AAPL Enterprise Risk Management ProgramLet us, go overAAPL’s direction towards its ERM program. As given in AAPL’s 10K document we findthe possible risk exposures and mitigation AAPL uses. This is captured in figure 2.4 for easy access. AAPL has a verystrong implementation of ERM in the organization. AAPL has a verystructured methodology for its Risk management program. The program consists ofa Risk Oversight Committee (ROC) which in-turn folds into an Audit Committee (AC)finally reporting to AAPL’s Board. ROC consists of members who heads AAPL’svarious lines of business or business-units and are part of its management team.
AC’s responsibilities includes continuous identification monitoring andcontrolling of AAPL’s risk portfolios in the areas of: operation, privacy, legaland regulatory etc.HPQ Enterprise Risk Management ProgramNext we take a look at HPQ. We can see from its 10Kthat HPQ is exposed to the below primary business risk exposures:v Substantialcompetitive pressure.v Fluctuations in FXrates.v Economicweakness/uncertainty.v Failure to managedistribution products.v Businessdisruptions could seriously harm future revenue.v Unable to enforceintellectual asset rights.
v Third party claimson intellectual property.v System securityrisks, data breaches, cyber-attacks.v Failing to complywith customer contracts/government contracting.v Failure to sustaina healthy credit ratings could adversely affect liquidity, borrowing costs andaccess to capital markets.v Unanticipatedchanges in tax provisions.
v Terrorist acts, warsand geopolitical uncertainties. HPQhas a solid Enterprise Risk Management (ERM) program1 to manageand control its risk exposure and build effective strategies to offset thebusiness risks. The ERM program helps to clearly define risk management rolesand responsibilities, bring together senior management to discuss riskexposures and facilitate appropriate risk response strategies. The ERM programrun is by management. The Board oversees management’s implementation of ERMprogram. In figure 2.
5 we can see thereporting structure of the ERM framework at HPQ. The key functions of the ERMprogram includes: developing a risk portfolio by performing targeted riskassessments, developing risk response plans, monitoring identified risk focusareas and lastly report on risk portfolio and risk response to Audit Committee. Lenovo Enterprise Risk Management ProgramAs we look into Lenovo’sannual report2 we find that Lenovo hasembedded its Enterprise Risk Management (ERM) program as part of its strategicplanning across all major functions of the Company. We see in figure 2.
6, Lenovo’s risk exposure issegregated primarily into: Business Risk, Cyber Attack and Security Risk,Financial Risk, Intellectual Property(IP) Risk, Supply Risk and Human CapitalRisk and also its strategies to offset those risks. In figure 2.7, we see the ERM framework established at Lenovo. We seethat the business functions are required to identify material risks that mayimpact the strategic objectives they represent. Further the risks are monitoredand reviewed by each business function level and also at a group level.
In theprocess the ERM team coordinates risk identification and assessment process.ERM appraises the Audit Committee on the status of the identified risks alongwith the actions which are taken to manage the identified risks. Analyzing ERM ApproachesAs we outline the ERMprograms for our three enterprises, we find similarities on the ERM approaches.At a high-level all three organization identified that the following are theirkey exposure: Business Continuity, Reputation, Cyber Attack and Security,Financial, IP, Supply Risk, Human Capital Risk and Regulatory Risk. While reviewing the past five years of 10K documentationwe also see that over the last five years there has been changes on riskpositions on some risks as new ones gets identified. For example: AAPL droppedits risk for US on single cellular network carrier to provide service foriPhone as AAPL made iPhone available on all major cellular network in thecontinent of US.
Also considering reports of recent data breeches and its longlasing impacts to organization’s business performance, AAPL has added, “Breach of Company’s information technologysystems may materially damage business, partner and customer relationships”to its list of major risk.Although each company formulates its mitigation planin an effort to offset its potential business risk, computer industry remainsas one of the largest industry which relies heavily on innovation to createproduct differentiators and stay ahead of its completion. But at the same time,predicting how the technology landscape of the future would look like is notsomething a single organization or an individual can accurately determine.1Board RiskOversight,h30261.www3.hp.com/~/media/Files/H/HP-IR/documents/reports/2017/2017-hp-inc-proxy-statement.pdf2Lenovo annualStatement, static.lenovo.com/ww/lenovo/pdf/report/E_099220170605a.pdf