keith cureton vp global compliance & ethics | erm · internal audit ups audit committee risk...
TRANSCRIPT
Enterprise Risk Management 2016Confidential, unpublished property of UPS. Do not distribute - limited solely to authorized personnel.
Conversations
AFERM SummitNovember 8, 2016
Keith CuretonVP Global Compliance & Ethics | ERM
Enterprise Risk Management 2016Confidential, unpublished property of UPS. Do not distribute - limited solely to authorized personnel.
Why A Conversation
2
Enterprise Risk Management 2016Confidential, unpublished property of UPS. Do not distribute - limited solely to authorized personnel.
“Enterprise Risk Management is a process, effected by an
entity’s board of directors, management and other
personnel, applied in a strategy setting and across the
enterprise. It is designed to identify potential events that
may affect the entity, and manage risk to be within its risk
appetite, to provide reasonable assurance regarding the
achievement of entity objectives.”
and talk about them!
COSO Defines ERM as:
3
Enterprise Risk Management 2016Confidential, unpublished property of UPS. Do not distribute - limited solely to authorized personnel.
UPS Around The World
4
Enterprise Risk Management 2016Confidential, unpublished property of UPS. Do not distribute - limited solely to authorized personnel.
ERMCompliance & Ethics
Internal Audit
UPS Audit Committee
RiskCommittee
Board Of Directors
Organizational ChartAssurance Structure
Enterprise Risk Governance Committee
Management Committee
Enterprise Risk Council
i
5
Enterprise Risk Management 2016Confidential, unpublished property of UPS. Do not distribute - limited solely to authorized personnel.
• VP Domestic Operations • VP Engineering • VP Finance & Accounting • VP Human Resources • VP Information Technology • VP International Operations• VP Legal & Public Affairs • Director Program Management Group • VP Public Relations • VP Risk Management • VP Sales / Marketing • VP Security • VP Strategy
Co-Chaired by: Chief Legal OfficerChief Audit Officer
Enterprise Risk Council
6
Enterprise Risk Council
(ERC)
Enterprise Risk Management 2016Confidential, unpublished property of UPS. Do not distribute - limited solely to authorized personnel.
We Establish Risk Management Programs.We use appropriate processes to identify, manage, and mitigate the inherent risks that affect our business.
Through our centralized Risk Management Department, we maintain the expertise needed to analyze and insure exposures of risk to our company’s financial position, reputation, and ability to operate.
Additionally, we use enterprise risk management and business continuity programs to safeguard our company against significant risks we cannot completely insure.
Policy Book
7
Enterprise Risk Management 2016Confidential, unpublished property of UPS. Do not distribute - limited solely to authorized personnel.
Governance Of Our Company
The board reviews periodic assessments from the Company’s ongoing enterprise risk management process that are designed to identify potential events that may affect the achievement of the Company’s objectives.
Board’s Role in Risk Oversight
UPS PROXY STATEMENT
erssi
Our board is responsible for overseeing our risk management.
8
Enterprise Risk Management 2016Confidential, unpublished property of UPS. Do not distribute - limited solely to authorized personnel.
• Having the right conversation?
The Key to Success?
9
Enterprise Risk Management 2016Confidential, unpublished property of UPS. Do not distribute - limited solely to authorized personnel.
10
What to do with an 800 Pound Gorilla?
10
Enterprise Risk Management 2016Confidential, unpublished property of UPS. Do not distribute - limited solely to authorized personnel.
Frederick the Great 1712 -1786
“It is pardonable to be
defeated, but never to be
surprised.”
Risk Mantra
11
Enterprise Risk Management 2016Confidential, unpublished property of UPS. Do not distribute - limited solely to authorized personnel.
• The problem is with what we know!
Old Truth
New Truth
ThinkOur Greatest Challenge
12
Enterprise Risk Management 2016Confidential, unpublished property of UPS. Do not distribute - limited solely to authorized personnel.
anagement 2016
5
6
4
2
3
1
Conversation
Context
Measurement
Solution
Awareness
Follow -up
InformationA Good Conversation
13
Enterprise Risk Management 2016Confidential, unpublished property of UPS. Do not distribute - limited solely to authorized personnel.
anagement 2016
5
6
4
2
3
Context
Measurement
Solution
Awareness
Follow -up
• Specific• Measurable• Aligned• Realistic• Timely
Information
Business EnvironmentOrganizational Strategy
ERM
Understand Objectives
ERM Framework Summary
14
Enterprise Risk Management 2016Confidential, unpublished property of UPS. Do not distribute - limited solely to authorized personnel.
Risk Targets Correlated to Controls & Authorities at the Functional & Process Levels
Risk LimitsThresholds to ensure that variation from expected outcomes will be consistent with the risk target, but will not exceed the risk appetite/tolerance – defines process level controls and management authorities and should reflect risk limits
Risk TargetThe optimal level of risk that the organization desires to take to achieve specific business objectives and operate within its appetite/tolerance for risk – defines the balance between risk and reward - risk target is based on the management’s desired returns, the role of risk to achieve those returns and capability to manage the risk/reward profile
Risk AppetiteThe broad-based aggregate amount of risk a company is willing to accept in pursuit of its mission, vision, business objectives and strategic goals - directly related to an entity’s risk capacity as well as its culture, desired level of risk, risk management capability and business strategy
Risk ToleranceThe specific maximum applicable to each category of risk regarding the magnitude of risks that the organization is willing to take to achieve its strategy and objectives - set such that the aggregation of risk tolerances ensures the organization operates within the risk appetite
Risk CapacityThe broad based amount of risk a company is able to accept in pursuit of its mission, vision, business objectives and overall strategic goals - directly related to an entity’s capital, liquidity and external stakeholder influence
C t l & A th iti t th Ft F ti l & PF L lt C l t d ttRi k T
Adapted from - Institute of Actuaries of Australia Risk Appetite
Capital
Strategic GoalsAggregate Risk Level
Strategic ComplianceOperations Financial
Risk Appetite Correlated to Risk Categories
Risk/Reward BalanceRisk Tolerance Correlated to Business Plans and Metrics
Security
CorporateGov ernance Strategy Responsibility/
Sustainability InformationTechnology
Operations, Engineering
Legal & Public Affairs
Sales & Marketing
Finance & Accounting
Ethics & Compliance OtherHuman
Resources
Defining Risk Appetite & Tolerance
15
Enterprise Risk Management 2016Confidential, unpublished property of UPS. Do not distribute - limited solely to authorized personnel.
anagement 2016
5
6
43
Measurement
Solution
Awareness
Follow -up
• Specific• Measurable• Aligned• Realistic• Timely
Information
Business EnvironmentOrganizational Strategy
ERM
Understand Objectives
• Strategic • Operational • Reporting• Compliance
Context
ves
Identify & Categorize
ERM Framework Summary
16
Enterprise Risk Management 2016Confidential, unpublished property of UPS. Do not distribute - limited solely to authorized personnel.
Enterprise Risk - Management
Enterprise - Risk Management
Which Is it?
17
Enterprise Risk Management 2016Confidential, unpublished property of UPS. Do not distribute - limited solely to authorized personnel.
District Risk PortfolioRisks that may pose a significant impact at the District or Country level
Regional Risk PortfolioRisks that may pose a significant impact at the Region / Business Unit level
RISK RISK Risk Risk RISK RISK Risk RISK
Risk Risk RISK RISK Risk Risk
RISK Risk Risk Risk
RISK Risk Risk Risk
Risk Risk Risk
Risk Risk Risk
Risk RISK Risk Risk
Risk Risk
Risk Risk
RiskEnterprise Risk PortfolioRisks that are material to the Enterprise and monitored at the Corporate level
Risk
RRisk
k
k
Risk
RISK
RISK
RISK Risk
R
Risk Risk
RISK RISK
RISK RISK
Mitigation
Risk: Management Retention
Mitigation
Risk: Terrorism
Enterprise Risk Council
Risk & Compliance Committees
Examples:
Risk Response
Risk Governance
18
Illustrative
Enterprise Risk Management 2016Confidential, unpublished property of UPS. Do not distribute - limited solely to authorized personnel.
Terrorism
UPS Enterprise Risk and Control Framework
Ethics & Compliance
VP
Compliance
C-Suite
VP
Sales & Marketing
C-Suite
Operations/Infrastructure
VP
Legal & Public Affairs
C-Suite
VP
InformationTechnology
C-Suite
VP
Human Resources
C-Suite
Operations
C-Suite
Strategic
VP
C-Suite
CorporateGovernance
VP
C-Suite
VP
C-Suite
VP
Strategy
C-Suite
VP
Finance & Accounting
Reporting
C-Suite
UPS RiskCategories
COSO Framework
MCSponsor
ERCSponsor
Communications / Brand Management
Compliance Monitoring &
Reporting
Ethical Culture “Tone at the
Top”
Compliance Structure &
Oversight
Regulatory Compliance
Compliance Policies &
Procedures
Compliance Communication
& Training
Addressing Allegations
Compliance Program
Assessment
Records & Information
Management
Risk Sub-categories
Occupational Health & Safety
HR ResourcePolicies &
Procedures
Talent Pipeline/Recruitment
Performance &Compensation
Health & Welfare Benefits
Retirement & Pension
Programs
Training and Development
Company Culture
Retention / Succession
Diversity
Architecture
Global Business Services
I.T. RecordsManagement
Technology Licensing
I.T. Asset Management
I.T. Business Continuity
Management
I.T. ChangeManagement
I.T. Contracting & Outsourcing
Privacy and DataProtection
I.T. Operations
I.T. Physical & Environmental
Security
I.T. ProblemManagement
I.T. Project Management
Competition / Antitrust
Contract Management
GovernmentInvestigations
Intellectual Property (IP)
Labor &Employment
Issues
Laws and Regulations
Litigation & Dispute
Resolution
Privacy and Security Laws
Union Labor/ Workforce Issues
Facilities andEquipment Market Research
Customers
Competition
Marketing Strategy
MarketingPrograms
Revenue Management /
Pricing
Product Development
E-Commerce/Internet Strategy
Sales Strategy
Customer Relations/ Customer Support
Customer Technology
EnvironmentalConcerns
Energy Management
Operational Security
Operational Planning
OperationsManagement
Asset Utilization
Operational Reporting
OperationsPerformance Management
Distribution &Warehousing
Social Media
Communication(Employee/ Customer)
Branding &Reputation
Advertisements & Sponsorships
Philanthropy
Sustainability Programs
SocialConcerns
Public Relations
Branding &Reputation
Board Effectiveness
Risk Oversight & Management
Audit Quality
External Fraud
Business Continuity(Crisis Mgt.)
EconomicConditions
GeopoliticalConcerns
Technology Strategy
Vision, Mission,and Values
IndustryTrends
Organization Structure
Third Party/Joint Venture
Strategy Communication
GrowthStrategy
BusinessConcentration
Mergers/Acquisitions/Divestitures
Scenario Planning
Business Model
Customer Credit Policy
Credit Rating
Financial AssetInvestment
Commodity Price Impact
Compliance w/Accounting
Standards
Financial Statement Fraud
Accounting Processes
Business Information &
Analysis
CapitalManagement
Planning/Budgeting/Forecasting
Taxation
Procurement
Insurance and Hedging
Investor Relations
Aviation SecurityAcquisition Integration
Public Affairs
GovernmentUncertainty
VP
Fleet Management (Ground / Air)
Security / Sustainability
Board Structure& Senior Leadership
Illustrative
Confidential, unpublished property of UPS. Do not distribute - limited solely to authorized personnel.
Enterprise Risk Management 2016Confidential, unpublished property of UPS. Do not distribute - limited solely to authorized personnel.
Terrorism
UPS Enterprise Risk and Control Framework
Ethics & Compliance
VP
Compliance
C-Suite
VP
Sales & Marketing
C-Suite
Operations/Infrastructure
VP
Legal & Public Affairs
C-Suite
VP
InformationTechnology
C-Suite
VP
Human Resources
C-Suite
Operations
C-Suite
Strategic
VP
C-Suite
CorporateGovernance
VP
C-Suite
VP
C-Suite
VP
Strategy
C-Suite
VP
Finance & Accounting
Reporting
C-Suite
UPS RiskCategories
COSO Framework
MCSponsor
ERCSponsor
Communications / Brand Management
Compliance Monitoring &
Reporting
Ethical Culture “Tone at the
Top”
Compliance Structure &
Oversight
Regulatory Compliance
Compliance Policies &
Procedures
Compliance Communication
& Training
Addressing Allegations
Compliance Program
Assessment
Records & Information
Management
Risk Sub-categories
Occupational Health & Safety
HR ResourcePolicies &
Procedures
Talent Pipeline/Recruitment
Performance &Compensation
Health & Welfare Benefits
Retirement & Pension
Programs
Training and Development
Company Culture
Retention / Succession
Diversity
Architecture
Global Business Services
I.T. RecordsManagement
Technology Licensing
I.T. Asset Management
I.T. Business Continuity
Management
I.T. ChangeManagement
I.T. Contracting & Outsourcing
Privacy and DataProtection
I.T. Operations
I.T. Physical & Environmental
Security
I.T. ProblemManagement
I.T. Project Management
Competition / Antitrust
Contract Management
GovernmentInvestigations
Intellectual Property (IP)
Labor &Employment
Issues
Laws and Regulations
Litigation & Dispute
Resolution
Privacy and Security Laws
Union Labor/ Workforce Issues
Facilities andEquipment Market Research
Customers
Competition
Marketing Strategy
MarketingPrograms
Revenue Management /
Pricing
Product Development
E-Commerce/Internet Strategy
Sales Strategy
Customer Relations/ Customer Support
Customer Technology
EnvironmentalConcerns
Energy Management
Operational Security
Operational Planning
OperationsManagement
Asset Utilization
Operational Reporting
OperationsPerformance Management
Distribution &Warehousing
Social Media
Communication(Employee/ Customer)
Branding &Reputation
Advertisements & Sponsorships
Philanthropy
Sustainability Programs
SocialConcerns
Public Relations
Branding &Reputation
Board Effectiveness
Risk Oversight & Management
Audit Quality
External Fraud
Business Continuity(Crisis Mgt.)
EconomicConditions
GeopoliticalConcerns
Technology Strategy
Vision, Mission,and Values
IndustryTrends
Organization Structure
Third Party/Joint Venture
Strategy Communication
GrowthStrategy
BusinessConcentration
Mergers/Acquisitions/Divestitures
Scenario Planning
Business Model
Customer Credit Policy
Credit Rating
Financial AssetInvestment
Commodity Price Impact
Compliance w/Accounting
Standards
Financial Statement Fraud
Accounting Processes
Business Information &
Analysis
CapitalManagement
Planning/Budgeting/Forecasting
Taxation
Procurement
Insurance and Hedging
Investor Relations
Aviation SecurityAcquisition Integration
Public Affairs
GovernmentUncertainty
VP
Fleet Management (Ground / Air)
Security / Sustainability
Board Structure& Senior Leadership
CM
Et“
CS
C
C
CCo
C
A
M
erationsrformance
anagement
Top 5 Input Areas - 2015
1. Domestic legislation 2. 3.
4.
5.
et R
stom
arketrat
arkeogr
eveagePrici
rodelop
ommet S
s St
er Rmer
ustochno
sion,ues
C
C
S
Top 5 Input Areas - 2016
1.
2.
3.
4.
5.
Illustrative
Confidential, unpublished property of UPS. Do not distribute - limited solely to authorized personnel.
Enterprise Risk Management 2016Confidential, unpublished property of UPS. Do not distribute - limited solely to authorized personnel.
Terrorism
UPS Enterprise Risk and Control Framework
Ethics & Compliance
VP
Compliance
C-Suite
VP
Sales & Marketing
C-Suite
Operations/Infrastructure
VP
C-Suite
VP
InformationTechnology
C-Suite
VP
Human Resources
C-Suite
Operations
C-Suite
Strategic
VP
C-Suite
CorporateGovernance
VP
C-Suite
VP
C-Suite
VP
Strategy
C-Suite
VP
Finance & Accounting
Reporting
C-Suite
UPS RiskCategories
COSO Framework
MCSponsor
ERCSponsor
Communications / Brand Management
Compliance Monitoring &
Reporting
Ethical Culture “Tone at the
Top”
Compliance Structure &
Oversight
Regulatory Compliance
Compliance Policies &
Procedures
Compliance Communication
& Training
Addressing Allegations
Compliance Program
Assessment
Records & Information
Management
Risk Sub-categories
Occupational Health & Safety
HR ResourcePolicies &
Procedures
Talent Pipeline/Recruitment
Performance &Compensation
Health & Welfare Benefits
Retirement & Pension
Programs
Training and Development
Company Culture
Retention / Succession
Diversity
Architecture
Global Business Services
I.T. RecordsManagement
Technology Licensing
I.T. Asset Management
I.T. Business Continuity
Management
I.T. ChangeManagement
I.T. Contracting & Outsourcing
Privacy and DataProtection
I.T. Operations
I.T. Physical & Environmental
Security
I.T. ProblemManagement
I.T. Project Management
Competition / Antitrust
Contract Management
GovernmentInvestigations
Intellectual Property (IP)
Labor &Employment
Issues
Litigation & Dispute
Resolution
Privacy and Security Laws
Union Labor/ Workforce Issues
Facilities andEquipment Market Research
Customers
Competition
Marketing Strategy
MarketingPrograms
Revenue Management /
Pricing
Product Development
E-Commerce/Internet Strategy
Sales Strategy
Customer Relations/ Customer Support
Customer Technology
EnvironmentalConcerns
Energy Management
Operational Security
Operational Planning
OperationsManagement
Asset Utilization
Operational Reporting
OperationsPerformance Management
Distribution &Warehousing
Social Media
Communication(Employee/ Customer)
Branding &Reputation
Advertisements & Sponsorships
Philanthropy
Sustainability Programs
SocialConcerns
Public Relations
Branding &Reputation
Board Effectiveness
Risk Oversight & Management
Audit Quality
External Fraud
Business Continuity(Crisis Mgt.)
EconomicConditions
GeopoliticalConcerns
Technology Strategy
Vision, Mission,and Values
IndustryTrends
Organization Structure
Third Party/Joint Venture
Strategy Communication
GrowthStrategy
BusinessConcentration
Mergers/Acquisitions/Divestitures
Scenario Planning
Business Model
Customer Credit Policy
Credit Rating
Financial AssetInvestment
Commodity Price Impact
Compliance w/Accounting
Standards
Financial Statement Fraud
Accounting Processes
Business Information &
Analysis
CapitalManagement
Planning/Budgeting/Forecasting
Taxation
Procurement
Insurance and Hedging
Investor Relations
Aviation SecurityAcquisition Integration
Public Affairs
GovernmentUncertainty
VP
Fleet Management (Ground / Air)
Security / Sustainability
Board Structure& Senior Leadership
Terrorism
UPS Enterprise Risk and Control Framework
Ethics & Compliance
VP
Compliance
C-Suite
VP
Sales & Marketing
C-Suite
Operations/Infrastructure
VP
C-Suite
VP
InformationTechnology
C-Suite
VP
Human Resources
C-Suite
Operations
C-Suite
Strategic
VP
C-Suite
CorporateGovernance
VP
C-Suite
VP
C-Suite
VP
Strategy
C-Suite
VP
Finance & Accounting
Reporting
C-Suite
UPS RiskCategories
COSOFramework
MCSponsor
ERCSponsor
Communications / Brand Management Brand ManagementBrand Management
ComplianceMonitoring &
Reporting
Ethical Culture“Tone at the
Top”
ComplianceStructure &
Oversight
RegulatoryCompliance
CompliancePolicies &
Procedures
ComplianceCommunication
& Training
Addressing Allegations
ComplianceProgram
Assessment
Records & Information
Management
Risk Sub-categories
Occupational Health & Safety
HR ResourcePolicies &
Procedures
Talent Pipeline/Recruitment
Performance &Compensation
Health & Welfare Benefits
Retirement & Pension
Programs
Training andDevelopment
Company Culture
Retention / Succession
Diversity
Architecture
Global BusinessServices
I.T. RecordsManagement
Technology Licensing
I.T. AssetManagement
I.T. Business Continuity
Management
I.T. ChangeManagement
I.T. Contracting & Outsourcing
Privacy and DataProtection
I.T. Operations
I.T. Physical & Environmental
Security
I.T. ProblemManagement
I.T. ProjectManagement
Competition / Antitrust
ContractManagement
GovernmentInvestigations
IntellectualProperty (IP)
Labor &Employment
Issues
Litigation & Dispute
Resolution
Privacy and Security Laws
Union Labor/ Workforce Issues
Facilities andEquipment Market Research
Customers
Competition
Marketing Strategy
MarketingPrograms
Revenue Management /
Pricing
ProductDevelopment
E-Commerce/Internet Strategy
Sales Strategy
Customer Relations/ Customer Support
CustomerTechnology
EnvironmentalConcerns
Energy Management
OperationalSecurity
OperationalPlanning
OperationsManagement
Asset Utilization
OperationalReporting
OperationsPerformanceManagement
Distribution &Warehousing
Social Media
Communication(Employee/eCustomer)
Advertisements & Sponsorships
Philanthropy
SustainabilityPrograms
SocialConcerns
Public Relations
Branding &Reputation
BoardEffectiveness
Risk Oversight & Management
Audit Quality
External Fraud
BusinessContinuity(Crisis Mgt.)
EconomicConditions
GeopoliticalConcerns
Technology Strategy
Vision, Mission,and Values
IndustryTrends
Organization Structure
Third Party/Joint Venture
Strategy Communication
GrowthStrategy
BusinessConcentration
Mergers/Acquisitions/Divestitures
Scenario Planning
Business Model
Customer Credit Policy
Credit Rating
Financial AssetInvestment
Commodity Price Impact
Compliancew/Accounting
Standards
FinancialStatement Fraud
Accounting Processes
BusinessInformation &
Analysis
CapitalManagement
Planning/Budgeting/Forecasting
Taxation
Procurement
Insurance and Hedging
Investor Relations
Aviation SecurityAcquisition Integration
Public Affairs
GovernmentUncertainty
VP
Fleet Management(Ground / Air)
Security / Sustainability
Board Structure& Senior LeadershipSustainability
Reporting
Bill SmithLaws and Regulations
Legal & Public Affairs GovernanceSMERisk Owner
John Davis
Steve Johnson
Legal Oversight Committee
Legal & Public Affairs
Laws and Regulations
Confidential, unpublished property of UPS. Do not distribute - limited solely to authorized personnel.
Illustrative
Enterprise Risk Management 2016Confidential, unpublished property of UPS. Do not distribute - limited solely to authorized personnel.
anagement 2016
5
6
4Solution
Awareness
Follow -up
• Specific• Measurable• Aligned• Realistic• Timely
Information
Business EnvironmentOrganizational Strategy
ERM
Understand Objectives
• Strategic • Operational • Reporting• Compliance
Context
ves
Identify & Categorize
Assess & Profile
• Impact • Likelihood
Measurement
ERM Framework Summary
22
Enterprise Risk Management 2016Confidential, unpublished property of UPS. Do not distribute - limited solely to authorized personnel.
Risk Rating Matrix Likelihood of Risk Occurring
Impact if Risk Occurred
Value Likelihood Description5 Very High Event has occurred in last 12 months, or; >75% chance of occurring within five to 7 years.
4 High Event has occurred in last 24 months, or; 50-75% chance of occurring within five years.
3 Medium 20-50% chance of occurring within five years.
2 Low 10-20% chance of occurring within five years.
1 Very Low <10% of occurring within five years.
Value Impact Mission Finance Operations
5 Very High(Severe)
Severely impacts our ability to achieve UPS Mission
Results in a single year financial impact >$XXX MM, with ongoing impact
Severelydisrupts enterprise-wide customer service or operations reliability; or impacts brand long term
4 High(Significant)
Significantly impacts our ability to achieve UPS Mission
Results in a single year financial impact greater than $XXX MM and less than $XXX MM, with some ongoing impact
Significantly disrupts enterprise-wide customer service or operations reliability; or impacts brand long term
3 Medium(Moderate)
Moderately impacts our ability to achieve UPS Mission
Results in a single year financial impact greater than $XX MM and less than $XXXMM, with some ongoing impact
Moderate impact on enterprise-wide customer service or operations reliability; or impacts the brand for a limited period of time
2 Low(Minor)
Minor impact on our ability to achieve UPS Mission
Results in a single year financial impact greater than $XX MM and less than $XX MM, with some ongoing impact
Limited disruption of customer service or operations reliability, limited impact on brand
1 Very Low(Insignificant)
Insignificant impact on our ability to achieve UPS Mission
Results in a single year financial impact <$XX MM, and little ongoing impact
Minimal disruption of customer service or operations reliability, no impact on brand
Confidential, unpublished property of UPS. Do not distribute - limited solely to authorized personnel.
Illustrative
Enterprise Risk Management 2016Confidential, unpublished property of UPS. Do not distribute - limited solely to authorized personnel.
anagement 2016
5
6
Awareness
Follow -up
• Specific• Measurable• Aligned• Realistic• Timely
Information
Business EnvironmentOrganizational Strategy
ERM
Understand Objectives
• Strategic • Operational • Reporting• Compliance
Context
ves
Identify & Categorize
Assess & Profile
• Impact • Likelihood
MeasurementDevelop / Ensure
Response
• Take• Treat• Transfer• Terminate• Transparency
Solution
ERM Framework Summary
24
Enterprise Risk Management 2016Confidential, unpublished property of UPS. Do not distribute - limited solely to authorized personnel.
How much influence do we have over the risk occurring?
What can be done to reduce the impact of the risk event, if it occurs?
Can the risk be prepared for and /or recovered from?
Is this risk within our risk appetite and /or tolerance?
Risk Assessment ModelTake Treat Transfer Terminate
ImpactLikelihood
Prevention of risk occurrence
Reductionin risk severity
Recovery from risk event
Preparedness Discontinue
Determineif in risk Appetite
Is this risk able to be viewed & understood?
Would the risk be taken if it was visible to all stakeholders
Transparency
Copyrighted Material – do not reproduce or distribute with out written permission of United Parcel Service
Risk Response
25
Enterprise Risk Management 2016Confidential, unpublished property of UPS. Do not distribute - limited solely to authorized personnel.
6Follow -up
• Specific• Measurable• Aligned• Realistic• Timely
Information
Business EnvironmentOrganizational Strategy
ERM
Understand Objectives
• Strategic • Operational • Reporting• Compliance
Context
ves
Identify & Categorize
Assess & Profile
• Impact • Likelihood
MeasurementDevelop / Ensure
Response
• Take• Treat• Transfer• Terminate• Transparency
SolutionSolution
Communicate• Senior Management• Enterprise Risk Council• Risk Owners• Business Leaders
Awareness
ERM Framework Summary
26
Enterprise Risk Management 2016Confidential, unpublished property of UPS. Do not distribute - limited solely to authorized personnel.
Corporate Committees• Information Security Council• Business Continuity Committee• Finance Committee• Legal Risk Committee• Security Committee
Country BRCC
Region BRCC
Business Risk & Compliance Committees
District BRCC
International
Region BRCC
Domestic US
District BRCC
Corporate Functions, Business Units, Risk Committees
ERM Survey Responses
BenchmarkingCurrent Conditions
ERM Program• ERM is a process that identifies, evaluates and prioritizes enterprise
level risk. • It confirms ownership of risks, ensuring accountability and
mitigation activities are in motion.• ERM enhances visibility and transparency to the highest
organizational levels.• ERM does not own risk or replace the management of risks.
Enterprise Risk Governance Committee
(ERGC)
Five Management Committee Members
Risk Committee of the Board of
Directors
UPS Board of Directors
Statutory oversight of risk assessment and risk management. Oversees evaluation of major financial risks.
Oversees the adequacy and effectiveness of the company’s ERM program, including the identification of risks and evaluation process.
Responsible for overseeing management of enterprise risks.
ERM Structure
Senior Functional and Business Unit Representatives
AuditCommittee of the Board of
DirectorsEnterprise Risk
Council (ERC)
Enterprise Risk Owners
27
Enterprise Risk Management 2016Confidential, unpublished property of UPS. Do not distribute - limited solely to authorized personnel.
Mark Twain 1835 -1910
“The thing long expected takes the form of the unexpected when at last it comes.”
Risk Recognition (Oblivious to the Obvious)
28
Enterprise Risk Management 2016Confidential, unpublished property of UPS. Do not distribute - limited solely to authorized personnel.
Preventable Strategic External
Risk Statement: There is a risk that current legislation will require all delivery vehicles, operating within major city limits, to be electric powered by 2019.
Risk Category Sub-Category MC Sponsor ERC Sponsor Risk Owner
Operations / Engineering Fleet Management C-Suite VP – ERC Member VP Public Affairs VP Engineering
Risk Contributor(s) Control(s) / Mitigation Function Status L I Planned Completion
Proposed climate change legislation to lower large city carbon emissions
- Establish relationships with key legislators to ensure Company concerns are addressed.
Public Affairs
Executed - - --
- Public Affairs to develop impact and response plan to include potential alternative legislation or time extension for implementation of current regulations.
On-going 1 - Q4-2018
Limited alternatives to current delivery methods in large metro areas
- Current engineering study to identify and / or create alternative delivery options. Engineering Planned - 0.4 Q4-2017
Increased cost of alternative vehicles due to supply and demand challenges
- Current program in place to identify and purchase alternative fuel powered vehicles.
AutomotiveOn-going - - --
- Establish with automotive industry priority vender relationships for the purchase of new vehicles. Planned - 0.4 Q4-2018
- Investigate acquisition project to acquire production plant to retrofit current vehicles. Engineering Planned - 0.2 Q4-2018
- Develop capital budgeting proposal and assess overall impact. Finance Planned - - Q1-2017
Current RatingTier 2
Comments:
Tier 1Target Rating
IllustrativeRisk Profile
Confidential, unpublished property of UPS. Do not distribute - limited solely to authorized personnel.
Enterprise Risk Management 2016Confidential, unpublished property of UPS. Do not distribute - limited solely to authorized personnel.
Current Tier 2 -A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
Current Tier 1 -1 legislation requiring electric
powered vehicles
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19Likelihood
Impa
ct
VL L M H VH
VLL
MH
VH
VL L M H VH
VLL
MH
VHUPS Consolidated Risk Profile
7
M
T
L
I
B 9
14 1611
SM R
A
35 6
8
R Q
19K
7
19
10
S
13
3 18
D
J
S
P 13 11
9 15K
D CL H
I
F
H
17
11 12
N
E
V
G
7 4
-ctric
N - N
SS O
V U
7
114 16
7
5
1
13
2
1777
1
Confidential, unpublished property of UPS. Do not distribute - limited solely to authorized personnel.
Illustrative
Enterprise Risk Management 2016Confidential, unpublished property of UPS. Do not distribute - limited solely to authorized personnel.
• Specific• Measurable• Aligned• Realistic• Timely
Information
Business EnvironmentOrganizational Strategy
ERM
Understand Objectives
• Strategic • Operational • Reporting• Compliance
Context
ves
Identify & Categorize
Assess & Profile
• Impact • Likelihood
MeasurementDevelop / Ensure
Response
• Take• Treat• Transfer• Terminate• Transparency
SolutionSolution
Communicate• Senior Management• Enterprise Risk Council• Risk Owners• Business Leaders
Awareness
Monitor• Assurance / Insurance• Governance & Oversight
Follow -up
ERM Framework Summary
31
Enterprise Risk Management 2016Confidential, unpublished property of UPS. Do not distribute - limited solely to authorized personnel.
The central value of an ERM program is found in its ability to
provide an organization with a systemic awareness of
potential risk events. It does not generate intelligence, it is a
consumer of information provided by all parts of the
organization and it all begins with a conversation.
Final Thoughts
32
Enterprise Risk Management 2016Confidential, unpublished property of UPS. Do not distribute - limited solely to authorized personnel. Confidential, unpublished property of UPS. Do not distribute - limited solely to authorized personnel.
AFERM SummitNovember 8, 2016
Keith CuretonVP Global Compliance & Ethics | ERM