book

Implementing Enterprise Risk Management

Name: Implementing Enterprise Risk Management
Author: James Lam
ISBN: 9780471745198

by James Lam

March 2017

Beginner to intermediate

432 pages

11h 49m

English

Wiley

Read now

Unlock full access

Cover
Title Page
Copyright
Dedication
Preface
Overview of the BookSuggested Chapters by Audience
Acknowledgments
Part One: ERM in Context
Chapter 1: Fundamental Concepts and Current State
IntroductionWhat Is Risk?What Does Risk Look Like?Enterprise Risk Management (ERM)The Case for ERMWhere ERM Is NowWhere ERM Is HeadedNotes
Chapter 2: Key Trends and Developments
IntroductionLessons Learned from the Financial CrisisThe Wheel of Misfortune RevisitedGlobal AdoptionNotes
Chapter 3: Performance-Based Continuous ERM
IntroductionPhase Three: Creating Shareholder ValuePerformance-Based Continuous ERMCase Study: Legacy TechnologyNotes

Chapter 4: Stakeholder Requirements
IntroductionStakeholders DefinedManaging Stakeholder Value with ERMImplementing a Stakeholder Management ProgramAppendix A: Reputational Risk PolicyNotes
Part Two: Implementing an ERM Program
Chapter 5: The ERM Project
IntroductionBarriers to ChangeEstablish the VisionObtain Buy-In from Internal StakeholdersAssess Current Capabilities Against Best PracticesDevelop a RoadmapAppendix A: ERM Maturity ModelAppendix B: Practical Plan for ERM Program Implementation
Chapter 6: Risk Culture
IntroductionRisk Culture Success FactorsBest Practice: Risk EscalationConclusionNotes
Chapter 7: The ERM Framework
IntroductionThe Need for an ERM FrameworkERM Framework CriteriaCurrent ERM FrameworksAn Update: The Continuous ERM ModelDeveloping a FrameworkConclusionNotes
Part Three: Governance Structure and Policies
Chapter 8: The Three Lines of Defense
IntroductionCOSO's Three Lines of DefenseProblems with This StructureThe Three Lines of Defense RevisitedBringing It All Together: How the Three Lines Work in ConcertConclusionNotes
Chapter 9: Role of the Board
IntroductionRegulatory RequirementsCurrent Board PracticesCase Study: SatyamThree Levers for ERM OversightConclusionNotes
Chapter 10: The View from the Risk Chair
IntroductionTurnaround StoryThe GPA Model in ActionTop Priorities for the Risk Oversight CommitteeConclusionNotes
Chapter 11: Rise of the CRO
IntroductionHistory and Rise of the CROA CRO's Career PathThe CRO's RoleHiring a CROA CRO's ProgressChief Risk Officer ProfilesNotes
Chapter 12: Risk Appetite Statement
IntroductionRequirements of a Risk Appetite StatementDeveloping a Risk Appetite StatementRoles and ResponsibilitiesMonitoring and ReportingExamples of Risk Appetite Statements and MetricsNotes
Part Four: Risk Assessment and Quantification
Chapter 13: Risk Control Self-Assessments
IntroductionRisk Assessment: An OverviewRCSA MethodologyPhase 1: Setting the FoundationPhase 2: Risk Identification, Assessment, and PrioritizationPhase 3: Deep Dives, Risk Quantification, and ManagementPhase 4: Business and ERM IntegrationERM and Internal Audit CollaborationNotes
Chapter 14: Risk Quantification Models
IntroductionMarket Risk ModelsCredit Risk ModelsOperational Risk ModelsModel Risk ManagementThe Loss/Event DatabaseEarly Warning IndicatorsModel Risk Case Study: AIGNotes
Part Five: Risk Management
Chapter 15: Strategic Risk Management
IntroductionThe Importance of Strategic RiskMeasuring Strategic RiskManaging Strategic RiskAppendix A: Strategic Risk ModelsNotes
Chapter 16: Risk-Based Performance Management
IntroductionPerformance Management and RiskPerformance Management and CapitalPerformance Management and Value CreationSummaryNotes
Part Six: Risk Monitoring and Reporting
Chapter 17: Integration of KPIs and KRIs
IntroductionWhat Is an Indicator?Using Key Performance IndicatorsBuilding Key Risk IndicatorsKPI and KRI Program ImplementationBest PracticesConclusionNotes
Chapter 18: ERM Dashboard Reporting
IntroductionTraditional Risk Reporting vs. ERM Dashboard ReportingGeneral Dashboard RequirementsImplementing ERM DashboardsAvoid Common MistakesBest PracticesNotes
Chapter 19: Feedback Loops
IntroductionWhat Is a Feedback Loop?Examples of Feedback LoopsERM Performance Feedback LoopMeasuring Success with the ERM ScorecardNotes
Part Seven: Other ERM Resources
Chapter 20: Additional ERM Templates and Outlines
IntroductionStrategic Risk AssessmentCRO Report to the Risk CommitteeCybersecurity Risk Appetite and MetricsModel Risk PolicyRisk Escalation PolicyNotes
About the Author
Index
End User License Agreement

Content preview from Implementing Enterprise Risk Management

CHAPTER 17Integration of KPIs and KRIs

INTRODUCTION

A successful ERM program not only highlights risks that an organization faces and helps avert them, but also highlights opportunities the company can take advantage of to boost growth and value. This is only possible if one is able to peer into the future to see those risks and opportunities coming down the pike. But how? Likely you are familiar with the concept of key performance indicators (KPIs), which help managers determine how well they are progressing toward their goals. While KPIs are important in ERM programs to evaluate their performance, it is only through key risk indicators (KRIs) that one can tease out trends that may indicate future risk. The adage “what gets measured gets managed” is true not just of KPIs but of KRIs as well. If risk managers can measure risk, then and only then can they optimize business decisions around it.

I'll begin this chapter by defining indicators in general, and KPIs and KRIs specifically. Because they are better known, I'll explore KPIs in greater depth before looking at the role of risk measurement and reporting in ERM. We'll then turn to the task at hand: creating effective KRIs that a company can use to anticipate future risks. I'll then elaborate on how best to implement a KPI/KRI program within an ERM framework before concluding with some best practices.

WHAT IS AN INDICATOR?

To understand key indicators, we must first understand indicators themselves. An indicator is a specific ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 9780471745198Purchase book

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design