Simple Tools and Techniques for Enterprise Risk Management Book

List of Figures xxvii

Preface to the Second Edition xxxi

Acknowledgements xxxv

About the Author xxxvii

PART I ENTERPRISE RISK MANAGEMENT IN CONTEXT 1

1 Introduction 3

1.1 Risk Diversity 4

1.2 Approach to Risk Management 5

1.3 Business Growth Through Risk Taking 5

1.4 Risk and Opportunity 6

1.5 The Role of the Board 7

1.6 Primary Business Objective (or Goal) 8

1.7 What is Enterprise Risk Management? 9

1.8 Benefits of Enterprise Risk Management 10

1.9 Structure 12

1.10 Summary 16

1.11 References 16

2 Developments in Corporate Governance in the UK 19

2.1 Investor Unrest 19

2.2 The Problem of Agency 20

2.3 The Cadbury Committee 21

2.4 The Greenbury Report 23

2.5 The Hampel Committee and the Combined Code of 1998 23

2.6 Smith Guidance on Audit Committees 23

2.7 Higgs 24

2.8 Tyson 24

2.9 Combined Code on Corporate Governance 2003 25

2.10 Companies Act 2006 26

2.11 Combined Code on Corporate Governance 2008 26

2.12 Sir David Walker’s Review of Corporate Governance, July 2009 (Consultation Paper) 27

2.13 Sir David Walker’s Review of Corporate Governance, November 2009 (Final Recommendation) 29

2.14 House of Commons Treasury Committee 2009 30

2.15 UK Corporate Governance Code, June 2010 32

2.16 The "Comply or Explain" Regime 34

2.17 Definition of Corporate Governance 34

2.18 Formation of Companies 35

2.19 The Financial Services Authority and Markets Act 2000 36

2.20 The London Stock Exchange 36

2.21 Summary 37

2.22 References 38

3 Developments in Corporate Governance in the US 41

3.1 Corporate Governance 41

3.2 The Securities and Exchange Commission 42

3.3 The Laws That Govern the Securities Industry 44

3.4 Catalysts for the Sarbanes-Oxley Act 2002 45

3.5 National Association of Corporate Directors 2008 55

3.6 Summary 56

3.7 References 57

4 The Global Financial Crisis of 2007–2009: A US Perspective 59

4.1 The Financial Crisis in Summary 59

4.2 How the Financial Crisis Unfolded 60

4.3 The United States Mortgage Finance Industry 61

4.4 Subprime Model of Mortgage Lending 61

4.5 Why this Crisis Warrants Close Scrutiny 68

4.6 Behaviours 70

4.7 Worldwide Deficiencies in Risk Management 76

4.8 Federal Reform 76

4.9 Systemic Risk 79

4.10 The Future of Risk Management 81

4.11 Summary 82

4.12 References 82

5 Developments in Corporate Governance in Australia and Canada 85

5.1 Australian Corporate Governance 85

5.2 Canada 90

5.3 Summary 94

5.4 References 94

6 Internal Control and Risk Management 97

6.1 The Composition of Internal Control 97

6.2 Risk as a Subset of Internal Control 98

6.3 Allocation of Responsibility 102

6.4 The Context of Internal Control and Risk Management 106

6.5 Internal Control and Risk Management 107

6.6 Embedding Internal Control and Risk Management 107

6.7 Summary 107

6.8 References 108

7 Developments in Risk Management in the UK Public Sector 109

7.1 Responsibility for Risk Management in Government 109

7.2 Risk Management Publications 112

7.3 Successful IT 113

7.4 Supporting Innovation 115

7.5 The Orange Book 116

7.6 Audit Commission 118

7.7 CIPFA/SOLACE Corporate Governance 120

7.8 M_o_R 2002 121

7.9 DEFRA 123

7.10 Strategy Unit Report 124

7.11 Risk and Value Management 125

7.12 The Green Book 126

7.13 CIPFA Guidance on Internal Control 127

7.14 Managing Risks to Improve Public Services 129

7.15 The Orange Book (Revised) 131

7.16 M_o_R 2007 132

7.17 Managing Risks in Government 132

7.18 Summary 134

7.19 References 136

PART II THE RISK MANAGEMENT PROCESS 137

8 Establishing the Context: Stage 1 141

8.1 Process 141

8.2 Process Goal and Subgoals 142

8.3 Process Definition 143

8.4 Process Inputs 143

8.5 Process Outputs 145

8.6 Process Controls (Constraints) 145

8.7 Process Mechanisms (Enablers) 146

8.8 Process Activities 149

8.9 Summary 156

8.10 References 156

9 Risk Identification: Stage 2 159

9.1 Process 159

9.2 Process Goal and Subgoals 159

9.3 Process Definition 160

9.4 Process Inputs 161

9.5 Process Outputs 162

9.6 Process Controls (Constraints) 162

9.7 Process Mechanisms (Enablers) 163

9.8 Process Activities 171

9.9 Summary 182

9.10 References 182

10 Risk Analysis: Stage 3 185

10.1 Process 185

10.2 Process Goal and Subgoals 186

10.3 Process Definition 186

10.4 Process Inputs 186

10.5 Process Outputs 188

10.6 Process Controls (Constraints) 188

10.7 Process Mechanisms (Enablers) 188

10.8 Process Activities 189

10.9 Summary 195

10.10 References 196

11 Risk Evaluation: Stage 4 197

11.1 Process 197

11.2 Process Goal and Subgoals 197

11.3 Process Definition 198

11.4 Process Inputs 198

11.5 Process Outputs 198

11.6 Process Controls (Constraints) 199

11.7 Process Mechanisms (Enablers) 200

11.8 Process Activities 215

11.9 Summary 221

11.10 References 222

12 Risk Treatment: Stage 5 223

12.1 Process 223

12.2 Process Goal and Subgoals 223

12.3 Process Definition 224

12.4 Process Inputs 224

12.5 Process Outputs 224

12.6 Process Controls (Constraints) 225

12.7 Process Mechanisms 225

12.8 Process Activities 226

12.9 Risk Appetite 226

12.10 Risk Response Strategies 228

12.11 Summary 230

12.12 References 231

13 Monitoring and Review: Stage 6 233

13.1 Process 233

13.2 Process Goal and Subgoals 234

13.3 Process Definition 234

13.4 Process Inputs 235

13.5 Process Outputs 235

13.6 Process Controls (Constraints) 235

13.7 Process Mechanisms 236

13.8 Process Activities 236

13.9 Summary 239

13.10 Reference 240

14 Communication and Consultation: Stage 7 241

14.1 Process 241

14.2 Process Goal and Subgoals 242

14.3 Process Definition 242

14.4 Process Inputs 243

14.5 Process Outputs 243

14.6 Process Controls (Constraints) 244

14.7 Process Mechanisms 244

14.8 Process Activities 244

14.9 Internal Communication 245

14.10 External Communication 245

14.11 Summary 245

14.12 Reference 246

PART III INTERNAL INFLUENCES – MICRO FACTORS 247

15 Financial Risk Management 249

15.1 Definition of Financial Risk 249

15.2 Scope of Financial Risk 250

15.3 Benefits of Financial Risk Management 250

15.4 Implementation of Financial Risk Management 251

15.5 Liquidity Risk 251

15.6 Credit Risk 253

15.7 Borrowing 259

15.8 Currency Risk 259

15.9 Funding Risk 260

15.10 Foreign Investment Risk 262

15.11 Derivatives 263

15.12 Summary 264

15.13 References 265

16 Operational Risk Management 267

16.1 Definition of Operational Risk 268

16.2 Scope of Operational Risk 269

16.3 Benefits of Operational Risk 270

16.4 Implementation of Operational Risk 270

16.5 Strategy 270

16.6 People 275

16.7 Processes and Systems 292

16.8 External Events 303

16.9 Outsourcing 305

16.10 Measurement 307

16.11 Mitigation 307

16.12 Summary 307

16.13 References 308

17 Technological Risk Management 309

17.1 Definition of Technology Risk 310

17.2 Scope of Technology Risk 310

17.3 Benefits of Technology Risk Management 311

17.4 Implementation of Technology Risk Management 311

17.5 Primary Technology Types 312

17.6 Responding to Technology Risk 324

17.7 Summary 330

17.8 References 331

18 Project Risk Management 333

18.1 Definition of Project Risk 334

18.2 Definition of Project Risk Management 334

18.3 Sources of Project Risk 335

18.4 Benefits of Project Risk Management 335

18.5 Embedding Project Risk Management 336

18.6 Project Risk Management Process 342

18.7 Responsibility for Project Risk Management 346

18.8 Project Director’s Role 347

18.9 Project Team 347

18.10 Optimism Bias 349

18.11 Software Tools Used to Support Project Risk Management 351

18.12 Techniques Used to Support Project Risk Management 352

18.13 Summary 352

18.14 References 354

19 Business Ethics Management 355

19.1 Definition of Business Ethics Risk 355

19.2 Scope of Business Ethics Risk 356

19.3 Benefits of Ethics Risk Management 357

19.4 How Unethical Behaviour can Arise 357

19.5 Recognition of the Need for Business Ethics 358

19.6 Factors that Affect Business Ethics 361

19.7 Risk Events 361

19.8 Implementation of Ethical Risk Management 365

19.9 Summary 374

19.10 References 374

20 Health and Safety Management 375

20.1 Definition of Health and Safety Risk 375

20.2 Scope of Health and Safety Risk 376

20.3 Benefits of Health and Safety Risk Management 376

20.4 The UK Health and Safety Executive 378

20.5 The European Agency for Safety and Health at Work 379

20.6 Implementation of Health and Safety Risk Management 380

20.7 Workplace Precautions 382

20.8 Contribution of Human Error to Major Disasters 382

20.9 Improving Human Reliability in the Workplace 388

20.10 Risk Management Best Practice 389

20.11 Summary 390

20.12 References 390

PART IV EXTERNAL INFLUENCES – MACRO FACTORS 391

21 Economic Risk 393

21.1 Definition of Economic Risk 393

21.2 Scope of Economic Risk 393

21.3 Benefits of Economic Risk Management 394

21.4 Implementation of Economic Risk Management 394

21.5 Microeconomics and Macroeconomics 394

21.6 Macroeconomics 395

21.7 Government Policy 397

21.8 Aggregate Demand 398

21.9 Aggregate Supply 401

21.10 Employment Levels 403

21.11 Inflation 403

21.12 Interest Rate Risk 404

21.13 House Prices 405

21.14 International Trade and Protection 405

21.15 Currency Risk 407

21.16 Summary 412

21.17 References 412

22 Environmental Risk 413

22.1 Definition of Environmental Risk 413

22.2 Scope of Environmental Risk 415

22.3 Benefits of Environmental Risk Management 415

22.4 Implementation of Environmental Risk Management 415

22.5 Energy Sources 416

22.6 Use of Resources 419

22.7 Pollution 420

22.8 Global Warming 420

22.9 Response to Global Warming 422

22.10 Stimulation to Environmental Considerations 429

22.11 Environmental Sustainability 431

22.12 Summary 432

22.13 References 433

23 Legal Risk 435

23.1 Definition of Legal Risk 435

23.2 Scope of Legal Risk 435

23.3 Benefits of Legal Risk Management 436

23.4 Implementation of Legal Risk Management 436

23.5 Business Law 437

23.6 Companies 438

23.7 Intellectual Property 441

23.8 Employment Law 447

23.9 Contracts 447

23.10 Criminal Liability in Business 448

23.11 Computer Misuse 451

23.12 Summary 452

24 Political Risk 453

24.1 Definition of Political Risk 454

24.2 Scope of Political Risk 454

24.3 Benefits of Political Risk Management 455

24.4 Implementation of Political Risk Management 455

24.5 Zonis and Wilkin Political Risk Framework 457

24.6 Contracts 459

24.7 Transition Economies of Europe 459

24.8 UK Government Fiscal Policy 460

24.9 Pressure Groups 461

24.10 Terrorism and Blackmail 461

24.11 Responding to Political Risk 462

24.12 Summary 464

24.13 References 465

25 Market Risk 467

25.1 Definition of Market Risk 467

25.2 Scope of Market Risk 468

25.3 Benefits of Market Risk Management 470

25.4 Implementation of Market Risk Management 470

25.5 Market Structure 470

25.6 Product Life Cycle Stage 475

25.7 Alternative Strategic Directions 476

25.8 Acquisition 482

25.9 Competition 483

25.10 Price Elasticity/Sensitivity 489

25.11 Distribution Strength 490

25.12 Market Risk Measurement: Value at Risk 490

25.13 Risk Response Planning 496

25.14 Summary 496

25.15 References 497

26 Social Risk 499

26.1 Definition of Social Risk 499

26.2 Scope of Social Risk 500

26.3 Benefits of Social Risk Management 500

26.4 Implementation of Social Risk Management 501

26.5 Education 501

26.6 Population Movements: Demographic Changes 502

26.7 Socio-Cultural Patterns and Trends 504

26.8 Crime 504

26.9 Lifestyles and Social Attitudes 505

26.10 Summary 510

26.11 References 511

PART V THE APPOINTMENT 513

27 Introduction 515

27.1 Change Process From the Client Perspective 515

27.2 Selection of Consultants 517

27.3 Summary 522

27.4 Reference 522

28 Interview with the Client 523

28.1 First Impressions/Contact 523

28.2 Client Focus 524

28.3 Unique Selling Point 524

28.4 Past Experiences 526

28.5 Client Interview 527

28.6 Assignment Methodology 528

28.7 Change Management 529

28.8 Sustainable Change 529

28.9 Summary 530

28.10 References 531

29 Proposal 533

29.1 Introduction 533

29.2 Proposal Preparation 533

29.3 Proposal Writing 534

29.4 Approach 535

29.5 Proposal 535

29.6 Client Responsibilities 538

29.7 Remuneration 539

29.8 Summary 539

29.9 References 539

30 Implementation 541

30.1 Written Statement of Project Implementation 541

30.2 Management 541

30.3 Customer Delight 548

30.4 Summary 548

30.5 References 548

Appendix 1: Successful IT: Modernising Government in Action 549

Appendix 2: Sources of Risk 553

Appendix 3: DEFRA Risk Management Strategy 557

Appendix 4: Risk: Improving Government’s Capability to Handle

Risk and Uncertainty 561

Appendix 5: Financial Ratios 567

Appendix 6: Risk Maturity Models 573

Appendix 7: SWOT Analysis 579

Appendix 8: PEST Analysis 583

Appendix 9: VRIO Analysis 587

Appendix 10: Value Chain Analysis 589

Appendix 11: Resource Audit 591

Appendix 12: Change Management 595

Appendix 13: Industry Breakpoints 599

Appendix 14: Probability 601

Appendix 15: Value at Risk 611

Appendix 16: Optimism Bias 613

Index 621