Introduction xi
Chapter 1 Introduction to Enterprise Risk Management 1
Who This Book Is for 1
Success Requires Commitment to Risk Management 2
Risk Management Defi ned 3
Stewardship and Risk Management 3
Cost and Risk Management 4
The Cost of Success 5
The Cost of Failure 5
Summary of Risk Management–Watching for the Potholes 6
Your Action Plan 6
Chapter 2 The WHAT of Risk Management 7
What Risk Management Is 7
The Born (Entrepreneur) Incident 7
What Risk Management Is Not 8
Risk Taking Versus Risk Management 8
Risk Taking Is Necessary for Survival 9
Risk Management Is Necessary for Success and Growth 9
What Risk Is 11
Risk Can Be Seen from Two Views 11
Risk Can Be Unpredictable 12
Your Personal Risk Appetite 12
Risk Management Tool One–Personal Risk Spectrum 12
What a Risk Management Programme Is 14
You Already Manage Risk 14
Preview of a Risk Management Structure 15
Cost of a Risk Management Programme 17
Cost–Awareness That Risk Exists 18
Cost–Finding Appropriate Balance 19
Cost–Measuring Your Exposure 19
Cost–Setting Appropriate Goals 20
Cost–Willingness to Alter Your Plans 20
Cost–Embracing the Pains of Change 20
The Catch-22 Syndrome of Risk Management 20
Catch 1 21
Catch 2 21
Risk Taking Is a Paradox 21
Back to PJI 22
Onward 23
Your Action Plan 23
Chapter 3 WHY Is Risk Management Important to Us? 25
Reasons Why Formal Risk Management Is Vital to Success 25
Reason 1 25
Reason 2 25
Reasons to Care about Formal Risk Management 26
Not Just Risk Avoidance 26
It’s a Small (Appliance) World 26
Why Peril Awareness Is a Group E ort 28
Why Risk Management Is a Leadership Responsibility 29
Desire for Innovation and Creativity 30
Need for Fraud Prevention and Detection or Proper Governance 30
Need Adequate Checks and Balances 30
Desire to Maximise Profi ts 31
Need for Good Stewardship of Corporate Assets 31
Ten Ways ERM Can Make an Impact 31
Onward 32
Your Action Plan 33
Chapter 4 WHICH Risk s Do We Need to Be Concerned about? 35
Enterprise Risk Management Step One–Obtain Consensus on Allowable Risk 36
Risk Management Tool Two: Process for Gaining Consensus on What Risk Looks Like 36
Why Defining Risk Is Necessary in Enterprise Risk Management 38
Evaluating Risk 39
Immediacy of Risk 39
Size of Risk 40
Impact of Risk 41
Scope of Risk 41
Back to PJI 42
How to Make an Internal Strategic Risk Assessment 42
Risk Management Tool Three–Strategic Risk Assessment 42
What Strategic Risk Management Is 43
Three Examples of Tools to Assess Risk 44
Risk Management Tool Four–Risk Tolerance Questionnaire 44
Risk Management Tool Five–Critical Risk Questionnaire 44
Risk Management Tool Six–Critical Risk Path 45
Three Case Studies 45
Case Study: The Risk in Giving Incentives to Certain Employees 45
Case Study: The Risk of Doing Business in a Third-World Country 47
Case Study: The Risk of New Technology 48
Onward 50
Your Action Plan 50
Chapter 5 WHEN Is It A ppropriate to Plan for Risk ? 51
Plan for Risk before It Happens 51
Mark’s Failure to Anticipate Risk 51
Mark’s Pitfall 52
Back to PJI 52
ERM Step Two–Seek Out the Global Sources of Risk 53
Strategic Objectives and ERM 54
Relationship of Strategic Planning and Risk Management 55
Assessing Your Strategic Risk 57
Operational Objectives and ERM 58
Operational Risk 58
Mitigating Operational Risk 59
When to Apply Risk Management 60
Daily, Monthly and Annual Goals 60
New Initiatives 60
Everyday Business Decisions 60
Opportunities and Threats 61
Risk Assessing When Scenario Planning 62
Tool for Measuring Risk 64
Risk Management Tool Seven–Risk and Opportunity Measurement and Management Strategy Grid 64
Case Study: The Opportunity to Invest 69
Case Study: The Risk of Losing Qualifi ed Talent 70
Case Study: Avoiding Termination Blowback 70
Lessons from the Case Studies 70
Onward 70
Action Plan 71
Chapter 6 WHERE Do Our Efforts Need to Be? 73
Sources of Jeopardy 73
Harry 74
Holistic Approach 75
ERM Step Three–Analyse the Ability of Your Organisation to Handle Risk 75
Risk Management Tool Eight–Culture Assessment 76
Embedded in the Cultural Fabric 76
What Is Culture? 77
How a Culture Story Is Developed 78
Visible Clues about Risk in Your Cultural Norms 78
Culture Must Never Be Downplayed 79
Determining Your Culture’s View of Risk Taking 80
Risk Management Tool Nine–Assessment of a Balanced Culture 81
Barriers to ERM Implementation 82
Obstacle One: Perceived Cost in Dollars and Time 82
Obstacle Two: Denial That ERM Is Necessary 82
Obstacle Three: Leaders’ Resistance 83
Obstacle Four: Employee Attitudes 83
Ways to Integrate ERM into Your Culture 84
Bring Your People Resources Together 84
Ensure Employee Acceptance through Training 84
Build Enthusiasm 85
Make it a Bottom-Line Issue 85
Risk Management Tool Ten–Responsibility Statement 86
Teach Managers about Risk Management 86
Five ERM Actions for Immediate Implementation 87
Risk Management Tool Eleven–SLOT Analysis 88
SLOT Versus SWOT 89
Your External Threats and Risk Management 89
Your Opportunities and Risk Management 89
Onward 90
Your Action Plan 90
Chapter 7 WHO Needs to Be Involved? 93
Risk Management Is a Team E ort 95
CRO 96
Risk Management Team 97
Board of Directors 98
Oversight Group in Small Organisations 98
Finance’s Role in ERM 100
Insurance’s Role in Risk Management 101
Insurance Does Not Always Reduce Exposure 102
Insurance’s Inadequacy 102
ERM Step Four: Minimise Exposure to Risk 103
Look for Risk during Times of Success 104
Look for Risk in Your Vulnerable and Hidden Areas 104
Look for Risk in Your Timelines 105
Integrate ERM Goals into Existing Infrastructure 105
Budgeting Process 105
Reporting and Feedback Process 105
Goals and Measurements System 106
Prioritisation Process 106
Project Development and Funding Process 106
Minimise Internal Risk of Unethical Employee Behaviour 106
Risk and POLR 107
Setting the Expectation for Ethical Behaviours 107
Unreasonable Policies Increase Ethics Risk108
Unreasonable Expectations Increase Ethics Risk 108
Incentives Increase Ethics Risk 109
Internal Pressures Increase Ethics Risk 110
Risk from Fraud and Employee Abuses 110
Two Tools to Analyse and Reduce Exposure to Ethics Risk 112
Risk Management Tool Twelve–The Five Whys 112
Risk Management Tool Thirteen–Establish Contingency Funds 115
Back to PJI 115
Onward 116
Your Action Plan 116
Chapter 8 HOW Do We Conduct Enterprise Risk Management? 117
Process for the Leadership Body to Implement Risk Management 119
Checklist for Implementing Risk Management 119
Minimum Elements to Establish Risk Awareness 122
Starting to Implement ERM 123
ERM Step Five: Recover Quickly from the Negative Impacts of the Risk 124
Empower Employees to Act 125
Match Authority with Responsibility 126
Five Tools to Help Clarify Accountability and Empower Employees to Act 128
Risk Management Tool Fourteen–Risk Authority and Responsibility Chart 128
Risk Management Tool Fifteen–Formalised Action Plan 130
Risk Management Tool Sixteen–Formalised Action Plan Summary 133
Risk Management Tool Seventeen–Pitfall Analysis 135
Risk Management Tool Eighteen–Controllable, Negotiable and Given Analysis 137
Onward 140
Your Action Plan 140
Chapter 9 What Happens NEXT? 143
Reconciling Dierent Views of Risk 143
Teri and Kris 143
Risk Management Tool Nineteen–Criteria Checkerboard 145
ERM Step Five and One-Half: Learn Something (So You Can Accept Even More Risk with Confidence) 148
Evaluating Your ERM Eorts 149
Interpreting Results 150
Tracking Process Output Versus Reality 150
Scenario Planning Again 151
Learning Lessons 151
Risk Management Tool Twenty–Plus/Delta Analysis 151
The Risk Audit 153
Ongoing Protection 155
Lessons Learned 155
Onward 156
End of the Line 156
Five and One-Half Myths of ERM 157
ERM Tool Kit 157
Your Action Plan 157
Chapter 10 Epilogue 159
Justin 159
Paul 159
PJI International 159
The Future Is Bright 160
You and Your Organisation 160
Case Study: The Hornet’s Nest 161
Onward 163
Appendix A High Road Institute’s Process for Implementing an Effective Risk Management Programme 165
Appendix B What Happened in 2007? 199
Appendix C Enterprise Risk Management 211
