O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Practical Enterprise Risk Management

Book Description

Practical Enterprise Risk Management addresses the real need for organizations to take more managed risks in order to maximise business strategies and achieve long term goals. Based on ISO 31000 and applying current best practice, it provides templates and examples that can be adapted for any industry. Breaking down the theory on enterprise risk management, it helps you see risk as both an opportunity and a threat whilst giving you guidance on how to implement it. It provides models for Risk Adjusted Return on Capital to evaluate R.O.I and measure performance, advice on emergent risks, as well as best practice and advice on risk communication, transparency and protecting the brand.Including a comprehensive overview of risk management responsibilities for boards, Practical Enterprise Risk Management lifts the lid on the whole process, helping you to embed ERM into your organization, reach your goals and take more managed risks.

Table of Contents

  1. Foreword by Steve Fowler
  2. Foreword by Mrutyunjay Mahapatra
  3. Acknowledgements
  4. 01     Introduction
  5. Outline
  6. Business is about taking risk
  7. The difference between taking managed and unmanaged risks
  8. Benefits of well-managed enterprise risk management
  9. The myths about risk
  10. Capacity to take risk
  11. Questions for senior management and the board to ask
  12. Notes
  13. 02     About enterprise risk management
  14. Outline
  15. Risk management
  16. Implementing the programme for ERM
  17. ERM – the process
  18. Essential attributes of ERM for delivering value and capacity
  19. Top level leadership in ERM
  20. Identifying risk: types of risk, risk lists and taxonomies
  21. Evaluating and prioritizing risk
  22. Governance, risk and compliance
  23. Questions for senior management and the board to ask
  24. Notes
  25. 03     Risk as an opportunity/threat to objectives and value drivers
  26. Outline
  27. Risk – opportunities and threats
  28. Risk as uncertainty
  29. Threat and opportunity management
  30. Dealing with threat
  31. Dealing with opportunity
  32. Differentiating between objectives, strategic goals and value drivers
  33. Questions for senior management and the board to ask
  34. Notes
  35. 04     Implementing an ERM programme
  36. Outline
  37. Establish the foundation – the operating model for ERM
  38. Documentation for ERM
  39. Language, oversight and governance
  40. Building capabilities: assess and develop responses and capabilities
  41. Improving capabilities: monitoring and communication
  42. Questions for senior management and the board to ask
  43. 05     Risk attitude, risk propensity and risk appetite
  44. Outline
  45. Risk aversion versus risk hungry
  46. Applications of a risk appetite tool
  47. Risk capacity versus tolerance
  48. Developing risk appetite frameworks
  49. The risk of not taking a risk
  50. Risk appetite and value drivers
  51. Organization behind the setting of risk appetite
  52. Examples of risk appetite statements
  53. Questions for senior management and the board to ask
  54. Notes
  55. 06     ERM culture, blame, boundaries and elephants in the room
  56. Outline
  57. ERM cultures and the blame culture
  58. Using risk appetite as a tool to destroy the blame culture
  59. Managing risk
  60. The link between managed risk taking, mice, Maslow and Herzberg
  61. The elephant in the room and conduct risk
  62. In the public interest
  63. Questions for senior management and the board to ask
  64. Notes
  65. 07     Embedding and integrating ERM
  66. Outline
  67. What does embedding mean?
  68. Main aspects of embedding ERM
  69. A 16-step plan for embedding ERM
  70. The three lines of play
  71. Questions for senior management and the board to ask
  72. Notes
  73. 08     Maturity in enterprise risk management
  74. Outline
  75. How risk maturity enables managed risk taking
  76. Action plan for measuring and tracking performance
  77. Questions for senior management and the board to ask
  78. Notes
  79. 09     Resilience and sustainable habits
  80. Outline
  81. Business continuity management
  82. The role of senior management
  83. Corporate social responsibility
  84. Questions for senior management and the board to ask
  85. Notes
  86. 10     Learning and communication
  87. Outline
  88. The learning habit
  89. ERM information systems
  90. External communication
  91. Questions for senior management and the board to ask
  92. Notes
  93. 11     Conformance, performance, roles, responsibilities and regulations
  94. Outline
  95. Managing conformance versus performance
  96. The role of boards in ERM
  97. Governance for ERM
  98. The role of internal and external audit in ERM
  99. Compliance requirements for risk management: various countries and industries
  100. Questions for senior management and the board to ask
  101. Notes
  102. 12     Deliverables from quantitative ERM approaches
  103. Outline
  104. Measuring and valuing
  105. Models for valuing risk and capital
  106. Own risk and solvency assessments – a useful model
  107. Stress testing and reverse stress testing
  108. Risks that cannot be valued
  109. Questions for senior management and the board to ask
  110. Notes
  111. 13     Simple, elegant ERM tools for senior management
  112. Outline
  113. The triangle of risk – trigger, environment, strength or weakness
  114. Using cause and consequence analysis to transform risk approach
  115. Macro and micro risk management
  116. Questions for senior management and the board to ask
  117. Notes
  118. 14     ERM and performance management synergies
  119. Outline
  120. Risk management alignment within the organization
  121. Performance management
  122. Performance management methods
  123. Questions for senior management and the board to ask
  124. Notes
  125. 15     The key strategic questions for senior management and boards to ask themselves
  126. Outline
  127. Recognizing the risks of versus the risks to the strategic plan
  128. The key strategic questions
  129. Summary
  130. Appendix 1. Examples of corporate governance and ERM regulations
  131. Appendix 2. The main principles of the UK Code of Governance, October 2012
  132. Appendix 3. Summary COSO guidance
  133. Appendix 4. Case study: Applying a more granular mathematical model to a risk for a non-financial organization
  134. Appendix 5. Capital and risk considerations for US insurers, from NAIC ORSA Guidance
  135. Appendix 6. Sample terms of reference for a board risk committee
  136. Appendix 7. Example of roles of CRO and ERM team
  137. Further Reading
  138. Index