The reading this week discusses strategy and how ERM can be integrated with an organizations overall strategy. Prepare a research pap

Integration of ERM with Strategy Case Study Analysis – April 2016

Prepared by: Ha Do, Maria Railwaywalla, Jeremiah Thayer Graduate Students, Poole College of Management, NCSU

Table of Contents

I. Introduction …………………………………………………………………………………………… 2

II. Case Study: Mitchell Industries ……………………………………………………………….. 3

III. Case Study: Eli Lilly ……………………………………………………………………………….. 9

IV. Case Study: Daisy Company …………………………………………………………………… 15

V. Conclusion …………………………………………………………………………………………….. 21

VI. Appendix ………………………………………………………………………………………………. 22

A1: Mitchell Industries: Risk Assessment Template

A2: Mitchell Industries: Template Assessing Risk in Relation to Strategy

A3: Eli Lilly: Risk Assessment Template

A4: Eli Lilly: Risk Ranking Matrix

A5: Daisy Company: Risk Template

A6: Daisy Company: Rating Scale

VII. About the Authors …………………………………………………………………………………. 34

INTEGRATION OF ERM WITH STRATEGY – 2

Introduction

One of the greatest sources of risk for today’s companies arises from the context of its strategic

plan. While a company’s strategy drives its value creation, it also entails risk-taking; when

strategies change or new initiatives are implemented, new risks may be introduced or existing

risks could change. The greater the degree of integration between strategy and risk management,

the more likely it is that a company will be able to successfully implement its strategy.

Enterprise Risk Management (ERM) is an emerging process that can serve many purposes: as a

tool for risk management, strategic planning, and identification of emerging opportunities and

potential competitive advantages. The purpose of this case study is to provide a description of the

processes used by three different companies in different industries to illustrate the ways these

companies have integrated ERM in the context of their strategy.

These case studies are based on real life examples of how companies have attempted to better

integrate their ERM process within their strategic planning process. The three cases reveal the

variety of methods that can be used based on a company’s strategic objectives, business model,

culture, and maturity in ERM implementation. This report also highlights key takeaways as

points of comparison when assessing the level of integration between ERM and the strategic

planning and implementation process.

Readers should keep the following in mind:

● ERM personnel can use this document to assess their company’s level of integration and

discuss how their current ERM process can be improved and be more closely aligned with

the strategic planning process.

● The methods of integrating ERM with strategy will vary based on the company. Just as ERM

requires customization to suit a company’s unique objectives, culture, and business model,

the integration of risk management and strategic planning also requires a company to

consider its objectives and culture before deciding the best way to align the two processes.

Increasing complexity due to industry changes, globalization, and shifts in technology and

business cycles can produce more risks related to strategy than ever before. By establishing a

close link between a company’s strategic planning and risk management processes, management

can help ensure that new strategic initiatives are connected to appropriate risk mitigation

strategies, that changes in the company’s strategic direction are accompanied by timely

assessment of new or emerging risks, and that the company is better prepared to identify risk-

related competitive advantages.

INTEGRATION OF ERM WITH STRATEGY – 3

Case Study: Mitchell Industries

Background of the Organization

Mitchell Industries is a global aerospace, defense and information technology company. They

provide a broad range of management, engineering, technical, scientific, logistics and

information services. The company was founded in 1985 and has grown organically and through

a number of acquisitions. Headquartered in Chicago, Illinois and incorporated in Delaware, the

company conducts most of its business with the U.S. Government, principally the Department of

Defense (DoD) and intelligence community. The company has 120 locations worldwide,

including 72 international offices, approximately 24,000 employees and customers in 150

countries.

Overview of ERM

Mitchell Industries views risk management as critical to its success. Risk management is

embedded in many business processes such as executive planning, program / contract

management, research and development, etc. However, following the financial crisis, there was

an increased focus on risk oversight practices. Credit rating agencies, such as Standard and

Poor’s, began assessing enterprise risk management processes as part of their corporate credit

ratings analysis, and there were signs that new requirements would be placed on Boards of

Directors regarding their risk oversight responsibilities. During this same time frame, the

company appointed a new board member to chair the Audit Committee who placed an increased

focus on the company’s risk management practices. Leadership of the organization also began to

see the need for a more formal enterprise wide process for managing risk. All of these events led

to the implementation of a formal structured ERM process in 2009.

Initially, Mitchell Industries maintained independent ERM and strategy processes that occurred

in parallel. As leaders recognized the value of being better informed of and prepared for risk

events, steps were taken to align and integrate ERM with the strategic planning process. There

are now several points of integration between the two processes to ensure they are in sync and

reflect the priorities of the organization as a whole.

Integration of ERM with Strategy

The next few paragraphs highlight the details of the ERM cycle, strategy planning process and

their integration.

ERM Cycle

The company has an annual ERM cycle which is facilitated by the ERM team. The ERM team

consists of three members, the Director and two analysts. They are the link between the members

of the organization responsible for risk management and the enterprise risk management process.

The annual process begins with the identification and assessment of risks in the January /

February time frame. The ERM team administers a survey to Vice Presidents (VPs) and selected

INTEGRATION OF ERM WITH STRATEGY – 4

Directors (direct reports to VPs). At the same time, interviews are conducted with the CEO and

the CEO’s direct reports (senior executives).

The ERM team analyzes the information gathered in the surveys and interviews to prioritize the

risks. The prioritized risks are typically presented using a heat map. For each of the

organization’s top risks (typically 8-10 risks), an owner is identified. The risk owners, also

referred to as risk champions, are responsible for assigning a risk manager, approving mitigation

(action) plans, resourcing the plan, and briefing the plan to the Board. The risk owners are

assisted by risk managers who are responsible for the risk action plan. The ERM team works

with the risk managers to understand survey findings and develop mitigation plans. The risk

managers are responsible for managing the risk and tracking the progress of the mitigation plan.

They own the risk and report progress of the mitigation plans to the ERM team on a quarterly

basis. The ERM team summarizes the risks, the risk mitigation plan and the progress in

implementing the plans on a dashboard that is reported to executive leadership and the Board.

During the third quarter, the ERM team updates the earlier identified risks by conducting a

second round of interviews with the CEO and senior executives. They factor in risks that arise

due to external factors such as regulatory risks, geo-political risks, economic risks, technological

risks, etc. Any significant changes are incorporated into the heat map and used to refine the risk

mitigation plans.

The company has several business units and the ERM team shares business unit specific risks

(heat maps) with the executive leadership team of each business unit during the March timeframe.

During the second quarter, the business units consider these risks, determine the risks critical to

their respective business unit and communicate their action/ mitigation plans back to the

executive team during the July time frame as part of their strategic plan.

Strategic Planning Process

Mitchell Industries has an annual strategic planning cycle. The process starts in December and is

both a top-down and bottom-up approach. The CEO owns the overall strategy. That strategy is

primarily developed by the Corporate Strategy office, working in conjunction with business unit

strategists. Once the overall strategy is developed, the plan is communicated by the CEO to the

VPs at the annual Senior Leadership Meeting in the January/February timeframe and to the

Board in February.

The business units develop their respective strategies in light of their portfolio of products and

within the framework of the corporate strategy and guidance provided by the Corporate Strategy

office. This process begins in February and culminates in July with the Strategic Planning

Conference where the business unit leaders present their strategy for the upcoming year to the

CEO. Each business unit is also responsible for annually developing a three-year business plan

that reflects the implementation of the strategy. This plan is updated concurrently with the

strategy and is finalized in November.

INTEGRATION OF ERM WITH STRATEGY – 5

Mitchell Industries ERM & Strategy Implementation Timeline

Con tinuous review of progress of mitigation plans

Corporate strategy kick-off

CEO communicates strategy to VPs &

Corporate Strategy provides planning guidance to

Business Units

Strategy

ERM

Business Units develop strategic plans and factor in risks communicated by ERM team in formulation of plans

Interview results fed in to Dec corporate strategy kickoff

Business Units communicate

strategic plans to CEO

Business Units develop and present 3 year business plan

ERM team analyzes survey

results and prioritizes

risks

ERM team conducts enterprise-wide survey of VPs and interviews executive leadership

team (CEO, Business unit leaders)

ERM team communicates survey results

to CEO and Business Unit

leaders

Communication of enterprise risks

to the Board

Communication of risk status to executive

leadership and the board

Jan. Feb. Mar. Apr. May Jun. Jul. Aug. Sep. Oct. Nov. Dec.

ERM team conducts follow-up interviews with executive team

Integrating the Two Processes

The strategic planning process and ERM process are initiated in two different organizations and

start at slightly different times. Strategic planning starts with the CEO and strategy leads. ERM

starts with surveying the VPs and their direct reports. The two processes operate in parallel, with

both following an annual cycle and combined top-down / bottoms-up approach. There are several

points where information is shared between the two. This is how the company integrates the two

processes to ensure ERM and strategy are in sync and have an enterprise wide impact. The

following are the specific points of integration:

● Macro Level – The first point of integration is the third quarter risk update. This updated

information, which includes external risk developments that may impact the organization, is

communicated to the corporate strategy team who then factors the information into the

corporate-level strategy.

● Micro Level – The second stage of integration is at the business unit level. Each business

unit receives the broad strategic objectives post the CEO and VPs meeting (January/

February time frame). The business units also receive specific information about their top

risks from the ERM team (March time frame). The business units factor this information into

the formulation of their strategic plans.

● Third Level – The final stage of integration occurs when Functions develop strategies/

action plans to support Business Unit plans and address specific risks.

INTEGRATION OF ERM WITH STRATEGY – 6

Mitchell Industries ERM & Strategy Integration

Risk owners identify a risk manager, approve

mitigation plans and provide resources for plans

BU leaders are responsible for preparing mitigation plans for their

respective BUs

ERM team surveys the VPs and directors to identify broad

level risks

ERM team interviews the CEO & senior executives for additional risk

identification and assessment

ERM team:

 Gathers information about external risks to the organization

 Consolidates the survey/ interview results

 Communicates top risks to risk owners and business units through heat maps

 Works with risk managers to develop risk mitigation plans

 Conducts second round of interviews and communicates to senior executive team

Risk managers develop and execute risk

mitigation plans and report progress quarterly

Quarterly reporting

CEO communicates strategy to all VPs at Senior Leadership

Meeting

Business Units:  Receive broad strategic objectives

post CEO/ VP meeting

 Receive guidance from Corporate strategy office

 Communicate respective strategic plan to CEO

 Develop 3 year business plans

ERM Process Strategy Planning Process

Macro level integration ERM team communicates the results of the interviews/ surveys to the corporate

strategy team who incorporates the same in strategic planning

Micro level integration BU’s develop individual strategic

plans within the corporate guidance framework and include BU specific

risks

Corporate strategy office develops corporate strategy

plan on behalf of CEO

Planning guidance to BUs

Functional units develop strategies/ action plans to

support BU plans and address specific risks

Third level integration Functional unit support to

BUs

Issues in Integration

The initial integration of the two processes was not simple and smooth. The company

encountered some challenges, but ultimately was able to adapt the process. The key issues faced

by the company and the steps that were taken to remedy those issues are as follows:

● Non-value Add Perception

The strategy and business unit leaders believed they had a complete understanding of the

internal and external environment. Therefore, they did not see the value offered by the ERM

team and the need for a separate risk identification and assessment process.

To deal with this, the ERM team worked to eliminate duplication and redundancy and show

the business unit leaders the value added by taking a comprehensive, enterprise wide

approach to risk. For example, the ERM team accumulated risk information from across the

enterprise and provided executive leaders with an enterprise view of risks that they otherwise

INTEGRATION OF ERM WITH STRATEGY – 7

would not get. In addition, they provided business unit leaders with an opportunity to shape

the process for gathering risk information so that the process would be more meaningful for

the business units. Over time, this helped the strategic and business unit leaders be more

accepting of the ERM process and team.

● Leadership Change

Another challenge faced by the organization was the frequent turnover in the top corporate

strategist position. This led to frequent adjustments in the planning process for the

organization. For example, at one time, there was heavy reliance on external sources for risk

information, however, with a change in personnel, the strategic planning function began

relying more on the internal ERM team for risk information. With that shift, the ERM team

was able to be more involved in the strategic planning process.

Through these changes, the ERM team recognized the need to

educate and advocate the value the ERM process can bring. They

now provide a basic introduction and overview of ERM to new

leaders. The education process is not always formal; ERM

professionals also look for opportunities to network within the

organization to make more people aware of the work the ERM

team performs and the resources they have to offer.

Future Steps

Like the ERM process overall, the integration of ERM and strategy is an ongoing effort which

continues to make incremental improvements each year. The company believes the integration is

working well especially since the current leadership is open to further opportunities to fine tune

the integration between the two.

Even with the advances the company has made in their ERM process, the company feels that

parts of the organization are still operating in silos and that improvements could be made in the

linkage of risk mitigation processes across organizational boundaries. The company does not

have a system to align strategic initiatives and risks at the business unit level with initiatives and

risks at the corporate level. This could potentially result in disconnects between the two. The

company is now piloting a new software tool that has the potential to link corporate level and

business unit level strategies and risks.

Another area of improvement recognized by the company is the resource allocation process as it

relates to risk mitigation. While risks are being considered in the strategic planning process, the

need for resources to mitigate high priority risks is not being considered alongside the resources

needed to implement strategic initiatives in each function area. Each functional team has their

initiatives that support the corporate strategy, but those initiatives are not explicitly linked to the

potential risks of achieving the corporate strategy. The ERM team is working with strategy and

functional teams to create better alignment of objectives, strategies and risks.

INTEGRATION OF ERM WITH STRATEGY – 8

The company has crossed the initial hurdle of identifying

and spreading awareness about the need for and benefits of

integrating ERM and strategy. In other words, they have

successfully answered the question “why is integration

necessary”. However, they are now in the stage of

answering the question “how to effectively implement the

integration” and “how to overcome the challenges of

integration”. Successfully dealing with these questions will

enable Mitchell Industries to move onto the advanced stage

of integration where corporate level and business unit level

strategies and risks are developed and managed in an

integrated, enterprise-wide process.

INTEGRATION OF ERM WITH STRATEGY – 9

Case Study: Eli Lilly

Background of the Organization

Headquartered in Indianapolis Indiana, Eli Lilly and Company focuses on the research,

development, manufacturing, sale and distribution of human pharmaceutical and animal health

products. The company sells products in approximately 120 countries worldwide. Eli Lilly has a

market capitalization of approximately $90 billion, revenue in 2014 of $20 billion, and

approximately 41,300 employees worldwide.

Overview of ERM

While the company’s ERM program began formally in 2005, the integration of ERM with the

company’s strategic planning process started in 2007. In order to promote the importance of a

strong connection and assess ways to improve the link between ERM and the company’s

strategic planning process, the Sr. Director of ERM initiated a series of sessions amongst leaders

from the Corporate Strategy, Ethics and Compliance (E&C), and Legal functions. It was

especially important that key strategic risks be included in the ERM process, and that leaders

within Eli Lilly’s strategic functions be able to provide input on what risks were ultimately

elevated to an enterprise level.

Eli Lilly and Company uses a highly structured approach to implement its ERM process and

accomplish integration of ERM and strategy. The board-level components consist of the Audit

Committee and the Public Policy and Compliance Committee (PPCC), which provide oversight

and accountability at the board level.

The company chose to align ERM with its E&C function to benefit

from two key attributes: risk identification and independence. The

E&C function at Eli Lilly conducts risk identification and mitigation

as part of its daily operations; keeping ERM aligned with Compliance

would provide for greater efficiency. The Ethics and Compliance

department reports to the CEO with a dotted line of reporting to the

board, so aligning ERM with the E&C function allowed ERM to

maintain this essential, independent line of reporting as well.

The next element is the Compliance and Enterprise Risk Management Committee (CERMC),

which consists of senior management, including the Presidents of each of the company’s

business units and functions (e.g. LRL, Manufacturing, Quality and Global Services, etc.), the

President of Lilly’s largest affiliate, the Chief Medical Officer, the Chief Information Officer,

and the General Auditor.

Another critical component is the ERM Core Team, which consists of a group of six selected

members representing various areas of the business, including two executives in charge of

strategy (including the leader of Corporate Strategy), the board secretary, who is an attorney in

INTEGRATION OF ERM WITH STRATEGY – 10

the Lilly Law Division, a CERMC member (Chief Ethics and Compliance Officer), and the two

individuals in charge of the company’s ERM process.

Eli Lilly ERM Structure

Having a group such as the ERM Core Team provides several benefits. A multi-disciplinary

team provides an enterprise-wide perspective on both risk identification as well as prioritization.

Including strategic personnel provides a uniquely strategic point of view, and including a board

level perspective can keep the ERM team informed of board-level priorities or concerns and

more closely link ERM risks to the company’s current and future strategic initiatives. The mix of

personnel on the Core Team allows the group to evaluate operational risks through a long-term

strategic lens to identify entity-level risks and opportunities.

Each January and February, the ERM Core Team conducts workshops involving 40-50 leaders

across the company’s geographic regions and business units. The Core Team then uses the

information gathered from the workshops as well as its own internal discussions to put together a

report on entity level risks that is reviewed by the CERMC. The Core Team is able to pull

INTEGRATION OF ERM WITH STRATEGY – 11

together themes that cross business unit/functional area boundaries and use their respective

points of view to prioritize these themes into entity level risks based on a strategic, enterprise –

wide perspective. In this way, the ERM Core Team serves as a critical transition point from the

“silo” perspective of the individual business units to the more enterprise-wide view of executive

management and the board.

For example, after completing its annual ERM

workshop process and reviewing the results, if the

ERM Core Team discovered that several different

business units have identified a similar risk, the

ERM Core Team could upgrade the risk from a

business unit risk to an entity level risk in the

report to the CERMC. Upon review by the

CERMC, additional resources could be assigned,

including the creation of a task force/team to look

specifically at the enterprise level risk and craft a

mitigation plan to be implemented on a company-

wide basis. This is just one example of how Eli

Lilly’s process is designed to take what appears to

be a business unit risk and escalate it to an

enterprise level to be dealt with and mitigated before it negatively affects the company.

Directly supporting the ERM Core Team are the ERM Liaisons, which typically have operational

responsibilities at the business unit or functional level. The ERM Core Team works closely with

the ERM Liaisons to identify risk owners within each business unit or functional area, and the

ERM Liaisons in turn work with the identified risk owners to craft a mitigation plan for the risks

they have been assigned. This ensures that those most directly responsible for managing and

mitigating the identified risks maintain ownership of the risks.

In addition to the assignment of risk ownership, oversight and monitoring is conducted

throughout the process to ensure that the mitigation plans are put into action. Based on whether a

risk has been assigned a high (red), medium (yellow), or low (green) risk designation on the

company’s ERM heat map, oversight is assigned to the CERMC, ERM Core Team, or Business

Unit Liaisons respectively (see Appendix A3 and A4). For example, review and oversight by the

CERMC involves a risk owner providing an update to the members. The ERM Core Team meets

with ERM Liaisons to review documents that support execution of the various mitigation steps,

and Business Unit Liaisons conduct their own review of the documentation supporting execution

of the various mitigation steps.

Integration of ERM with Strategy

One of the first obstacles to integration faced by Eli Lilly was

getting those involved in the process to avoid mentally

separating ERM risks from other strategic processes. From the

INTEGRATION OF ERM WITH STRATEGY – 12

company’s point of view, integration should begin at the individual employee level, and this

required helping employees understand that ERM should not be separated from their other work.

One method the company used to overcome this obstacle was to ensure the timing of the

company’s ERM process coincided with the strategic planning process during the company’s

regular business cycle. When the strategic planning process begins in January and February,

business areas are responsible for establishing their portion of the strategic plan. Information

from this business unit level process is used as an input for annual ERM workshops, which

encourages employees to think about ERM at the same time they are already engaged in the

strategic planning process. This helps embed the ERM process at the strategic planning level and

increases the likelihood that strategic objectives directly inform the risk identification process.

Since the strategic planning process also involves scenario analysis activities, the company is

able to identify potential opportunities for competitive advantage arising from successfully

mitigated risks.

One of the keys to ensuring that personnel perceive ERM as more than just “another corporate

exercise” has been to focus on building relationships and educating employees on how the ERM

process has value for the company. This education has occurred by conducting CERMC and

board meetings as well as sessions with ERM Liaisons. Since the strategic planning process is

well-understood, and its importance widely accepted, linking ERM to the strategic planning

process from a corporate perspective helped forge the correct mindset.

The other key to integrating the process with strategy at the

employee level has been to create “local” ownership of the

process at the business unit level. This was accomplished by

establishing that the business leaders would ultimately be

responsible for the identified risks and their subsequent

management and mitigation. Additionally, making it clear that

the board of directors was keenly interested in knowing what the

risks were and how they were being managed created a powerful incentive that represented the

“tone at t

Collepals.com Plagiarism Free Papers

Are you looking for custom essay writing service or even dissertation writing services? Just request for our write my paper service, and we'll match you with the best essay writer in your subject! With an exceptional team of professional academic experts in a wide range of subjects, we can guarantee you an unrivaled quality of custom-written papers.

Get ZERO PLAGIARISM, HUMAN WRITTEN ESSAYS

Why Hire Collepals.com writers to do your paper?

Quality- We are experienced and have access to ample research materials.

We write plagiarism Free Content

Confidential- We never share or sell your personal information to third parties.

Support-Chat with us today! We are always waiting to answer all your questions.