Enterprise Risk Management
Managing risk is a complex and nuanced business discipline. Every strategic decision within an enterprise carries with it both risk and opportunity. And because IBM’s business affects the fortunes of our shareholders, clients, business partners and employees, it is critical that the company takes a strategic and disciplined approach to enterprise risk management (ERM). We believe that effective risk management is critical to protecting and enhancing the value of the company.
For example, a key element of the company’s strategy has been focused on becoming the premier globally integrated enterprise. In the early part of the decade, the company drove implementation of a consistent set of processes and standards worldwide to reduce inefficiencies and improve collaboration. With its processes integrated, the company implemented a new operating model with work shared in global resource centers of excellence located where it made the most business sense.
The company is now embarking on the next generation of its transformation in which new capabilities and technologies like business analytics and cloud computing will drive performance. The proven principles of the globally integrated enterprise will be applied to all of the company’s spending to continue to drive additional productivity benefits in shared services, integrated operations and end-to-end process transformation.
In conjunction with our internal business transformation and global integration initiatives intended to improve quality and productivity and enable rapid scaling, we implement comprehensive risk mitigation strategies.
One of the most effective ways to manage risks in a global enterprise is to integrate a culture of risk identification, analysis and mitigation throughout the company. We began by infusing that culture into the business units, the most important dimension since that is where risk is taken for commercial gain, and subsequently focused on the geographic units and on the enterprise processes.
In 2010, we continued to further engage senior management in a collaborative approach to identifying, evaluating and managing enterprise-level risk. We communicated with the Audit Committee of the Board of Directors because an overall review of risk is inherent in the Board’s consideration of IBM’s long-term strategies and in transactions and other matters. In addition, our senior vice presidents, in acknowledgment of their accountability for managing risk to acceptable levels, have volunteered to lead the work for various identified risks. A key aspect of their leadership is the governance model and management system they are putting in place to foster collaboration and transparency in managing risk. And risk management has been integrated into our executive compensation system, designed to motivate our leaders to deliver a high degree of business performance without encouraging excessive risk taking.
Throughout the company, the approach we take to identifying and managing risk is based on the ISO 30001 ERM Standard. We consider and assess potential financial, operational, regulatory and other risks to our business. And setting the context is especially important. There are risks we encounter because of where we do business, how we do business, and the nature of our offerings. It is particularly challenging to identify risks that have not been previously identified. We have enhanced our risk identification process over the past five years. The approach in 2010 included several sources. We analyzed our peers’ 10K filings. We worked with leading consultants. And we conducted a rigorous self-examination that included several rounds of reviews with approximately a hundred key executives. This effort resulted in some key changes to the set of enterprise-level risks that will receive senior executive focus in 2011.
Because the very nature of our business—information technology—changes so rapidly, we continually challenge ourselves to identify risks that we haven’t encountered before, or escalate the importance of existing risks due to changed circumstances. Going forward, IBM intends to continue to drive a culture of risk management into all parts of the enterprise, allowing for business, geography and process experts to define and manage risk at increasingly granular levels.
Featured IBM Initiatives
A Century of Shared Value
As IBM celebrates 100 years of building a responsible enterprise, we look back at several moments that have defined our values and served as cornerstones in our pursuit of progress.Launch Feature
Smarter Cities Challenge
The Smarter Cities Challenge is a competitive grant program awarding $50 million worth of services and expertise over the next three years to help 100 cities around the globe address a wide range of challenges.Launch Feature
Celebration of Service
IBMers worldwide are improving the communities in which they work, learn and live by pledging time and expertise. IBM honors their commitments with a program of new and expanded grants, and the opportunity to join a global effort.Launch Feature