Areas of Expertise

Effective ERM programs are a critical element in identifying, categorizing and prioritizing risks to an enterprise from both external and internal forces. An ERM review should not be a one-time effort, but an ongoing annual program that assesses the current internal and external risk environment of the enterprise.

An effective ERM program provides valuable insights to management on both tactical and strategic issues that need to be appropriately addressed for the enterprise to remain viable, sustainable and resilient. An ERM program should be a key element of the enterprise’s overall governance program.  Three variations of ERM assessments we conduct:

1.  Initial review for enterprises that do not have a current ERM program in place.

2.  Validation review for enterprises that have an established ERM program and want to ensure they have the appropriate focus in their existing ERM program.

3.  Recurring ERM assessments for enterprises that prefer to have a regular outside assessment conducted by experts. 

The establishment of a business risk intelligence program is one of the most important decisions executive management can make. It can help companies operationally, tactically and strategically deal with the things they know about their environment. It can also assist them in better understanding the things they know they don’t know about their environment.  But, more importantly, a well-constructed business risk intelligence program assists management in developing insights into the “unknown unknowns” in their environment and conditions, issues or new technologies from other environments that may have a sudden and dramatic impact on their specific business environment.

Mattice and Associates has extensive experience in designing, building and operating global business risk intelligence programs, as well as enhancing intelligence programs that may already exist within an enterprise, but are falling short of providing the necessary insights or adding the true value that these programs can produce. Enterprises cannot effectively function in today’s complex global marketplace without a dependable flow of solid, reliable, accurate and actionable intelligence.

The development and positioning of a brand is a vital element in establishing a product or company’s identity.  Counterfeiting and piracy dramatically impacts not only the perception of the value of the brand, but on the profitability of the product and company affiliated with the specific brand.

Global information systems & networks enhance the ability for bad actors to hack into a corporate network and steal sensitive data and trade secrets increases the odds that a product will be counterfeited or a song/movie/TV show will be pirated.  The evolution of high definition scanning and 3D printing makes the process of counterfeiting almost foolproof.

 Enterprises today must deploy new techniques and processes to prevent counterfeiting and piracy.  Companies who fail to effectively monitor the marketplace and take aggressive actions against counterfeiters and pirates risk losing their brand and associated trademarks. 

The process of creating an enterprises risk profile begins with a comprehensive collection of data from within the enterprise. This first set of data is then analyzed to help familiarize ourselves with the enterprise, the sector(s) in which it operates and its global footprint. 

The second phase of data collection involves more detailed collection both from sources within the enterprise as well as a broad range of sources outside the enterprise.  The risk profile development process will ultimately encompass data collection and analysis in the following key areas:

• Brand Risk 
• Channel & Market Risk Supply Chain & Logistics Risk
• Compliance Risk
• Financial Risk
• Geo-Political Risk
• Governance Risk
• Human Capital Risk
• Information Asset Risk
• Locality Risk
• Operational Risk
• Physical Risk
• Reputation Risk
• Resiliency/Business Continuity Risk
• Strategic Risk
• Technology Risk

If your function has been in place and operating for awhile now.  You begin to ask yourself:

- Is my team producing the results that they should?

- Are they working on the right things? 

- Are they properly organized for the tasks, functions and accountabilities for which they are responsible?

- Are there things the team should be doing that we are not doing? 

- Are there things the team is involved in that we should not be doing? 

- Is the function structured and organized properly to produce expected results?

- Are the team members in the right positions to maximize their contributions as well as satisfy their own goals and aspirations?

- Is there an appropriate and effective succession plan in place?

- Are we focused at developing individuals to be the best they can be and to meet the needs of the enterprise?

If you don’t have an organization in place to manage enterprise risks, intelligence, security, information asset/IP safeguards, brand protection, cyber, resiliency and/or aviation operations . . . What is “IT” that you need? What should “IT” look like?  How do you align “IT” with the core mission and needs of the various elements of the enterprise? Where in the enterprise should “IT” report?  Should the enterprise contract for support or build a proprietary capability?

Information assets are the lifeblood of an enterprise. Threats and resulting losses of an enterprise’s information assets are still primarily from trusted insiders. In today’s Internet of Things an enterprise’s information assets are put at additional levels of risk due to the expansive level of cyber-attacks from nation-states, rouge companies & individuals, organized crime factions, activists, hacktivists and extremists. 

The focus of these attacks are to either steal your information, deprive you of access to your information or disrupt/corrupt your network and the confidence you have in the accuracy and validity of the data it contains. The following can be handled as subsets of an overall Information Asset Protection (IAP) program development or may just as easily be approached as individual projects:

- Information Handling, Marking and Safeguarding Standards Assessment/Development

- Intellectual Property Safeguards Assessment/Development

- Intellectual Property Pipeline & Crown Jewel Assessments

- Cyber-Security Program Assessment/Development

- Insider Threat Prevention & Response Program Assessment/Development

- Security Awareness Program Assessment/Development

Governance and ethics programs go hand-in-hand.  An effective governance program ensures that an enterprise remains in compliance with laws, regulations and its own policies; ensures that senior management and the board exercises their fiduciary and duty-of-care responsibilities; and, ensures that the enterprise does its business in an ethical manner. Ethics programs have several important elements, including:

1.  Promulgating the ethics policy of the company; 

2.  Ensuring that all personnel are adequately trained on the policy; 

3.  Obtaining annual certifications of compliance with the ethical standards under which everyone in the enterprise is expected to operate, including employees, resident contractors and vendors; 

4.  Ensuring that inquiries are conducted into suspected or reported violations of the ethics policy; and

5.  Conducting root-cause analysis of ethics violations to strengthen the ethics policy and prevent reoccurrence. 

Conducting a review of how your function’s team members view their own performance, the importance of what they are working on, and the value they are adding is vital to the moral of the function. 

Just as important, the review will help to determine whether you see things the same or differently from your team. Some clients have also asked that we conduct an expanded Organizational Effectiveness & Efficiency Review to include the following areas: 

- Policy, Procedure & Process Maturity Model Review 

- Business Alignment & Gap Analysis Review

- Threat & Vulnerability Assessment

- Risk Mitigation Process Evaluation

- Travel Security & Executive Protection Program Review

- Physical Security & Security Systems Evaluation

- Business Continuity/Crisis Management/Resiliency Program

- Strategy Review & Development (Long-term & Short-term)

Mattice and Associates is a trusted resource to the c-suite, board of directors and other key executives on an operational, tactical and strategic basis. Having a trusted and highly experienced third-party available to act as a sounding board, to review plans and provide advice, or to conduct Red Team reviews is critical in today’s complex world of risks and threats. 

Mattice and Associates also provides support to newly appointed executives to assist them in transitioning into their new role, as well as to provide coaching and mentoring to key executives and their staffs.