Time Inc., the publisher of iconic magazines and related web platforms such as Time, Fortune, People, Sports Illustrated, and many others, spun out of Time Warner Inc. in 2014 to become a stand-alone publicly traded company. As part of that spin, Time Inc. established its own Internal Audit and Enterprise Risk Management (ERM) functions. This presentation covers first-hand information on the efforts, challenges, successes and pitfalls of Time Inc.’s ERM journey. You will take away valuable information including tools and templates that you can put to use in your own organization.
Presentation by: Russ Charlton, SVP – Internal Audit and Enterprise Risk Management, Time Inc.
2. ERM – Table of Contents
2
• Executive Summary
• Executive Risk Committee Risk Assessment
• Top Risks/Risk Model
• Appendix
Enterprise Risk Management
Page
3. 3
ERM Executive Summary
In addition to updatingour top risks and related mitigation efforts through discussions with the key
members of management charged with managingthose risks (see appendix pages X-X) we also
conducted our first Executive Risk Committee facilitated meeting. The goals of that meeting were to:
• Align on the importance of risk management at ABC Inc.
• Discuss/debate the key risks facing the company.
• Gain executive consensus as to the key risk and their potential likelihood, impact and trend.
The outcome of that meeting was unanimous agreement as to the top three risks facing the company
(see page X)
• Risk One
• Risk Two
• Risk Three
Additionally, the committee added Risk X (see page X) to the list of top risks and requested that we
expand Y Risk to include Z Risk. The X risk previously focused on the development of a, b and c. Z risk
includes one two and three, among other things. Though these risks are similar in nature, they have
different mitigatingstrategies, therefore, for ease of clarity, we have added Z risk as an additional risk
(see page X), but recognize that both risks, combined, make up the overall X risk to the company.
Enterprise Risk Management
5. Enterprise Risk Management – Fall 2016 Assessment
Low
High
Impact
Likelihood
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
5Enterprise Risk Management
1
23
4
5
6
7
8
9
10
11
12
14
15
16
High
Executive Risk Committee’s “Top Three” Risks
Middle Tier of Top Risks
Lower Tier of Top Risks
Requires significant and sustained
management attention
Increasing
Stable
Decreasing
Color of
horizontal
bar indicates
risk trend
rating
13
Risk Trend
6. Top Risks Mapped to the ABC Inc. Risk Model Risks
6Enterprise Risk Management
In addition to “rating” our top risks as to impact
and likelihood, it is also helpful to map each risk
to its primary risk “sources.” For our purposes we
use the ABC Inc. Risk Model risks, a set of 34
business risks divided into four categories –
Strategic, Financial, Operational and Compliance.
While Diagram One (shown full size on the
following page) may be a bit difficult to read,
when the diagram is deconstructed by top risk, as
in Diagram Two, it becomes a very useful tool to
help management understand the true nature of
the risk. For example, at ABC Inc., abc risk is
primarily driven by our our portfolio, customer
behavior, organizational structure and talent risks
(see page 8).
Diagram One
Diagram Two
7. 7
StrategicRisks
Top Risks Mapped to the ABC Inc. Risk Model Risks
Board Effectiveness
Business Model & Portfolio
Competitor
Image & Branding
Customer Behavior
Organization Structure & Culture
Sovereign/Political
Technological Innovation
Intellectual Property and License
Financial Accounting & Reporting
Credit
Currency
Liquidity
Capital Availability
Investment Valuation/Effectiveness
Authority/Limit
Budget, Planning & Monitoring
Business Interruption
Channel Effectiveness
Communications
Infrastructure
Access
Integrity
Talent
Product Pricing
Supply Chain
Health, Safety & Environment
Ethical Behavior
Information Security
Internal Control Evaluation
Regulatory
Illegal Acts
Third-party Fraud
Shareholder Expectations & Financial Market
(4)
(11)
(1)
(15)
(12)
(5)
(6)
(8)
(10)
(3)
(7)
(9)
(2)
(13)
(14)
Top Risks
FinancialRisks
OperationalRisksComplianceRisks
Risk Drivers Risk Drivers
8. 8
StrategicRisks
Top Risks Mapped to the ABC Inc. Risk Model Risks
Board Effectiveness
Business Model & Portfolio
Competitor
Image & Branding
Customer Behavior
Organization Structure & Culture
Sovereign/Political
Technological Innovation
Intellectual Property and License
Financial Accounting & Reporting
Credit
Currency
Liquidity
Capital Availability
Investment Valuation/Effectiveness
Authority/Limit
Budget, Planning & Monitoring
Business Interruption
Channel Effectiveness
Communications
Infrastructure
Access
Integrity
Talent
Product Pricing
Supply Chain
Health, Safety & Environment
Ethical Behavior
Information Security
Internal Control Evaluation
Regulatory
Illegal Acts
Third-party Fraud
Shareholder Expectations & Financial Market
(4)
FinancialRisks
OperationalRisksComplianceRisks
Top RisksRisk Drivers Risk Drivers
10. 10Enterprise Risk Management
Executive Risk Committee
Executive Title
President & CEO
Chief Operating Officer and President - Digital
EVP & Chief Financial Officer
EVP & President, Corporate Development, New Ventures & Investments
EVP, Consumer Marketing
EVP & Chief Revenue Officer
CEO, ABC Inc. UK
EVP, Chief Human Resources and Communications Officer
EVP & General Counsel
Chief Content Officer
SVP, Global Technology Services
SVP, Chief Auditor (non-voting)
11. Enterprise Risk Management
Likelihood Impact Financial Qualitative Examples
Very Likely >X% Critical
• Severe impact on the ABC Inc. brand resulting in major reductions in
subscriptions/readership/ad buys.
• Termination or reduction in executive leadership positions and/or 10-20%
reduction in global workforce.
• Unsustainable loss of multiple key talent.
Likely X%-X% High
• Significant impact on the ABC Inc. brand resulting in substantial
reductions in subscriptions/readership/ad buys.
• Termination or reduction in senior management positions and/or 5%-10%
reduction in global workforce.
• Loss of several key talent.
Possible X%-X% Medium
• Moderate impact on the ABC Inc. brand resulting in painful ,but
manageable, reductions in subscriptions/readership/ad buys.
• Termination or reduction in management positions and/ or up to 5%
reduction in global workforce.
• Loss of some key talent.
Unlikely <X% Low
• Little impact on ABC Inc. brand resulting in little to no incremental
reductions in subscriptions/readership/ad buys.
• Insignificant terminations or reduction in personnel.
• Minimal loss of key talent.
Enterprise Risk Management
Risk Rating Scales
11
Impact rating may be based on financial, qualitative, or both
12. Enterprise Risk Management
Risk Trend
Increasing
The threat to the company, despite mitigating efforts, is expected to increase; the
overall environment is becoming more risky.
Stable to moderate increase
The threat to the company, inclusive of mitigating efforts, is generally remaining the
same, but it appears that the overall environment is becoming more risky.
Stable The threat to the company, inclusive of mitigating efforts, is remaining the same.
Stable to moderate decrease
The threat to the company, inclusive of mitigating efforts, is generally remaining the
same, but it appears that the overall environment may become less risky.
Decreasing
The threat to the company, inclusive of mitigating efforts, is decreasing through a
combination of improved mitigating efforts and/or an improvement in the overall risk
environment.
Enterprise Risk Management
Risk Trending Scale
12