Managing Risk in an Uncertain World

Global Risk Management

Cisco Systems

Session Number
Presentation_ID © 2003 Cisco Systems, Inc. All rights reserved. 1
 Agenda

• Introduction to Risk
Business

• Enterprise Risk Management Infrastructur Employees

e AIRPORT
Enterprise
UUNNI IVVEERRSSI ITTYY

Risk
Management

• Managing Supply Chain Risk

Innovatio Community
n

FI-EBC-JAN04 © 2004 Cisco Systems, Inc. All rights reserved. 2

 Evolution of Cisco
and the Internet

Started at IPO; 192 End-to-End Advanced

Stanford Employees Solutions Technology Focus:
Provider IP Telephony,
Security, Wireless,
Networked Home

1984 1986 1990 1994 1998 2002 2003 2004

Shipped First Cisco Routers #1 Communications Cisco’s

Router Power the Equipment Supplier 20th Anniversary
Internet;
New Cisco CRS-1
LAN/WAN
Carrier Routing
Switching,
System
Remote Access

FI-EBC-JAN04 © 2004 Cisco Systems, Inc. All rights reserved. 3

 Introduction to Risk

Businesses continuously seek to forecast tomorrow in

order to make better decisions today.

Risk Management is the process of dealing with uncertainty.

FI-EBC-JAN04 © 2004 Cisco Systems, Inc. All rights reserved. 4

 More Kinds of Crises Are Striking More Often
And Doing More Damage, Faster
Workplace Violence: 7 Employees
Dead In Chicago Warehouse
Shooting
CHICAGO -- A disgruntled The Cook County Medical
employee opened fire at an at an
auto-parts warehouse in Chicago
Wednesday, killing six people.
The attacker was also killed,
hospital officials said.
Authorities got a call about
8:45 a.m. local time that a person
had been shot -- possibly by a
co-worker -- at the Windy City
Core Supply Inc., police
spokesman Pat Camden said. He
said police fired shots as they
entered the South Side building.
"A disgruntled employee
who had either been terminated
or was going to be terminated
returned to the business, and
that's where the shooting took
place," Mr.. Camden said. He
added that police tried to
negotiate with the man but he
refused. Police and the man
exchanged fire inside and outside
the building.
FI-EBC-JAN04
Examiner's Office said seven
people died. The gunman and
another man were pronounced
dead at John H. Stroger Hospital,
hospital spokesman Tony Ewell
said. No other details were
available.
Al Martinez, the owner of a
business about half a block from
the shooting, said he was at work
when he heard the sound of
gunfire outside. "We saw a guy
shooting at police officers
outside the building and saw
people running around like
crazy," said Mr.. Martinez, who
owns Midway Pallets. "We came
and saw all the cops running,
hiding behind cars."
All buildings within a block
of the auto parts and supply store
were evacuated.
© 2004 Cisco Systems, Inc. All rights reserved.
Martha Stewart Profit
Drops 86%; Forecast Is
Gloomy
NEW YORK -- Dogged by
the legal woes of its namesake
founder, Martha Stewart Living
Omnimedia Inc. posted an 86%
drop in second-quarter net
income and offered a gloomy
forecast for the rest of the year.
The company's core brand
will remain under "significant
pressure" until Martha Stewart's
personal legal situation is
resolved, said Sharon Patrick,
who took over as chief exe-
cutive of the domestic-arts
company in June after a federal
grand jury indicted Ms. Stewart
on charges connected to her
December 2001 sale of ImClone
Systems Inc. stock.
Martha Stewart Living reported
second-quarter net income of
$931,000, or two cents a share,
down from $6.7 million, or 14
Coke Fountain Chief Steps Down
cents a share, a year earlier.
Revenue fell 16% to $65.8
million.
Amid Furor Over Rigged Burger
Reflecting the magazine's woes,
second-quarter revenue from
King Test
publish-ing,
The headthe of Coca-Cola
company's Co.'s
promotion. Coke has since
biggest business,
fountain fell stepped
division 16% todown
$39.6 million from $47.3
from
million. his post
Higher in the
revenue wake
from the of a
scandal over
com-pany's newa rigged marketing
magazine,
test forFood,
Everyday Burger asKing.well as
Martha TheStewart
executive,Weddings
Tom Moore,
partially
will offset
remainlosses
with from
Cokeitsin a
flagship publication.
transitional role, "to ensure a
smooth transition," a Coke
spokesman said. To succeed Mr..
Moore, who has headed the food
service division since December
1999, Coke named Chris Lowe,
previously Coke's
marketing officer for North
America.
The spokesman couldn't say
how long the transition would
take, or what Mr.. Moore's next
move would be. Mr.. Moore
couldn't be reached for comment.
In June, the Atlanta company
first disclosed its employees had
tampered with results of a
marketing test done three years
ago at Burger King restaurants in
the Richmond area to test the
potential of a Frozen Coke
General Motors Plans Car
Recall
General Motors Corp. plans The Detroit auto maker
toFor
recallHazard-Warning
about 783,000 Switches
hasn't received any reports of
Chevrolet Malibu, Oldsmobile crashes or injuries caused by the
Alero and Pontiac Grand Am mal-function, and expects new
cars to replace hazard-warning re-placement parts to be
switches. GM said the switches available during the first quarter
may mal-function due to of 2004. The recall involves only
exposure to rapid temperature vehicles built between Feb. 1,
changes and a sol-dering process 2000 and May 1, 2001, of which
that could cause the warning and
turn signals to work
about 671,000 are in the U.S.
and 88,000 are in Canada.
intermittently or not at all.
publicly apologized to Burger
King and agreed to pay as much
as $21 million to Burger King
and its franchisees to patch up
relations with the company,
which is its second-largest
fountain drink customer after
McDonald's Corp.
BioTech Firm Chiron Is Struck in
Coke's internal investigation
of the incident was prompted by
allegations of
California by Two Small Bombs
fraud made by a former
chief employee, Matthew Whitley,
EMERYVILLE, Calif. -- Two Emeryville Police Sgt.. LaJuan
who is suing Coke exploded
small bombs in state and
and shattered
Collier said the first bomb exploded at
federal windows
court in onAtlanta the for
campus of 3 a.m. Pacific time in front of one
wrongfulbiotechnology
termination.
companyCokeChiron Corp., Chiron building and the second
but fraud
denies the nobodyallegations
was hurt andandauthorities detonated about an hour later at another
said Mr..said damage lost
Whitley was minimal.
his job as
Police and company officials
building.
part of 1,000 layoffs this year. Chiron makes drugs and is required by
declined to comment on any suspects. the Food and Drug Administration to
Coke Chiron
has acknowledged
and its executivesthathave been test its products for safety and
some employees "improperly
targeted by animal rights protestors effectiveness on animals before it can
recently
influenced" thein results
connection
of with
the the com- sell the drugs to people, company
pany’s relationship with Huntingdon spokesperson John Gallagher said. He
Frozen Coke test. In 2001, Mr..
Life Sciences, a New Jersey company wouldn’t comment on whether Chiron
Moore thatand other Coke
conducts animal experiments. conducts animal research at the
executives rejected a Emeryville campus.
recommendation from Mr..
Whitley and another internal
auditor to fire the head of Coke's
Burger King account team for
his
5
Risk Management

Effective Risk Management includes:

• Identifying and recognizing sources of uncertainty

• Measuring and assessing the frequency of
occurrence severity of impact of an event
• Evaluating alterative approaches to mitigate or take
advantage of the risk

FI-EBC-JAN04 © 2004 Cisco Systems, Inc. All rights reserved. 6

 New Approach to Managing Risk

• Increasing business complexity, globalization, competition,

innovation, technology

• Exposure to new types of risk

• Focus on shareholder value protection and creation

• New regulatory requirements

• Hardening of traditional insurance markets

• Expanded set of sophisticated risk management tools

available

FI-EBC-JAN04 © 2004 Cisco Systems, Inc. All rights reserved. 7

 Enterprise Risk Management (ERM)
-Introduction

• Definition: ERM directs risk

management activities in a
comprehensive, coordinated, and
consistent manner.
Business

• Objective: Design a culturally acceptable Employees

Infrastructure
process for the routine identification, AIRPORT
Enterprise
UNIVERSITY

assessment and management of risks

UNIVERSITY

Risk
throughout the Cisco (Strategic, Management
Financial, Operational and External).

Innovation Community
• Benefit: Create efficiencies and gain
value from integrating existing risk
management activities and then
demonstrate the process for managing
risk to our shareholders, employees,
customers and partners.

FI-EBC-JAN04 © 2004 Cisco Systems, Inc. All rights reserved. 8

Enterprise Risk Management

PROTECT OPTIMIZE GROW

“How Do I Reduce “Is my current Risk “How Do I take more
Business Risk?” level in control?” Intelligent Risks ?”
• Risk Analysis • Business Risk Monitoring • Disciplined Decision Making
• Risk Assessment • Risk Responsiveness • Risk Timing
• Business Continuity • Tolerance • Business & Technology
Planning –Controllable Risks Innovation
• Business Resilience –Non-Controllable Risks • Increased Shareholder Value
• Industry Leadership

Corporate Strategy

ERM
FI-EBC-JAN04 © 2004 Cisco Systems, Inc. All rights reserved. 9
The Enterprise Risk Management Continuum

RESILIENT INTEGRATED ADAPTABLE

• Advanced BCM • Business Performance • Dynamic Data
• Scalable Monitoring System • Real Time Monitoring
• Flexible • Embedded Analytics • Self-Deciding
• Modular • Patterns & Trends • Self-Optimizing
• Agile • Systems View • Self-Correcting

FI-EBC-JAN04 © 2004 Cisco Systems, Inc. All rights reserved. 10

 Business Resiliency

Goal: Create a readiness

state for Cisco that leads to
less volatility, greater
predictability and fewer
surprises.

Benefit: Develop capability to

bounce back quickly thereby
RESILIENT protecting employee welfare,
• Advanced BCM customer satisfaction, brand
• Scalable reputation and shareholder
• Flexible value
• Modular
• Agile

FI-EBC-JAN04 © 2004 Cisco Systems, Inc. All rights reserved. 11

Integration
– People, Process, Systems and Culture

Goal: Create a strategic

process to identify,
categorize, assess and
respond holistically to
hazard, financial, strategic
and operational risk

INTEGRATED Benefit: Identify risk

• Business Performance
concentrations and
Monitoring System interdependencies as well as
• Embedded Analytics offsetting risk patterns to
• Patterns & Trends optimize scarce resources
• Systems View and to grow shareholder
value
FI-EBC-JAN04 © 2004 Cisco Systems, Inc. All rights reserved. 12
Business Resilience Framework

The following elements are in place: Executive Crisis

Management
• Site specific Emergency Response
Teams – address minutes to hours Business
response. Continuity Management

• Theater Crisis Management- address Theater

coordination of Site Crisis Teams and Crisis Management
incidents that impact the Theater.
Emergency
• Business Continuity Management- Response Teams

address processes to ensure recovery of

critical business processes, people and
•Human Resources
systems •Workplace Resources
Key •Legal
• Executive Crisis Management- strategic •Corporate Communications
guidance to Theaters and Senior Response •Finance
Management in responding to crises. Partners •Public Relations
•Information Technology
•Customer Advocacy
•Security
•Affected Business Units
FI-EBC-JAN04 © 2004 Cisco Systems, Inc. All rights reserved. 13
 Adaptable

• Vision for the Future

Create an organization
whose Risk Management
approach is real time,
driven by dynamic data
and the ability to self-
correct.

ADAPTABLE
• Dynamic Data
• Real Time Monitoring
• Self-Deciding
• Self-Optimizing
• Self-Correcting

FI-EBC-JAN04 © 2004 Cisco Systems, Inc. All rights reserved. 14

 Managing Risk @ Internet Speed

FI-EBC-JAN04 © 2004 Cisco Systems, Inc. All rights reserved. 15

Integration
- Close Loop Process

Risk Management Framework

Identify, Assess and

Prioritize Risks

Measure, Monitor and Analyze Risks

Report on and
Progress Current Capabilities

Incorporate
Gain Consensus on
Risk Analysis Most Important Risks
into Planning and and Governance
Ops Review Process

Develop and
Execute Action
Plans/Establish Metrics

FI-EBC-JAN04 © 2004 Cisco Systems, Inc. All rights reserved. 16

 Typical Risk Management Actions

Type of Risk Typical Action

Hazard risks
(property/casualty, environmental, Insurance, mitigation plans, scenario planning
liability)
Financial risks
(Currency, Interest rate, Financial derivatives, asset allocation adjustments
commodity prices, credit, liquidity)
Operating risks Supply chain management, alternative sourcing,
(Inventory, supply chain, capacity, backup/redundant systems
systems)
Organizational risks
(Governance gaps, wrong org. Governance checks & balances, org structure
structure, Talent/morale, M&A realignment, talent measurement & investment
integration)
Strategic risks Double betting, M&A, crisis management, early warning
(Technology, brand collapse, systems, proprietary information, smart product/project
disruptive competitors, stagnation, sequencing, demand innovation,
customer shift, new project risk)

Source: Mercer Consulting

FI-EBC-JAN04 © 2004 Cisco Systems, Inc. All rights reserved. 17
 Risk Map (Example Only)
•Strategic Risks:

7 • Brand/Reputation
• Business Model and Portfolio
HIGH

20 • Channel
16 • IP Infringement/Counterfeit
19
• Quality
17 4
13 • Resource Allocation/Alignment
3 8 9
2 15
11 18 5 •Operational Risks:
Impact

6 • Catastrophe/BI
14
• Change Mgmt
• Security
MEDIUM

1
12 10 •External Risks:
• Competitor
• Customer Needs/Product Port
• Legal/Anti-trust
• Regulatory/Taxation
LOW

• Technological Innovation

•Financial Risks:
LOW MEDIUM HIGH
•Cash Flow

Count Legend
Likelihood Color Legend
•Credit
•Debit
- 10-14 - 7-9 - 5-6 - Top Ten - Other
• Equity
FI-EBC-JAN04 © 2004 Cisco Systems, Inc. All rights reserved. • Interest Rate 18
18
 Integration
- Gap Analysis (Example Only)
Mgmt Effectiveness Average Risk

4.00 4.00

Mgmt Effectiveness
HIGH HIGH
3.00 3.00
Risk

2.00 2.00

LOW LOW
1.00 1.00

0.00 0.00
it

y
n
fe

ng
n

t
lio

lit
y

en
io
tio

or
er

ity

ni
fo

ua
or

at

nm
nt

tit
en

an
rt

ov

Q
ou

pe

ur
et

Po

at

lig

pl
nn
/R

om
/C

on
c
ul
d

lI
ng

n/
an
t

Se
C
ca
en

si
tio
eg
iri

es
el

gi
m
H

ca
od

lo
ge

cc
R

llo
no
M

Su
in

A
fr

ch
s
es
In

e
Te

rc
in
IP

ou
us

es
B

FI-EBC-JAN04 © 2004 Cisco Systems, Inc. All rights reserved. 19

 Cisco’s Integrated Risk Management Framework

• Improve Corporate Governance &

Reporting
Integrate key risk processes and systems
Internal Controls
Identify, categorize and transfer out (ICS)
concentrated or inefficient risks
Apply enterprise risk management
to better understand Cisco’s risk appetite
Sarbanes Risk
Create a Cisco-on-Cisco story around Oxley Management
how we manage risk as part of (SOX) (RM)
improving Corporate Governance
Continue to use Risk Review Group
to increase risk education, awareness and
information sharing across disciplines

FI-EBC-JAN04 © 2004 Cisco Systems, Inc. All rights reserved. Cisco Confidential - 2005 20
 Partnership
Board
• Policy
• Risk Strategy
• Oversight
• Correction

Line Managers Executive Management

• Identify Risk • Establish Policy
• Measure Risk • Propose Risk Strategy
• Prioritize Risk • Measure / Monitor
• Manage Risk • Report to Board
• Report and Improve • Enforce

Risk Management
• Monitor • Facilitate
• Coordinate • Benchmark
• Educate • Report

FI-EBC-JAN04 © 2004 Cisco Systems, Inc. All rights reserved. 21

Managing Supply Chain Risk @ Cisco

FI-EBC-JAN04 © 2004 Cisco Systems, Inc. All rights reserved. 22

 Core Versus Context

Core Context
Mission Out-Task
In-House
Critical Tight Control

Non-Mission Out-Task Outsource

Critical Some Control Control Specs

FI-EBC-JAN04 © 2004 Cisco Systems, Inc. All rights reserved. 23

 Global Factory and
Distribution Infrastructure

Foxconn Jabil
Czech Hungary
Republic

CLS Foxconn
Toronto China
Celestica-
Celestica Thailand
NH
SLR-TX Jabil FL
Foxconn
Hong Kong

Celestica
Mexico Jabil and
SLR
Jabil Mexico Penang

PCBA SITE
14 TOTAL SITES
8 SLC’s Outsourced to 3PL BOX BUILD
2 OCC’s Shipping from Mfg. PCBA / BOX BUILD
4 TOTAL CM’S

FI-EBC-JAN04 © 2004 Cisco Systems, Inc. All rights reserved. 24

 Mfg Supply Chain BCP Tool

FI-EBC-JAN04 © 2004 Cisco Systems, Inc. All rights reserved. 25

FI-EBC-JAN04 © 2004 Cisco Systems, Inc. All rights reserved. 26
 Closing Thought………

“Organizations make money by taking

risk and lose money by not effectively
managing risk.”

FI-EBC-JAN04 © 2004 Cisco Systems, Inc. All rights reserved. 27

Presentation_ID
FI-EBC-JAN04 © 2004
2003 Cisco Systems, Inc. All rights reserved. 28