Agenda
What is the organization all about? Data Collection & Analysis Identified risks Recommendations for the organization Lessons learned
Systems Installation and maintenance compan Privately held serving NY since 1981 CEO John R. Urciuoli President William P Dibble Jr Office locations: Syracuse and Binghamton
Systems include Access Control Systems, Emergency Alert Systems, Time Management, Parking, Security/ Fire Alarms and Public Address Systems About 100+ Clients Major clients are from Healthcare, Government, Education and Commercial Sector
Organization Structure
CEO Vice President
President
Warehouse Manager
Accounts Manager
IT Manager
IT Manager
Technicians
Technicians
2.
3.
Why?
Knowledgeable sources Received Overview of company risk management procedures and policies
Content Analysis
Data Assessment
Risk Culture
Factors which led to current Risk Culture Vendor discontinuations
Risks are identified in an ad-hoc manner and managed Risks are identified and managed primarily by CEO and President
Contingency Planning
Business plan for restoring IT infrastructure Data Backup Plan A Offsite Backup Snapshots of database by Servers- Every 15 minutes Data Backup Plan B Physical Backup Backup tapes moved to Binghamton Office Generators for power failures Emergency response teams for Natural disasters Periodic evacuation drills twice a year
Types of Risks
Technological
Risk
Server Overloading
Data Security
Compliance
Risk
Government Regulations
Credit
Risk Risk
Customer Defaults
Personnel
Temporary Employees
Load Balancing for Server Ensure Data Security by providing restricted access Conduct regular training seminars and workshops Formulate Back up and recovery plan for Inventory Management
procedure
Conduct
Regular meetings to identify emerging issues a team for Vendor Evaluation credit checks on the Customers
Formulate Regular
Automate
Conduct regular training sessions for employees regarding policies & procedures
Regular employee feedbacks & reviews Develop Content Management System for Internal Website Hiring Agreement for Temporary Employees
General Recommendations
Generate regular risk impact reports and ensure its distribution Receptive to Technology upgrades
Ensure smooth communication flow in the company hierarchy
Lessons Learnt
Standardization of the business operations, certifications, licensing & permits are very crucial for SSI Inclusion of business managers & front-line employees in the ERM process. Risk management is an iterative process rather than an one time comprehensive strategy Client feedback is also an important factor in ERM Significance of Employee training in ERM
References
Class notes
Report on the policies and procedures like Preventive Maintenance Agreement (Syracuse Time & Alarm Co., Inc. - Inter-office Memo)
Reports on Incentive policies and plans (Product Sales Lead Policy) http://www.syrtime.com/ http://www.syrtime.com/images/Newsletter-archive/ http://www.syrtime.com/index.php/solutions/ http://www.nicet.org/certificants/information.cfm/ Interview with William P Dibble Jr(President) Interview with Sean Kunai (Warehouse Manager)