Enterprise Risk Management Function
Enterprise Risk Management Function
Enterprise Risk Management Function
*All work must be submitted on or before the due date. If an extension of time to submit work is required, a Mitigating
Circumstance Form must be submitted.
If yes, please provide the new submission date ….…/.…./……., and affix appropriate evidence.
I hereby, declare that I know what plagiarism entails, namely to use another’s work and to present it
as my own without attributing the sources in the correct way. I further understand what it means to
copy another’s work.
1. I know that plagiarism is a punishable offence because it constitutes theft.
2. I understand the plagiarism and copying policy of the University of the West of Scotland.
3. I know what the consequences will be if I plagiaries or copy another’s work in any of the
assignments for this program.
4. I declare therefore that all work presented by me for every aspect of my program, will be my
own, and where I have made use of another’s work, I will attribute the source in the correct
way.
5. I acknowledge that the attachment of this document signed or not, constitutes my agreement
on it.
6. I understand that my assignment will not be considered as submitted if this document is not
attached to the attached.
For an organization of your choice and carry out an enterprise risk management function.
Johnson & Johnson (J&J) is an American multinational medical devices, pharmaceutical and
consumer packaged goods manufacturing company. It is founded in 1886. J&J is
headquartered in New Brunswick, New Jersey, the consumer division being located in
Skillman, New Jersey. Its common stock is a component of the Dow Johns Industrial
Average and the company is ranked No. 37 on the 2018 Fortune 500 list of the largest US
corporations by total revenue. J&J is one of the world’s most valuable companies.
Categorization of risk
The common framework used to identify and manage potential events that may affect
the enterprise
Accountability for risk management
Governance and oversight of risk management activities
Their strategic framework captures the way all the elements of their business intersect to
deliver value including the key drivers of their future success.
First and foremost, J&J is guided by their Credo, a deeply held set of values that is their
moral compass. Their aspiration emerges from their Credo – by caring, one person at a time,
they help billions of people around the world live longer, healthier and happier lives.
They build from this foundation a unique set of strategic principles- being broadly based in
health care; using their reach and size for good; leading with agility and urgency; and
investing for enduring impact. And they do all this through a unique culture that value and
foster the development of their people.
Finally, their growth drivers are the specific areas of focus that help ensure their robust
growth for the future. They believe that it is essential to focus on these critical drivers of their
future growth: to create life-enhancing innovation; to deliver excellence in execution; to
generate value through partnership; and to empower and inspire their employees.
Ultimately it is through effective risk management that they enable the enterprise to
implement this strategic framework and grow the business successfully in alignment with
their Credo and strategic principles amidst an evolving and challenging external environment.
Risk can be viewed as the combination of the probability of an event and the impact of its
consequences. Events with a negative impact represent risks that can prevent value creation
or erode existing value. In order to deliver value to company’s stakeholders, the company
must understand the types of risk faced by the organization and address them appropriately.
Generally, risks to the company’s success can be grouped into four categories:
1) Strategic
2) Operational
3) Compliance and
4) Financial & reporting
1) Strategic
Reduction in business vitality
Loss of intellectual property and trade secrets
Competition for talent
Negative impact to reputation/loss of public trust
2) Operational
Disruption to product supply
Counterfeiting
Inefficient use of resources/increased product cost
Physical property/damage/disruption
Discontinuation of global data flow
3) Compliance
Environmental
Employee health & safety
Clinical trial subject/patient safety
Product quality/safety issues
Ensure prompt resolution of internally identified risk to compliance with laws and
regulations to maintain the provision of quality products, protect patient safety and
ensure appropriate relationships with customers
Support “simplification” strategies to ensure effective use of resources, enable an
optimized approach to auditing and identification/remediation of compliance issues
and promote reporting and monitoring across compliance functions
Enable improved decision making, planning and prioritization through a structured
understanding of opportunities and threats
Support value creation by enabling management to deal effectively with future events
that create uncertainty, pose a significant risk or opportunity and to respond in a
prompt, efficient and effective manner
Support their growth drivers of creating life enhancing innovation, delivering
excellence in execution, generating value through partnerships and empowering and
inspiring their employees
J&J business leaders are responsible for managing and mitigating risks affecting their
business. Risk management functions are responsible for identifying, assessing, and
presenting those risks to the business leaders for recommended actions. To identify and
mitigate risk more effectively, the risk management professionals continuously strive to
innovate and develop solutions. Select risk management functions are listed below along with
the areas of risk for which they have responsibility.
Law Department × ×
Quality & Compliance × ×
Supply Chain × × ×
J&J Enterprise Risk Management Framework is made up of six components derived from the
Committee of Sponsoring Organizations of the Treadway Commission ERM Framework.
J&J’s Credo and Code of Business Conduct is the core of their business philosophy and set
the tone and values of the organization. Executive Committee set the objectives in accordance
with their strategic framework and are cascaded throughout the organization.
1. Event Identification & Risk Assessment: Functional leaders identify internal and
external events that may affect the achievement of the company’s objectives, as part
of the strategic planning process and day-to-day management of the business.
Through their expertise, formal assessments and analysis of business intelligence and
trends, risk management function personnel help to identify and assess these risks.
2. Risk Response: A response is determined by the overall risk exposure, considered as
a function of likelihood and impact of the occurrence. Risk response may include
avoiding or evading, accepting, reducing, and sharing or transferring risk.
3. Control Activities: For ensuring that the risk responses are carried out effectively and
consistently throughout the organization, the control activities are established. This
involves formalizing risk response in the company policies, ensuring clear
accountability, utilizing self-assessment and monitoring tools and designing controls
into their systems and critical business processes.
4. Information & Communication: To make the organization aware of risks that fall
into their area of responsibility and expected behaviour and actions to mitigate
negative outcomes, information and communication channels are placed.
5. Oversight & Monitoring: Management reviews, as well as assurance activities, such
as testing, auditing and assessments, are in place to ensure that risks are effectively
identified and assessed, and that appropriate responses, controls and preventive
actions are in place.
While no risk management system can ever be absolutely complete, the goal is to make
certain that identified risks are managed within acceptable levels.
Goal
Foster a culture of risk
management to help
the enterprise maintain
the provision of quality
products, protect patient
safety and ensure
appropriate relationships
with customers.
Each business unit and function communicates identified risks and associated response
strategies to their leadership team as described above. As appropriate, issues are also
escalated to their respective Executive Committee member or directly to the Audit or other
appropriate committee of the board.
The oversight and governance provided by the individual risk management functions ensure
that the standards are met and that risks are mitigated effectively. The strategic plans and
direction for their organization developed by the leaders of these functions effectively align
the mitigation support to the objectives and priorities of the organization.
To share emerging risks and common practices – especially for risks that require an
integrated approach or may have complimentary impact, various councils and committees
serve as cross-functional governance mechanisms. For example, the J&J Compliance
Committee serves as the primary governance structure for coordinating compliance-related
risks across the core risk functions and, the internal Triage Committee manages the
investigation process for all escalated issues involving allegations of compliance, financial,
legal or other similar policy violations.
J&J serves billions of people worldwide by bringing value expertise and innovation in line
with their Credo, as a leader in health care. Risk is inherent in their business activities. With
the help of strong risk management practices they strengthen their organization through
informed strategic and business decisions. Hence they can continue to meet the needs of
consumers, doctors, nurses, patients, mothers and fathers and it’s all stakeholders. They blend
Heart, Science and Ingenuity to profoundly change the trajectory of health for humanity.
www.jnj.com,
https://www.jnj.com/application/pdf:%2092/01/4efd5ba54bc09c6eb227db00da8a/jnj-
erm-framework-2018-update.pdf, 29 May 2019
Investor.jnj.com, https:// http://www.investor.jnj.com/annual-meeting-materials/2018-
annual-report, 31 May 2019