implement ERM as a company and apply it to each division, such as ICS, to minimize risks.  Implementation needs improvement