1 enterprise risk management david whatley march 24, 2006 enterprise risk management david whatley...

17
1 Enterprise Risk Management David Whatley March 24, 2006

Post on 19-Dec-2015

221 views

Category:

Documents


1 download

TRANSCRIPT

Page 1: 1 Enterprise Risk Management David Whatley March 24, 2006 Enterprise Risk Management David Whatley March 24, 2006

1

Enterprise Risk Management David Whatley

March 24, 2006

Enterprise Risk Management David Whatley

March 24, 2006

Page 2: 1 Enterprise Risk Management David Whatley March 24, 2006 Enterprise Risk Management David Whatley March 24, 2006

You can do it. We can help.

2

Enterprise Risk Management by Many Other Names is Still Enterprise Risk

Management

Page 3: 1 Enterprise Risk Management David Whatley March 24, 2006 Enterprise Risk Management David Whatley March 24, 2006

You can do it. We can help.

3

Risk Identification and Evaluation Built Into All Business Processes

Assimilation of Results of Risk Management in Each Business:– Assure Risk Management Process is Executed– Risk Tolerance Levels Are Appropriate and

Uniform– Determine Consolidated Risk of Enterprise– Measure vs. Level Approved by Board of

Directors

Enterprise Risk Management (ERM)

Page 4: 1 Enterprise Risk Management David Whatley March 24, 2006 Enterprise Risk Management David Whatley March 24, 2006

You can do it. We can help.

4

Board of Directors = Overview Process/Sets Risk Level

Chief Executive Officer = Chief Risk Officer Senior Leadership Team = Risk Committee Business Processes Include Risk Assessments

and Consideration of Risk in Decisions or are Risk Based

Enterprise Risk Management Structure

Page 5: 1 Enterprise Risk Management David Whatley March 24, 2006 Enterprise Risk Management David Whatley March 24, 2006

You can do it. We can help.

5

Enterprise Risk Management

The ERM Components

• Influences how strategies and goals are set, how activities are structured and how risks are identified, assessed and acted upon

• Creates a process for setting objectives, ensuring that those objectives are aligned with strategic goals and that those goals are consistent with risk appetite

• Considers internal and external factors that might affect strategy and achievement of business objectives

• Focuses on the likelihood and impact of potential events and their effects on objectives

• Evaluates risks for possible responses and their effects

• Ensures that risk responses are carried out efficiently via policies and procedures

• Involves the exchange of relevant data with internal and external parties so that they may identify, assess and respond appropriately to risk

• Ensures that the components of ERM are applied at all levels

Internal Environment

Objective Setting

Event Identification

Risk Assessment

Risk Response

Control Activities

Information and Communication

Monitoring

Page 6: 1 Enterprise Risk Management David Whatley March 24, 2006 Enterprise Risk Management David Whatley March 24, 2006

You can do it. We can help.

6

Activity DeliverableERM Components THD Activities

ERM at The Home Depot (not all inclusive)

ERM Components

• Internal Environment • Tone at the Top• Sarbanes-Oxley/404

• Corporate Governance• Entity Level Assessment

• Objective Setting • Strategic Vision• Strategic Initiatives

• Board of Directors (BOD)• SOAR

• Risk Response • Strategic Initiatives• Internal Audit Plan• Insurance Levels

• SOAR• Internal Audit• Liability Risk Analysis

• Event Identification • Liability Risk Analysis• SOAR

• Insurance Levels• Strategic Initiatives

• Risk Assessment • SOAR• Internal Audit

• Strategic Initiatives• Internal Audit Plan

• Attestation of Fin. Reporting effectiveness• SOP’s• Standard Reconciliation Process

• Control Activities • Sarbanes-Oxley/404• Corporate Compliance

• Information & Communication • Strategic Initiative Issue Resolution• Management Report Outs

• Quarterly Executive Council (QEC)• Weekly President’s Call

• Monitoring • SOAR• Quarterly Executive Council

• Strategic Initiatives• Strategic Initiative Issue Resolution

Page 7: 1 Enterprise Risk Management David Whatley March 24, 2006 Enterprise Risk Management David Whatley March 24, 2006

You can do it. We can help.

7

The Home Depot’s Risk Areas

• EVP – Merchandising/Marketing

• EVP – Merchandising/Marketing

THD Risk Area Oversight

Asset Management

Customer Service

Legal

Finance/Accounting

Human Resources

External Factors

Brand and Image

Information Technology

Supply Chain

Growth

Merchandising

REEC

BOD, QEC

Supply Chain Council

IT Advisory Council

Growth Steering Comm.

Branding Committee

Audit Committee

Innovative Council

Leadership Development Compensation Committee

Compliance Council

Store Manager Council

/

/

/

/

/

/

/

/

/

/

/

/

• EVP – Bus. Development/Corp. Operations

• CEO

• EVP – IT/CIO

• EVP – Bus. Development/Corp. Operations

• EVP - CFO

• EVP – Merchandising/Marketing

• EVP - HR

• EVP – Secretary/General Counsel

• EVP – HD Stores

Business Leader

Page 8: 1 Enterprise Risk Management David Whatley March 24, 2006 Enterprise Risk Management David Whatley March 24, 2006

You can do it. We can help.

8

The Home Depot Compliance Program is based upon the three-fold approach of: (1) prevent, (2) detect and (3) respond to potential issues. Taken together, these three components form a closed-loop cycle that reinforces compliant conduct throughout the Company.

Home Depot Compliance Program

Page 9: 1 Enterprise Risk Management David Whatley March 24, 2006 Enterprise Risk Management David Whatley March 24, 2006

You can do it. We can help.

9

• A Compliance Policy is maintained for each identified risk area of the Company’s business.

• Compliance Processes are developed under each Compliance Policy that establish mechanisms for Company conduct.

• Training educates and informs targeted associates about the Company’s Compliance Policies & related SOPs.

• Standard Operating Procedures (SOPs)

Compliance Structure

Page 10: 1 Enterprise Risk Management David Whatley March 24, 2006 Enterprise Risk Management David Whatley March 24, 2006

You can do it. We can help.

10

• Quarterly Reviews: Select policies or functional areas are reviewed quarterly

• Annual Compliance Reviews: Week-long enterprise-wide policy and functional area review with all Divisions, Subsidiaries and International Businesses

Compliance Reviews

Page 11: 1 Enterprise Risk Management David Whatley March 24, 2006 Enterprise Risk Management David Whatley March 24, 2006

You can do it. We can help.

11

Compliance Review Components

Risk Factor AssessmentLaws Update

Other Updates

• Government Investigations

• Training Proposals

• Budget/Resource Allocations

Incident Update

• Progress Monitoring Dashboard

• Use of Traffic Lights

• Major incidents and the divisions in which they occur are reported, along with the investigation details and resolutions

Page 12: 1 Enterprise Risk Management David Whatley March 24, 2006 Enterprise Risk Management David Whatley March 24, 2006

You can do it. We can help.

12

2005 COMPLIANCE PLAN Home Depot U.S.A., Inc. : Safety

Risk Management – 3rd Quarter

METRIC RISK LEVEL

BENCH MARK

Q1 Q2 Q3 Q4 YTD TRAFFIC LIGHT

RISK

# of Incidents Low 0 0 0 0 0 G Sample Risk 1

# of Violations Low 0 0 0 0 0 G Sample Risk 2

Risk-Based Compliance Monitoring

Risk Management: Traffic Lights provide an efficient way of quickly determining the Company’s individual risk status.

S A M

P L

E

Page 13: 1 Enterprise Risk Management David Whatley March 24, 2006 Enterprise Risk Management David Whatley March 24, 2006

You can do it. We can help.

13

2005 COMPLIANCE PLAN Home Depot U.S.A., Inc. : Benefits Process Improvements – 3rd Quarter

PROCESS IMPROVEMENT ACTION STEP COMPLETION DATE

STATUS TRAFFIC LIGHT

Process Improvement #1

G

Process Improvement #2

G

Process Improvements: Any processes and/or

procedures being developed and implemented to improve current operations and mitigate risks.

Compliance Monitoring

S A M

P L

E

Page 14: 1 Enterprise Risk Management David Whatley March 24, 2006 Enterprise Risk Management David Whatley March 24, 2006

You can do it. We can help.

14

Align SOAR with Strategic VisionAlign SOAR with Strategic Vision

SOAR Based on Strategy

Voice of CustomerConversion

Store Productivity

New LocationsNew Service Categories

New Channels

New BusinessesNew Platforms

New Geographies

Customer Satisfaction

Differentiated and

Innovative Merchandise

at Great Value

Store Readiness

Information Technology

Leadership Development

New Stores

New Formats

Home Depot Services

Home Depot Direct

Home Depot Supply

– MRO*

– Builder

– Professional Supply

Canada

Mexico

China

Enhance Core Extend Business Expand Market

*MRO – Maintenance, Repair and Operations

Page 15: 1 Enterprise Risk Management David Whatley March 24, 2006 Enterprise Risk Management David Whatley March 24, 2006

You can do it. We can help.

15

Strategic Planning Entities

#21

#22

#23

#24 & #59

#25#26

#27E#27L

#28

#29

#30

Store Formats

• AHS

• HD Supply/ ITB PRO / Tool Rental

• Canada

• Direct /eBusiness

• Operations / Stores(Supply Chain)

• IT

• Credit

DEPARTMENTS OTHER BUSINESSES

SOAR 2005

• Marketing / Store Merchandising

• Human Resources

• Legal

• Finance

• Real Estate / Construction

• Merchandising / Divisions(late November to lock plan)

FUNCTIONS / OPERATING PLANS

7 days in August7 days in AugustFunctional Reviews on an exception basis Operating Review 2 days in December

Functional Reviews on an exception basis Operating Review 2 days in December

Page 16: 1 Enterprise Risk Management David Whatley March 24, 2006 Enterprise Risk Management David Whatley March 24, 2006

You can do it. We can help.

16

Proposed SOAR Calendar

ProcessProcess

Key Key Meetings Meetings & Events& Events

Operating PlanOperating Plan

Executive Team

SOAR Activity

March October November DecemberAugust SeptemberApril May June JulyFebruary

Strategic PlanningStrategic Planning

Off-site to finalize plans

Set strategicguidance/

Metrics

ELT Game Changers

SOAR current year Initiative update

ProgressReview

ProgressReview

SOAR IStrategy

Reviews

SOAR IDecisions

SOAR IIOperating

Reviews

DivisionalReviews

’06 Planlocked

SOAR IKick-off

Space PlanningPrework

Targets & guidance set for teams

Final PlansDue

Inter-departmental

reviews

Teams designated

SOAR IIKick-off

Merchandising & Divisional working

sessions

Capital & G&A Decisions

Strategic Planning

Page 17: 1 Enterprise Risk Management David Whatley March 24, 2006 Enterprise Risk Management David Whatley March 24, 2006

17

Q & A

David Whatley

404-217-5720

[email protected]

Q & A

David Whatley

404-217-5720

[email protected]