Kellog Corporate Governance Conference II

Notes from comments by ERM session panelists:

Walter Havenstein, CEO, SAIC

Succession planning and leadership development seen as the most important ERM process at SIAC.  (Firm had been led by founder for 35 years up to 2003.)

Business of SIAC is 90% to government.  Large fraction of that business is Top Secret.  Needed to form special board committee to handle Classified Business oversight.  Board members with security clearances (Former DOD and Military officials).   This committee reports quarterly to board – saying what it can about classified work.

Work is highly technical and operationally sensitive – very high risk.  Risk decisions usually were about which people could work on which projects.

James McNerney, CEO, Boeing

There was much too much risk in the company when he became CEO.  ERM has made a big difference.  Risk management is integrated top to bottom and horizontally (covariance risk)

“you have to absorb some risk to make progress”

Boeing was the merger of four large companies.  There were not common views of anything, not any top to bottom or horizontal integration.  Operations are centered upon local plants.  There were compliance issues – Finance, Legal and HR did not collaborate.  Had to strengthen internal controls to deal with compliance issues.

Boeing made an acquisition that brought in much more tail risk than they knew.  And they had added a huge amount of risk with the BIG NEW PRODUCT (787).

Have used the COSO framework for ERM.  That has served Boeing well. It was easy to work hard at ERM because the risks were very visible.  Risk management does not slow Boeing down, it speeds us up.  The annual rhythms of ERM work well.  They are asking the same questions every year and 80% of the answers come back the same as the prior year, but each year 20% come back different – and those different answers are important to know.

At Boeing, risk of every one of 16 major projects is so large that any one could bring down the firm.  This makes risk management extremely important.

Jim Kackley – Herman Miller board member

ERM process was urged on CEO by the Audit committee of board.  They wanted a more rigorous look at risks and they insisted that ERM be a value added process – not just a cost drag.

Started ERM process at Senior Management level – not bottom up (COSO) process.  Identified 40 risks.  Afraid that if they got the whole company involved it would lead to too risk averse of a culture.  Supplemented senior management views with interviews of next level managers.  10 critical risks were then chosen for risk management focus.

Risks are not discreet.  In 2008, pension plan went from fully funded to underfunded causing problems with cash, balance sheet, income and debt covenants.  There was a cascading risk effect.

Another major risk comes from subcontractors.

High focus on likelihood of risks vs. Risk Gap (residual risk).  Created mitigation framework for each major risk.  Senior managers were given specific risk oversight assignments and reported to board about status of each major risk.  Risk management was seen as primarily a board responsibility.

CEO had to present strategic plans with a discussion of how each major strategy related to the top risks.

Each spring, the board reviews Global Risks; such things as sovereign default risk, Japan sourcing risk, Arab Spring.  Ends with a roundtable discussion where each board member gets 5 minutes to say what their major concern might be.

High degree of concern that company might become too risk averse.


RISKVIEWS OBSERVATION: There was at least one attendee who was worried that ANY attention to risk might be bad for a businesses entrepreneurial spirit! In his mind, the ONLY defense is a good offense.

Other comments during Q&A:

There is a trend towards more board awareness of risk.  Each director brings in different past experiences with risk so listening to their guidance on risk may be very helpful in a wide range of situations.

Sometimes risk management focuses on trivial things and wastes the board’s time.

Boards do not necessarily need to get involved in crisis management.

Most important way to manage M&A risk is to really do due diligence.

Explore posts in the same categories: Enterprise Risk Management


You can comment below, or link to this permanent URL from your own site.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: