Practical Enterprise Risk Management A Business Process Approach

The most practical and sensible way to implement ERM-while avoiding all of the classic mistakes

Emphasizing an enterprise risk management approach that utilizes actual business data to estimate the probability and impact of key risks in an organization, Practical Enterprise Risk Management: A Business Process Approach boils this topic down to make it accessible to both line managers and high level executives alike. The key lessons involve basing risk estimates and prevention techniques on known quantities rather than subjective estimates, which many popular ERM methodologies consist of.

• Shows readers how to look at real results and actual business processes to get to the root cause of key risks
• Explains how to manage risks based on an understanding of the problem rather than best guess estimates
• Emphasizes a focus on potential outcomes from existing processes, as well as a look at actual outcomes over time

Throughout, practical examples are included from various healthcare, manufacturing, and retail industries that demonstrate key concepts, implementation guidance to get started, as well as tables of risk indicators and metrics, physical structure diagrams, and graphs.

Gregory H. Duckert, CPA, CISA, CIA, CRISC, is?the CEO and Founder of Virtual Governance Institute, an organization specializing in consultation for major corporations regarding progressive audit/consulting methodologies, data centric enterprise risk assessment models, including financial, operational, regulatory and IT, and continuous audit/consulting platforms. He has developed extensive risk assessment metric inventories for evaluating risks in all organizational areas including operations, IT application systems, IT operations, regulatory and financial areas,?and is currently in the process of creating a Data Centric Risk Assessment and Management Model for a major corporation. He is also a Senior Consultant for MIS Training Institute and a lead instructor in their audit practice area on an independent contractor basis. He is conducting seminars or speaking at MIS events approximately 130 days a year.

Acknowledgments.

Chapter 1: Corporate Governance: A Gut Check.

The Great SOX Fallacy.

The Visionary Challenged Leading the More Visionary Challenged.

Going Back to the Future? How Not to Run IT.

Systemic Failure: Critical Shortcomings of Application Systems Implementation.

What Is GRC Anyway?

Are You Cubin'?

Chapter 2: What ERM Is and What It Is Not.

Don’t Be Mislead: What ERM Is Not.

Key Qualities of an Effective ERM.

Primary Components of Risk Assessment.

Need for a BRAIN (Business Risk Assessment Information Network).

Process of Creating a BRAIN.

Chapter 3: Understanding What the Business Is.

Defining the Business.

A Banking Example.

Answering the Key Question: What Is the Business?

Determining the Core Business Processes.

Setting the Structure: Creating a Physical Map.

A Medical Example: A Healthcare System.

Impact Analysis.

Chapter 4: Defining What True Business Risk Is.

It’s About the Outcome Stupid!

Risk Never Lives Alone.

Defining Baseline Categories of Business Risk.

Evaluating All of the Possibilities: The Risk Universe.

Using the Business Structure to Drive the Risks.

Distributed Risk Assessment and Management (DRAM).

Chapter 5: Objectively Defining Risk.

Defining Risk in the Context of the Business

Using the Business Defined Data Structure.

Why Use Data to Define Risk: The Three Attributes.

Data Centric ERM (DCERM).

Multi-Dimensional Risk Assessment.

Chapter 6: Building a Fluid/Dynamic Risk Model.

The Model and Why It Is Necessary.

Moving from Reactive to Proactive Risk Management.

OR Data and Why It Is Critical.

KRIs Not KPIs.

Options on How to Drive the Model.

Dashboard Indicators.

Key Early Warning Indicators.

Determining the Key Risk Indicators.

Universal Risk Indicators.

Financial, Operational, Regulatory, and Technological KRIs.

Chapter 7: Top-Down Risk Assessment: Evolving the Fluid ERM Environment-A Step By Step Approach.

Building ERM One Step at a Time.

Mapping the Physical Structure of the Enterprise.

Defining the Business Risks of the Enterprise: Utilizing Key Outcomes.

Developing KRIs for Assessing Risk for the Entire Enterprise.

Detailed Inventories of KRIs: When Greater Automation/Sophistication Is Achieved.

Building a Baseline Risk Register.

Embedding Risk Registers and Key Information in the Physical Mapping.

The Modular Approach.

Determining a Focused Outcome Group (FOG).

Net Risk versus Residual Risk.

Business Risk Analysis Techniques (BRATs).

Utilizing Logical Data Pathways to Focus on Root Cause and Resolve It.

Chapter 8 The Future Evolution of the Model.

ERM for the Twenty-First Century.

Systems Strategies.

Design Criteria and Specifications.

Designing Risk Centric Systems for Efficiency/Governance: Step by Step.

Dynamically Integrated Risk Evaluation (DIRE).

Triggers and MOMS.

Real Time Profiling.

Setting Standards for Future Evolution.

Chapter 9 Related Topics and Special Risk Situations.

Managing Risk/Auditing Real Time.

Monitoring Controls with Metrics.

Utilizing ERM to Reduce Audit Fees and Lower the Costs of Operation.

Mergers and Acquisitions: Let’s Buy Some More Risk.

Outsourcing: What You Don’t Know Could Kill Your Organization.

Debunking the Outsourcing Myths: The Ventoro Study.

Chapter 10 Maximizing Impact – Minimizing Exposure.

Who Owns the Risk Management Process?

Involving the Stakeholders: Creating a Critical Business Tool.

Extending the Impact: Making It a Company Essential.

Strategically Linking Key Risks and Key Controls: Creating a HOME.

Building the DREAM HOME: Automating Even Your SOX.

About the Author.

Index.

The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.

The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.