AAPL Enterprise Risk Management Program
Let us, go over
AAPL’s direction towards its ERM program. As given in AAPL’s 10K document we find
the possible risk exposures and mitigation AAPL uses. This is captured in figure 2.4 for easy access. AAPL has a very
strong implementation of ERM in the organization.
responsibilities of AAPL’s ERM includes continuous monitoring and controlling
of the following: business risks, operational risks, privacy and data security
risks, legal and regulatory risks and business continuity risks to name a few. As
we take a closer look at the structure of ERM organization within the enterprise
we find that, at the center is the Risk Oversight Committee, the committee
members are actually members of AAPL’s management who leads its various business
functions. A step higher in this committee is the Audit Committee whose members
are directly appointed by the Board. Regular reviews of enterprise’s
risk-exposures and possible mitigation procedure is done by Audit and Risk
Oversight committee which further appraise the Board.
HPQ Enterprise Risk Management Program
Next we take a look at HPQ. We can see from its 10K
that HPQ is exposed to the below primary business risk exposures:
v Fluctuations in FX
v Failure to manage
disruptions could seriously harm future revenue.
v Unable to enforce
intellectual asset rights.
v Third party claims
on intellectual property.
v System security
risks, data breaches, cyber-attacks.
v Failing to comply
with customer contracts/government contracting.
v Failure to sustain
a healthy credit ratings could adversely affect liquidity, borrowing costs and
access to capital markets.
changes in tax provisions.
v Terrorist acts, wars
and geopolitical uncertainties.
has a solid Enterprise Risk Management (ERM) program1 to manage
and control its risk exposure and build effective strategies to offset the
business risks. The ERM program helps to clearly define risk management roles
and responsibilities, bring together senior management to discuss risk
exposures and facilitate appropriate risk response strategies. The ERM program
run is by management. The Board oversees management’s implementation of ERM
program. In figure 2.5 we can see the
reporting structure of the ERM framework at HPQ. The key functions of the ERM
program includes: developing a risk portfolio by performing targeted risk
assessments, developing risk response plans, monitoring identified risk focus
areas and lastly report on risk portfolio and risk response to Audit Committee.
Lenovo Enterprise Risk Management Program
As we look into Lenovo’s
annual report2 we find that Lenovo has
embedded its Enterprise Risk Management (ERM) program as part of its strategic
planning across all major functions of the Company. We see in figure 2.6, Lenovo’s risk exposure is
segregated primarily into: Business Risk, Cyber Attack and Security Risk,
Financial Risk, Intellectual Property(IP) Risk, Supply Risk and Human Capital
Risk and also its strategies to offset those risks.
In figure 2.7, we see the ERM framework established at Lenovo. We see
that the business functions are required to identify material risks that may
impact the strategic objectives they represent. Further the risks are monitored
and reviewed by each business function level and also at a group level. In the
process the ERM team coordinates risk identification and assessment process.
ERM appraises the Audit Committee on the status of the identified risks along
with the actions which are taken to manage the identified risks.
Analyzing ERM Approaches
Some of the
similarities on the ERM approaches that we find is that at a high-level all
three organization identifies that the following is there key exposure: Business
Continuity, Reputational risk, Cyber Attack and Security Risk, Financial Risk,
IP risk, Supply Risk, Human Capital Risk and Regulatory Risk.
While reviewing the past 5 years of 10K we also see
that over the last five years there has been changes on risk positions on some risks
as new ones gets identified. For example: AAPL dropped its risk for US on single
cellular network carrier to provide service for iPhone as AAPL made iPhone
available on all major cellular network in the continent of US. Also
considering reports of recent data breeches and its long lasing impacts to
organization’s business performance, AAPL has added, “Breach of Company’s information technology systems may materially
damage business, partner and customer relationships” to its list of major
Although each company formulates its mitigation plan
in an effort to offset its potential business risk, computer industry remains
as one of the largest industry which relies heavily on innovation to create
product differentiators and stay ahead of its completion. But at the same time,
predicting how the technology landscape of the future would look like is not
something a single organization or an individual can accurately determine.