Fundamentals of Risk Management Understanding, evaluating and implementing effective risk management



Similar documents
A structured approach to Enterprise Risk Management (ERM) and the requirements of ISO 31000

IRM CERTIFICATE AND DIPLOMA OUTLINE SYLLABUS

International Diploma in Risk Management Syllabus

Accreditation Application Forms

APPENDIX 50. Enterprise risk management - Risk management overview

Business Continuity Trends, Requirements and Expectations in Brian Zawada (MBCP) Director of Consulting Services Avalution Consulting

ENTERPRISE RISK MANAGEMENT POLICY

ENTERPRISE RISK MANAGEMENT FRAMEWORK

Board of Directors Meeting 12/04/2010. Operational Risk Management Charter

Successfully identifying, assessing and managing risks for stakeholders

Saldanha Bay Municipality. Risk Management Strategy. Inclusive of, framework, procedures and methodology

University of Windsor Board of Governors. That the Board of Governors approve of the Enterprise Risk Management Framework.

The New International Standard on the Practice of Risk Management A Comparison of ISO 31000:2009 and the COSO ERM Framework

Subject ST9 Enterprise Risk Management Syllabus

The College of New Jersey Enterprise Risk Management and Higher Education For Discussion Purposes Only January 2012

A Risk Management Standard

Guidance Note: Corporate Governance - Board of Directors. March Ce document est aussi disponible en français.

Risk Assessment & Enterprise Risk Management

Enterprise Risk Management: Concepts & Issues

RISK MANAGEMENT FRAMEWORK. 2 RESPONSIBLE PERSON: Sarah Price, Chief Officer

Enterprise Risk Management

Risk Based Internal Auditing & Enterprise Risk

The Institute of Risk Management. International Diploma in Risk Management Building excellence in risk management

CIMA'S Official Learning System

THE SOUTH AFRICAN HERITAGE RESOURCES AGENCY ENTERPRISE RISK MANAGEMENT FRAMEWORK

ERM Program. Enterprise Risk Management Guideline

Governance and Risk Management in the Public Sector. Fernando A. Fernandez Inter-American Development Bank (202)

Risk Management & Business Continuity Manual

RISK BASED AUDITING: A VALUE ADD PROPOSITION. Participant Guide

Linking Risk Management to Business Strategy, Processes, Operations and Reporting

IT Governance. What is it and how to audit it. 21 April 2009

Matthew E. Breecher Breecher & Company PC November 12, 2008

Enterprise Risk Management Framework Strengthening our commitment to risk management

Transforming risk management into a competitive advantage kpmg.com

Enterprise Risk Management: Taking the First Steps

Enterprise Risk Management

APPLICATION OF KING III CORPORATE GOVERNANCE PRINCIPLES 2014

ISO and Risk Management

Enterprise Risk Management

APPLICATION OF THE KING III REPORT ON CORPORATE GOVERNANCE PRINCIPLES

Version: 3.0. Effective From: 19/06/2014

Enterprise-Wide Risk Assessment

ENTERPRISE RISK MANAGEMENT POLICY

Guiding Principles for Implementing Enterprise Risk Management (ERM)

Confident in our Future, Risk Management Policy Statement and Strategy

Policy and Procedure Statement

RISK MANAGEMENT OVERVIEW 2011 RISK CONFERENCE SPONSORED BY THE FEDERAL RESERVE BANK OF CHICAGO AND DEPAUL UNIVERSITY

CRISC Glossary. Scope Note: Risk: Can also refer to the verification of the correctness of a piece of data

AfDB New Procurement Policy: Training Program for the Bank s Procurement Staff. Risk-based design of Procurement Arrangements - Introduction

CFE 2. Enterprise Risk Management. Study Guide - Supplemental Background Material

IFAD Policy on Enterprise Risk Management

CSR / Sustainability Governance and Management Assessment By Coro Strandberg Principal, Strandberg Consulting

Victorian Government Risk Management Framework. March 2015

A CobiT Case Study. Drawing on CobiT for the implementation of an Enterprise Risk Management Framework. December 2008

Governance, Risk and Compliance Charter

LEVEL 5. Advanced Diploma in Purchasing and Supply. Senior Assessor s Report. July Risk Management and Supply Chain Vulnerability L5-02

Accenture Risk Management. Industry Report. Life Sciences

Risk Management The International Standard

Enterprise Risk Management Handbook. June, 2010

IIA POSITION PAPER: THE ROLE OF INTERNAL AUDITING IN ENTERPRISE-WIDE RISK MANAGEMENT

(Instructor-led; 3 Days)

STANDARD. Risk Assessment. Supply Chain Risk Management: A Compilation of Best Practices

NHS ISLE OF WIGHT CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY POLICY

Policy : Enterprise Risk Management Policy

RISK AND OPPORTUNITY MANAGEMENT STRATEGY

Business Continuity Policy and Business Continuity Management System

May Wilfrid Laurier University Enterprise Risk Management Draft Final Report

Operational Risk Management - The Next Frontier The Risk Management Association (RMA)

Enterprise Risk Management & Information Technology

Tying It All Together: Practical ERM Integration. Richard Scanlon Vice President Enterprise Risk Management CIGNA Corporation

Risk Management Policy and Process Guide

Risk Management Policy

POL ENTERPRISE RISK MANAGEMENT SC51. Executive Services Department BUSINESS UNIT: Executive Support Services SERVICE UNIT:

The PNC Financial Services Group, Inc. Business Continuity Program

Risk Management Policy Adopted by:

How To Use Risk It

POLICY. Number: Title: Enterprise Risk Management. Authorization

San Francisco International Airport Enterprise Risk Management

Quality Manual ISO 9001:2015 Quality Management System

FFIEC Cybersecurity Assessment Tool

MEMORANDUM. Date: October 28, Federally Regulated Financial Institutions. Subject: Cyber Security Self-Assessment Guidance

Risk assessment. made simple

STANDARDS OF SOUND BUSINESS AND FINANCIAL PRACTICES. ENTERPRISE RISK MANAGEMENT Framework

ENTERPRISE RISK MANAGEMENT FRAMEWORK

What we are seeing is sustained growth and increasing interest by corporates in adopting and enhancing a captive strategy.

Business Continuity Management Policy

Implementing an Integrated City-wide Risk Management Framework

THE ROLE OF FINANCE AND ACCOUNTING IN ENTERPRISE RISK MANAGEMENT

Integrated Risk Management:

How to Develop Successful Enterprise Risk and Vendor Management Programs

Practice Guide COORDINATING RISK MANAGEMENT AND ASSURANCE

Get More Out of Your Risk Assessment. Austin Chapter of the IIA

Developing an Effective Enterprise Risk Management Program

RISK MANAGEMENT STRATEGY

Integration of Risk Management and Internal Audit. Chartered Institute of Management Accountants, New Zealand

Transcription:

SECOND EDITION Fundamentals of Risk Management Understanding, evaluating and implementing effective risk management Paul Hopkin KoganPage LONDON PHILADELPHIA NEW DELHI

CONTENTS List of figures xiv List of tables xvi Preface xviii Acknowledgements Introduction 1 PART ONE Introduction to risk management n Learning outcomes for Part One 11 Part One Further reading 12 01 Approaches to defining risk 13 Definitions of risk 13 Types of risks 15 Risk description 16 Inherent level of risk 17 Risk classification systems 18 Risk likelihood and magnitude 19 02 Impact of risk on organizations 21 Level of risk 21 Impact of hazard risks 22 Attachment of risks 22 Risk and reward 25 Risk and uncertainty 27 Attitudes to risk 27 03 Types of risks 29 Timescale of risk impact 29 Hazard, control and opportunity risks 30 Hazard tolerance 33 Mitigation of hazard risks 34 Management of uncertainties 35 Embracing opportunities 35

04 Development of risk management Origins of risk management 37 Changes in the marketplace 39 Insurance origins of risk management 42 Specialist areas of risk management 42 Enterprise risk management 44 Levels of risk management sophistication 45 Bow-tie representation of risk management 47 37 05 Principles and aims of risk management 49 Principles of risk management 49 Importance of risk management 50 Risk management activities 52 Efficient, effective and efficacious 53 Implementing risk management 54 Achieving benefits 55 06 Risk management standards 57 Scope of risk management standards 57 Risk management process 60 Risk management framework 60 COSOERMcube 62 Features of RM standards 62 Alternative approaches 65 Generali Group: Risk factors 68 Rio Tinto: Managing risk effectively 69 PART TWO Risk strategy 71 Learning outcomes for Part Two 71 Part Two Further reading 71 07 Risk management framework 73 Risk architecture, strategy and protocols 73 Risk management manual 76 Risk management architecture 78 Risk management strategy 79 Risk management protocols 80 Establishing the context 81

08 Risk management documentation 84 Risk management documentation 84 Risk response and improvement plans 86 Event reports and recommendations 87 Risk performance and certification reports 88 i) Designing a risk register 88 Using a risk register 89 09 Risk management responsibilities 96 Allocation of responsibilities 96 Range of responsibilities 97 Statutory responsibilities of management 99 Role of the risk manager 101 Risk architecture 103 Risk committees 106 10 Risk-aware culture 109 Styles of risk management 109 Defining risk culture 110 Measuring risk culture 112 Risk culture and risk strategy 113 Alignment of activities 114 Risk maturity 114 11 Risk training and communication us Consistent response to risk 118 Risk training and risk culture 119 Risk information and communication 120 Shared risk vocabulary 122 Risk information on an intranet 122 Risk management information systems (RMIS) 123 12 Risk practitioner competencies 126 Competency frameworks 126 Range of skills 128 Communication skills 128 Relationship skills 132 Analytical skills 133 Management skills 134

Invensys: Responsibilities and actions 135 Coventry Building Society: Governance and oversight 136 PART THREE Risk assessment 137 Learning outcomes for Part Three 137 Part Three Further reading 138 13 Risk assessment considerations 139 Importance of risk assessment 139 Approaches to risk assessment 140 Risk assessment techniques 141 Risk matrix 143 Risk perception 145 Risk appetite 147 14 Risk classification systems 151 Short, medium and long-term risks 151 Nature of risk classification systems 152 Examples of risk classification systems 154 FIRM risk scorecard 155 PESTLE risk classification system 156 Hazard, control and opportunity risks 158 15 Risk likelihood and impact i6i Application of a risk matrix 161 Inherent and current level of risk 162 Control confidence 164 4Ts of risk response 165 Risk significance 166 Risk capacity 167 16 Loss control 170 Risk likelihood 170 Risk magnitude 171 Hazard risks 172 Loss prevention 174 Damage limitation 175 Cost containment 175

17 Defining the upside of risk 177 Upside of risk 177 Opportunity assessment 180 Riskiness index 180 Upside in strategy 184 Upside in projects 185 Upside in operations 186 18 Business continuity planning 187 Importance of business continuity planning and disaster recovery planning 187 Business continuity standards 189 Successful business continuity planning and disaster recovery planning 192 Business impact analysis (BIA) 194 Business continuity planning and enterprise risk management 195 Civil emergencies 195 BG Group: Principal risks and uncertainties 196 IHG: Managing risk in hotels 197 PART FOUR Risk response 199 Learning outcomes for Part Four 199 Part Four Further reading 199 19 Enterprise risk management 201 Enterprise-wide approach 201 Definitions of ERM 203 ERM in practice 204 ERM and business continuity 205 ERM in energy and finance 206 Future development of ERM 207 20 Importance of risk appetite 209 Risk capacity 209 Risk exposure 210 Nature of risk appetite 213 Risk appetite statements 217 Risk management and uncertainty 220 Risk appetite and lifestyle decisions 222

21 Tolerate, treat, transfer and terminate 224 The 4Ts of hazard response 224 Tolerate risk 226 Treat risk 228 Transfer risk 229 Terminate risk 230 Project and strategic risk response 231 22 Risk control techniques 235 Hazard risk zones 235 Types of controls 236 Preventive controls 240 Corrective controls 241 Directive controls 241 Detective controls 242 23 Control of selected hazard risks 244 Cost of risk controls 244 Control of financial risks 247 Control of infrastructure risks 249 Control of reputational risks 253 Control of marketplace risks 255 Learning from controls 256 24 Insurance and risk transfer 260 Importance of insurance 260 History of insurance 261 Types of insurance cover 262 Evaluation of insurance needs 264 Purchase of insurance 264 Captive insurance companies 267 Nationwide: Risk management and control 269 Rank Group: Governance framework 270

PART FIVE Risk and organizations 271 Learning outcomes for Part Five 271 Part Five Further reading 272 25 Corporate governance model 273 Corporate governance 273 OECD principles of corporate governance 274 LSE corporate governance framework 275 Corporate governance for a bank 277 Corporate governance for a government agency 278 Evaluation of board performance 281 26 Stakeholder expectations 284 Range of stakeholders 284 Stakeholder dialogue 286 Stakeholders and core processes 287 Stakeholders and strategy 288 Stakeholders and tactics 290 Stakeholders and operations 290 27 Analysis of the business model 292 Simplified business models 292 Core business processes 295 Efficacious strategy 296 Effective processes 296 Efficient operations 297 Reporting performance 298 28 Project risk management 300 Introduction to project risk management 300 Development of project risk management 301 Uncertainty in projects 302 Project lifecycle 304 Opportunity in projects 307 Project risk analysis and management 308

29 Operational risk management 310 Operational risk 310 Definition of operational risk 311 Basel II 313 Measurement of operational risk 314 Difficulties of measurement 316 Developments in operational risk 317 30 Supply chain management 320 Importance of the supply chain 320 Scope of the supply chain 321 Strategic partnerships 323 Joint ventures 323 Outsourcing of operations 324 Risk and contracts 326 BBC: Corporate governance framework 328 Sainsbury: RM and internal controls 329 PART six Risk assurance and reporting 331 Learning outcomes for Part Six 331 Part Six Further reading 332 31 Evaluation of the control environment 333 Nature of internal control 333 Purpose of internal control 334 Control environment 335 Features of the control environment 337 CoCo framework of internal control 339 Risk-aware culture 341 32 Activities of the internal audit function 342 Scope of internal audit 342 Financial assertions 344 Risk management and internal audit 344 Risk management outputs 348 Role of internal audit 348 Management responsibilities 350

33 Risk assurance techniques 352 Audit committees 352 Role of risk management 355 Risk assurance 355 Undertaking an internal audit 357 Control risk self-assessment 359 Benefits of risk assurance 360 34 Reporting on risk management 361 Risk documentation 361 Sarbanes-Oxley Act of 2002 362 Risk reports by US companies 363 Charities' risk reporting 365 Public sector risk reporting 366 Government report on national security 367 35 Importance of corporate reputation 370 Reputation and corporate governance 370 CSR and risk management 371 CSR and reputational risk 372 Supply chain and ethical trading 373 CSR reporting 375 Importance of reputation 376 36 Future of risk management 379 Review of benefits of risk management 379 Steps to successful risk management 380 Changing face of risk management 383 Emerging risks 384 Emerging trends in risk management 386 Future developments 387 John Lewis: Corporate social responsibility (CSR) 389 Man Group: Risk and control reporting 390 Appendix A: Abbreviations and acronyms 391 Appendix B: Glossary of terms 394 Appendix C: Implementation guide 404 Index 407

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information