CISCO Risk Management

1© 2003 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID

Managing Risk in an Uncertain World

Global Risk ManagementCisco Systems

222© 2004 Cisco Systems, Inc. All rights reserved.FI-EBC-JAN04

Agenda

• Introduction to Risk

• Enterprise Risk Management

• Managing Supply Chain RiskInnovatioInnovatio

nn CommunityCommunityCommunity

U N I V E R S I T YU N I V E R S I T YU N I V E R S I T YU N I V E R S I T YAIRPORTAIRPORT

EmployeesEmployeesInfrastructurInfrastructuree

EnterpriseEnterpriseRisk Risk

ManagementManagement

BusinessBusiness


Evolution of Cisco and the Internet

Started at Stanford

IPO; 192 Employees

End-to-End Solutions Provider

Cisco Routers Power the Internet; LAN/WAN Switching, Remote Access

#1 Communications Equipment Supplier

Shipped First Router

Advanced Technology Focus:IP Telephony, Security, Wireless, Networked Home

1998199819841984 19861986 19901990 19941994 20022002 20032003

Cisco’s20th Anniversary

New Cisco CRS-1 Carrier Routing System

20042004


Introduction to Risk

Businesses continuously seek to forecast tomorrow in order to make better decisions today.

Risk Management is the process of dealing with uncertainty.


More Kinds of Crises Are Striking More OftenAnd Doing More Damage, Faster

Workplace Violence: 7 Employees Dead In Chicago Warehouse ShootingCHICAGO -- A disgruntled

employee opened fire at an at an auto-parts warehouse in Chicago Wednesday, killing six people. The attacker was also killed, hospital officials said.

Authorities got a call about 8:45 a.m. local time that a person had been shot -- possibly by a co-worker -- at the Windy City Core Supply Inc., police spokesman Pat Camden said. He said police fired shots as they entered the South Side building.

"A disgruntled employee who had either been terminated or was going to be terminated returned to the business, and that's where the shooting took place," Mr.. Camden said. He added that police tried to negotiate with the man but he refused. Police and the man exchanged fire inside and outside the building.

The Cook County Medical Examiner's Office said seven people died. The gunman and another man were pronounced dead at John H. Stroger Hospital, hospital spokesman Tony Ewell said. No other details were available.

Al Martinez, the owner of a business about half a block from the shooting, said he was at work when he heard the sound of gunfire outside. "We saw a guy shooting at police officers outside the building and saw people running around like crazy," said Mr.. Martinez, who owns Midway Pallets. "We came and saw all the cops running, hiding behind cars."

All buildings within a block of the auto parts and supply store were evacuated.

General Motors Plans Car Recall For Hazard-Warning SwitchesGeneral Motors Corp. plans

to recall about 783,000 Chevrolet Malibu, Oldsmobile Alero and Pontiac Grand Am cars to replace hazard-warning switches. GM said the switches may mal-function due to exposure to rapid temperature changes and a sol-dering process that could cause the warning and turn signals to work intermittently or not at all.

The Detroit auto maker hasn't received any reports of crashes or injuries caused by the mal-function, and expects new re-placement parts to be available during the first quarter of 2004. The recall involves only vehicles built between Feb. 1, 2000 and May 1, 2001, of which about 671,000 are in the U.S. and 88,000 are in Canada.Martha Stewart Profit

Drops 86%; Forecast Is GloomyNEW YORK -- Dogged by

the legal woes of its namesake founder, Martha Stewart Living Omnimedia Inc. posted an 86% drop in second-quarter net income and offered a gloomy forecast for the rest of the year.

The company's core brand will remain under "significant pressure" until Martha Stewart's personal legal situation is resolved, said Sharon Patrick, who took over as chief exe-cutive of the domestic-arts company in June after a federal grand jury indicted Ms. Stewart on charges connected to her December 2001 sale of ImClone Systems Inc. stock.

Martha Stewart Living reported second-quarter net income of $931,000, or two cents a share, down from $6.7 million, or 14 cents a share, a year earlier. Revenue fell 16% to $65.8 million.Reflecting the magazine's woes, second-quarter revenue from publish-ing, the company's biggest business, fell 16% to $39.6 million from $47.3 million. Higher revenue from the com-pany's new magazine, Everyday Food, as well as Martha Stewart Weddings partially offset losses from its flagship publication.

Coke Fountain Chief Steps Down Amid Furor Over Rigged Burger King TestThe head of Coca-Cola Co.'s

fountain division stepped down from his post in the wake of a scandal over a rigged marketing test for Burger King.

The executive, Tom Moore, will remain with Coke in a transitional role, "to ensure a smooth transition," a Coke spokesman said. To succeed Mr.. Moore, who has headed the food service division since December 1999, Coke named Chris Lowe, previously Coke's chief marketing officer for North America.

The spokesman couldn't say how long the transition would take, or what Mr.. Moore's next move would be. Mr.. Moore couldn't be reached for comment.

In June, the Atlanta company first disclosed its employees had tampered with results of a marketing test done three years ago at Burger King restaurants in the Richmond area to test the potential of a Frozen Coke

promotion. Coke has since publicly apologized to Burger King and agreed to pay as much as $21 million to Burger King and its franchisees to patch up relations with the company, which is its second-largest fountain drink customer after McDonald's Corp.

Coke's internal investigation of the incident was prompted by allegations offraud made by a former employee, Matthew Whitley, who is suing Coke in state and federal court in Atlanta for wrongful termination. Coke denies the fraud allegations and said Mr.. Whitley lost his job as part of 1,000 layoffs this year.

Coke has acknowledged that some employees "improperly influenced" the results of the Frozen Coke test. In 2001, Mr.. Moore and other Coke executives rejected a recommendation from Mr.. Whitley and another internal auditor to fire the head of Coke's Burger King account team for his

BioTech Firm Chiron Is Struck in California by Two Small Bombs

EMERYVILLE, Calif. -- Two small bombs exploded and shattered windows on the campus of biotechnology company Chiron Corp., but nobody was hurt and authorities said damage was minimal.

Police and company officials declined to comment on any suspects. Chiron and its executives have been targeted by animal rights protestors recently in connection with the com-pany’s relationship with Huntingdon Life Sciences, a New Jersey company that conducts animal experiments.

Emeryville Police Sgt.. LaJuan Collier said the first bomb exploded at 3 a.m. Pacific time in front of one Chiron building and the second detonated about an hour later at another building.

Chiron makes drugs and is required by the Food and Drug Administration to test its products for safety and effectiveness on animals before it can sell the drugs to people, company spokesperson John Gallagher said. He wouldn’t comment on whether Chiron conducts animal research at the Emeryville campus.


Risk Management

Effective Risk Management includes:

• Identifying and recognizing sources of uncertainty

• Measuring and assessing the frequency of occurrence severity of impact of an event

• Evaluating alterative approaches to mitigate or take advantage of the risk


New Approach to Managing Risk

• Increasing business complexity, globalization, competition, innovation, technology

• Exposure to new types of risk

• Focus on shareholder value protection and creation

• New regulatory requirements

• Hardening of traditional insurance markets

• Expanded set of sophisticated risk management tools available


Enterprise Risk Management (ERM)-Introduction

• Definition: ERM directs risk management activities in a comprehensive, coordinated, and consistent manner.

• Objective: Design a culturally acceptable process for the routine identification, assessment and management of risks throughout the Cisco (Strategic, Financial, Operational and External).

• Benefit: Create efficiencies and gain value from integrating existing risk management activities and then demonstrate the process for managing risk to our shareholders, employees, customers and partners.

InnovationInnovation CommunityCommunityCommunity

U N I V E R S I T YU N I V E R S I T YU N I V E R S I T YU N I V E R S I T YAIRPORTAIRPORT

EmployeesEmployeesInfrastructureInfrastructure

EnterpriseEnterpriseRisk Risk

ManagementManagement

BusinessBusiness


Enterprise Risk Management

“How Do I take more Intelligent Risks ?”

• Disciplined Decision Making • Risk Timing• Business & Technology

Innovation• Increased Shareholder Value• Industry Leadership

“How Do I take more Intelligent Risks ?”

• Disciplined Decision Making • Risk Timing• Business & Technology

Innovation• Increased Shareholder Value• Industry Leadership

“Is my current Risk level in control?”

• Business Risk Monitoring• Risk Responsiveness• Tolerance

–Controllable Risks–Non-Controllable Risks

“Is my current Risk level in control?”

• Business Risk Monitoring• Risk Responsiveness• Tolerance

–Controllable Risks–Non-Controllable Risks

“How Do I Reduce Business Risk?”

• Risk Analysis• Risk Assessment• Business Continuity

Planning• Business Resilience

“How Do I Reduce Business Risk?”

• Risk Analysis• Risk Assessment• Business Continuity

Planning• Business Resilience

OPTIMIZE GROWPROTECT

ERM

Corporate Strategy


The Enterprise Risk Management Continuum

RESILIENTRESILIENT• Advanced BCM• Scalable• Flexible• Modular• Agile

• Advanced BCM• Scalable• Flexible• Modular• Agile

INTEGRATEDINTEGRATED• Business Performance

Monitoring System• Embedded Analytics• Patterns & Trends• Systems View

• Business Performance Monitoring System

• Embedded Analytics• Patterns & Trends• Systems View

ADAPTABLE• Dynamic Data• Real Time Monitoring• Self-Deciding• Self-Optimizing• Self-Correcting

• Dynamic Data• Real Time Monitoring• Self-Deciding• Self-Optimizing• Self-Correcting


Business Resiliency

RESILIENTRESILIENT• Advanced BCM• Scalable• Flexible• Modular• Agile

• Advanced BCM• Scalable• Flexible• Modular• Agile

Goal: Create a readiness state for Cisco that leads to less volatility, greater predictability and fewer surprises.

Benefit: Develop capability to bounce back quickly thereby protecting employee welfare, customer satisfaction, brand reputation and shareholder value


Integration – People, Process, Systems and Culture

Goal: Create a strategic process to identify, categorize, assess and respond holistically to hazard, financial, strategic and operational risk

Benefit: Identify risk concentrations and interdependencies as well as offsetting risk patterns to optimize scarce resources and to grow shareholder value

INTEGRATEDINTEGRATED• Business Performance

Monitoring System• Embedded Analytics• Patterns & Trends• Systems View

• Business Performance Monitoring System

• Embedded Analytics• Patterns & Trends• Systems View


Business Resilience Framework

Key Key Response Response PartnersPartners

•Human Resources•Workplace Resources•Legal•Corporate Communications•Finance•Public Relations•Information Technology•Customer Advocacy•Security•Affected Business Units

TheaterTheaterCrisis ManagementCrisis Management

EmergencyEmergencyResponse TeamsResponse Teams

Executive CrisisExecutive CrisisManagementManagement

BusinessBusinessContinuity ManagementContinuity Management

The following elements are in place:• Site specific Emergency Response Teams – address minutes to hours response.

• Theater Crisis Management- address coordination of Site Crisis Teams and incidents that impact the Theater.

• Business Continuity Management-address processes to ensure recovery of critical business processes, people and systems

• Executive Crisis Management- strategic guidance to Theaters and Senior Management in responding to crises.


Adaptable

• Vision for the FutureCreate an organization whose Risk Management approach is real time, driven by dynamic data and the ability to self-correct.



ADAPTABLE


Managing Risk @ Internet Speed


Incorporate Risk Analysis

into Planning andOps Review Process

Identify, Assess andPrioritize Risks

Analyze Risksand

Current Capabilities

Gain Consensus onMost Important Risks

and Governance

Develop andExecute Action

Plans/Establish Metrics

Measure, Monitor andReport onProgress

Risk Management Framework

Integration - Close Loop Process


Typical Risk Management Actions

Type of Risk Typical ActionHazard risks(property/casualty, environmental, liability)

Insurance, mitigation plans, scenario planning

Financial risks(Currency, Interest rate, commodity prices, credit, liquidity)

Financial derivatives, asset allocation adjustments

Operating risks(Inventory, supply chain, capacity, systems)

Supply chain management, alternative sourcing, backup/redundant systems

Organizational risks(Governance gaps, wrong org. structure, Talent/morale, M&A integration)

Governance checks & balances, org structure realignment, talent measurement & investment

Strategic risks(Technology, brand collapse, disruptive competitors, stagnation, customer shift, new project risk)

Double betting, M&A, crisis management, early warning systems, proprietary information, smart product/project sequencing, demand innovation,

Source: Mercer Consulting


Risk Map (Example Only)

181818

•Strategic Risks:• Brand/Reputation

• Business Model and Portfolio• Channel

• IP Infringement/Counterfeit

• Quality• Resource Allocation/Alignment

•Operational Risks:

• Catastrophe/BI

• Change Mgmt

• Security

•External Risks:

• Competitor• Customer Needs/Product Port

• Legal/Anti-trust

• Regulatory/Taxation

• Technological Innovation

•Financial Risks:

•Cash Flow

•Credit•Debit

• Equity• Interest Rate

- 10-14 - 7-9 - 5-6Count Legend

1

23

4

5

7

8 9

10

14

12

1315

16

17

18

19

6

20

LOW MEDIUM HIGH

LOW

MED

IUM

H

IGH

Impa

ct

LikelihoodColor Legend

- Top Ten - Other

11


Integration- Gap Analysis (Example Only)

Mgmt Effectiveness Average Risk

Ris

k

Mgm

t Effectiveness

HIGH

LOW

HIGH

LOW

0.00

1.00

2.00

3.00

4.00

Hiring/R

etentio

n

IP Infri

ngemen

t/ Counter

feit

Busines

s Model

and Portf

olioTec

hnological In

novatio

nCompeti

tors

Quality

Resource

Allo

catio

n/Alig

nment

Succes

sion plan

ning

0.00

1.00

2.00

3.00

4.00

Regulat

ory

Securit

y


Cisco’s Integrated Risk Management Framework

• Improve Corporate Governance & Reporting

Integrate key risk processes and systems

Identify, categorize and transfer out concentrated or inefficient risks

Apply enterprise risk managementto better understand Cisco’s risk appetite

Create a Cisco-on-Cisco story aroundhow we manage risk as part of improving Corporate Governance

Continue to use Risk Review Groupto increase risk education, awareness and information sharing across disciplines

Internal Controls Internal Controls (ICS)(ICS)

SarbanesSarbanesOxley Oxley (SOX) (SOX)

Risk Risk ManagementManagement

(RM) (RM)

Cisco Confidential - 2005


Partnership

Board

• Policy• Risk Strategy• Oversight• Correction

Executive Management• Establish Policy• Propose Risk Strategy• Measure / Monitor• Report to Board• Enforce

Line Managers• Identify Risk• Measure Risk• Prioritize Risk• Manage Risk• Report and Improve

Risk Management

• Monitor• Coordinate• Educate

• Facilitate• Benchmark• Report


Managing Supply Chain Risk @ Cisco


Core Versus Context

Core Context

MissionCriticalMissionCritical

Non-MissionCritical

Non-MissionCritical Outsource

Control SpecsOutsource

Control Specs

In-HouseIn-House Out-TaskTight ControlOut-Task

Tight Control

Out-Task Some ControlOut-Task

Some Control


Global Factory and Distribution Infrastructure

8 SLC’s Outsourced to 3PL2 OCC’s Shipping from Mfg.8 SLC’s Outsourced to 3PL2 OCC’s Shipping from Mfg.

PCBA SITEBOX BUILDPCBA / BOX BUILD

PCBA SITEBOX BUILDPCBA / BOX BUILD

14 TOTAL SITES4 TOTAL CM’S14 TOTAL SITES4 TOTAL CM’S

Jabil FLJabil FL

Jabil Hungary

Jabil Hungary

CelesticaMexico

CelesticaMexico

Celestica-Thailand

FoxconnChina

Jabil andSLR

Penang

Jabil andSLR

Penang

SLR-TXSLR-TX

Jabil MexicoJabil Mexico

FoxconnHong KongFoxconnHong Kong

Celestica NHCelestica NH

FoxconnCzech

Republic

FoxconnCzech

Republic

CLSToronto


Mfg Supply Chain BCP Tool


Closing Thought………

“Organizations make money by taking risk and lose money by not effectively

managing risk.”

CISCO Risk Management

Documents

Transcript of CISCO Risk Management