O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Implementing Enterprise Risk Management

Book Description

A practical, real-world guide for implementing enterprise risk management (ERM) programs into your organization

Enterprise risk management (ERM) is a complex yet critical issue that all companies must deal with in the twenty-first century. Failure to properly manage risk continues to plague corporations around the world. ERM empowers risk professionals to balance risks with rewards and balance people with processes.

But to master the numerous aspects of enterprise risk management, you must integrate it into the culture and operations of the business. No one knows this better than risk management expert James Lam, and now, with Enterprise Risk Management: From Methods to Applications, he distills more than thirty years' worth of experience in the field to give risk professionals a clear understanding of how to implement an enterprise risk management program for every business.

  • Offers valuable insights on solving real-world business problems using ERM
  • Effectively addresses how to develop specific ERM tools
  • Contains a significant number of case studies to help with practical implementation of an ERM program

While Enterprise Risk Management: From Incentives to Controls, Second Edition focuses on the "what" of ERM, Enterprise Risk Management: From Methods to Applications will help you focus on the "how." Together, these two resources can help you meet the enterprise-wide risk management challenge head on—and succeed.

Table of Contents

  1. Cover
  2. Title Page
  3. Copyright
  4. Dedication
  5. Preface
    1. Overview of the Book
    2. Suggested Chapters by Audience
  6. Acknowledgments
  7. Part One: ERM in Context
    1. Chapter 1: Fundamental Concepts and Current State
      1. Introduction
      2. What Is Risk?
      3. What Does Risk Look Like?
      4. Enterprise Risk Management (ERM)
      5. The Case for ERM
      6. Where ERM Is Now
      7. Where ERM Is Headed
      8. Notes
    2. Chapter 2: Key Trends and Developments
      1. Introduction
      2. Lessons Learned from the Financial Crisis
      3. The Wheel of Misfortune Revisited
      4. Global Adoption
      5. Notes
    3. Chapter 3: Performance-Based Continuous ERM
      1. Introduction
      2. Phase Three: Creating Shareholder Value
      3. Performance-Based Continuous ERM
      4. Case Study: Legacy Technology
      5. Notes
    4. Chapter 4: Stakeholder Requirements
      1. Introduction
      2. Stakeholders Defined
      3. Managing Stakeholder Value with ERM
      4. Implementing a Stakeholder Management Program
      5. Appendix A: Reputational Risk Policy
      6. Notes
  8. Part Two: Implementing an ERM Program
    1. Chapter 5: The ERM Project
      1. Introduction
      2. Barriers to Change
      3. Establish the Vision
      4. Obtain Buy-In from Internal Stakeholders
      5. Assess Current Capabilities Against Best Practices
      6. Develop a Roadmap
      7. Appendix A: ERM Maturity Model
      8. Appendix B: Practical Plan for ERM Program Implementation
    2. Chapter 6: Risk Culture
      1. Introduction
      2. Risk Culture Success Factors
      3. Best Practice: Risk Escalation
      4. Conclusion
      5. Notes
    3. Chapter 7: The ERM Framework
      1. Introduction
      2. The Need for an ERM Framework
      3. ERM Framework Criteria
      4. Current ERM Frameworks
      5. An Update: The Continuous ERM Model
      6. Developing a Framework
      7. Conclusion
      8. Notes
  9. Part Three: Governance Structure and Policies
    1. Chapter 8: The Three Lines of Defense
      1. Introduction
      2. COSO's Three Lines of Defense
      3. Problems with This Structure
      4. The Three Lines of Defense Revisited
      5. Bringing It All Together: How the Three Lines Work in Concert
      6. Conclusion
      7. Notes
    2. Chapter 9: Role of the Board
      1. Introduction
      2. Regulatory Requirements
      3. Current Board Practices
      4. Case Study: Satyam
      5. Three Levers for ERM Oversight
      6. Conclusion
      7. Notes
    3. Chapter 10: The View from the Risk Chair
      1. Introduction
      2. Turnaround Story
      3. The GPA Model in Action
      4. Top Priorities for the Risk Oversight Committee
      5. Conclusion
      6. Notes
    4. Chapter 11: Rise of the CRO
      1. Introduction
      2. History and Rise of the CRO
      3. A CRO's Career Path
      4. The CRO's Role
      5. Hiring a CRO
      6. A CRO's Progress
      7. Chief Risk Officer Profiles
      8. Notes
    5. Chapter 12: Risk Appetite Statement
      1. Introduction
      2. Requirements of a Risk Appetite Statement
      3. Developing a Risk Appetite Statement
      4. Roles and Responsibilities
      5. Monitoring and Reporting
      6. Examples of Risk Appetite Statements and Metrics
      7. Notes
  10. Part Four: Risk Assessment and Quantification
    1. Chapter 13: Risk Control Self-Assessments
      1. Introduction
      2. Risk Assessment: An Overview
      3. RCSA Methodology
      4. Phase 1: Setting the Foundation
      5. Phase 2: Risk Identification, Assessment, and Prioritization
      6. Phase 3: Deep Dives, Risk Quantification, and Management
      7. Phase 4: Business and ERM Integration
      8. ERM and Internal Audit Collaboration
      9. Notes
    2. Chapter 14: Risk Quantification Models
      1. Introduction
      2. Market Risk Models
      3. Credit Risk Models
      4. Operational Risk Models
      5. Model Risk Management
      6. The Loss/Event Database
      7. Early Warning Indicators
      8. Model Risk Case Study: AIG
      9. Notes
  11. Part Five: Risk Management
    1. Chapter 15: Strategic Risk Management
      1. Introduction
      2. The Importance of Strategic Risk
      3. Measuring Strategic Risk
      4. Managing Strategic Risk
      5. Appendix A: Strategic Risk Models
      6. Notes
    2. Chapter 16: Risk-Based Performance Management
      1. Introduction
      2. Performance Management and Risk
      3. Performance Management and Capital
      4. Performance Management and Value Creation
      5. Summary
      6. Notes
  12. Part Six: Risk Monitoring and Reporting
    1. Chapter 17: Integration of KPIs and KRIs
      1. Introduction
      2. What Is an Indicator?
      3. Using Key Performance Indicators
      4. Building Key Risk Indicators
      5. KPI and KRI Program Implementation
      6. Best Practices
      7. Conclusion
      8. Notes
    2. Chapter 18: ERM Dashboard Reporting
      1. Introduction
      2. Traditional Risk Reporting vs. ERM Dashboard Reporting
      3. General Dashboard Requirements
      4. Implementing ERM Dashboards
      5. Avoid Common Mistakes
      6. Best Practices
      7. Notes
    3. Chapter 19: Feedback Loops
      1. Introduction
      2. What Is a Feedback Loop?
      3. Examples of Feedback Loops
      4. ERM Performance Feedback Loop
      5. Measuring Success with the ERM Scorecard
      6. Notes
  13. Part Seven: Other ERM Resources
    1. Chapter 20: Additional ERM Templates and Outlines
      1. Introduction
      2. Strategic Risk Assessment
      3. CRO Report to the Risk Committee
      4. Cybersecurity Risk Appetite and Metrics
      5. Model Risk Policy
      6. Risk Escalation Policy
      7. Notes
  14. About the Author
  15. Index
  16. End User License Agreement