Two years ago, the board of Juniper Networks, the Sunnyvale, Calif.-based provider of high-performance networking, decided it needed an integrated risk management program that would give board members and the executive management team greater oversight of risk management across the organization. As part of that process, and mindful of how Japan’s earthquake, tsunami and nuclear meltdown exposed businesses’ vulnerability to continuity disruption, Juniper’s risk management committee looked at the company’s own preparedness and its ability to support its customers.
As a result, Juniper was able to provide business continuity support to telecom companies covering this year’s Olympics. It was a telling example of the advantages of setting up an integrated risk management program.
Instead of just bringing in a vendor and setting up an automated enterprise risk system, as many companies have done, $4.5 billion Juniper set about evaluating what its real operational and strategic risks were across the 46 countries it operates in, with the aim of creating a “risk-intelligent organization.”
“The goal was to focus on higher-level risks,” says Laura Langone, director of global risk management. This was not just about mitigating or eliminating those risks, she says. “There is an upside and a downside to risk.”
At the request of CFO Robyn Denholm, a treasury-led risk working team was assembled. Its 10 members represented finance, legal, tax, treasury, internal audit, corporate strategy and business operations, with Deloitte serving as a consultant to assist with benchmarking and project management.
The team developed a list of 200 key risks, which were divided into four “risk pillars”: strategic, operational, financial and compliance. Metrics were developed to measure the company’s vulnerability to each risk, as well as the impact of risk mitigation efforts. Within each pillar, risks were further evaluated in terms of factors like relative speed of onset to determine which needed to be evaluated quarterly by a risk management committee composed of executives from across the company.
In the process of evaluating Juniper’s overall risk profile, some risks were removed from the list, Langone says. For example, compliance risks were culled out “because we have strong internal audits and great legal operations, so while we had those risks, they were being well monitored and mitigated already,” she says. “They didn’t need to be included.”
A three-pronged approach was established for dealing with each of the 200 key risks identified, consisting of three questions: Are we focused on the right issues to manage the risk? Has the level of acceptable risk been determined? Is the risk management response acceptable?
“No one likes talking about that four-letter word, risk,” Langone says. “But, for example, talking about how we’re going to focus on a new market we are in, and what are the risks, helps us to crystallize a strategy and make it a great market.”
As an example of how the integrated risk program has helped the company not just mitigate risk but find opportunities, she says, “We’re just now discovering upside opportunities in our negotiations with outsourcers and suppliers. When you see yourself as embedded with your suppliers, it becomes more of a partnership than a business relationship.”
Juniper’s new integrated risk program remains a work-in-progress. The foundation was built in 2010, Langone says, and 2011 was the year for getting the system up and running. “This year we’re fully operational.”
Already Juniper has seen direct benefits, including enhanced governance, oversight and transparency of risk at both board and executive level, as well as indirect benefits, such as negotiating better risk management programs for operational risks that had traditionally been handled through insurance.
See a slideshow of the 2012 Alexander Hamilton Award winners here.
Read about the Aon project that won the Silver in the Enterprise Risk Management category here, the Paychex project that won the Bronze here, and the RTI International Project that won the Editors’ Choice Middle Market Achievement Award here.