Two years ago, the board of Juniper Networks, the Sunnyvale, Calif.-based provider of high-performance networking, decided it needed an integrated risk management program that would give board members and the executive management team greater oversight of risk management across the organization. As part of that process, and mindful of how Japan’s earthquake, tsunami and nuclear meltdown exposed businesses’ vulnerability to continuity disruption, Juniper’s risk management committee looked at the company’s own preparedness and its ability to support its customers.
As a result, Juniper was able to provide business continuity support to telecom companies covering this year’s Olympics. It was a telling example of the advantages of setting up an integrated risk management program.
In the process of evaluating Juniper’s overall risk profile, some risks were removed from the list, Langone says. For example, compliance risks were culled out “because we have strong internal audits and great legal operations, so while we had those risks, they were being well monitored and mitigated already,” she says. “They didn’t need to be included.”
A three-pronged approach was established for dealing with each of the 200 key risks identified, consisting of three questions: Are we focused on the right issues to manage the risk? Has the level of acceptable risk been determined? Is the risk management response acceptable?