Enterprise Risk Mgmt.

Key Rules for the ERM Assessment

Response
Avoid Reduce Strategies
Existing/Effective
Measures Transfer Accept
& Controls
Gross
Risk Planned
Net Resp. Measures
Risk Residual
Risk
Risk before any risk Risk taking into account effectiveness Remaining risk after planned
handling measures & of existing controls and measures measures have become effective
controls

The ERM process always considers the Net Risk (after existing and already effective measures &
controls).

The assessment needs to be performed for the reporting unit (Division, Cluster or Cross-Sector).

The impact and likelihood have to be assessed over a period of three FY (current FY plus next two
FYs).

The assessment of the impact has to be performed quantitative or qualitative (whatever is highest).

The assessment should reflect the likelihood that the risk occurs with the previously defined
impact.
Page 2 CF RIC CRD
COSO Cube:

These 8
objectives
help
determine if
your risk
management
process is
effective!

Page 3
 Common US Objectives

Growth  Pursue targeted markets together

People  Develop U.S. leaders for Siemens "We are more

powerful acting
as a whole rather
than a sum of the
Reputation  Get the recognition we deserve parts"

Cost/
 Optimize infrastructure
Service

Page 4
Appendix 2
ERM Categorization Model (1/1)

1. Strategic 2. Operations 3. Financial 4. Compliance

1.1 Corporate Governance 2.1 Product Lifecycle Mgmt 3.1 Treasury and Investment 4.1 Anti-Bribery and Anti-Corruption
1.1.1 Board Performance 2.1.1 Research & Development Management 4.1.1 Anti-Bribery
1.1.2 Tone at the Top & Culture 2.1.2 Sales & Pricing 3.1.1 Interest Rate 4.1.2 Anti-Corruption
1.1.3 Accountability 2.1.3 Product Portfolio 3.1.2 Foreign Currency 4.1.3 Ethics
1.1.4 Leadership 2.2 Costumer Relationship Mgmt 3.1.3 Commodity 4.2 Fraud
1.1.5 Limits of Authority 2.2.1 Marketing Strategy 3.1.4 Derivatives 4.2.1 Fraud by Internal Parties
1.1.6 Performance Incentives 2.2.2 Customer Satisfaction 3.1.5 Hedging 4.2.2 Fraud by External Parties
1.1.7 Change Readiness 2.2.3 Channel Partner Relationships 3.1.6 Cash Management/Cash Flow 4.2.3 Collusion between Internal/
1.2 Risk and Internal Control 2.2.4 Aftermarket Sales 3.1.7 Funding & Capital Availability External Parties
1.2.1 Risk and Opportunity Mgmt 2.2.5 Maintain Brand 3.1.8 Credit & Collections 4.3 Legal and Regulatory
1.2.2 Control Environment (ICS/SOA) 2.3 Project Management 3.1.9 Credit Collateral 4.3.1 Illegal Acts
1.3 Internal Audit 2.3.1 Acquisition 3.1.10 Investment Management 4.3.2 Liability
1.3.1 Internal Audit Organization 2.3.2 Bidding 3.2 Accounting & Financial Reporting 4.3.3 Intellectual Property
1.3.2 Int. Audit Process & Reporting 2.3.3 Negotiation 3.2.1 Accounting Information 4.3.4 Global Counterfeiting
1.4 Corporate Sustainability 2.3.4 Contract Management 3.2.2 Financial Reporting Evaluation 4.3.5 Industry Specific
1.4.1 Corporate Social Responsibility 2.3.5 Execution 3.2.3 Revenue Recognition 4.3.6 Trade
1.4.2 Corp. Environmental Responsibility 2.3.6 Warranty 3.2.4 Closing, Consolidation and Financial 4.3.7 Labor
Reporting 4.3.8 Special Product Requirements
1.5 Strategy, Planning & Resource 2.4 Supply Chain Mgmt
Allocation 3.3 Controlling 4.3.9 Data Protection
2.4.1 Master Planning & Forecast
1.5.1 Strategic Planning 3.3.1 Budgeting & Forecasting 4.3.10 International Dealings
2.4.2 Supplier Selection & Procurement
1.5.2 Organizational Structure 3.3.2 Performance Measurement 4.3.11 Securities
2.4.3 Inventory
1.5.3 Outsourcing 3.4 Tax 4.4 Anti-Trust
2.4.4 Production
1.5.4 Capacity 3.4.1 Tax Authorities 4.4.1 Competitive Practices/Anti-Trust
2.4.5 Quality
1.5.5 JV's / Alliances & Partnerships 3.4.2 Transfer Pricing 4.4.2 Competition Law
2.4.6 Time to Market (Const.)
1.5.6 Special Purpose Entities 3.4.3 Indirect Tax 4.5 Export Control and Customs
2.4.7 Transport & Logistics
1.5.7 Technology Foundation 3.5 Capital Structure 4.5.1 Export Control
2.4.8 Distribution Channels
1.5.8 Performance Gap 3.5.1 Debt 4.5.2 Customs
3.5.2 Equity

Page 5 CF RIC CRD

Appendix 2
ERM Categorization Model (2/2)

1. Strategic 2. Operations 3. Financial 4. Compliance

1.6 Market Dynamics/External Factor 2.5 Real Estate, Property, Plant and 3.5.3 Pension Funds
1.6.1 Macro-Economic Factors Facilities 3.5.4 Share-based Payments
1.6.2 Political Factors 2.5.1 Real Estate 3.6 Guarantees, Pensions, Insurance &
1.6.3 Competitor Behavior 2.5.2 Property Plant & Facilities Letters of Credit
1.6.4 Customer / Lifestyle Trends 2.6 Human Resources 3.6.1 Guarantees
1.6.5 Industry Specific Conditions 2.6.1 Key Personnel 3.6.2 Pension Management
1.6.6 Technology Innovation 2.6.2 Reward & Development 3.6.3 Insurance
1.6.7 Socio-Demographic Factors 2.6.3 Labor Relations 3.6.4 Letters of Credit
1.7 Major Initiatives 2.6.4 Recruiting & Retention
1.7.1 Vision & Direction 2.6.5 Succession Planning
1.7.2 Planning & Execution 2.6.6 HR Management
1.7.3 Measurement & Monitoring 2.7 Environment, Health and Safety
1.7.4 Technology Implementation 2.7.1 Environmental Issues
1.8 Merger, Acquisition & Divesture 2.7.2 Health
1.8.1 Valuation & Pricing 2.7.3 Safety
1.8.2 Due Diligence 2.8 Information Technology
1.8.3 Execution 2.8.1 IT Strategic Planning & Architecture
1.8.4 Business Integration 2.8.2 IT Infrastructure
1.9 Communication & Stakeholder 2.8.3 IT Information Security
Relations 2.8.4 IT Application Standards
1.9.1 Media Relations 2.8.5 IT Sourcing
1.9.2 Investor Relations
1.9.3 Crisis Communication
1.9.4 Internal Communication
1.10 Preventive Crisis Mgmt & Business
Continuity
1.10.1 Crisis Management
1.10.2 Business Continuity
1.11 Quality Management
1.11.1 Quality Standards
1.11.2 Quality Development

Page 6 CF RIC CRD

Top-Down Risk and Opportunity Assessment
Food for Thought…

Page 7 CF RIC CRD

 The most effective approach to identify risks & opportunities
for organizations is to understand and plan for “foreseeable
trends / surprises” that will occur, but not try to anticipate their
timing (Daniel Sharp – Harvard “Why Resilience Now, 2010”) RIC Cluster
Page 8 USA
Question / Discussion
What is a “black swan”?? How do you hunt them
down – find them??
Draw on a heat map and discuss – per Daniel
Spear material

Page 9
 Appendix 1
Risk Impact Scales – Cluster USA
C
Scale 9 8 7 6 5 4 3 2 1
Category* Major Significant Moderate Minor Marginal
No real
Business does not deliver on Business does not deliver on impact on
Business Business does not deliver on Ability to deliver key business
several or all key business more than one key business delivery of
Objectives objectives objective
one key business objective objectives impacted
key business
objectives
Extensive / persistent national
National media coverage and Local media coverage and
media coverage and Limited local media coverage
some international media limited national coverage No media
Media
Perspective ( 3 years)

international media coverage results in damage to the

coverage results in damage to results in damage to the image coverage
results in damage to the image image and brand
the image and brand and brand
and brand
Triggers
Requires investigation by Requires limited investigation
Reported to external authorities limited
Regulatory external authorities / regulatory by external authorities / Triggers internal investigation
/ regulatory bodies and requires internal
Bodies bodies and / or costly legal regulatory bodies and / or legal
internal investigation
and review
investigation
actions action
and review

Extensive (> 20%) senior Significant (10 – 20%) senior Moderate (5 - 10 %) senior Some (< 5 %) senior No senior
Management
management time and management time and management time and attention management time and management
Time attention needed to resolve attention needed to resolve needed to resolve attention needed to resolve intervention

> € 250m €175m - €250m €125m - €175m €100m - €125m € 75m - €100m € 50m - € 75m € 25m - € 50m € 10m - € 25m < € 10m
Financial
pre-tax profit pre-tax profit pre-tax profit pre-tax profit pre-tax profit pre-tax profit pre-tax profit pre-tax profit pre-tax profit

* Depending on the nature of the risk other qualitative perspectives may need to be taken into account.

Page 10 CF RIC CRD

 Appendix 1
Opportunity Impact Scales – Cluster USA

Scale 9 8 7 6 5 4 3 2 1
Category* Major Significant Moderate Minor Marginal
Perspective ( 3 years)

Opportunity
Opportunity supports the Opportunity supports the has no real
Opportunity supports the Opportunity has only a minor
Business achievement / out-performance achievement / out- impact on
achievement / out- performance impact on meeting key
Objectives of several or all key business performance of more than one
of one key business objective business objectives
meeting key
objectives key business objective business
objectives

> € 250m €175m - €250m €125m - €175m €100m - €125m € 75m - €100m € 50m - € 75m € 25m - € 50m € 10m - € 25m < € 10m
Financial
pre-tax profit pre-tax profit pre-tax profit pre-tax profit pre-tax profit pre-tax profit pre-tax profit pre-tax profit pre-tax profit

* Depending on the nature of the opportunity other qualitative perspectives may need to be taken into account.

Page 11 CF RIC CRD

Appendix 1
Risk & Opportunity Likelihood Scales

Category Definition

9 ≥ 90% chance the event will occur

Certain
8 ≥ 80% chance the event will occur

7 ≥ 70% chance the event will occur

Likelihood ( 3 years)

Probable
6 ≥ 60% chance the event will occur

5 ≥ 50% chance the event will occur

Likely
4 ≥ 40% chance the event will occur

3 ≥ 30% chance the event will occur

Possible
2 ≥ 20% chance the event will occur

Unlikely 1 < 20% chance the event will occur

Page 12 CF RIC CRD

DEMO ERM

Page 13
Common Myths - How To Assess and Mitigate ERM Risks

Source: Information
compiled and published by
business advisory firm
Page 14
Corporate Executive Board
Common Myths - How To Assess and Mitigate ERM Risks

Source: Information
compiled and published by
business advisory firm
Page 15
Corporate Executive Board
Common Myths - How To Assess and Mitigate ERM Risks

Source: Information
compiled and published by
business advisory firm
Page 16
Corporate Executive Board
ERM Improvement Areas

Page 17
Source: Information compiled and published by business advisory firm Corporate Executive Board Co.
 Top-down Risk Appetite Approach
in linkage to the Business Objectives

Page 18
Setting, Communicating and Achieving and Business Objectives is an essential part of
any companies Success

•Identify Enterprise Level Business Objectives clearly aligned with

Strategy Planning

•Define / manage long and short-term key initiatives supporting each

business objective

•Define Risk Appetite for each Enterprise Level Objective with Board
Members and Senior Management. Define specific risk tolerances for the
overall company and at all levels in the organization aligned with specific
sub unit objectives

•Provide a single page visual showing clear boundaries for Risk Appetite
applicable for the company for each key business objective (summarized
into no more than 7 company wide objectives) The risk appetite
dashboard should be used whenever possible for all strategic planning
and tactical execution decisions – assuring alignment with objectives and
clear risk based decisions making for the company.

Page 19
Linking Risk Appetite to company’s Strategic Objectives is
essential in creating an effective Risk Appetite Concept
Spider Chart - Risk Appetite linked to Strategic
Objectives

Top-line Growth
5
4
3
2
Operational Excellence Profit
1 Risk Appetite

Reputation Compliance

Defining a risk appetite for each of these strategic objectives provides relevant
information for decisions making around each strategic priority.

Page 20
 Levels of Risk Appetite
“EXAMPLE ONLY”

Tolerance for Uncertainty Choice Trade-Off

Rating Risk Taking Philosophy When faced with multiple How willing is Siemens to
options, how willing is Siemens trade-off this objective
How willing is Siemens to to select an option that puts this against achievement of
accept uncertain outcomes? objective at risk other objectives?

Will choose option with highest

5-Open Will take justified risks Fully anticipated return; accept possibility of failure Willing
Will take strongly justified Will choose to put at risk, but will Willing under certain
4-Flexible risks Expect some manage the impact conditions
Will accept if limited, and heavily
3-Cautions Preference for safe delivery Limited out-weighed by benefits Prefer to avoid

Will accept only if essential, and

2-Minimalist Extremely conservative Low limited possibility/extent of failure With extreme reluctance
Avoidance of risk is a core Will select the lowest risk option,
1-Averse objective Extremely low always Never

Page 21
Examples

Strategic Actual / Desired Risk Appetite

Objective Description Risk Tolerance Risk Appetite Assessment
Achieving top-line profitable
growth in all core business sectors
Siemens will only invest in core Actual Risk Appetite > Desired
is an important strategic objective,
Top-line Growth Siemens reaching the EUR businesses consistent with Risk Appetite (We took too much
where Siemens is willing to
100 mio sales Milestone. identified mega trends (Energy, risk in this area last year and lost
assume risk and the possibility of
Sustainability,…). margin???)
failure

Siemens will only invest in

According to Peter Siemens will only invest in
companies or projects where the
Loescher's announcement is companies or projects with a Actual Risk Appetite < Desired
Profit profit margin is above 12% and
Siemens targeting a profit expected profit margin of 12% or Risk Appetite
the probability of not making or
margin of 12 %. higher
exceeding the 12% margin target

The guidance for compliance

Siemens has Zero tolerance for Siemens has Zero tolerance for Actual Risk Appetite = Desired
Compliance related topics is zero
regulatory compliance violations. regulatory compliance violations Risk Appetite
tolerance.
Siemens will not take any
Siemens will accept only limited
Build our Reputation actions which could result in
risk in investments or programs
worldwide. Brand Siemens corporate, cluster or country Actual Risk Appetite > Desired
Reputation impacting brand and only if limited,
as an innovative ,sustainable level exposure to protracted Risk Appetite
and heavily out-weighed by
company of choice. negative external media
benefits
coverage

Streamline Supply Chain

Opportunities or actions promising
(Indirect materials & Global Siemens will accept no risks that
to exceed the Siemens 2014
Value Sourcing). Implement individually or in aggregate
Operational targeted EUR 6 billion savings will Actual Risk Appetite > Desired
Finance Bundling. Siemens threaten the achievement of the
Excellence be accept if limited, and heavily Risk Appetite
2014, cost reduction and required Siemens 2014 targeted
out-weighed by benefits
saving of EUR 6 billion by EUR 6 billion savings.
2014.

Page 22
 Reasons for the implementation Concept at

1. Risk appetite optimizes business performance by reducing uncertainty in the

achievement of strategic objectives and enabling risk-taking only where value
exists.

2. Risk appetite achieves external stakeholder expectations by limiting

excessive risk taking and triggering communication with key stakeholders
and day-to-day decision makers.

3. Risk appetite allocates risk management resources and drives awareness of

risk in the corporate culture.

4. A well-documented risk appetite provides clarity and norms around the

organization’s risk posture and ensures consistency in risk decisions.

http://www.executiveboard.com/risk-management-blog/four-tips-for-a-healthy-risk-
Page 23
appetite/?utm_source=InsightDaily&utm_medium=email&utm_campaign=risc-06.4.2013
 How to implement a Risk Appetite Concept
Practical and Actionable

• Linkingthe organization’s strategic objectives is the key to create an effective

risk appetite approach

• Starting with a manageable set of common strategic objectives (never more

than 7) providing a clear statement direction for all of Siemens. These strategic
objectives transcend business diversity.

• Gradually build on objectives initial successes

• Continuous improvement and integration of other strategic objectives

• Consideration of Tradeoffs (no isolated view on risks)

• Building consensus (Usage of a consistent metrics)

http://www.executiveboard.com/risk-management-blog/four-tips-for-a-healthy-risk-
appetite/?utm_source=InsightDaily&utm_medium=email&utm_campaign=risc-06.4.2013

Page 24
 Model 1: Westinghouse
Steps and Involvement
Determine In- Select Key
Year Objectives Identify activities Risk Indicators
Establish Three - in support of In-Year
(for the current for Each
Year goals Objectives
fiscal year) Objective

Who is CEO, Strategy, Senior Senior Leadership,

involved? Leadership Strategy, BU Leaders BU Leaders, ERM BU Leaders, ERM

Strategy cascade document

that Business unit level
includes financial goals, strategic deployment Business plans that are
safety goals, plan that supports the informed by Key risk indicators and monitoring
etc. For example: enterprise plan. risk assessment information. plans that support achieving
■ Achieve earnings growth of For example: For example: strategic
X% per year. ■ Plan to grow revenue ■ Create operational plan to goals. For example:
■ Become industry leader in of business in Europe transform (or exit) Europe ■ Electricity demand in Europe
Output safety, etc by Y%. activities. ■ Political climate in Europe

ERM conducts risk ERM partners with business units

workshops to pressure to create KRIs and a monitoring
test operational plans against plan that will help them achieve
ERM's Role risks. operational goals.

Page 25
 Model 1: Westinghouse

https://www.risc.executiveboard.com/Members/Popup/Download.aspx?cid=101213569&utm_campaign=RISC-
ACHOUDHARY-05.28.2013-M-W-NL-PDCT-All-All-All-BL-NL-WNL&utm_medium=email&utm_source=Eloqua&scAuth=true
Page 26
 Model 1: Westinghouse

https://www.risc.executiveboard.com/Members/Popup/Download.aspx?cid=101213569&utm_campaign=RISC-
ACHOUDHARY-05.28.2013-M-W-NL-PDCT-All-All-All-BL-NL-WNL&utm_medium=email&utm_source=Eloqua&scAuth=true

Page 27
 Model 2: Toronto Hydro

https://www.risc.executiveboard.com/Members/ResearchAndTools/Abstract.aspx?cid=101213567&fs=1&q=Toronto+Hydro&program=
&ds=1

Page 28
 Model 2: Toronto Hydro

Page 29
 Model 2: Toronto Hydro

3 different scenarios have already been considered during the planning process

Page 30
 Model 2: Toronto Hydro

Toronto Hydro refers its business success back to the Integration of ERM into the planning process

Page 31
Q&A
Open Session for Discussion / Q&A

Page 32