1. GRC, BCP, ERM, Policy- COOPetition vs
GRC, BCP, ERM, Policy- COOPetition vs. COMPetition: Leveraging for Efficiency, Governing for Success
Michele L. Turner, MBCP, FBCI, ITIL, CISA, CRISC, GRCP
Microsoft- TwC Governance (Unified Incident Response)

2. Agenda Microsoft Corporate Background
6/3/2019
Agenda
Microsoft
Corporate Background
Trustworthy Computing (TwC) Background
TwC Governance Organization
Level Setting: Definitions
Risk, Policy and Compliance Management, GRC, BCP, Governance
Spotlight on Organizations
COOPetition vs. COMPetition
Partnership Potential Challenges and Aides
Key Takeaways 2
© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

3. Ice Breaker

4. Ice Breaker Setting the Stage: Everyone has the same size paper.
No questions can be asked.
All need to follow the verbal instructions to the letter, WITH EYES CLOSED.
Instructions:
Fold the paper in half.
Rip off a corner.
Fold in half again.
Rip off another corner.
Fold again.
Key Point: One-way communication, in a team environment, may not be effective. Two-way discussion, with collaboration and engagement has a better chance of giving the needed results . 3 4

5. Microsoft 3

6. Corporate headquarters – Redmond, WA (USA)
Microsoft Mission:
“to create a family of devices and services for individuals and businesses that empower people around the globe at home, at work and on the go, for the activities they value most”.
Founded in 1975
Corporate headquarters – Redmond, WA (USA)
Over 100 subsidiaries worldwide
Over 91,000 employees worldwide
Core businesses with diverse and distinct focuses
Governance Statement
“Long-term thinking guides everything we do to sustain Microsoft's success and create value for shareholders, now and for future. Good corporate governance encourages accountability and transparency, and promotes good decision-making to support our business over decades”.
Challenges
Geography, culture
Business priorities
Implementation of enterprise programs 4 6

7. Trustworthy Computing (TwC) Background
2002- Malicious Software
2002- Memo from Bill Gates : 7 7

8. Online Trust and Safety Policy and Compliance Management
TwC Governance Organization
Privacy
Accessibility
Global Readiness
Online Trust and Safety
Policy and Compliance Management
Risk Management
Unified Incident Response 8 8

9. Level Setting: Definitions

10. Risk Management (ISACA)
6/3/2019
Risk Management (ISACA)
Policy Management (OCEG)
Compliance Management (OCEG)
Governance (ISACA)
GRC (DRII)
BCP (DRII)
DEFINITIONS
© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

11. Industry: Information Systems Audit and Control Association (ISACA)
Resource Management:
Right Skills in the Right place at the Right time
Value Delivery
Business Performance Measurement
Risk Management
Strategic Alignment
Resource Management
Value delivery:
Delivering expected and agreed upon benefits
Decisioning
And
Accountability
Performance Measurement:
Setting measurable targets
and progress statements
Risk management: Framework to identify, monitor and manage risk
Strategic alignment:
Aligning strategy to the business for success
The decision rights and accountability framework for encouraging desirable behavior in the use of IT. 11

12. Industry: Open Compliance and Ethics Group (OCEG)- GRC12
What Drives the Need: Culture, Competition and/or Competitive Advantage, etc…

13. MS Example: TwC Governance- Policy Management
6/3/2019
MS Example: TwC Governance- Policy Management
Including Risk, Policy and Compliance
© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

14. COOPetition vs. COMPetition

15. FIND THE COMMON THREAD(S)!!!!
6/3/2019
Security
Connectivity
COMMUNICATION
Hardware
Software
Depending on the audience focus, everyone will focus on a different aspect.
FIND THE COMMON THREAD(S)!!!!
© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

16. Potential Partnership Challenges Potential Partnership Aides
6/3/2019
Potential Partnership Challenges
Potential Partnership Aides
Reference Points
“Blood, Sweat and Tears”- Acknowledgement of those that have come before
Risk Assessments
Gap Analysis (process)
Critical Function Analysis
Threat Analysis
Open and Honest Communication
Working at the Speed of Trust
“We Don’t Have Time”- Clarity on engagement. Clarity on the Ask.
RACI
Communications and schedule plan
Agreed to Taxonomy
The Fastest Cars Have the Best Brakes
“My vendor takes care of that”- Shifting accountability
Vendor contracts
Business Continuity Plans and Reciprocal Agreements
Companies Receive an 'F' When it Comes to Business-Continuity Plans for Overseas Risks
Japan One Year Later: The Long View on Tech Supply Chains
“No Budget for Extra”- What would it cost if not done?
What existing materials can be leveraged? The goal is not to focus on re-work.
Lessons Learned from previous interruptions
What are the dependencies?
Q&A: Tom Oreck on Recovering from Katrina
Any “Wins” to be realized in differentiating your org from another?
“Beating Around the Bush”- What Is Really Needed?
Internal training (emotional intelligence)
Candor, Criticism, Team Work- Harvard Business Review
© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

17. Review and Acknowledge previous work Be Clear on Expectations
Key Takeaways
Review and Acknowledge previous work
Be Clear on Expectations
Integrate messages to include both threats AND opportunities
Don’t talk AT people, collaborate for clarity and partnership

18. Thank you. michelet@microsoft
Thank you! Office: 425/ Cell: 425/

19. 6/3/2019
© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
© 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.