Enterprise Risk Management

1
Enterprise Risk Management David Whatley March
24, 2006
2
Enterprise Risk Management by Many Other Names is
Still Enterprise Risk Management
3
Enterprise Risk Management (ERM)

• Risk Identification and Evaluation Built Into All
  Business Processes
• Assimilation of Results of Risk Management in
  Each Business
• Assure Risk Management Process is Executed
• Risk Tolerance Levels Are Appropriate and Uniform
• Determine Consolidated Risk of Enterprise
• Measure vs. Level Approved by Board of Directors

4
Enterprise Risk Management Structure

• Board of Directors Overview Process/Sets Risk
  Level
• Chief Executive Officer Chief Risk Officer
• Senior Leadership Team Risk Committee
• Business Processes Include Risk Assessments and
  Consideration of Risk in Decisions or are Risk
  Based

5
Enterprise Risk Management
The ERM Components
6
ERM Components
ERM at The Home Depot (not all inclusive)
Activity Deliverable
ERM Components
THD Activities

• Internal Environment

• Tone at the Top
• Sarbanes-Oxley/404

• Corporate Governance
• Entity Level Assessment

• Objective Setting

• Strategic Vision
• Strategic Initiatives

• Board of Directors (BOD)
• SOAR

• Event Identification

• Liability Risk Analysis
• SOAR

• Insurance Levels
• Strategic Initiatives

• Risk Assessment

• SOAR
• Internal Audit

• Strategic Initiatives
• Internal Audit Plan

• Risk Response

• Strategic Initiatives
• Internal Audit Plan
• Insurance Levels

• SOAR
• Internal Audit
• Liability Risk Analysis

• Attestation of Fin. Reporting effectiveness
• SOPs
• Standard Reconciliation Process

• Control Activities

• Sarbanes-Oxley/404
• Corporate Compliance

• Information Communication

• Strategic Initiative Issue Resolution
• Management Report Outs

• Quarterly Executive Council (QEC)
• Weekly Presidents Call

• Monitoring

• SOAR
• Quarterly Executive Council

• Strategic Initiatives
• Strategic Initiative Issue Resolution

7
The Home Depots Risk Areas

• EVP Merchandising/Marketing

8
Home Depot Compliance Program
The Home Depot Compliance Program is based upon
the three-fold approach of (1) prevent, (2)
detect and (3) respond to potential issues.
Taken together, these three components form a
closed-loop cycle that reinforces compliant
conduct throughout the Company.
9
Compliance Structure

• A Compliance Policy is maintained for each
  identified risk area of the Companys business.
• Compliance Processes are developed under each
  Compliance Policy that establish mechanisms for
  Company conduct.
• Training educates and informs targeted associates
  about the Companys Compliance Policies related
  SOPs.
• Standard Operating Procedures (SOPs)

10
Compliance Reviews

• Quarterly Reviews Select policies or functional
  areas are reviewed quarterly
• Annual Compliance Reviews Week-long
  enterprise-wide policy and functional area review
  with all Divisions, Subsidiaries and
  International Businesses

11
Compliance Review Components
Risk Factor Assessment
Laws Update

• Progress Monitoring Dashboard
• Use of Traffic Lights

Other Updates
Incident Update

• Government Investigations
• Training Proposals
• Budget/Resource Allocations

• Major incidents and the divisions in which they
  occur are reported, along with the investigation
  details and resolutions

12
Risk-Based Compliance Monitoring
S A M P L E
Risk Management Traffic Lights provide an
efficient way of quickly determining the
Companys individual risk status.
13
Compliance Monitoring
S A M P L E
Process Improvements Any processes and/or
procedures being developed and implemented to
improve current operations and mitigate risks.
14
SOAR Based on Strategy
Enhance Core
Extend Business
Expand Market

• Customer Satisfaction
• Differentiated and Innovative Merchandise at
  Great Value
• Store Readiness
• Information Technology
• Leadership Development

• Home Depot Supply
• MRO
• Builder
• Professional Supply
• Canada
• Mexico
• China

• New Stores
• New Formats
• Home Depot Services
• Home Depot Direct

New Locations New Service Categories New Channels
Voice of Customer Conversion Store Productivity
New Businesses New Platforms New Geographies
Align SOAR with Strategic Vision
MRO Maintenance, Repair and Operations
15
SOAR 2005
Strategic Planning Entities
FUNCTIONS / OPERATING PLANS
DEPARTMENTS
OTHER BUSINESSES

• AHS
• HD Supply/ ITB PRO / Tool Rental
• Canada
• Direct /eBusiness
• Operations / Stores(Supply Chain)
• IT
• Credit

21 22 23 24 59 25 26 27E 27L 28 29 3
0 Store Formats

• Marketing / Store Merchandising
• Human Resources
• Legal
• Finance
• Real Estate / Construction
• Merchandising / Divisions(late November to lock
  plan)

Functional Reviews on an exception basis
Operating Review 2 days in December
7 days in August
16
Proposed SOAR Calendar
Strategic Planning
Operating Plan
March
October
November
December
August
September
April
May
June
July
February
Key Meetings Events
SOAR IIOperating Reviews
06 Planlocked
DivisionalReviews
SOAR IDecisions
ProgressReview
SOAR IStrategy Reviews
ProgressReview
Off-site to finalize plans
SOAR current year Initiative update
Set strategicguidance/ Metrics ELT Game Changers
Capital GA Decisions
Process
Teams designated
Strategic Planning
SOAR IKick-off
Final PlansDue
Targets guidance set for teams
Space Planning Prework
Inter-departmentalreviews
Executive Team SOAR Activity
SOAR IIKick-off
Merchandising Divisional working sessions
17
Q A David Whatley 404-217-5720 kwhatley_at_bellsou
th.net