book

Implementing Enterprise Risk Management

Name: Implementing Enterprise Risk Management
Author: James Lam
ISBN: 9780471745198

by James Lam

March 2017

Beginner to intermediate

432 pages

11h 49m

English

Wiley

Read now

Unlock full access

Cover
Title Page
Copyright
Dedication
Preface
Overview of the BookSuggested Chapters by Audience
Acknowledgments
Part One: ERM in Context
Chapter 1: Fundamental Concepts and Current State
IntroductionWhat Is Risk?What Does Risk Look Like?Enterprise Risk Management (ERM)The Case for ERMWhere ERM Is NowWhere ERM Is HeadedNotes
Chapter 2: Key Trends and Developments
IntroductionLessons Learned from the Financial CrisisThe Wheel of Misfortune RevisitedGlobal AdoptionNotes
Chapter 3: Performance-Based Continuous ERM
IntroductionPhase Three: Creating Shareholder ValuePerformance-Based Continuous ERMCase Study: Legacy TechnologyNotes

Chapter 4: Stakeholder Requirements
IntroductionStakeholders DefinedManaging Stakeholder Value with ERMImplementing a Stakeholder Management ProgramAppendix A: Reputational Risk PolicyNotes
Part Two: Implementing an ERM Program
Chapter 5: The ERM Project
IntroductionBarriers to ChangeEstablish the VisionObtain Buy-In from Internal StakeholdersAssess Current Capabilities Against Best PracticesDevelop a RoadmapAppendix A: ERM Maturity ModelAppendix B: Practical Plan for ERM Program Implementation
Chapter 6: Risk Culture
IntroductionRisk Culture Success FactorsBest Practice: Risk EscalationConclusionNotes
Chapter 7: The ERM Framework
IntroductionThe Need for an ERM FrameworkERM Framework CriteriaCurrent ERM FrameworksAn Update: The Continuous ERM ModelDeveloping a FrameworkConclusionNotes
Part Three: Governance Structure and Policies
Chapter 8: The Three Lines of Defense
IntroductionCOSO's Three Lines of DefenseProblems with This StructureThe Three Lines of Defense RevisitedBringing It All Together: How the Three Lines Work in ConcertConclusionNotes
Chapter 9: Role of the Board
IntroductionRegulatory RequirementsCurrent Board PracticesCase Study: SatyamThree Levers for ERM OversightConclusionNotes
Chapter 10: The View from the Risk Chair
IntroductionTurnaround StoryThe GPA Model in ActionTop Priorities for the Risk Oversight CommitteeConclusionNotes
Chapter 11: Rise of the CRO
IntroductionHistory and Rise of the CROA CRO's Career PathThe CRO's RoleHiring a CROA CRO's ProgressChief Risk Officer ProfilesNotes
Chapter 12: Risk Appetite Statement
IntroductionRequirements of a Risk Appetite StatementDeveloping a Risk Appetite StatementRoles and ResponsibilitiesMonitoring and ReportingExamples of Risk Appetite Statements and MetricsNotes
Part Four: Risk Assessment and Quantification
Chapter 13: Risk Control Self-Assessments
IntroductionRisk Assessment: An OverviewRCSA MethodologyPhase 1: Setting the FoundationPhase 2: Risk Identification, Assessment, and PrioritizationPhase 3: Deep Dives, Risk Quantification, and ManagementPhase 4: Business and ERM IntegrationERM and Internal Audit CollaborationNotes
Chapter 14: Risk Quantification Models
IntroductionMarket Risk ModelsCredit Risk ModelsOperational Risk ModelsModel Risk ManagementThe Loss/Event DatabaseEarly Warning IndicatorsModel Risk Case Study: AIGNotes
Part Five: Risk Management
Chapter 15: Strategic Risk Management
IntroductionThe Importance of Strategic RiskMeasuring Strategic RiskManaging Strategic RiskAppendix A: Strategic Risk ModelsNotes
Chapter 16: Risk-Based Performance Management
IntroductionPerformance Management and RiskPerformance Management and CapitalPerformance Management and Value CreationSummaryNotes
Part Six: Risk Monitoring and Reporting
Chapter 17: Integration of KPIs and KRIs
IntroductionWhat Is an Indicator?Using Key Performance IndicatorsBuilding Key Risk IndicatorsKPI and KRI Program ImplementationBest PracticesConclusionNotes
Chapter 18: ERM Dashboard Reporting
IntroductionTraditional Risk Reporting vs. ERM Dashboard ReportingGeneral Dashboard RequirementsImplementing ERM DashboardsAvoid Common MistakesBest PracticesNotes
Chapter 19: Feedback Loops
IntroductionWhat Is a Feedback Loop?Examples of Feedback LoopsERM Performance Feedback LoopMeasuring Success with the ERM ScorecardNotes
Part Seven: Other ERM Resources
Chapter 20: Additional ERM Templates and Outlines
IntroductionStrategic Risk AssessmentCRO Report to the Risk CommitteeCybersecurity Risk Appetite and MetricsModel Risk PolicyRisk Escalation PolicyNotes
About the Author
Index
End User License Agreement

Content preview from Implementing Enterprise Risk Management

CHAPTER 7The ERM Framework

INTRODUCTION

In managing something as complex as a large corporation, or even a single function within such an organization (including ERM), it's easy to miss the forest for the trees. That is, one can quickly lose track of the big picture by getting caught up in the details. At the other end of the spectrum, too broad a view can lead one to overlook something important. In order to establish a structured approach, businesses have been implementing management frameworks that encapsulate the big ideas of a complex topic while breaking them down into discrete components. Early frameworks, such as the BCG Matrix (1968) and Porter's Five Forces (1979), focused on competitive analysis and strategy formation. Others, notably the Balanced Scorecard developed in 1987, focused on performance management and reporting. However, none of these frameworks directly address risk.

In this chapter, we'll begin by examining the nature and usage of frameworks in general. We'll next consider why organizations need a workable ERM framework that can coexist alongside (or within) these broader frameworks. Then we'll establish criteria to evaluate the usefulness of an ERM framework. I'll also offer my own take on an ERM framework that I think many companies can adapt for their own use.

THE NEED FOR AN ERM FRAMEWORK

I hope the previous chapters have made it clear why ERM is so important in today's business climate, but why do we need an ERM framework? Why can't current management ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 9780471745198Purchase book

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design