Documente Academic
Documente Profesional
Documente Cultură
Group Project
Team members:
Yuyang Cai
Biying Zhuge
Zheng Yan
Hongfeng (Oliver) Guo
Jiaqi Li
Ziwei Zhu
Xiaochen Ma
Zixuan Wu
A. Reporting
ERM Summary Report Main Body
B. Project Planning and Management
ERM Plan Appendix 11
ERM Policy Appendix 8
ERM Organization Chart Appendix 9
C. Risk Management Documentation
Company Background Appendix 1
Company Definition of Risk Appetite Appendix 2
Business Objective Setting Appendix 3
Risk Universe Appendix 4
Risk Assessment Criteria Appendix 5
Risk Scale Appendix 6
Prioritized Risk Action Plan Appendix 7
ERM Summary Report
Drivers & Objectives:
Keep growing technology industry and increasing competition in technology industry drivers
Apple to initiate enterprise risk management (ERM) plan. Implementation of ERM gradually
becomes a new trend in the market, and many Apple’s competitors as a result have already
started to establish their own risk management plan. It is critical for Apple to have one to keep its
leading position.
ERM help Apple to analyze the potential risks as well as impacts of identified risks. Through
implementing action plan Apple can effectively manage these potential risks by effectively
allocate available resources and reinforce risk response decisions to reduce operational surprise
and mitigate unnecessary losses. In the meantime, having ERM in place the company help Apple
develop a risk aware culture and share common objectives and standard about risk management.
ERM need to be developed and implemented within every level from top to bottom so as to be
recognized by each person in the company. Beyond that, Apple’s strategy and culture tend to
reflect on the unimaginable growth of technology industry in order that it can leverage the risks
Process Employed
We first initiated a ERM group after selecting the most competitive team members from
potential candidates. And then we implemented risk management based on COSO ERM
framework issued in 2004. According to COSO, this framework aims to help business and other
entities to enhance their risk management and internal control system. And this ERM framework
“has since been incorporated into policy, rule, and regulation, and used by thousands of
established objectives.” The framework is divided into 8 steps which are internal environment,
objective setting, event identification, risk assessment, information and communication, control
activities and monitoring. We assigned 8 steps for the selected team members. After identified
and assessed 5 key risks, we took actions to respond risks as described as well as set up control
activities and monitoring to continuous growth. We took action to treat and transfer risks
depends on different impacts, likelihood and cost. For rapid technology changes and fierce
competition in industry, Apple need to increase their investment in R&D department to bring
protect their products under the law, to prevent products from being emulated by other
material and labor will affect Apple’s financials. Apple could diverse their foreign currency
holdings so as to remedy losses from one currency by the profit from another currency. Plus,
Apple could buy different forward contracts to cover their losses from exchange risks. Dealing
with outsourcing services, it is better to share their risks with other parties. Besides insurance,
Apple need to require more priorities on their agreement in order to prevent them from
resellers, Apple need to take actions to share the risks when those carriers fail to sell Apple
products due to financial problems. For example, Apple could offer financial assistance as
exchange of specific returns from those carriers like actively advertise and sell to increase their
sales.
Our team also developed ERM policy and organizational charts to identify the responsibilities at
each level in Apple. To help every person recognize their position under ERM will directly
Finally, Apple need to develop and help managements to utilize the most effective way to
activities and monitoring system help Apple evaluate the effectiveness of ERM to continuously
Milestones
The Milestones of our risk management process are mostly according the purpose of ERM and
related deliverables. Essentially, Our purpose tends to expose, identify, and response potential
risks prior to their happening. Thus, implementation of ERM intend to minimize the negative
impacts on achieving objectives. There are five milestones for Apple’s ERM. We first set up an
internal ERM project team by selecting capable professionals to focus on the ERM
implementation. After that we formulated ERM plan (Appendix 11) and ERM project charter
appointing the team leaders, scheduling routine meeting and assigning team members’ functions
related to their competency. Then we completed ERM policy (Appendix 8) and ERM
implemented ERM based on the COSO ERM framework. Each team member was assigned with
one of eight components in the framework to work on. In this milestone, we completed risk
appetite consideration (Appendix 2), business objectives setting (Appendix 3), event
identification (Appendix 3), risk universe identification and risk register (Appendix 4) and
prioritized risk action plan (Appendix 7). Ultimately, we finalized ERM implementation plan and
We first define Apple’s risk universe (Appendix 4) according to four categories, which are
strategic risks, operational risks, compliance risks and financial risks. In order to prioritize these
risks, we assessed them based on their impacts and likelihood. For the impacts, we categorized
risks in three levels which are low, medium and high. Each levels are differentiate in degree of
their losses on multiple aspects. Take medium impacts for example, the financial losses reach to
from $500M to $5000M with probably lawsuit and reputation damage will be medium impacts
for Apple. To sort likelihood of risks, we rate risks from low to high by percentage which are
less than 20%, 20-70% and more than 70% in accordance with their frequency and probability.
(Appendix 5). According to this risk assessment criteria, we scaled most of risks (Appendix 6)
Apple’s ability to compete successfully depends heavily on its ability to ensure a continuing and
timely introduction of innovative new products, services and technologies to the marketplace.
Any new innovative products will impact Apple deeply and will make Apple suffer significant
loss on its financials and market share if it couldn’t keep its leading position in technological
changes. In the meantime, competitors like Samsung, Microsoft and Huawei are thriving in
making changes for technology world. Therefore, risk of rapid technology changes is high in all
its impacts, frequency and probability, which will be the most severe risks to be responded.
The competition in the industry is fierce. Apple’s competitors like Samsung, Huawei, and
Microsoft enjoy great resources and ample experience to maintain high market share. Each of
them is able to compete with Apple. For example, they are selling products with similar features
at a lower price, this strategy helps them attract lots of price-sensitive customers. Also, Samsung
nowadays is competitive from its diversity, sales and marketing. Huawei emerged rapidly in
recent years and has a big market in China, which makes Apple lost large amount market shares.
If Apple fails to develop innovative products with attractive margins, or if it fails to expand its
market share and win potential customers, it will lose competitive edge in the market and suffer
from huge financial loss. Therefore, the impact and likelihood of fierce competition in market are
high.
Uncertainty about global and regional economic conditions poses a risk to Apple. Consumers
and businesses may postpone spending in response to low-speed global and local economic,
tighter credit, higher unemployment, financial market volatility, government austerity programs,
negative financial news, declines in income or asset values and/or other factors. These
worldwide and regional economic conditions could have a material adverse effect on demand for
Since Apple is also a goods-consuming company, which means they will need to forecast the
demand and production in advance. Because the Company’s markets are volatile, competitive
and subject to rapid technology and price changes, there is a risk Apple will forecast incorrectly
and order or produce excess or insufficient amounts of components or products, or not fully
utilize firm purchase commitments. The incorrect forecast will bring redundant inventories with
continuous depreciation. The ongoing depreciation will impacts financials especially cash flow
in a deep.
Much of the Apple’s future success depends on the continued availability and service of key
personnel, including its Chief Executive Officer, executive team and other highly skilled
employees. Experienced personnel in the technology industry are in high demand, and
competition for these talents is intense, especially in Silicon Valley, where most of the
Company’s key personnel are located. Increasing number of important senior employees, who
stay in important position including technicians, management even CFO left with knowledge and
information of Apple, which could cause significant intangible loss to Apple’s assets. The loss
Since substantially all of the Company’s manufacturing is performed in whole or in part by a few
outsourcing partners located primarily in Asia, so Apple doesn’t have direct control over its
product. Hence, the impact of this risk is high since it is hard for Apple to estimate the product
defect rate and the corresponding warranty expenses, but the likelihood of this risk is low as
Apple still has high buying powers over these outsourcing partners because they are more likely
to maintain a long-term relationship with Apple. As for the logistical service risk part, its
likelihood is low because most of the time it can be transferred timely, but due to the uncertainty
existing in the transportation process, like the possibility of natural or man-made disaster, it is
still possible that those components are failed to be delivered from outsourcing partners to the
final destination as expected, consequently, customers dissatisfaction rate will be raised and
Conclusion:
Our team firstly developed and categorized our objectives in four parts, which are strategic
objective, operating objective, reporting objective and compliance objective. Upon our research,
we created our assessment chart to identify the most severe risks which are technology changes,
competition, distribution, outsourcing and inventory. Moving forward, the risk responses was
reinforced depends on different situations. Finally, the control activities and monitoring system
was developed associated with identified risks. Implemented our ERM will help Apple to
identify risks and mitigate the impacts in advance. The control activities could reduce the
probability of risks effectively as well as the monitoring system evaluate the effectiveness of
ERM and transfer warnings prior to risks happening. Upon that, Apple could analyze the market
with effective ERM and predict the trend in order that they can reflect changes timely and
survive from huge changes. Along with implemented ERM, Apple could be more competitive to
acquire market shares back and be prepared to adapt to the potential risks from globalization and
economic condition. With effective internal control, Apple could bring more confidence to
stakeholders. By using cost-benefit method under ERM, Apple could leverage risks and returns
Finally, our ERM tends to mitigate the impacts from risks by increasing the effectiveness and
efficiency to react the potential risks either ongoing or future. ERM also assure Apple to achieve
Appendix 1
Company Background
The characteristics of Apple’s board define the characteristics of entrepreneurial traits, where
they have the ability to find opportunity and gather resources to take advantage of opportunities.
Apple would never have existed without the vision of the board, since the board paid more
attention on the potential in technology rather than only the money, which allowed Apple to take
more risk on promising investment.
In 2006, Apple’s stock gained 82%. Incidentally, it was also everyone’s favorite stock in 2007
(+136%), 2008 (-56%), 2009 (+132%), 2010 (+51%), and 2011 (+23%). This success greatly
increased Apple’s risk capability and risk appetite. For example, As we know, Apple designs and
creates the iPhone, iPad, Mac notebooks and desktop computers, iOS 8, OS X, iPod and iTunes,
and the new Apple Watch. A risk to having this mission completed has been the competitive
pressures of Samsung’s Galaxy line of cell phones. With enhancements and integration of the
entire iPhone platform to meet what consumers wanted and needed for their everyday use, the
company embraced the competitive risks and has consequently flourished around the world.
However, due to the special and spectacular period with Steve Jobs was over in 2011, the stock
premium decreased and the price per share shrunk a lot. Although Apple’s revenues were high,
its quarterly revenue growth has been shrinking somewhat dramatically for 2013. Also, Apple's
cost of debt increased significantly signaling to investors that the company's risk premium has
changed since its 2013 debt raise. During this period, Apple started to take risk-averse strategy.
As a result, Apple has recently been criticized for no longer innovating at the same pace it used
to, which might be due to its declining little tolerance for risk.
From internal environment perspective, high premium is also because Apple had small number
of strategies related to premium pricing, low cost, product segregated strategy, low focus on
market share, low shareholder return policy and global cheaper marketing. Even though Apple’s
internal environment has some room for criticism, it also sets the foundation for how risk is
viewed and addressed by an entity’s people, including risk philosophy and risk appetite,
integrity, ethical values, and the environment in which they operate.
Appendix 3
Globalization
There are two globalization objectives apple is going to achieve. First, in order to focus on its
core technology, Apple will keep outsourcing the manufacturing and logistical services to
companies around the world, which lowers the operating costs and also increases operation
efficiency. Apple will also obtain all components from limited suppliers with high quality to
maintain its uniqueness. Because most of those suppliers are located in the foreign countries,
Apple will spend more effort to maintain a sustainable relationship between business partners.
Second, Apple will keep expanding global market through opening more chain of Apple stores
globally, building more online stores in foreign countries and negotiating its third-party
distribution network to effectively reach more customers and provide them with a high-quality
sales and post-sales support experience.
Product Innovation
Without innovative hardware and supporting operation software, Apple cannot maintain a
leading position in the market. Boston Consulting Group keeps ranking Apple as the world’s
most innovative company. Considering the nature of technology industry and company’s
competitive advantages, Apple will keep increasing R&D budget even during tough times to
continue introducing new products and services, developing new product lines and improving
product transitions. Apple will also work closely with customers to understand and analyzes their
demand to bring them better product experience. Recent years Apple has experienced some
quality issues, which have negative impacts on its brand. Therefore Apple will conduct more
quality controls to make sure product quality can reinforce the product innovation.
Reporting
Apple as one of the largest public companies will maintain a good public relation through meet
the requirement to fully disclose reliable financial and non-financial information to stakeholders
inside and outside the company to help them better evaluate the company and make appropriate
decisions. Apple will also establish a strict internal reporting policy to make sure information is
reliable and is communicated effectively and timely.
Compliance
In order to successfully expand both domestic and global market, Apple will work close with law
and regulation experts to oversee areas such as intellectual property ownership and infringement,
tax, import and export requirements, anti-corruption, foreign exchange controls to make sure
operations are comply with applicable laws and regulations. Apple will also prudently select
business partners such as employees, suppliers and agents to make sure they are not violating any
laws. In addition, as we know Apple’s success partly rely on the third-party software developers.
Therefore one of objectives for Apple is to oversee the intellectual property ownership and
digital content of developers.
Event identification
Economic events
Apple’s globalization strategy makes it very sensitive to economic events happened all over the
world. Events like new trade agreement, price movement, capital availability, financial crisis,
and change of taxation policy are both potentially bring opportunities and risks for Apple.
Political events
Both domestic and foreign political events will affect Apple’s operations. Events like new
present selections or new regulation and law will to some extent affect the organization.
However, it is uncertain that whether these events will provide Apple with opportunities or risks.
Social events
Changing demographics, customer behaviors, income level and family structures will influence
consumer purchase decisions. Again these social events may help Apple discovered new
opportunities, but they could also negatively affect its operations.
Technological events
Apple is always the one who initiates the technology innovations. As the center of technological
events, Apple enjoys many opportunities from its R&D. It is important for Apple to better
control and anticipates the technology-changing trend to generate more benefits from the market.
Appendix 4
Risk Universe
Likelihood:
Frequency Probability (chance of occurrence)
High Up to once or more in one year 0.7 - 1
Medium Once or more in 5 years 0.2 - 0.7
Low Once or more in 10 years 0 - 0.2
Appendix 6
Risk Scale
Impact Likelihood Gross Risk=Impact*Likelihood
Major risks >= 4.5
Rapid technological changes and R&D development 9 0.95 8.55
Fierce competition in market 8 0.9 7.2
Global and regional economic changes 8 0.85 6.8
Substantial inventory risk (obsolete or exceed anticipated demand) 7.5 0.8 6
Key personnel and labor cost 7.2 0.75 5.4
Outsourcing product manufacturing and logistical services 9 0.5 4.5
Minor risks < 4.5
Performance of distributors, carriers and other re-sellers inefficiency 7 0.45 3.15
Product introduction and transition slow down 7 0.3 2.1
Product quality problems 7.5 0.27 2.025
International operational problems 6.8 0.45 3.06
Information tech system break down 8 0.2 1.6
Not access to third-party digital content/intellectual property 5.5 0.4 2.2
The non-availability of third-party software developers 4.5 0.3 1.35
Unfavorable results of legal proceedings 6 0.2 1.2
Labor laws and regulations on media device worldwide violation 4.3 0.25 1.075
Revenue fluctuation 2.3 0.2 0.46
Stock price volatility 2.4 0.33 0.792
Lack of substantial investment and resources 2.6 0.15 0.39
Appendix 7
Prioritized Risk Action Plan
Risk Response
Technology change risk
The risk response to the rapid technology change risk is to treat it. The risk brought by rapid
technology change is that Apple may fail to bring innovative products or the higher product
price with lower product differentiation as compared to its competitors, consequently, it will
suffer from customer loss and profit shrink, and these impacts are severe. Additionally, the
likelihood of the technology change risk is high since we are in a technology updating age.
Though the amount of risk is highly over its risk appetite, Apple can do little to prevent the
risk from happening, additionally, this risk is hard to be transferred into the insurance market,
so in response to it, Apple should take actions to reduce the likelihood of this risk. One of the
main methods to reduce this risk is to invest its research and development department to keep
pace with the instant technology update and bringing out the innovative products
continuously to attract customers, besides, Apple can cooperate with a professional law firm
to protect its intellectual products from infringing, thus, competitors will be discouraged to
emulate its product feature.
As for the logistical service risk part, taking the low likelihood and high impact into
consideration. we recommend Apple to transfer this risk by signing a contract with an
insurance company on the distribution conditions, thus, when components can’t be delivered
timely, the insurance company will pay for the loss. By transferring risks, Apple can reduce
the financial impact to a tolerable range.
Control Activities
Due to the complexity and scope of the business area that Apple develops, our
action plan will only give a brief description without detailed elaboration including
quantitative and qualitative demands and standards. Besides, the action plan is aiming
to specific risks which have been prioritized before in risk-assessment part. The action
plan is consisting of two parts: control activities and monitoring.
The success of ERM is highly dependent on the effectiveness and efficiency of Apple’s
information and communication, which is one of the COSO elements. Our purpose is to make
sure that all relevant information is identified, collected, and shared from both internal and
external sources. Also, necessary information should flow up, down, and across the
organization. Therefore, the ERM initiative goal in this phase is establishing and maintaining
both internal and external communication channels to support the Apple’s ERM project.
Information Requirement
According to COSO ERM, risk communication starts with identifying stakeholders. Once the
stakeholders have been identified, the nature, purpose, and methods of communication for
different stakeholders could be decided.
Management must consider Apple’s objectives and related risks to identify and gather
relevant information for managing risks. COSO notes that information must be:
· Appropriate and at the right level of detail;
· Timely;
· Current;
· Accurate and reliable;
· Accessible to those who need it.
Appendix 8 is the ERM policy that our team establish for Apple. The ERM program is based
on the COSO standard. The Chief Risk Officer (CRO) appointed by the Board of Directors
will lead the ERM Branch and promote the implementation of ERM program, and the ERM
Branch including Head of Department and key business unit leaders is responsible for
supporting the CRO (See Appendix 9). In addition, the Board will oversee all risk
management activities, and the CEO is essentially responsible for the ERM. Also, all
employees are responsible for supporting the information and communication flows in the
program.
Upward communication is also important, and employees must have a means of reporting
what is happening. Independent and anonymous reporting options, such as whistleblowing
system and hotlines, should be established and continually monitored by internal auditors.
Apple also should have two-way communications with external parties, such as customers,
suppliers, regulators, external auditors, and shareholders. Information exchanges can assist in
achieving objectives, improving internal controls and reduce risks. They could take the form
of hard copy documents, electronic format, or face-to-face meetings. For example, Apple
should collect and analyze information from customer feedback to manage product and
market risks. It is also helpful to give publicity to the progress of Apple’s ERM through
annual or quarterly reports, Website postings and press conference, so that we could increase
customers’ and shareholders’ confidence in Apple. Besides, the ERM branch and internal
auditors will perform periodic evaluation on the external communication to make sure that
we use the optimal method to exchange high-quality information timely.
Monitoring System
Monitoring procedures
Rapid technological changes
The only way for the company to cope with rapid technological changes is to keep pace with
the new technology and innovate its products. To ensure achievement of this object, the
company should assess its process in Research & Development. The company can first
develop a monitoring plan that list the goal and expectation, project scope and size, and
project budget. Based on the monitoring plan, the project manager should have ongoing
monitoring on status of the project and communicate with team members to ensure the
project is implemented on time and within budget and expectations. It is normal that new
situations appear during the project and the project manager should react quickly to
situations, discuss with team members about options to take, and take actions to complete the
project as expected.
In addition, internal auditors can review the company’s periodic report to determine whether
the capital allocated on Research & Development is properly used by R&D department and
determine whether related R&D expenses are recorded properly.
To reduce the inventory risk that inventory might be obsolete or might exceed anticipated
demand, the company should first use the inventory management software that
automatically keeps record of inventory comes in and out the company. The software also
shows the pace of inventory items moving through the company, and inventory manager
can analyze the trends based on data collected from the software and determine whether
the pace between moving in and moving out inventory is appropriate for the current
situation.
Moreover, the HR manager can evaluate current hiring procedures to identify any
deficiencies, and improve the procedures if necessary to hire more appropriate and
qualified employees.
Assess outsourcing partners’ compliance with local laws and regulations, list
compensation for the company in advance in contracts if they fail to comply with related
laws and regulations.
Appendix 8:
Purpose
Apple Inc. understands that its success is dependent upon the effective management of risk. Risk can
either be transferred to third parties, through insurance, contracts or hedge; it can be mitigated by
implementing internal risk management strategies; or it can be ignored. However, it is important to assess
risks at all levels of the organization in order to effectively identify and appropriately address them.
Risk management is everyone’s responsibility. Establishing the ERM Policy will guide employees in their
actions and decisions to the management of the Apple’s portfolio of risks. It will improve the
management of existing uncertainty and the approach to new opportunities, thereby helping Apple
achieve its vision and mission and to maximize utilization of Apple’s available resources.
The scope of the ERM Policy is enterprise wide and is applicable to the Board, Management and
employees of Apple Inc.
Apple Inc. has adopted an enterprise risk management (ERM) based on the COSO standard. An ERM
Branch including Head of Department as well as key business unit leaders will ensure the ERM efforts
are firmly embedded within Apple’s core business activities. The Chief Risk Officer (CRO) appointed by
the Board will lead the ERM Branch and take responsibility for heading the ERM activities.
Responsibilities
Board of Directors
• Overseeing the risk management activities of Apple.
• Knowing the extent to which management has established effective ERM in Apple.
• Being aware of and concurring with Apple’s risk appetite.
• Reviewing the organization’s portfolio view of risk and considering it against Apple’s risk
appetite.
• Being apprised of the most significant risks and whether management is responding appropriately.
Chief Executive Officer (CEO)
• Is the ultimate risk executive and is essentially responsible for ERM priorities, strategies,
tolerances and policies.
• Aligning business objectives with risk strategies, action plans and policies.
• Settling conflicts with regards to ERM strategies and action plans.
• Must ensure that a sufficient resource of the organization is allocated in pursuing ERM initiatives,
strategies and action plans.
• Reporting to the Board of Directors on a regular basis about ERM.
• Assisting management and the board by examining, evaluating, reporting on, and recommending
improvements to the adequacy and effectiveness of Apple’s ERM.
Risk Owners
• Has the responsibility for and ownership of the assigned risks and other risks under the same
functional area of responsibility.
• Identifying root causes of the significant risks, identifying and implementing relevant risk
mitigation activities, and reporting on risk monitoring and management on an ongoing basis with
the guidance and support of the ERM Branch.
• Overseeing the development of risk tolerances and risk management activities at the various
operational units; monitoring these activities and compliance with established risk tolerances; and
escalating any such instances where events could occur outside of risk tolerances to the CRO.
All Employees
• Risk management is everyone’s responsibility. All employees are responsible for supporting the
information and communication flows of ERM.
Board of Directors
(Audit Commi3ee)
CEO
CRO
ERM Branch
(Head of Department
and key business unit
leaders)
Yuyang Cai
Biying Zhuge
Zheng Yan
Hongfeng (Oliver) Guo
Jiaqi Li
Ziwei Zhu
Xiaochen Ma
Zixuan Wu
PART 1: CREATING A CLEAR & ENGAGING DIRECTION
Team Objectives and Goals
2. What are the specific objectives and goals for the team? That is, what outcomes or results do
you want to accomplish?
Establish and implement the ERM function for Apple beginning from 2011 to present day.
Simulate the process of planning, implementing and operating the ERM for Apple.
Predict the proposed future state and process after ERM functioning.
3. Who are the major stakeholders for the team? That is, who are the primary groups of people
outside your team that you must pay attention to, keep happy, influence, etc.?
a. Audiences: other classmates listening to our presentation.
b. The professor who evaluates our project
c. Apple investors and employees
4. What results are expected from the team by each of your major stakeholders? How will you
keep each of these stakeholders informed about what you’re doing?
a. Audience is willing to see some special features or attractive points which are different
from common cases. To achieve this objective, we will give out a presentation which
outstands from other groups. Besides, we will try to analyze the case in several
perspectives so that audiences will gain some unique information.
b. The professor would like to see a complete and competitive project report which has an
effective ERM. In addition, the professor wants to see our improvement in leadership
skills as well as communication skills. Therefore, we will submit our detailed project
plan and status report, and make an excellent presentation to show professor our
progress.
c. We will provide an comprehensive ERM project report to Apple’s investors and
employees.
5. How will you measure the success of your project? In other words, what tangible outcomes
would you cite to indicate that your team accomplished its goals?
The success of our project depends on whether we find out specific risks for Apple and the
way we assess these risks. Also, it depends on how the ERM is structured, and whether the
risks we found are successfully managed after the implementation of ERM. In addition, the
grades gained from the professor for both presentation and report, feedback collected from
other classmates after our presentation, and peer evaluation from each other will indicate the
performance of our team.
Page 2
PART 2: UNDERSTANDING & EFFECTIVELY USING MEMBERS’ STRENGTHS
Team Member What project-relevant knowledge What are the unique How can our team best utilize
and experience does this person strengths of this person (as this expertise and set of
Name possess? Who or what do they you know them so far)? strengths?
know that will help the team?
Yuyang Cai
She is familiar with the team She is familiar with She is responsible for
leading, which helps team collaborating with others leading the team through
achieve each milestone, and helping others. assigning different tasks,
resolve any conflicts within controlling project process,
the team,keep the group keeping every team member
project work under an updated, and controlling the
appropriate timeline, and deliverables quality.
ultimately present
competitive deliverables.
Biying Zhuge
She is skilled in business She is good at listening She is responsible for
writing and familiar with to alternative ideas and clarifying our group
ERM concepts. perspectives and objectives and integrating
integrating the the ideas of others at group
contributions of different meeting. Also, she will
team members. summarize our group's
discussions for each
meeting and make
conclusions in the report.
Zixuan Wu
She is good at strategic She is detail-oriented and She is responsible for
planning, business process skilled in problem defining group mission,
analysis and presentation. solving. She is good at completing part of analysis,
giving constructive and reviewing the integrity
suggestions and of the final report. In
integrating different addition, she will become
ideas. Also, she is a good the mediator of our team
mediator and tries to seek and deal with conflicts.
consensus.
Page 3
Ziwei Zhu
She is familiar with the She is good at analyzing She is responsible for
internal control framework information and collecting relevant
good at collecting considering issues from information and material.
information and research various perspectives. She Besides, she will help write
material from different is good at listening to the final report.
resources. others and sharing her
opinions with others.
Xiaochen Ma
She is familiar with risk She is adept at making She can help apply searched
assessment knowledge and is team members finishing information to the project,
good at searching project tasks on a timely manner. adjust task contents if
related information. She is good at properly needed, and write the report.
adjusting the tasks in
terms of team members’
constructive suggestions.
Jiaqi Li
She is good at analyzing and She is motivated to She will help set up a
identifying enterprise’s risks. shoulder her detailed time frame for the
In addition, she is good at responsibilities, and good team to finish the projects
sorting information and at communicating and step by step, and she will
resources. collaborating with other help write the final report.
teammates to work
toward the common goal.
Zheng Yan
She is good at risk She is good at She is responsible for
classification, which means communicating with finding risks in the project
she can find out the kind of group member and and finding how frame
risk in the project and find cooperating with each works with risks, and she
how the ERM frame can other. will also write the final
work with the risks. report with other team
members.
Page 4
Hongfeng
(Oliver) Guo He is good at problem solving He is good at providing His responsibility is to
and creating control activity, new ideas, identify each events to judge
which means he is able to set communicating and if those are opportunities or
up a new and efficient system collaborating with other risks. Beyond, how those
to monitor those activities to group members. He also opportunities or risks will
mitigate the possibilities of pays attention to every impact us to achieve
risks. details. objectives.
Page 5
PART 3: ESTABLISHING TEAM RESPONSIBILITIES, ROLES, & NORMS
Action Items and What roles & duties will be needed to complete this What expectations will the team hold for
item? Which members will have responsibility for the member(s) responsible for this item
Team Tasks these roles/tasks? or task?
(It’s best to assign members responsibility based on (Be specific & include measurable
unique strengths they bring to the team.) expectations such as time frames for
specified deliverables)
Internal Understand the general culture, values and Establish Risk management
Environment environment related to risk management philosophy, and risk appetite.
Apple operates. Assign board of directors to
oversight.
Zheng Yan will be responsible for this part.
Set business This item is the whole picture of the projects. Strategic, operations, reporting and
objectives and Identifying objectives will help the team find compliance objectives will be
identify drivers of out Apple’s exposed enterprise-wide risks and identified, and the drivers of
each objective. conduct further analysis. objectives and risk tolerance will
be determined.
Yuyang Cai will be responsible for this part. Due date: Sep 17, 2017
Event identification Identify events that either provide Five types of events should be
opportunities or pose risks to achieve given: a. economic events; b.
objectives. natural environment events; c.
political events; d. social events; e.
Hongfeng (Oliver) Guo will be responsible technical events.
for this part. Due date: Sep 24, 2017
Page 6
Conduct risk Risk assessment involves the recognition of Identify the risk universe and
assessment, and risks and the rating of them to determine the establish the risk priority.
identify priority significant risks facing the organization, Identify an appropriate risk model
risks. project or strategy. for Apple
Due date: Sep 19, 2017
Zixuan Wu will be responsible for this part.
Plan risk response. In this part, different response options are Select appropriate responses based
examined (accept, reduce, share, or avoid), on impact and likelihood levels of
cost-benefit analysis is performed, a response the risks (avoid, share, reduce,
strategy is formulated, and risk response plans accept)
are developed. Due date: Sep 23, 2017
Determine control The team should design control activities to Review control policies and
activities. achieve objectives and respond to risks. procedures. Classified the control
Control activities are performed at all levels activities into different categories
of the company and at various stages within and give suggestions of
business processes. They may be preventive improvement.
or detective. Due date: Sep 24, 2017
Information and This part requires establishing both internal Establish appropriate
communication and external communication channels to communication process that ensure
support Apple’s enterprise risk management. relevant, accurate, and timely
information be available to
Biying Zhuge will be responsible for this part. individuals at all levels.
Due date: Sep 26, 2017
Page 7
Give out status Everyone team member will be responsible Status report and presentation
report and for completing the status report before should be aligned with the
presentation. deadline and making the presentation. requirements of Group Project
Description.
Due date: Sep 27, 2017
Give out formal Every team member will contribute to the Formal report and final
report and final formal report and presentation. presentation should be finished in
presentation. a complete and well-organized
way.
Due date: Oct 10, 2017
Page 8
PART 4: TEAM NORMS
Meeting Norms – Expectations include when, where, and how often to have team meetings. What is expected of
members with regard to attendance, timeliness, and advance preparation? What is the desired balance between
work and fun during meeting times?
Meeting norms for team:
1. We will meet every Saturday/Sunday at McKeldin library. The meeting will be about 2 hours,
depending on the situation.
2. We will prepare for each meeting and come ready to engage.
3. We will begin and end our meetings on time and stay fully engaged throughout each meeting.
4. We will be patient when listening to others speak and do not interrupt them.
5. Everyone is responsible for helping to stay on topic. Speak up if you feel like we’re getting off
track.
Work Norms – Expectations involve firmness and explicitness of standards & deadlines, how equally effort &
work should be distributed, how & by whom work will be reviewed, and what consequences will result if members
do not follow through on their commitments.
Working norms for team:
1. Everyone is responsible for observing the norms and meeting the deadlines.
2. The leader will assign task to team members as fairly as possible, and will review the results.
3. If there are problems or concerns about the work arrangement, team members can talk to the
leader or mediator.
Leadership Norms – Expectations include whether a leader is desired and who that will be, if and how leadership
will be rotated or shared, responsibilities for leaders, and how to keep the leader from taking on too much
responsibility.
Leadership norms for team:
1. Yuyang Cai is our team leader and responsible for the successful completion of our project. She
will take responsibility for creating an inspiring team environment with an open communication
culture. She will also clarify the team goals, delegate tasks and set deadlines. In addition, she will
ensure smooth team operations and effective collaboration.
2. To keep the leader from taking on too much responsibility, Jiaqi Li will become our timekeeper
and will keep the group aware of time constraints and deadlines; the recorder, Biying Zhuge, will
take notes summarizing team discussions and keep all necessary records; the mediator, Zixuan
Wu, will deal with conflicts and help to reach consensus.
Communication Norms – Expectations center on when communication should take place (i.e., what issues
require full-team versus individual-members-only communication), who is responsible for initiating contact,
preferences for how often and through what media (phone, email, etc.) communication should occur as well as
procedures for raising difficult issues or negative feelings about the team or members (including how mid-term &
final team member evaluations will be handled).
Communication norms for team:
1. We will communicate by Wechat and email whenever we have questions. We can use the
“Discussion Group” in Wechat to conduct both full-team and individual-members-only
Page 9
communication.
2. The leader is primarily responsible for initiating contact, and everyone needs to actively participate
in discussion.
3. If members feel they cannot talk about issues or concerns during group discussion, they can talk to
the leader about their issues in private.
Consideration Norms – Expectations center on how much effort members will make to: express disagreements
tactfully or diplomatically, respect or incorporate minority viewpoints, avoid inflammatory language or
accusations, and share honest perspectives (even if these are unflattering). What procedures will be used to resolve
disagreements (e.g., majority rules, consensus, flip a coin)? They also include the extent to which members will
undertake positive efforts to congratulate each other and recognize each others’ accomplishments.
Consideration norms for team:
1. The leader will make sure all voices are heard, and the mediator will help to deal with conflicts.
2. Everyone should be willing to support a team consensus.
3. Everyone should present in a positive manner and treat members with respect.
4. Don't make threats or rude comments to members.
5. If there are any problems or concerns, talk to the leader before or after the meeting and separate
your own personal feelings from what’s best for the team.
6. Everyone will undertake positive efforts to congratulate each other and recognize each other’s
accomplishments.
Page 10
We have all participated in developing our team’s charter and agree to adhere to the principles in this
charter both individually and collectively.
Page 11
Appendix 11
ERM Development Timeline
Apple Corp
2011-2017
Year One
Phase Task # Task Description Deliverables Jul 2011 Aug 2011 Sep 2011 Oct 2011 Nov 2011 Dec 2011 Jan 2012 Feb 2012 Mar 2012 Apr 2012 May 2012 Jun 2012
Information Gathering and Planning
Identify risk assessment and/or risk management Risk Baseline info for organization
1
activities currently in practice/use
Identify an appropriate risk model for Apple Inc., Draft: Risk Model/Universe, ERM Plan, Risk Assessment Plan
2 develop ERM project plan, and define key deliverables
1
(include risk assessment plan)
Identify leadership for ERM process, and define ERM ERM organization chart
3
organization
Obtain Management and Board approval for risk model, Approved: Risk Universe, ERM Organization, ERM Plan, Risk Assessment Plan
4
ERM organization, and ERM and risk assessment plans
Risk Awareness and Assessment
Establish risk language and develop risk assessment Risk listing with definitions, and risk awareness and assessment training materials
1
documentation and training materials
Conduct risk assessment interviews with key members List of risks for risk assessment (with linkage to objective(s))
2 of management - Identify relevant risks for risk
assessment.
Hold risk awareness session(s) with Senior Management
3 and the Audit & Finance Committee of the Board
3 Follow-up open action items Status report and updated open action items.
Risk Monitoring Alerts and Monthly reports on observed performance/conditions versus defined Key Risk
Indicators (KRIs) and Key Performance Indicators (KPIs), with explanations for
4 significant changes to prior month, misses on budget, etc.
Legend:
B-1