RTI International is a trade name of Research Triangle Institutewww.rti.org

Beyond Implementation-

Enhanced Risk Management

Practices

www.rti.org

A little about RTI…

• Independent, nonprofit research and development dedicated to improving the human condition

• 3,800 professionals supporting projects in more than 40 countries

• Five major business units, five different markets

– International Development Group

– Social, Statistical & Environmental Sciences

– Health Solutions

– Engineering & Technology

– Discovery & Analytical Sciences

• Annual revenue of over $715M in 2009

www.rti.org

RTI’s Risk Management Challenges

• Our Challenge

The failure of traditional risk monitoring to detect and communicate

emerging risks.

Develop an enterprise-wide risk management framework that focuses on

leading key risk indicators and adverse event root causes.

Create a predictive and forward looking tool that allows for more active

identification and monitoring of RTI’s current and emerging risks.

Better alignment of RTI’s strategic direction with our risk tolerance.

More clearly define RTI’s risk universe and boundaries.

www.rti.org

RTI’s Enhanced Risk Management Practices

• RTI’s Solution Highlights

– Key Risk Indicator Dashboards

A forward looking risk dashboard was developed that captures both quantitative and

qualitative, predictive key risk indicators faced by RTI

– Risk Management Network

The entire network of organizational risk resources was mapped to the identified key

risk areas and formalized to provide more effective risk information sharing.

– Risk Area ReportsA series of executive level key risk summary reports was developed to provide the Risk

Management Committee, as well as supporting governing bodies, with a detailed view

of RTI’s key risk activities.

www.rti.org

RTI’s Key Risk Indicator Dashboards

• The Risk Dashboards provides early warning of emerging

inherent and residual risks and provides the ability to drill down

into the root causes of adverse events

• RTI builds the Risk Dashboards based upon RTI’s Key Risk

Indicators (KRI),over 60 in all, which span all of the enterprise’s

major areas of risk, capturing the entire “known” risk profile of

the organization.

• The use of predictive risk metrics provides RTI with a forward-

looking view of the enterprise’s risk profile.

www.rti.org

RTI’s Key Risk Indicator Dashboards –Key Risk Indicators

• Bench Strength

• Business Continuity

• Client Satisfaction

• Data Privacy

• Domestic Ethics

• Domestic Security

• Fee Optimization

• Financial Reporting

• Foreign Banking

• Foreign Ethics

• Health, Safety & Environment

• Import/Export

• Insurance Coverage

• Internal Controls

• International Security

• International Subcontracting

• ITS Systems Compliance

• Key Staff Turnover

• Market

• Media Relations

• Non-Fee Bearing Work

• Payroll

• Project Review

• Property Control

• Proposal Risk Identification

• Recruiting

• Research Regulatory Compliance

• Resource Environment

• Retention

• Revenue Concentration

• Strategic Planning

• Sub Contracting

• Taxation

• Thought Leadership

• Unauthorized Transactions Risk

Underlying each KRI are defined risk metrics. The use of predictive risk metrics provides RTI with a forward-looking view of

risks from across the enterprise.

RTI develops its KRI metrics using a clear set of decision criteria (relevance, reliability, availability and applicability) in order to

ensure the KRI’s are an accurate view of risk.

www.rti.org

RTI’s Key Risk Indicator Dashboard

Ethics

State of

Science &

Technology

Safety &

SecurityReputation

Regulatory

ComplianceOperationalMarket

Human

ResourcesFinancial

Domestic

Ethics

Foreign

Ethics

Fee

Optimization

Financial

Internal

Controls

Financial

Reporting

Insurance

Awareness

Property

Control

Payroll

Revenue Concentration

Non Fee

Bearing

Work

Bench

Strecgth

Int’l Sub-

Contracts /

Grants

Project

Review

Data

Privacy

Foreign

Banking

Unauthorized

Transactions

Business

Continuity

SEG

HS

SSS

IDG

Strategic

Planning

Retention

RecruitingDomestic

Security

Thought

Leadership

Key Staff

Turnover

Media

Relations

Sub –

Contracts

Placement

Research

Regulatory

Compliance

Client

Satisfaction

Taxation

International

Security

ITS Systems

Compliance

Health, Safety

&

Environment

Proposal Risk

Identification

Resource

Environment

Import /

Export

Risk Trend Indicators

• Overall Risk Area Change Arrows – Used

when the overall aggregated risk has

increased.– Indicates an increase of risk in the KRI area

– Indicates a decrease of risk in the KRI area

• KRI Changes – Used when there was a

change in a Research Unit or G&A’s KRI.– Indicates a change in a unit level KRI that

did not trigger change the overall aggregated

risk

Risk Rankings• Green Risk Status –

- Low / Acceptable and being managed appropriately.

• Yellow Risk Status–- Moderate but accepted and being monitored on an ongoing basis

- Is approaching unacceptable and should be watched closely

• Red Risk Status –- High and either accepted or anticipated to drop in the near future

- Is unacceptable and action should be taken

www.rti.org

Enterprise

Risk

Management

RTI’s Risk Management Organization

Risk

Management

Committee

Risk

Managers

CMO CRO

CFO

LegalIA

HS

ERM HERSS

IDG

SSESDAS

CEO

Computing

Operations

Controller’s

Office

Human

Resources

Facilities &

Maintenance

Corporate

Communications

Insurance

Research

Protection (IRB)

Corporate

Security

Import/

Export

Information

Security

Procurement

Workplace

Environment

Ethics

Contracts

Regulatory

Compliance

Legal

Risk Management Network

www.rti.org

RTI’s Risk Management Network

• The Risk Management Network is a network of 31 subject matter

experts, risk managers and leaders from across RTI.

• RTI delegates responsibility for the day-to-day risk monitoring and data

collection to the “Risk Management Network.”

– The Risk Managers monitor and report key risk performance data, in

accordance with the predetermined metrics, for inclusion in the dashboard.

– The Risk Management Network meets monthly to review and validate the

collected risk metric data.

• Risk Reporting Checks & Balances:

– Risk Managers may increase the assigned KRI “risk level” independently,

but must defend a reduced “risk level” in front of RMC

– RMC members may increase the risk level in consultation with RMC and the

Risk Manager, but RMC must defend reduced “risk levels” in front of RMC

and with the Risk Manager present.

www.rti.org

Risk Area Reports

Blue BoxKey call outs/Need-to-know

information

Metrics/Ranking SectionBreaks out specific metrics

(both objective & subjective)

and provides a visual snapshot of

the risk profile

Graphs Area (Optional) Allows for trends to be tracked over

time.

Property ManagementMarch 31, 2009

Risk Area Report

Unaccountable Capital Equipment or potential loss of US Government Property can result in loss of

operating capital, loss of fee, and in the case of export restricted equipment, substantial fines

imposed by the Bureau of Industrial Security.

Metric Description: To compute the risk assessment associated with each unit, a comparison is

made for the total unaccountable items, the potential risk in dollars, and the percentage of the

inventory value associated with the unit. Any potential risk exceeding 10% of the total value, 1% of

the export restricted value, or $100,000 is designated as high risk. A risk value between 5% and 10%

of the total or between .5% and 1% of the export restricted value is designated as Moderate Risk.

Any figure below those thresholds is designated as Low Risk. Negligence or willful redistribution of

highly sensitive export restricted equipment carries the potential for considerable financial penalties.

Analysis:

This is where the individual business unit's key issues and areas of note would be reflected.

Dec-08 Mar-09 Jun-09 Sep-09

Rolling 4 Quarters

Property Control

SSS IDG SEG HS G&A

XX XX XX XX XXXX XX XX XX XXXX XX XX XX XXXX XX XX XX XXXX XX XX XX XXXX XX XX XX XX

XX XX XX XX XXXX XX XX XX XXXX XX XX XX XXXX XX XX XX XXXX XX XX XX XXXX XX XX XX XX

Moderate Moderate Low Low Moderate

MODERATE RISK

MODERATE RISK

Metrics

Capital Equipment# Items# Items Lost / Overdue Inventory# Export Restricted Items# Exp. Restricted Items Lost/Overdue InventoryExport Restricted Risk Value (Book Value)Total At Risk Value (Book Value)

Government Provided Equipment# Items# Items Lost or Overdue Inventory# Export Restricted Items# Exp. Restricted Items Lost/Overdue InventoryExport Restricted Risk ValueTotal At Risk Value

Final Unit RankingRTI Summary Ranking

Capital EquipmentGovernment Provided Property

1

2

3

www.rti.org

ERM Risk Reporting

• Annual Board of Governor’s Risk Report– RTI’s Enterprise-wide Risk Dashboard

• Bi-Annual Audit Committee Risk Report– RTI’s Enterprise-wide Risk Dashboard

– Business Group Risk Dashboards (6)

• Quarterly to Risk Management Committee– RTI’s Enterprise-wide Risk Dashboard

– Business Group Risk Dashboard (6)

– Risk Area Reports

• Monthly Risk Management Network Meeting– Risk Area Reports

• Ad-hoc Emerging Risk Identification and GAP Analysis

www.rti.org

Conclusion and Next Steps

• Additional refinement of

reporting capabilities

• Automation of data

collection and report

population

• The next big thing ….

Aligning ERM with

Internal Audit..