Which case study in the paper was most interesting to you and why?Do you think that ERM is necessary in the contemporary organization and why?Please make your initial post and two response posts subst

They own the risk and report progress of the mitigation plans to the ERM te am on a quarterly basis. The ERM team summarizes the risks, the risk mitigation plan and the progress in implementing the plans on a dashboard that is reported to executive leadership and the Board. During the third quarter, the ERM team updates the earl ier identified risks by conducting a second round of interviews with the CEO and senior executives. They factor in risks that arise due to external factors such as regulatory risks, geo -political risks, economic risks, technological risks, etc. Any signifi cant changes are incorporated into the heat map and used to refine the risk mitigation plans. The company has several business units and t he ERM team shares business unit specific risks (heat maps) with the executive leadership team of each business unit during the March timeframe. During the second quarter, the business units consider these risks, determine the risks critical to their respective business unit and communicate their action/ mitigation plans back to the executive team during the July time fr ame as part of their strategic plan. Strategic Planning Process Mitchell Industries has an annual strateg ic planning cycle. The process starts in December and is both a top -down and bottom -up approach. The CEO owns the overall strategy. That strategy is primarily developed by the Corporate Strategy office, working in conjunction with business unit strategists. Once the overall strategy is developed, the plan is communicated by the CEO to the VPs at the annual Senior Leadership Meeting in the January/February timeframe and to the Board in February. The business units develop their respective strategies in ligh t of their portfolio of products and within the framework of the corporate strategy and guidance provided by the Corporate Strategy office. This process begins in February and culminates in July with the Strategic Planning Conference where the business uni t leaders present their strategy for the upcoming year to the CEO. Each business unit is also responsible for annually developing a three -year business plan that reflects the implementation of the strategy. This plan is updated concurrently with the strate gy and is finalized in November. INTEGRATION OF ERM WITH STRATEGY - 5 Mitchell Industries ERM & Strategy Implementation Timeline Integrating the Two Processes The strategic planning process and ERM process are initiated in two different organizations and start at slightly different times. Strategic planning starts with the CEO and strategy leads. ERM starts with surveying the VPs and their direct reports. The two processes operate in parallel, with both following an annual cycle and combined top -down / bottoms -up approach. There are several points where information is shared between the two. This is how the company integrates the two processes to ensure ERM and strategy are in sync and have an enterprise wide impact. The following are the specific points of integra tion: ● Macro Level – The first point of integration is the third quarter risk update. This updated information, which includes external risk developments that may impact the organization, is communicated to the corporate strategy team who then factor s the information into the corporate -level strategy. ● Micro Level – The second stage of integration is at the business unit level. Each business unit receives the broad strategic objectives post the CEO and VPs meeting (January/ February time frame). The bus iness units also receive specific information about their top risks from the ERM team (March time frame). The business units factor this information into the formulation of their strategic plans. ● Third Level – The final stage of integration occurs when Fun ctions develop strategies/ action plans to support Business Unit plans and address specific risks. Con tinuous r eview o f p rogr ess of mitiga tion plans Corporate strategy kick -off CEO communic ates strategy to VPs & Corporate St rategy pr ovides planning guidance to Business Units St rate gy ERM Business Units devel op str at egic plans and factor in r isks communicated by ERM team in formulation of plans Interview results fed in to Dec corpor ate strategy kickoff Business Units communicate strategic plans to CEO Business Units devel op and present 3 year business plan ERM team analyzes survey results and prior itizes risks ERM team conduct s enterprise -wide survey of VPs and interviews exec utive leadership team (CEO , Business uni t leaders ) ERM team communicates survey results to CEO and Business Unit leaders Communication of enterprise ri sks to the Board Communication of risk status to execut ive leadership and the board ERM team conduct s follow -up int er views with exec utive team Jan. Feb. Mar. Apr. May Jun. Jul. Aug. Sep. Oct. Nov. Dec. INTEGRATION OF ERM WITH STRATEGY - 6 Mitchell Industries ERM & Strategy Integration Issues in Integration The initial integration of the two processes was not simple and smooth. The company encountered some challenges , but ultimately was able to adapt the process. The key issues faced by the company and the steps that were taken to remedy those issues are as follows: ● Non -value Add Perception The strategy and business unit leaders believed they had a complete understanding of the internal and external environment. Therefore, t hey did not see the value offered by the ERM team and the need for a separate risk identification and assessment process . To deal with this, the ERM team worked to eliminate duplication and redundancy and show the business unit leaders the value added by taking a comprehensive, enterprise wide approach to risk. For example, the ERM team accumulated risk information from a cross the enterprise and provided executive leaders with an enterprise view of risks that they otherwise Risk owners identify a risk manager , approve mitigati on plans and provide resourc es for plans BU l eader s are responsible for preparing mitigati on plans for their respective BUs ERM team sur veys t he VPs and director s to identify br oad level r isks ERM team interviews the CEO & senior executives for additional risk identification and assessment ERM team :  Gathers information about external risks to the organization  Consolidates the survey / interview results  Communicates top risks to risk owners an d business units through heat maps  Works with risk managers to develop risk mitigation plans  Conducts secon d round of interviews and communicates to senior executive team Risk managers develop and execute risk mitigati on plans and report progress quart er ly Quar ter ly report ing CEO communic ates strategy to all VPs at Senior Leadership Meeting Business Units :  Receive broad strategic objectives post CEO / VP meeting  Receive guidance from Corporate strategy office  Communicate respective strategic plan to CEO  Develop 3 year business plans ERM Pr oce ss St rate gy Planning Proc ess Macro level integration ERM team communicates the results of the interviews / surveys to the corporate strategy team who incorporates the same in strategic planning Micr o level integr at ion BU’s develop in dividual strategic plans within the corporate guidance framework and include BU specific risks Corporate strategy office develops cor porate str at egy plan on behalf of CEO Planning guidance to BUs Func tional unit s develop strategies / action plans t o support BU plans and address speci fic risks Third l evel integrationFunctio nal unit support to BUs INTEGRATION OF ERM WITH STRATEGY - 7 would not get. In addition, they provided business unit leaders with an opportunity to shape the process for gathering risk information so that the pro cess would be more meaningful for the business units. Over time, this helped the strategic and business unit leaders be more accepting of the ERM process and team. ● Leadership Change Another challenge faced by the organization was the frequent turnover in the top corporate strategist position. This led to frequent adjustments in the planning process for the organization. For example, at one time , there was heavy reliance on external sources for risk information, however, with a change in personnel, the str ategic planning function began relying more on the internal ERM team for risk information. With that shift, the ERM team was able to be more involved in the strategic planning process. Through these changes, the ERM team recognized the need to educate an d advocate the value the ERM process can bring. They now provide a basic introduction and overview of ERM to new leaders. The education process is not always formal; ERM professionals also look for opportunities to network within the organization to make more people aware of the work the ERM team performs and the resources they have to offer. Future Steps Like the ERM process overall, the integration of ERM and strategy is an ongoing effort which continues to make incremental improvements each year. The company believes the integration is working well especially since the current leadership is open to furth er opportunities to fine tune the integration between the two. Even with the advances the company has made in their ERM process, the company feels that parts of the organization are still operating in silos and that improvements could be made in the link age of risk mitigation processes across organizational boundaries. The company does not have a system to align strategic initiatives and risks at the business unit level with initiatives and risks at the corporate level. This could potentially result in di sconnects between the two. The company is now piloting a new software tool that has the potential to link corporate level and business unit level strategies and risks. Another area of improvement recognized by the company is the resource allocation proces s as it relates to risk mitigation. While risks are being considered in the strategic planning process, the need for resources to mitigate high priority risks is not being considered alongside the resources needed to implement strategic initiatives in each function area. Each functional team has their initiatives that support the corporate strategy, but those initiatives are not explicitly linked to the potential risks of achieving the corporate strategy. The ERM team is working with strategy and functional teams to create better alignment of objectives, strategies and risks. INTEGRATION OF ERM WITH STRATEGY - 8 The company has crossed the initial hurdle of identifying and spreading awareness about the need for and benefits of integrating ERM and strategy. In other words, they have successf ully answered the question “why is integration necessary”. However, they are now in the stage of answering the question “how to effectively implement the integration” and “how to overcome the challenges of integration”. Successfully dealing with these ques tions will enable Mitchell Industries to move onto the advanced stage of integration where corporate level and business unit level strategies and risks are developed and managed in an integrated, enterprise -wide process. INTEGRATION OF ERM WITH STRATEGY - 9 Case Study: Eli Lilly Background of the Organization Headquartered in Indianapolis Indiana, Eli Lilly and Company focuses on the research, development, manufacturing, sale and distribution of human pharmaceutical and animal health products. The company sells products in approxi mately 120 countries worldwide. Eli Lilly has a market capitalization of approximately $90 billion, revenue in 2014 of $20 billion, and approximately 41,300 employees worldwide. Overview of ERM While the company’s ERM program began formally in 2005, the integration of ERM with the company’s strategic planning process started in 2007. In order to promote the importance of a strong connection and assess ways to improve the link between ERM and the company’s strategic planning process , the Sr. Director of ERM initiated a series of sessions amongst leaders from the Corporate Strategy, Ethics and Compliance (E&C), and Legal functions. It was especially important that key strategic risks be included in the ERM process, and that leaders within Eli Lilly’s strateg ic functions be able to provide input on what risks were ultimately elevated to an enterprise level. Eli Lilly and Company uses a highly structured approach to implement its ERM process and acc omplish integration of ERM and strategy. The board -level components consist of the Audit Committee and the Public Policy and Compliance Committee (PPCC), which provide oversight and accountability at the board level. The company chose to align ERM with its E&C function to benefit from two key attributes : risk identification and independence. The E&C function at Eli Lilly conducts risk identification and mitigation as part of its daily operations ; keeping ERM aligned with Compliance would provide for grea ter efficiency. The Ethics and Compliance department reports to the CEO with a dotted line of reporting to the board, so aligning ERM with the E&C function allowed ERM to maintain this essential, independent line of reporting as well . The next element i s the Compliance and Enterprise Risk Management Committee (CERMC), which consists of senior management, including the Presidents of each of the company’s business units and functions (e.g. LRL, Manufacturing, Quality and Global Services, etc.), the Preside nt of Lilly’s largest affiliate, the Chief Medical Officer, the Chief Information Officer, and the General Auditor. Another critical component is the ERM Core Team, which consists of a group of six selected members representing various areas of the business, including two executives in charge of strategy ( including the leader of Corporate Strategy), the board secretary, who is an attorney in INTEGRATION OF ERM WITH STRATEGY - 10 the Lilly Law Division, a CERMC member (Chief Ethics and Compliance Officer), and the two individuals in charge of the company’s ERM process. Eli Lilly ERM Structure Having a group such as the ERM Core Team provides several benefits. A multi -disciplinary team provides an enterprise -wide perspective on both risk identification as well as prioritization. Including strategic personnel provides a uniquely strategic point of view, a nd including a board level perspective can keep the ERM team informed of board -level priorities or concerns and more closely link ERM risks to the company’s current and future strategic initiatives. The mix of personnel on the Core Team allows the group to evaluate operational risks through a long -term strategic lens to identify entity -level risks and opportunities. Each January and February, the ERM Core Team conducts workshops involving 40 -50 leaders across the company’s geographic regions and business units. The Core Team then uses the information gathered from the workshops as well as its own internal discussions to put together a report on entity level risks that is reviewed by the CERMC. The Core Team is able to pull INTEGRATION OF ERM WITH STRATEGY - 11 together themes that cross busine ss unit/functional area boundaries and use their respective points of view to prioritize these themes into entity level risks based on a strategic, enterprise - wide perspective. In this way, the ERM Core Team serves as a critical transition point from the “silo” perspective of the individual business units to the more enterprise -wide view of executive management and the board. For example, after complet ing its annual ERM workshop process and reviewing the results , if the ERM Core Team discovered that sever al different business units have identified a similar risk, the ERM Core Team could upgrade the risk from a business unit risk to an entity level risk in the report to the CERMC. Upon review by the CERMC, additional resources could be assigned, including the creation of a task force/team to look specifically at the enterprise level risk and craft a mitigation plan to be implemented on a company - wide basis. This is just one example of how Eli Lilly’s process is designed to take what appears to be a business unit risk and escalate it to an enterprise level to be dealt with and mitigated before it negatively affect s the company. Directly supporting the ERM Core Team are the ERM Liaisons, which typically have operational responsibilities at the business unit or functional level. The ERM Core Team works closely with the ERM Liaisons to identify risk owners within each business unit or functional area, and the ERM Liaisons in turn work with the identified risk owners to craft a mitigation plan for the risks the y have been assigned. This ensures that those most directly responsible for managing and mitigating the identified risks maintain ownership of the risks. In addition to the assignment of risk ownership, oversight and monitoring is conducted throughout th e process to ensure that the mitigation plans are put into action. Based on whether a risk has been assigned a high (red) , medium (yellow) , or low (green) risk designation on the company’s ERM heat map , oversight is assigned to the CERMC, ERM Core Team, or Business Un it Liaisons respectively (see Appendix A3 and A4) . For example, review and oversight by the CERMC involves a risk owner providing an update to the members . T he ERM Core Team meets with ERM Liaisons to review documents that support execution of the various mitigation steps , and Business Unit Liaisons conduct their own review of the documentation supporting execution of the various mitigation steps. Integration of ERM with Strategy One of the first obstacles to integration faced by Eli Lilly was getting those involved in the process to avoid mentally separating ERM risks from other strategic processes. From the INTEGRATION OF ERM WITH STRATEGY - 12 company’s point of view, integration should begin at the individual employee level, and this required helping employees understand tha t ERM should not be separated from their other work. One method the company used to overcome this obstacle was to ensure the timing of the company’s ERM process coincided with the strategic planning process during the company’s regular business cycle. Wh en the strategic planning process begins in January and February, business areas are responsible for establishing their portion of the strategic plan. Information from this business unit level process is used as an input for annual ERM workshops, which enc ourages employees to think about ERM at the same time they are already engaged in the strategic planning process. This helps embed the ERM process at the strategic planning level and increases the likelihood that strategic objectives directly inform the ri sk identification process. Since the strategic planning process also involves scenario analysis activities, the company is able to identify potential opportunities for competitive advantage arising from successfully mitigated risks. One of the keys to ensuring that personnel perceive ERM as more than just “another corporate exercise” has been to focus on building relationships and educating employees on how the ERM process has value for the company. This education has occurred by cond ucting CERMC and board meetings as well as sessions with ERM Liaisons. Since the strategic planning process is well -understood, and its importance widely accepted, linking ERM to the strategic planning process from a corporate perspective helped forge the correct mindset. The other key to integrating the process with strategy at the employee level has been to create “local” ownership of the process at the business unit level. This was accomplished by establishing that the business leaders would ultimate ly be responsible for the identified risks and their subsequent management and mitigation. Additionally, making it clear that the board of directors was keenly interested in knowing what the risks were and how they were being managed created a powerful inc entive that represented the “tone at the top” and encouraged business unit leaders to make the process work. After the CERMC conducts its review of the ERM Core Team’s report on entity -level risks, they also review business unit strategic plans, which pr ovides another level of strategy and ERM INTEGRATION OF ERM WITH STRATEGY - 13 integration. The CERMC is able to view the strategic plans through the lens of the recently reviewed enterprise -wide risks distilled from the work of the ERM Core Team and ERM workshops. Having this dual outlook helps identify overlooked areas or risks that may have been included in the risk portfolio but not addressed in the strategic plan. The last component of the integration cycle happens at the end of the business plan process, after the final funding decisions have been made as part of the company’s budgeting process . The ERM Core Team and the CERMC meet again to discuss whether any funding changes resulting from the budgeting process have affected the previously identified risks, and whether any changes need to be reflected in the company’s risk profile. The ERM Core Team reviews and provides input regarding the risks include d in the company’s 10 -K, which provides a final critical communication link between risk, strategy, and the company’s st akeholders. This provides a good summation point for the ERM process, and ensures one final point of review that includes both ERM and strategic perspectives. Future Steps The integration of ERM and strategy is an ongoing process that Eli Lilly seeks t o improve each year. The company has identified three broad areas where it intends to further improve integration between ERM and the company’s strategic process.

The first area of focus includes improving its identification of opportunities and not just t he threats represented by risks identified in the ERM process. Further integration of ERM and strategy will allow risks to begin to inform new strategic directions and initiatives that add value to the company. The company plans to implement this change by specifically discussing possible opportunities during the risk identification workshop process each year. The discussion will seek to identify risks that, if mitigated properly, may lead to a competitive advantage in the industry or marketplace. Any oppor tunities identified will then be passed along to those in charge of business planning. The second area of focus is to more systematically consider key risk indicators, or what the company calls “signposts”.

Identifying “signposts” can enable the company to activate or revise a mitigation plan in time to effectively address emerging risks. While there are business units that are doing this currently, the goal is to ensure consistent enterprise -wide adoption in a more formal and documented manner. The las t area of focus will be to more clearly identify risk interconnectedness. Viewing all risks as being potentially linked in some way will improve both the identification of how one risk can amplify others, as well as improve management of risks across affec ted business units. This will INTEGRATION OF ERM WITH STRATEGY - 14 allow the company to be more efficient in managing risk, as well as assist in the identification of new opportunities for improvement. The company recognizes that integration is an ongoing process . E ach of the critical elements of integration have grown over time, and are the result of consistent leadership and support from the top levels of the organization as well as a positive company culture surrounding risk management and its integration with strategy. INTEGRATION OF ERM WITH STRATEGY - 15 Case Study: Daisy Company Background of the Organization Daisy Company is a lea ding national specialty manufacturer of high -quality personal care products . The company’s products are sold in more than 95 countries an d territories around the world. The company’s net sales for fiscal year 2015 was $12.4 billion and net income was $1.3 billion. Overview of ERM ERM is a process by which the company identifies critical risks affecting its ability to successfully attain its goals and strategy. The company has adapted its ERM process over the years by adopting a subcommittee ERM approach that deals with major risk areas such as strategy, technology, human resources, and emerging markets. Daisy Company Corporate Risk Management Committee The company has a c orporate -level Ris k Management Committee ( RMC) which meets four times a year and is made up of ten members from the se nior level of the corporation. The committee includes Presidents of Brands, Head of HR, the CFO, the Treasur er, and the Head of Operations. Below the RMC, there are nine other subcommittees: Strategic Business Risk, Legal, Research and Development, Finance and Reporting, Supply Chain, Cyber Risks, IT, HR, and Emerging Markets. Each of these subcommittees has approximately 8 -12 members at VP or above level. Each subcommittee is made up of multi -disciplinary members to identify the risks to the company as a whole. Towards the end of the year, the CRO will present the top risks identified and escalating risks to the CFO, CEO, Chairman, the Audit Committ ee and the Board once a year. INTEGRATION OF ERM WITH STRATEGY - 16 INTEGRATION OF ERM WITH STRATEGY - 17 Daisy Company ERM Structure The risk identification process begins with a questionnaire that goes to all subcommittee members as well as risk owners and senior management. The questionnaire, which is part of the company’s integration of ERM and strategy, includes the following questions:  What are the risks that would affect the strategy?  What are the operational risks?  What risks are escalating that will require priority focus in the current year, and  What risks a re emerging risks that could have significant impacts in the future? The questionnaire includes a catalogue of existing risks for reference, and then the risks are updated based upon the results of the questionnaire. A risk template is used to record the identified risks with a description, the risk owner, and a scenario analysis that shows how the risk affects the company. The template also includes 1 -3 risk drivers. The inherent risk is then rated by the risk owner and RMC based on 3 criteria: probabili ty, impact, and velocity. Then the risk score is derived from these criteria. As part of the mitigation strategy, a risk owner is assigned responsibility for developing a mitigation plan. There are also risk mitigation tasks which are high -level tasks done to implement the strategy for mitigating the risk. In the subcommittee, each INTEGRATION OF ERM WITH STRATEGY - 18 task is rated to come to a composite score for the strategy and later, each owner of the committee is responsible for having the template filled out. (See Appendix A5) . After completing the template, the risk owners and the committees then rate the risk on a residual ba sis using the same 3 criteria (impact, probability, and v elocity) to see how the mitigation strategy has affected the level of risk. In addition, there is also a mitigation effort sco re using a 1- 5 scale (deficient, weak, basic, acceptable, and c omprehensive) to rate the mitigation actions . The risk owner is then give n the chance to provide an explanation for the risk rating score. In order to know whether the pla n has been implemented in the future or whe ther the mitigation plan has worked, the risk owner re -rates the risk after mitigation has been implemen ted using the same 3 criteria (impact, probability, and v elocity). From the risks and the ratings provided by the risk owners, escalating risks are determined and reported to senior management [See Appendix A6]. For example, cyber risk is a high impact and high likelihood risk , and if it is graphed on the heat map, it would be upper right. However, the heat map d oes not give people a chance to communicate and talk about what they ha ve done to mitigate the risk. Therefore, the residual rating gives people the chance to show that they are doing all they can, and despite their efforts, the risk is still remaining high, even with a mitigation plan in place. Integration of ERM with Strategy The CEO has driven the integration of ERM with strategy, therefore, changes and improvements each year have been in the direction towards integrating ERM with strategy . The sup port and strong tone at the top play an important role in the success of the integration process of ERM with strategy . The risk committees are made up of 8 operational sub committees and one strategic risk subcommittee with risk owners who are typically members of the operational subcommittees. The strategic risk subcommittee is chaired by the head of strategy and made up of senior manage ment members. Each subcommittee, except for the risk subcommittee, has its own risk owner , and risk owners a re interviewed individually by the CRO of the risk subcommittee. The other key area of integration is the development of lagging KRIs for risk and mitigation purposes. As a business, from the strategic plan, the company develops lagging KRIs to track th e various mitigation tasks. The risk indicators help the company to enact the mitigation plan in time to effectively address emerging risks. For example, a lagging KRI might track sales in a particular place and use the existing KRI to address any changes in risk and mitigation tasks when the company plans to earn revenue in a particular location. Finally, the company includes the risk templates in the normal strategy process and includes a process for identifying the main risks to the strategy and the pl an for managing those risks. After the mitigation plan has been implemented , the RMC will re -assess to see whether additional actions would be needed and send the summary to the finance de partment to make sure funds are available. INTEGRATION OF ERM WITH STRATEGY - 19 The corporate risk management committee and the risk subcommittees meet quarterly. The subcommittees usually meet early in the third quarter. The strategic planning pro cess typically starts near the end of the year, while the budgeti ng process takes place in the later part of the third quarter. The strategy process and the risk management process are ongoing, simultaneous processes. The company sees risk management and strategic planning as a continuous, ongoing cycle, so they do not try to fit things into a prescribed time, but rather maintain flexibility to respond to changing conditions. Daisy Company ERM Timeline INTEGRATION OF ERM WITH STRATEGY - 20 Future Steps The ERM process has been improving each year , involv ing more personnel throughout the organization. Since its inception 15 years ago, it has matured in tandem with the strategic planning process. The company has a very strong tone at the top which has supported the continuous improvement of these processes. On e of the most significant improvements in the process came about during the aftermath of the financial crisis , when the company put more structu re around risk mitigation plans and mi tigation efforts. The company is now in the process of introducing a new set of reporting procedures which will take more of a dashboard approach, in an effort to better communicate risk information.

However, the company still believes that informal communications between the key players dealing with risks and strategy are critical, and those discussions need to continue. At the business level, at first, personnel may have felt that considering risks represented additional work , and did not really see the immediate benefit. However, the RMC has been trying to be a facilita tor to keep the load on others as light as possible, so the workload effect was not so dramatic. For example, the strategic business risk subcommittee used to request that the other risk committees complete the risk templates. Now, the strategic business r isk committee gathers the information themselves, completes the templates , and sends it to the ot her risk committees for review. Now that the benefits of the ERM process are widely recognized, and the process has become institutionalized, changes in person nel hav e not had a disruptive effect. New personnel quickly adapt to the process as a result of the strong culture of the company . The company realize d the importance of integration of ERM and strategy early from the beginning of the ERM process , and con siders integration to be an ongoing process. The ERM process as well as the integration with strateg y ha ve grow n over time as a result of consistent support from the top levels of management and the company ’s culture. INTEGRATION OF ERM WITH STRATEGY - 21 Conclusion  There is no best “home” for ERM within a company’s operations; rather, ERM should be well -positioned to have proper reporting channels and have an effective vantage point of the company’s operations to avoid potential “blind spots.” This can vary depending on the nature of the company’s operations, its culture, and organizational structure.  It is essential to remember how important the tone and expectation coming from top leadership is in creating and maintaining a successful ERM process, especially one t hat is functionally integrated with strategic planning.  Take time to build relationships through educating key business process leaders about the benefits of the company’s ERM process. Business leaders will more fully engage in the process when they see inherent value in the process .  No matter where a company is in its ERM process, communication and education of those involved is critical to keeping ERM relevant, accepted, and supported.  Assign risk ownership and mitigation at the business unit level. Making business unit and functional area level personnel responsible for owning risks and crafting mitigation plans makes strategy and risk management coexist in the same space. This provides the “front -line” integration of risk and strategy, since the individuals responsible for carrying out strategic objectives are also involved in risk ownership and mitigation. INTEGRATION OF ERM WITH STRATEGY - 22 Appendix A1: Mitchell Industries : Risk Assessment Template INTEGRATION OF ERM WITH STRATEGY - 23 A2: Mitchell Industries : Template Assessing Risk in Relation to Strategy INTEGRATION OF ERM WITH STRATEGY - 24 A3: Eli Lilly: Risk Assessment Template INTEGRATION OF ERM WITH STRATEGY - 25 A4: Eli Lilly: Risk Ranking Matrix INTEGRATION OF ERM WITH STRATEGY - 26 A5: Daisy Company : Risk Template Risk Number: Date Completed/Updated: 1. Risk Information Risk Name: Summary Risk Category: Risk Short Description: Risk Committee: Risk Owner: Inherent Risk Element Ratings: Velocity Impact Probability Risk Score (Based on 5 point scale: VL -Very Low, L -Low, M -Medium, H -High, VH -Very High) 2. Risk Scenario Key Risk Drivers:  X  X  X INTEGRATION OF ERM WITH STRATEGY - 27 3. Current Risk Mitigation Strategies and Tasks (Effectiveness Ratings are based upon a 1 to 5 scale, with 5 being “Highly Effective”, the Overall Effectiveness Rating represents an assessment of the overall Mitigation Strategy based upon the Risk Mitigation Tasks that are in place and the assessment of their effectiveness.) Task No. Mitigation Task Name Mitigation Task Owner Description Task Mitigation Effect Risk Element Rating Affected Metrics & Monitoring Effectiveness Rating T001 T002 T003 Strategy No. Mitigation Strategy Name Mitigation Owner Description Mitigation Effect Overall Effectiveness Rating M001 INTEGRATION OF ERM WITH STRATEGY - 28 4. Current Residual Risk Ratings Risk Element Ratings: Velocity Impact Probability VIP Risk Score (Based on 5 point scale: VL -Very Low, L -Low, M -Medium, H -High, VH -Very High) 5. Current Mitigation Effort (to be completed by Risk Owner) Mitigation Effort Rating: Comprehensive Acceptable Basic Weak Deficient Mitigation Effort Justification: 6. Current Mitigation In Action Example Current Mitigation Effort rating is Basic or below, risk requires Future Risk Mitigation Strategies INTEGRATION OF ERM WITH STRATEGY - 29 7. Future Risk Mitigation Strategies (If Current Mitigation Effort rating is Basic or below, risk requires Future Risk Mitigation Strategies) Mitigation Strategy Name Mitigation Owner Description Action Plan Implementation Date Required Resources Incremental Cost 8. Future Residual Risk Ratings Risk Element Ratings: Velocity Impact Probability VIP Risk Score (Based on 5 point scale: VL -Very Low, L -Low, M -Medium, H -High, VH -Very High) 9. Future Mitigation Effort (to be completed by Risk Owner) Mitigation Effort Rating: Comprehensive Acceptable Basic Weak Deficient Mitigation Effort Justification: INTEGRATION OF ERM WITH STRATEGY - 30 10. Risk Outlook (to be completed by Risk Owner): Qualitative rating based on micro and macro factors, not directly connected to risk mitigation Risk Outlook: Increasing Decreasing Stable Risk Outlook Justification: 11. Opportunities: Opportunities are favorable or advantageous circumstances arising from the identification and/or mitigation of the risk that can promote the achievement of our strategic goals and objectives. Opportunities Description: INTEGRATION OF ERM WITH STRATEGY - 31 A6: Daisy Company : Rating Scale INTEGRATION OF ERM WITH STRATEGY - 32 INTEGRATION OF ERM WITH STRATEGY - 33 INTEGRATION OF ERM WITH STRATEGY - 34 About the Authors Ha Do is currently pursuing her Master of Accounting degree with a concentration in Enterprise Risk Management at NC State University.

While obtaining her Bachelor of Science degree in Quantitative Economics from Tufts University, she built a diverse experience in financial services industry through her internships in banking and public accounting firms. Upon graduation, she hopes to begin her career in audit or risk advisory services. Maria Railwaywalla is a second year Master of Business Administration student at NC State’s Poole College of Management. Her concentration areas are Supply Chain Management and Data Analytics. She has an undergraduate Juris Doctor degree and over four years consulting experience. Akin to working in multicultural environments , she gained varied experience in manufacturing, services, and information technology industries. Jeremiah Thayer is a graduate student pursuing a Master of Accounting degree with a concentration in Enterprise Risk Management from NC State University. While obtaining a Bachelor of Science in Business Administration with a concentration in Accounting from the Universi ty of South Carolina, Aiken, he worked as part of a team at a small business consulting firm, interacting with rural and agricultural businesses to create feasibility studies, business plans, and marketing documents.