Upload
tyrone-ramsey
View
219
Download
0
Tags:
Embed Size (px)
Citation preview
NEACS:CRO Perspective
William FeherVice President, Internal Audit and Chief Risk Officer
October 27, 2015
CRO PerspectiveSpeaker’s Bio
October 27, 2015 2NEACS:CRO Perspective
William FeherVice President, Internal Audit and Chief Risk Officer
Bill serves as Vice President Internal Audit and Chief Risk Officer for ITT Corporation where he is responsible for overseeing the activities of Internal Audit, Risk Management (Insurance and ERM) and Business Conduct (Ethics Programs). He has more than 28 years of experience, having previously worked for EMCOR Group, Inc., Gartner Inc., Ernst & Young LLP, and PricewaterhouseCoopers LLP. Bill is a board member and President of the Fairfield/Westchester County Chapter of the Institute of Internal Auditors, a member of Financial Executives International and the Connecticut Society of CPAs and a volunteer member of the Finance Committee of Make-a-Wish of Connecticut.
About ITT Corporation:
ITT is a diversified leading manufacturer of highly engineered critical components and customized technology solutions for the energy, transportation and industrial markets. Building on its heritage of innovation, ITT partners with its customers to deliver enduring solutions to the key industries that underpin our modern way of life. Founded in 1920, ITT is headquartered in White Plains, N.Y., with employees in more than 35 countries and sales in a total of approximately 125 countries. The company generated 2014 revenues of $2.7 billion.
3
Bill Feher,VP, IA
Chief Risk Offi cer
Internal AuditEnterprise
Risk Management
Ethics Risk Mgmt. & Insurance
Chief Financial
Offi cer
Audit Committee of
the BOD
CRO PerspectiveSpeaker’s Bio
NEACS:CRO Perspective October 27, 2015
CRO PerspectiveTheme for Today
4
“No longer is cyber security the concern of only the Chief Information Security Officer or the Chief Information Officer.
Increasingly boards of directors and management teams are turning to their Chief Risk Officer for an independent view of how cyber risk is managed across the enterprise.
An important part of the solution is a strong partnership with all of the stakeholders in cyber security.
This session will share strategies and success stories.”
October 27, 2015NEACS:CRO Perspective
CRO PerspectiveOverview of Discussion Topics
October 27, 2015 5NEACS:CRO Perspective
Enterprise Risk Management and IT Risk
What does a Chief Risk Officer do?
How ITT Manages Risks
Solutions and Success Stories
Where do we go next?
Q&A
6October 27, 2015NEACS:CRO Perspective
CRO PerspectiveERM and IT Risk
CRO PerspectiveWhat does a Chief Risk Officer do?
October 27, 2015 7NEACS:CRO Perspective
Aligns the company’s risk management approach with strategic objectives and oversees Enterprise Risk Management (ERM).
Communicates risk information to the Board of Directors and to management. The CRO is often the liaison between the Board, management and the risk management function.
Establishes and maintain adherence to risk appetite/ threshold.
Monitors emerging risks across the enterprise. Establish and maintain early warning systems/forward looking indicators to evaluate and asses emerging risks.
Drives a culture of risk awareness and discipline.
Fosters cross-functional collaboration, ownership and accountability for all employees with the appropriate responsibility commensurate with the job responsibilities.
Reports to the CFO (next most commonly to the CEO). Some CROs have direct board reporting, especially those who have a hybrid role in small to medium size companies (ITT structure).
Stakeholders: Shareholders, Board, Management and Functional Leads, Regulatory Agencies, Customers, Suppliers, Lenders
CRO PerspectiveHow ITT Manages Risks
October 27, 2015 8NEACS:CRO Perspective
CRO PerspectiveSolutions and Success Stories
October 27, 2015 9NEACS:CRO Perspective
Third Party/SaaS Reviews
• Approval committee participation to vet potential vendors
• Due diligence questionnaire and risk evaluation
• CRO support of the CISO and security team with business owners
Disaster Recovery/BCP Support
• Co-sponsorship of DR framework development with the CISO
• Management buy-in support
• Implementation advisor, strategist and Board communicator
Business Case Support
• Data Center strategy review
• Key IT Initiative Steering Committee support
Board of Director Reporting
• Enterprise Risk Management – Annual Cyber Security Assessment
CRO PerspectiveWhere do we go next?
October 27, 2015 10NEACS:CRO Perspective
Evaluate effectiveness of Cyber Security Risk Management and constantly adjust
Partner with your CRO (and CAE)
• He/she can be a great supporter and catalyst
Focus on employee engagement and education
• Coordinate employee training activities with your CRO and other functional leads
• Other functions are your business partners
Finance – watch for phishing and spam, finance is a frequent target
Human Resources – consider core competency evaluation for strong cyber awareness and prevention techniques
Legal – coordinate on use of third parties and contract language
Insurance/risk – explore Cyber Insurance
CRO PerspectiveQ&A
October 27, 2015 11NEACS:CRO Perspective
Thank you for listening and your feedback is welcome!