At the October 1st, 2010 ERM Roundtable Summit hosted by the ERM Initiative at NC State, Tony Heredia, Vice President of Corporate Risk and Responsibility for Target, Inc., provided an overview of ERM at Target, Inc. leading up to the fall of 2010. As a leading U.S. based retailer and ownership of the largest retailer credit card portfolio, Target, like its competitors, faces a variety of diverse risks on a daily basis.
The Rise of ERM at Target
Given the company’s overwhelming success, it is clear that Target has been effective at managing significant risk exposures over its history. However, given the challenges accompanying the economic crisis in 2008-2009 and continued calls for organizations of all sizes and industries to have more robust enterprise-wide risk oversight, Target management has continued to look for ways to increase the value of its risk oversight efforts and to strengthen its focus on risks related to its strategic areas of focus.
As part of the company’s expansion into new types of retail offerings, such as expanded grocery options and more urban stores, management found itself facing in the 2008-2010 timeframe somewhat new and different types of risk exposures that it wanted to track even more closely. Also, SEC regulation and external drivers, such as Standard & Poor’s evaluation of risk oversight practices, advocated the need for enterprise risk management incorporation. All of these factors lead to the even greater focus on ERM designed to provide strategic value for Target in the new economy.
Overview of ERM Program
With the realization that shareholders invest in organizations because they believe that management can add the most value through strategic planning and implementation, management focused its ERM efforts heavily on the integration of strategy execution and emerging risks likely to impact core strategies.
At that time, Target defined the following objectives, in simple language, for their ERM program, which was presented initially to the board.
1. Enhance Risk Awareness and Dialogue
2. Reduce Operational Surprises and Losses
3. Align Risk Appetite and Strategy
4. Anticipate and Manage Cross-Company Risks
One approach management took leading up to 2010 was to seek input across the management team that might strengthen the company’s understanding of important risk exposures. The ERM team used the input about potential risks to create what they viewed to be a list of the top 20 risks that they later whittled down through a variety of approaches, including executive committee dialogue, to ten top risks for Target.
From that, they categorized the 10 risks into either an inactive category representing risks already adequately addressed by existing processes or into an active category where a plan was needed to manage these risks. This distinction allowed Target to address the higher risks first. Furthermore, the ERM team wanted to see where management stood on these eight risks in order to decide where they needed to concentrate their ERM initiative initially.
More detailed input was sought about the top ten risks from the executive team. The organization’s top 10 executives provided detailed risk analysis of the top ten risks. The executive team then ranked the risks on their level of importance and answered the following two questions for each risk:
- How important do you think this risk is for the future of Target?
- What is your level of discomfort with current controls, strategy, and management approach to the risk?
Target’s ERM program has evolved over its short existence and continues to change from what was presented in 2010 as the management team identifies more effective techniques to strengthen its risk oversight. So, what is described herein represents a point-in-time snapshot of Target’s approach to risk oversight as it existed in October 2010.
Advice for Others Re: ERM
Tony Heredia summed up his presentation by reflecting on the ERM process and his experience with ERM at Target. He highlighted the following key points:
- Make sure your ERM program fits with your culture. You may need to adapt your program accordingly.
- Get people to value ERM when building your ERM program. Use simple, non-intimidating terms and tactics when approaching people.
- Ensure ERM alliance with strategic areas to look not only for risks, but also opportunities.
- Align with other risk areas of the organization to tell a synthesized risk story.
- Ensure alliance with strategic growth areas of the organization to be forward thinking about not only risk, but also opportunity.