Embed Size (px)
Citation preview
Kimberly-Clark Global IT Risk Management Program
Creating a Proactive, Risk-Aware Culture Across a Global Organization
Presenters
Laura Jones, CRISC, PMI-RMP, CMQ/OE, PMP, Risk Manager, Cybersecurity & Assurance
Tom Sullivan, CISSP, CPA, Senior Manager, Risk and Compliance, Cybersecurity & Assurance
Overview
• Kimberly-Clark Corporation
• The Case for Risk Management
• An Imperative for Risk Awareness
• Guiding Principles
• The Kimberly-Clark Risk Hierarchy
Kimberly-Clark Corporation• Leading the world in essentials for a better life.
• 42,000 employees worldwide and operations in 35 countries
• Leading brands sold in more than 175 countries
• More than 145 years in business
• Nearly one-quarter of the world's population purchase our products every day
• $18.2 billion in sales for 2016
• With brands like Kleenex, Scott, Huggies, Pull-Ups, Kotex, Poise and Depend, Kimberly-
Clark holds the No. 1 or No. 2 brand share in 80 countries
• Contributed more than $35.8 million in cash and products to charitable causes in 2016
Drivers For Change
• Lack of alignment as many teams performing risk assessments
• Unacceptable risk profile as evidenced by Audit Results, etc.
• Evolving risk landscape as data volumes are growing exponentially, sharing is critical for business, and data breach risks and regulatory scrutiny are increasing
• Too many spreadsheets, SharePoint lists, PowerPoint slides, emails
Peter Drucker - “Efficiency is doing things right; effectiveness is doing the right things.”
Business/ Audit / Non-Compliance
Issues
Audit
RiskAssessment
Stan
dar
d
Wo
rk
Lead Measures –Reinforce Positive Actions
Predictive
Lag Measures –Final Score
Proactive ReactiveRisk Problems / Findings
Risk Management Drives Value
6
Cost Avoidance
• Avoid Penalties for legal and regulatory non-compliance
• Potential for leniency following a breach
Protection
• Reputation
– Investors
– Consumer Confidence
– Company leaders
• Investments
– Intellectual property
– Trade secrets
Morale Productivity
• Confidence company is committed to doing the right thing as an ethical company
• Attract and retain top talent as you protect employees
• Ability to plan risk mitigation work as part of your job
• Projects not derailed due to unplanned remediation activities
Creating a Culture of Risk AwarenessEnculturating Risk Awareness through K-C’s Six Guiding Principles
Enabling Risk Awareness through the Kimberly-Clark Risk Hierarchy
Level 1
Enterprise
Level 2
Business
Level 3
Information Technology Services
Tactical Level
IT Risk is Business Risk
• Inter-Tier and Intra-Tier Communications
• Feedback Loop for Continuous Improvement
• Traceability and Transparency of Risk-Based Decisions
• Organization-Wide Risk Awareness
Information Technology Services
Level 3 - IT Risk Register
Global Risk Management
Level 1 – Top 20 Risks
Global Risk Management
Level 2 – Sub-risks
Thank you
