Enterprise Risk Management A Common Framework for the Entire Organization Philip E. J. Green ELSEVIER AMSTERDAM. BOSTON. HEIDELBERG. LONDON NEW YORK OXFORD. PARIS. SAN DIEGO SAN FRANCISCO. SINGAPORE. SYDNEY. TOKYO Butterworth-Heinemann is an imprint of Elsevier
Contents Author Biographies xiii 1. Introduction to Risk Management Principles 1 Philip E. J. Green What is Risk? 2 Risk Context 4 Risk Assessment 4 Risk Treatment 7 Risk Monitoring and Review 9 Reasoning about Probability, Uncertainty, and Likelihood 9 Structure of this Book 12 Notes 12 Part I Physical Risk Management 2. Environmental Risk 17 John Roberts and Frank Frantisak Environmental Risks the Social Dimension 17 Environmental Risk the Legal Dimension 19 Types of Environmental Risks 20 Identifying Environmental Risks 22 Environmental Risk Management: The Noranda Model and Beyond 25 Approvals for Large Industrial Projects: The Environmental Risks 27 Who Does What? 28 Notes 30 vii
viii Contents 3. Health and Safety Risk Management: Perspective of a Petroleum Refinery Manager 33 Gaston Lafontaine Effects of Health and Safety on Organization 33 Safety Culture 36 Risk Assessment Cornerstone of the Program 39 RiskTreatment 43 Risk Monitoring and Review 44 Current Trends in Health and Safety Risk Management 45 Notes 46 4. Project Risk Management 47 Mike Fontaine Background 48 Types of Risks in Proj ects 49 Managing Risks during the Project Life Cycle 52 Managing the Risk of Being Late and Exceeding Budget 56 5. Operational Risk: Building a Resilient Organization 59 Steve Osselton and EmilyHeuts Operational Risk Context 60 AlignmentAroundRiskCommunication 63 The Elements of Operational Risk Resilience 66 Operational Risk Resilience Model 72 Note 73 6. Supply Chain Risk Management 75 Nick Wildgoose Supply Chain Risk Management for the Business Line Manager 75 Risk Assessment 78 Risk Monitoring and Review 83
Contents ix Emerging Risks in Supply Chains 83 The Benefits of Improving Supply Chain Risk Management 86 Notes 87 Part II Intangible Risk 7. Cybersecu rity 91 Kevvie Fowler Cyber Risk Management Overview 91 Risk Assessment 94 Risk Treatment 102 Risk Monitoring and Review 106 Notes 108 8. Brand Risk 109 Jonathan Copulsky and Chuck Saia Why Brands Matter 110 The Importance of Trust 110 Who Owns Brand Risk Management? 111 The High-Speed Landscape of Brand Risk 112 How Counterinsurgency Theory May Help Us Manage Brand Risk 113 Key Takeaways 122 Notes 122 9. Human Capital Risk: The Threat from Inside 125 Mitch Albinski Nasty Events Can Happen: Source of Human Capital Risk 126 Managing Human Capital Risk 130 Conclusion: An Integrated Approach to Managing Malicious Human Capital Risks 136
x Contents Notes 136 Further Reading 137 Part III Financial Risk Management 10. An Aggregated Approach to Risk Analysis: Risk Portfolios 141 Steven Miller The Challenges of the Traditional "Siloed" Approach to Risk Analysis 141 The Beneflts of an Aggregated (Risk Portfolio) Approach to Risk Analysis 143 Operationalizing a Risk Portfolio 145 Risks Associated with Implementing a Risk Portfolio 147 Making a Decision to Implement a Risk Portfolio 147 Notes 148 11. Managing Common Financial Risks 151 Sibt-ul-Hasnain Kazmi Types of Financial Risk 151 Financial Risk Mitigation Strategies 154 Notes 159 12. The Role of Insurance in Enterprise Risk Management 161 Greg Niehaus Risk and Value 162 The Supply of Insurance 165 Demand for Insurance by Public Companies 167 Interaction between Mitigation and Insurance 171 Summary Questions to Ask 172 Notes 172
Contents xi Part IV Global and Strategie Risk 13. Risk Culture 177 Oliver Davidson, Patricia Mackenzie, Mike Wilkinson, and Ron Burke Risk Culture and Organizational Culture 178 Risk Culture in Financial Services 179 Safety Culture 182 Measuring Risk Culture 183 Managing Risk Culture 186 Rewards and Performance Management 186 Incentives Create Rather than Control Risk 188 Risk Identification 188 RiskAnalysis 189 Risk Prioritization 189 Actions to Treat Incentive Risk 190 Conclusions 192 Notes 193 14. The Role of the Board of Directors in Risk Management 195 Peter Whyntie Directors Govern, Managers Manage 195 Providing Leadership and Affecting Risk Culture 197 Structuring Boards to Govern Risk Management 199 The Information on Which Boards Rely 202 Demands on Directors from Stakeholders and Litigation 203 Conclusion 204 Notes 205
xii Contents 15. Political Risk 207 Elizabeth Stephens The Arab Spring 208 Identifying Sources of Political Risk 209 Political Risk Assessment 212 Mitigating Political Risk 214 Notes 217 16. Strategie Risk: The Risks "of" and "to" a Strategy: The Gase of Blockbuster and the Need for Strategie Flexibility 219 Michael E. Raynor Tradeoffs and the Risks o/a Strategy 221 Innovation and the Risks to a Strategy 223 Assessing Strategie Risks 225 Strategy, Innovation, and Flexibility 229 Notes 230 Index 231