NOTICE: Proprietary and Confidential

This material is proprietary to EDGAR Online. It contains trade secrets and confidential information which is solely the property of EDGAR Online. This material shall not be used, reproduced, copied, disclosed,

transmitted, in whole or in part, without the express consent of EDGAR Online. The material shall also not be used to reverse engineer EDGAR Online’s systems or processes.

© 2012 EDGAR Online, Inc. All rights reserved.

EDGAR Online The Risk-Management Curve:

What Is the Best Approach to Staying Ahead?

David PriceCOO and CFO

January 30, 2012

Confidential – Do Not Distribute

It is NOT:• A lengthy single document that gets reviewed,

updated and then re-filed annually• Only something the Board should worry about• The sole responsibility of the CFO to oversee• A process focused on eliminating the negative

Effectively dealing with uncertainty and associated risk and opportunity, enhancing the

capacity to build value

2

What is Enterprise Risk Management (“ERM”)?

Confidential – Do Not Distribute

• Aligning risk appetite and strategy• Enhancing risk response decisions• Reducing operational surprises• Identifying and managing multiple and cross

enterprise risks• Seizing opportunities• Improving deployment of capital

3

The core elements of ERM

Confidential – Do Not Distribute

• Internal environment• Objective setting• Event identification• Risk assessment• Risk response• Control activities• Information and communication•Monitoring

4

The role of the CFO in ERM

CFO ParticipationHMMHMHHH

Confidential – Do Not Distribute

The CFO is the• primary owner of data • “Measurer”• “Predictor”• “Modeler”

5

The CFO role is participation; not 100% ownership

The CFO needs• Access to data and information• In the right format• Reliably• Quickly

Confidential – Do Not Distribute 6

ERM as a component of a company’s Governance, Risk and Compliance (“GRC”) framework

Organizations leveraging GRC processes desire to establish a regulatory or internal framework for satisfying governance

requirements, evaluate risk across their enterprise and track how the organization complies with the established

governance requirements. GRC processes typically fall within one of four key domains: IT, operations, finance and

legal.

7Confidential – Do Not Distribute

Where GRC activity resides in organizations today

44%

19%

20%

17%

ITFinanceOperationsLegal

8Confidential – Do Not Distribute

• Lack of resources• Lack of cooperation or collaboration• Complexity of existing technologies• Lack of clear leadership• Inability to set priorities

Top 5 barriers to effective GRC

9Confidential – Do Not Distribute

• Sarbanes Oxley• The banking industry meltdown• The desire for more real time data

Increased intensity and focus on GRC

Shareholders, customers, employees and all other stakeholders are demanding that companies address

the GRC issue head on – and deliver solutions

10Confidential – Do Not Distribute

• A pronounced emphasis on continual improvement in risk management• Comprehensive, fully defined and fully accepted

accountability• All decision making explicitly addresses risk and

risk management• Continual communication• Risk management is considered central to all

management processes

Attributes of Excellence in GRC

Confidential – Do Not Distribute

Addressing GRC in the Enterprise

MONITOR

ACT

ANALYZE

ANALYZE• Supply Chain Data• Emerging Industry

Trends• Internal Audit

Process• External Risk

Factors

MONITOR• Competitive

Landscape• Corp.

Governance Factors

• Institutional Ownership

• Adherence to Compliance Requirements

ACT• Create Flexible Internal Reports• Author & Publish Disclosures• Implement more effective internal controls• Comply with Exchange Listing Mandates

12Confidential – Do Not Distribute

The GRC magic quadrant

Source: Gartner magic quadrant for GRC July 2011

13Confidential – Do Not Distribute

• International technology standard for transmitting and consuming data• An electronic tag based system to describe and

identify different financial line items• In the US, an SEC mandate requires all public

companies to file in XBRL

XBRL – A new reporting standard and data source

XBRL provides instant access to accurate data

Which Airliner is most impacted by fuel costs?Which Airliner is most impacted by fuel costs?

Tax Rates: Effective vs Statutory

Pension Asset Returns: Unrealistic Expectations?

Confidential – Do Not Distribute

SEC XBRL Filings Market Evolution

2011 – 0%2015 – 30%

SEC Regulatory XBRL Disclosure Market

Filing Agent Outsource

Disclosure Management

Software

Financial Management

/ ERP Systems

Full Service(BPO)

Self Service(Software)

Assisted Self Service(SaaS)

2011 – 90%2015 – 30%

2011 – 10%2015 – 40%

NOTICE: Proprietary and Confidential

This material is proprietary to EDGAR Online. It contains trade secrets and confidential information which is solely the property of EDGAR Online. This material shall not be used, reproduced, copied, disclosed,

transmitted, in whole or in part, without the express consent of EDGAR Online. The material shall also not be used to reverse engineer EDGAR Online’s systems or processes.

© 2012 EDGAR Online, Inc. All rights reserved.

EDGAR Online The Risk-Management Curve:

What Is the Best Approach to Staying Ahead?

David PriceCOO and CFO

January 30, 2012