book

Implementing Enterprise Risk Management

Name: Implementing Enterprise Risk Management
Author: James Lam
ISBN: 9780471745198

by James Lam

March 2017

Beginner to intermediate

432 pages

11h 49m

English

Wiley

Read now

Unlock full access

Cover
Title Page
Copyright
Dedication
Preface
Overview of the BookSuggested Chapters by Audience
Acknowledgments
Part One: ERM in Context
Chapter 1: Fundamental Concepts and Current State
IntroductionWhat Is Risk?What Does Risk Look Like?Enterprise Risk Management (ERM)The Case for ERMWhere ERM Is NowWhere ERM Is HeadedNotes
Chapter 2: Key Trends and Developments
IntroductionLessons Learned from the Financial CrisisThe Wheel of Misfortune RevisitedGlobal AdoptionNotes
Chapter 3: Performance-Based Continuous ERM
IntroductionPhase Three: Creating Shareholder ValuePerformance-Based Continuous ERMCase Study: Legacy TechnologyNotes

Chapter 4: Stakeholder Requirements
IntroductionStakeholders DefinedManaging Stakeholder Value with ERMImplementing a Stakeholder Management ProgramAppendix A: Reputational Risk PolicyNotes
Part Two: Implementing an ERM Program
Chapter 5: The ERM Project
IntroductionBarriers to ChangeEstablish the VisionObtain Buy-In from Internal StakeholdersAssess Current Capabilities Against Best PracticesDevelop a RoadmapAppendix A: ERM Maturity ModelAppendix B: Practical Plan for ERM Program Implementation
Chapter 6: Risk Culture
IntroductionRisk Culture Success FactorsBest Practice: Risk EscalationConclusionNotes
Chapter 7: The ERM Framework
IntroductionThe Need for an ERM FrameworkERM Framework CriteriaCurrent ERM FrameworksAn Update: The Continuous ERM ModelDeveloping a FrameworkConclusionNotes
Part Three: Governance Structure and Policies
Chapter 8: The Three Lines of Defense
IntroductionCOSO's Three Lines of DefenseProblems with This StructureThe Three Lines of Defense RevisitedBringing It All Together: How the Three Lines Work in ConcertConclusionNotes
Chapter 9: Role of the Board
IntroductionRegulatory RequirementsCurrent Board PracticesCase Study: SatyamThree Levers for ERM OversightConclusionNotes
Chapter 10: The View from the Risk Chair
IntroductionTurnaround StoryThe GPA Model in ActionTop Priorities for the Risk Oversight CommitteeConclusionNotes
Chapter 11: Rise of the CRO
IntroductionHistory and Rise of the CROA CRO's Career PathThe CRO's RoleHiring a CROA CRO's ProgressChief Risk Officer ProfilesNotes
Chapter 12: Risk Appetite Statement
IntroductionRequirements of a Risk Appetite StatementDeveloping a Risk Appetite StatementRoles and ResponsibilitiesMonitoring and ReportingExamples of Risk Appetite Statements and MetricsNotes
Part Four: Risk Assessment and Quantification
Chapter 13: Risk Control Self-Assessments
IntroductionRisk Assessment: An OverviewRCSA MethodologyPhase 1: Setting the FoundationPhase 2: Risk Identification, Assessment, and PrioritizationPhase 3: Deep Dives, Risk Quantification, and ManagementPhase 4: Business and ERM IntegrationERM and Internal Audit CollaborationNotes
Chapter 14: Risk Quantification Models
IntroductionMarket Risk ModelsCredit Risk ModelsOperational Risk ModelsModel Risk ManagementThe Loss/Event DatabaseEarly Warning IndicatorsModel Risk Case Study: AIGNotes
Part Five: Risk Management
Chapter 15: Strategic Risk Management
IntroductionThe Importance of Strategic RiskMeasuring Strategic RiskManaging Strategic RiskAppendix A: Strategic Risk ModelsNotes
Chapter 16: Risk-Based Performance Management
IntroductionPerformance Management and RiskPerformance Management and CapitalPerformance Management and Value CreationSummaryNotes
Part Six: Risk Monitoring and Reporting
Chapter 17: Integration of KPIs and KRIs
IntroductionWhat Is an Indicator?Using Key Performance IndicatorsBuilding Key Risk IndicatorsKPI and KRI Program ImplementationBest PracticesConclusionNotes
Chapter 18: ERM Dashboard Reporting
IntroductionTraditional Risk Reporting vs. ERM Dashboard ReportingGeneral Dashboard RequirementsImplementing ERM DashboardsAvoid Common MistakesBest PracticesNotes
Chapter 19: Feedback Loops
IntroductionWhat Is a Feedback Loop?Examples of Feedback LoopsERM Performance Feedback LoopMeasuring Success with the ERM ScorecardNotes
Part Seven: Other ERM Resources
Chapter 20: Additional ERM Templates and Outlines
IntroductionStrategic Risk AssessmentCRO Report to the Risk CommitteeCybersecurity Risk Appetite and MetricsModel Risk PolicyRisk Escalation PolicyNotes
About the Author
Index
End User License Agreement

Content preview from Implementing Enterprise Risk Management

CHAPTER 13Risk Control Self-Assessments

INTRODUCTION

An initial step in ERM is to identify, assess, and prioritize an organization's key risks. The risk control self-assessment (RCSA) is a common tool that is well established in regulatory guidance and industry frameworks. Companies across all industry sectors use RCSAs for identifying, mapping, and controlling risks that threaten strategic and other objectives.¹ Companies that integrate RCSA into the daily activities of their business units will also find it easier to adhere to the growing body of stakeholder expectations and regulatory requirements.

By its very nature, RCSA implementation will vary depending upon a company's specific needs. There is, however, a common process and methodology that all RCSAs follow. We'll begin this chapter with a short overview of risk assessment and the benefits it offers. Next, we'll examine how companies can implement RCSA process and methodology such as identifying risks, evaluating existing controls, and developing risk mitigation strategies. We'll look at the short- and long-term post-RCSA processes to get the most out of the results and increase future efficiency with an emphasis on common pitfalls and practical solutions. We'll conclude the chapter by examining how to incorporate risk assessment into the business process through strategic planning and review.

RISK ASSESSMENT: AN OVERVIEW

The objective of risk assessment (or RCSA) is to identify, evaluate, and prioritize an organization's ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Implementing Enterprise Risk Management: Case Studies and Best Practices

Publisher Resources

ISBN: 9780471745198Purchase book

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design