9781119989974

Simple Tools and Techniques for Enterprise Risk Management

by
  • ISBN13:

    9781119989974

  • ISBN10:

    1119989973

  • Edition: 2nd
  • Format: Hardcover
  • Copyright: 12/30/2011
  • Publisher: Wiley
  • Purchase Benefits
  • Free Shipping On Orders Over $59!
    Your order must be $59 or more to qualify for free economy shipping. Bulk sales, PO's, Marketplace items, eBooks and apparel do not qualify for this offer.
  • Get Rewarded for Ordering Your Textbooks! Enroll Now
List Price: $135.00 Save up to $44.28
  • Buy New
    $90.72
    Add to Cart Free Shipping

    USUALLY SHIPS IN 3-4 BUSINESS DAYS

Supplemental Materials

What is included with this book?

  • The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.

Summary

The need to understand risks and opportunities is inescapable when striving to grow any business. Hence a business's ability to prosper in the face of risk is a prime indicator of its ability to compete. However the speed of change in markets, technology and communication combined with the diverse sources of risk, means that for risk management to be effective, it has to be methodical and broad in its approach. Additionally it has to be ingrained in the business psyche, the 'normal way of doing things'. Simple Tools and Techniques for Enterprise Risk Management, Second Edition builds from the bottom up to provide a readily understood methodical approach to risk management, while at the same time describing the diverse sources of risk, to encourage a broad approach. To convey the context of enterprise risk management, the book describes both internal and external sources of risk. The book is divided into five parts as described below, to aid the reader and provide ease of navigation. Part 1 describes the catalysts for and developments in corporate governance, internal control and risk management. Part 2 describes the risk management process being composed of six stages. The inputs, outputs, constraints and enablers of each stage are described to aid implementation. Part 3 describes what are termed management applications, those sources of risk that to a large extent are under the control of any individual business. Part 4 describes the external influences on a business which present sources of risk which in the main are beyond the control of any one business Part 5 examines the procurement of risk management services by a client together with the steps a consultant engages in, in terms of interviewing the client prior to an assignment and the preparation of a proposal, to secure a new commission. The book will be fully updated to reflect the changes in current practice, and feature new materials on new threats, lessons from the recent financial crisis, and how businesses need to protect themselves in terms of business interruption, security, project and reputational risk management. Information technology has the ability to truly revolutionise how a business operates but a total dependence on it means that if it fails, for many, business operations are brought to a standstill. Intellectual property and the products of research and development will determine future market share and growth. If this 'property' is not protected through appropriate security measures that anticipated market share and the profit associated with it will evaporate when it is lost. Businesses implement change through projects. Without managing the risk to that change can at the very least erode bottom line performance and in the most severe cases bring about the demise of a business. Project risk management is now a mature discipline and its implementation has been recently been supported by the implementation of ISO 31000. Project risk management needs to be both implemented in a systematic methodical way but more importantly embedded within an organisation so that it becomes part of its DNA. Reputations can take years to build but hours to destroy. Reputational management cannot be an ad hoc informal process but one that is mapped, implemented and controlled.

Author Biography

Robert Chapman is the Director of Risk Management in the Middle East for AECOM, a publicly traded company on the New York Stock Exchange, and listed on the Fortune 500 as one of America’s largest companies.   Prior to this he held the position of Director of Risk Management at a number of European companies and has provided risk management consultancy services in Holland, Ireland, South Africa, Qatar, England and the UAE to companies within the pharmaceutical, aviation, marine, rail, broadcast, heritage, health, education, manufacturing, water, sport, oil and gas, property development, construction and media sectors. He was made a Fellow of both the Institute of Risk Management (UK) and the Association for Project Management (UK) for his contribution to the development of the discipline of risk management. He has provided guidance to the Chartered Institute of Accountants in England and Wales in the form of a risk management handbook and was a co-author of Management of Risk: Guidance for Practitioners published by the Office of Government Commerce and Managing Business Risk published by Kogan Page. He has had articles on the subject of risk management published in three languages and has a PhD in risk management

Table of Contents

List of Figures xxvii

Preface to the Second Edition xxxi

Acknowledgements xxxv

About the Author xxxvii

PART I ENTERPRISE RISK MANAGEMENT IN CONTEXT 1

1 Introduction 3

1.1 Risk Diversity 4

1.2 Approach to Risk Management 5

1.3 Business Growth Through Risk Taking 5

1.4 Risk and Opportunity 6

1.5 The Role of the Board 7

1.6 Primary Business Objective (or Goal) 8

1.7 What is Enterprise Risk Management? 9

1.8 Benefits of Enterprise Risk Management 10

1.9 Structure 12

1.10 Summary 16

1.11 References 16

2 Developments in Corporate Governance in the UK 19

2.1 Investor Unrest 19

2.2 The Problem of Agency 20

2.3 The Cadbury Committee 21

2.4 The Greenbury Report 23

2.5 The Hampel Committee and the Combined Code of 1998 23

2.6 Smith Guidance on Audit Committees 23

2.7 Higgs 24

2.8 Tyson 24

2.9 Combined Code on Corporate Governance 2003 25

2.10 Companies Act 2006 26

2.11 Combined Code on Corporate Governance 2008 26

2.12 Sir David Walker’s Review of Corporate Governance, July 2009 (Consultation Paper) 27

2.13 Sir David Walker’s Review of Corporate Governance, November 2009 (Final Recommendation) 29

2.14 House of Commons Treasury Committee 2009 30

2.15 UK Corporate Governance Code, June 2010 32

2.16 The "Comply or Explain" Regime 34

2.17 Definition of Corporate Governance 34

2.18 Formation of Companies 35

2.19 The Financial Services Authority and Markets Act 2000 36

2.20 The London Stock Exchange 36

2.21 Summary 37

2.22 References 38

3 Developments in Corporate Governance in the US 41

3.1 Corporate Governance 41

3.2 The Securities and Exchange Commission 42

3.3 The Laws That Govern the Securities Industry 44

3.4 Catalysts for the Sarbanes-Oxley Act 2002 45

3.5 National Association of Corporate Directors 2008 55

3.6 Summary 56

3.7 References 57

4 The Global Financial Crisis of 2007–2009: A US Perspective 59

4.1 The Financial Crisis in Summary 59

4.2 How the Financial Crisis Unfolded 60

4.3 The United States Mortgage Finance Industry 61

4.4 Subprime Model of Mortgage Lending 61

4.5 Why this Crisis Warrants Close Scrutiny 68

4.6 Behaviours 70

4.7 Worldwide Deficiencies in Risk Management 76

4.8 Federal Reform 76

4.9 Systemic Risk 79

4.10 The Future of Risk Management 81

4.11 Summary 82

4.12 References 82

5 Developments in Corporate Governance in Australia and Canada 85

5.1 Australian Corporate Governance 85

5.2 Canada 90

5.3 Summary 94

5.4 References 94

6 Internal Control and Risk Management 97

6.1 The Composition of Internal Control 97

6.2 Risk as a Subset of Internal Control 98

6.3 Allocation of Responsibility 102

6.4 The Context of Internal Control and Risk Management 106

6.5 Internal Control and Risk Management 107

6.6 Embedding Internal Control and Risk Management 107

6.7 Summary 107

6.8 References 108

7 Developments in Risk Management in the UK Public Sector 109

7.1 Responsibility for Risk Management in Government 109

7.2 Risk Management Publications 112

7.3 Successful IT 113

7.4 Supporting Innovation 115

7.5 The Orange Book 116

7.6 Audit Commission 118

7.7 CIPFA/SOLACE Corporate Governance 120

7.8 M_o_R 2002 121

7.9 DEFRA 123

7.10 Strategy Unit Report 124

7.11 Risk and Value Management 125

7.12 The Green Book 126

7.13 CIPFA Guidance on Internal Control 127

7.14 Managing Risks to Improve Public Services 129

7.15 The Orange Book (Revised) 131

7.16 M_o_R 2007 132

7.17 Managing Risks in Government 132

7.18 Summary 134

7.19 References 136

PART II THE RISK MANAGEMENT PROCESS 137

8 Establishing the Context: Stage 1 141

8.1 Process 141

8.2 Process Goal and Subgoals 142

8.3 Process Definition 143

8.4 Process Inputs 143

8.5 Process Outputs 145

8.6 Process Controls (Constraints) 145

8.7 Process Mechanisms (Enablers) 146

8.8 Process Activities 149

8.9 Summary 156

8.10 References 156

9 Risk Identification: Stage 2 159

9.1 Process 159

9.2 Process Goal and Subgoals 159

9.3 Process Definition 160

9.4 Process Inputs 161

9.5 Process Outputs 162

9.6 Process Controls (Constraints) 162

9.7 Process Mechanisms (Enablers) 163

9.8 Process Activities 171

9.9 Summary 182

9.10 References 182

10 Risk Analysis: Stage 3 185

10.1 Process 185

10.2 Process Goal and Subgoals 186

10.3 Process Definition 186

10.4 Process Inputs 186

10.5 Process Outputs 188

10.6 Process Controls (Constraints) 188

10.7 Process Mechanisms (Enablers) 188

10.8 Process Activities 189

10.9 Summary 195

10.10 References 196

11 Risk Evaluation: Stage 4 197

11.1 Process 197

11.2 Process Goal and Subgoals 197

11.3 Process Definition 198

11.4 Process Inputs 198

11.5 Process Outputs 198

11.6 Process Controls (Constraints) 199

11.7 Process Mechanisms (Enablers) 200

11.8 Process Activities 215

11.9 Summary 221

11.10 References 222

12 Risk Treatment: Stage 5 223

12.1 Process 223

12.2 Process Goal and Subgoals 223

12.3 Process Definition 224

12.4 Process Inputs 224

12.5 Process Outputs 224

12.6 Process Controls (Constraints) 225

12.7 Process Mechanisms 225

12.8 Process Activities 226

12.9 Risk Appetite 226

12.10 Risk Response Strategies 228

12.11 Summary 230

12.12 References 231

13 Monitoring and Review: Stage 6 233

13.1 Process 233

13.2 Process Goal and Subgoals 234

13.3 Process Definition 234

13.4 Process Inputs 235

13.5 Process Outputs 235

13.6 Process Controls (Constraints) 235

13.7 Process Mechanisms 236

13.8 Process Activities 236

13.9 Summary 239

13.10 Reference 240

14 Communication and Consultation: Stage 7 241

14.1 Process 241

14.2 Process Goal and Subgoals 242

14.3 Process Definition 242

14.4 Process Inputs 243

14.5 Process Outputs 243

14.6 Process Controls (Constraints) 244

14.7 Process Mechanisms 244

14.8 Process Activities 244

14.9 Internal Communication 245

14.10 External Communication 245

14.11 Summary 245

14.12 Reference 246

PART III INTERNAL INFLUENCES – MICRO FACTORS 247

15 Financial Risk Management 249

15.1 Definition of Financial Risk 249

15.2 Scope of Financial Risk 250

15.3 Benefits of Financial Risk Management 250

15.4 Implementation of Financial Risk Management 251

15.5 Liquidity Risk 251

15.6 Credit Risk 253

15.7 Borrowing 259

15.8 Currency Risk 259

15.9 Funding Risk 260

15.10 Foreign Investment Risk 262

15.11 Derivatives 263

15.12 Summary 264

15.13 References 265

16 Operational Risk Management 267

16.1 Definition of Operational Risk 268

16.2 Scope of Operational Risk 269

16.3 Benefits of Operational Risk 270

16.4 Implementation of Operational Risk 270

16.5 Strategy 270

16.6 People 275

16.7 Processes and Systems 292

16.8 External Events 303

16.9 Outsourcing 305

16.10 Measurement 307

16.11 Mitigation 307

16.12 Summary 307

16.13 References 308

17 Technological Risk Management 309

17.1 Definition of Technology Risk 310

17.2 Scope of Technology Risk 310

17.3 Benefits of Technology Risk Management 311

17.4 Implementation of Technology Risk Management 311

17.5 Primary Technology Types 312

17.6 Responding to Technology Risk 324

17.7 Summary 330

17.8 References 331

18 Project Risk Management 333

18.1 Definition of Project Risk 334

18.2 Definition of Project Risk Management 334

18.3 Sources of Project Risk 335

18.4 Benefits of Project Risk Management 335

18.5 Embedding Project Risk Management 336

18.6 Project Risk Management Process 342

18.7 Responsibility for Project Risk Management 346

18.8 Project Director’s Role 347

18.9 Project Team 347

18.10 Optimism Bias 349

18.11 Software Tools Used to Support Project Risk Management 351

18.12 Techniques Used to Support Project Risk Management 352

18.13 Summary 352

18.14 References 354

19 Business Ethics Management 355

19.1 Definition of Business Ethics Risk 355

19.2 Scope of Business Ethics Risk 356

19.3 Benefits of Ethics Risk Management 357

19.4 How Unethical Behaviour can Arise 357

19.5 Recognition of the Need for Business Ethics 358

19.6 Factors that Affect Business Ethics 361

19.7 Risk Events 361

19.8 Implementation of Ethical Risk Management 365

19.9 Summary 374

19.10 References 374

20 Health and Safety Management 375

20.1 Definition of Health and Safety Risk 375

20.2 Scope of Health and Safety Risk 376

20.3 Benefits of Health and Safety Risk Management 376

20.4 The UK Health and Safety Executive 378

20.5 The European Agency for Safety and Health at Work 379

20.6 Implementation of Health and Safety Risk Management 380

20.7 Workplace Precautions 382

20.8 Contribution of Human Error to Major Disasters 382

20.9 Improving Human Reliability in the Workplace 388

20.10 Risk Management Best Practice 389

20.11 Summary 390

20.12 References 390

PART IV EXTERNAL INFLUENCES – MACRO FACTORS 391

21 Economic Risk 393

21.1 Definition of Economic Risk 393

21.2 Scope of Economic Risk 393

21.3 Benefits of Economic Risk Management 394

21.4 Implementation of Economic Risk Management 394

21.5 Microeconomics and Macroeconomics 394

21.6 Macroeconomics 395

21.7 Government Policy 397

21.8 Aggregate Demand 398

21.9 Aggregate Supply 401

21.10 Employment Levels 403

21.11 Inflation 403

21.12 Interest Rate Risk 404

21.13 House Prices 405

21.14 International Trade and Protection 405

21.15 Currency Risk 407

21.16 Summary 412

21.17 References 412

22 Environmental Risk 413

22.1 Definition of Environmental Risk 413

22.2 Scope of Environmental Risk 415

22.3 Benefits of Environmental Risk Management 415

22.4 Implementation of Environmental Risk Management 415

22.5 Energy Sources 416

22.6 Use of Resources 419

22.7 Pollution 420

22.8 Global Warming 420

22.9 Response to Global Warming 422

22.10 Stimulation to Environmental Considerations 429

22.11 Environmental Sustainability 431

22.12 Summary 432

22.13 References 433

23 Legal Risk 435

23.1 Definition of Legal Risk 435

23.2 Scope of Legal Risk 435

23.3 Benefits of Legal Risk Management 436

23.4 Implementation of Legal Risk Management 436

23.5 Business Law 437

23.6 Companies 438

23.7 Intellectual Property 441

23.8 Employment Law 447

23.9 Contracts 447

23.10 Criminal Liability in Business 448

23.11 Computer Misuse 451

23.12 Summary 452

24 Political Risk 453

24.1 Definition of Political Risk 454

24.2 Scope of Political Risk 454

24.3 Benefits of Political Risk Management 455

24.4 Implementation of Political Risk Management 455

24.5 Zonis and Wilkin Political Risk Framework 457

24.6 Contracts 459

24.7 Transition Economies of Europe 459

24.8 UK Government Fiscal Policy 460

24.9 Pressure Groups 461

24.10 Terrorism and Blackmail 461

24.11 Responding to Political Risk 462

24.12 Summary 464

24.13 References 465

25 Market Risk 467

25.1 Definition of Market Risk 467

25.2 Scope of Market Risk 468

25.3 Benefits of Market Risk Management 470

25.4 Implementation of Market Risk Management 470

25.5 Market Structure 470

25.6 Product Life Cycle Stage 475

25.7 Alternative Strategic Directions 476

25.8 Acquisition 482

25.9 Competition 483

25.10 Price Elasticity/Sensitivity 489

25.11 Distribution Strength 490

25.12 Market Risk Measurement: Value at Risk 490

25.13 Risk Response Planning 496

25.14 Summary 496

25.15 References 497

26 Social Risk 499

26.1 Definition of Social Risk 499

26.2 Scope of Social Risk 500

26.3 Benefits of Social Risk Management 500

26.4 Implementation of Social Risk Management 501

26.5 Education 501

26.6 Population Movements: Demographic Changes 502

26.7 Socio-Cultural Patterns and Trends 504

26.8 Crime 504

26.9 Lifestyles and Social Attitudes 505

26.10 Summary 510

26.11 References 511

PART V THE APPOINTMENT 513

27 Introduction 515

27.1 Change Process From the Client Perspective 515

27.2 Selection of Consultants 517

27.3 Summary 522

27.4 Reference 522

28 Interview with the Client 523

28.1 First Impressions/Contact 523

28.2 Client Focus 524

28.3 Unique Selling Point 524

28.4 Past Experiences 526

28.5 Client Interview 527

28.6 Assignment Methodology 528

28.7 Change Management 529

28.8 Sustainable Change 529

28.9 Summary 530

28.10 References 531

29 Proposal 533

29.1 Introduction 533

29.2 Proposal Preparation 533

29.3 Proposal Writing 534

29.4 Approach 535

29.5 Proposal 535

29.6 Client Responsibilities 538

29.7 Remuneration 539

29.8 Summary 539

29.9 References 539

30 Implementation 541

30.1 Written Statement of Project Implementation 541

30.2 Management 541

30.3 Customer Delight 548

30.4 Summary 548

30.5 References 548

Appendix 1: Successful IT: Modernising Government in Action 549

Appendix 2: Sources of Risk 553

Appendix 3: DEFRA Risk Management Strategy 557

Appendix 4: Risk: Improving Government’s Capability to Handle

Risk and Uncertainty 561

Appendix 5: Financial Ratios 567

Appendix 6: Risk Maturity Models 573

Appendix 7: SWOT Analysis 579

Appendix 8: PEST Analysis 583

Appendix 9: VRIO Analysis 587

Appendix 10: Value Chain Analysis 589

Appendix 11: Resource Audit 591

Appendix 12: Change Management 595

Appendix 13: Industry Breakpoints 599

Appendix 14: Probability 601

Appendix 15: Value at Risk 611

Appendix 16: Optimism Bias 613

Index 621

Rewards Program

Write a Review