book

Implementing Enterprise Risk Management

Name: Implementing Enterprise Risk Management
Author: James Lam
ISBN: 9780471745198

by James Lam

March 2017

Beginner to intermediate

432 pages

11h 49m

English

Wiley

Read now

Unlock full access

Cover
Title Page
Copyright
Dedication
Preface
Overview of the BookSuggested Chapters by Audience
Acknowledgments
Part One: ERM in Context
Chapter 1: Fundamental Concepts and Current State
IntroductionWhat Is Risk?What Does Risk Look Like?Enterprise Risk Management (ERM)The Case for ERMWhere ERM Is NowWhere ERM Is HeadedNotes
Chapter 2: Key Trends and Developments
IntroductionLessons Learned from the Financial CrisisThe Wheel of Misfortune RevisitedGlobal AdoptionNotes
Chapter 3: Performance-Based Continuous ERM
IntroductionPhase Three: Creating Shareholder ValuePerformance-Based Continuous ERMCase Study: Legacy TechnologyNotes

Chapter 4: Stakeholder Requirements
IntroductionStakeholders DefinedManaging Stakeholder Value with ERMImplementing a Stakeholder Management ProgramAppendix A: Reputational Risk PolicyNotes
Part Two: Implementing an ERM Program
Chapter 5: The ERM Project
IntroductionBarriers to ChangeEstablish the VisionObtain Buy-In from Internal StakeholdersAssess Current Capabilities Against Best PracticesDevelop a RoadmapAppendix A: ERM Maturity ModelAppendix B: Practical Plan for ERM Program Implementation
Chapter 6: Risk Culture
IntroductionRisk Culture Success FactorsBest Practice: Risk EscalationConclusionNotes
Chapter 7: The ERM Framework
IntroductionThe Need for an ERM FrameworkERM Framework CriteriaCurrent ERM FrameworksAn Update: The Continuous ERM ModelDeveloping a FrameworkConclusionNotes
Part Three: Governance Structure and Policies
Chapter 8: The Three Lines of Defense
IntroductionCOSO's Three Lines of DefenseProblems with This StructureThe Three Lines of Defense RevisitedBringing It All Together: How the Three Lines Work in ConcertConclusionNotes
Chapter 9: Role of the Board
IntroductionRegulatory RequirementsCurrent Board PracticesCase Study: SatyamThree Levers for ERM OversightConclusionNotes
Chapter 10: The View from the Risk Chair
IntroductionTurnaround StoryThe GPA Model in ActionTop Priorities for the Risk Oversight CommitteeConclusionNotes
Chapter 11: Rise of the CRO
IntroductionHistory and Rise of the CROA CRO's Career PathThe CRO's RoleHiring a CROA CRO's ProgressChief Risk Officer ProfilesNotes
Chapter 12: Risk Appetite Statement
IntroductionRequirements of a Risk Appetite StatementDeveloping a Risk Appetite StatementRoles and ResponsibilitiesMonitoring and ReportingExamples of Risk Appetite Statements and MetricsNotes
Part Four: Risk Assessment and Quantification
Chapter 13: Risk Control Self-Assessments
IntroductionRisk Assessment: An OverviewRCSA MethodologyPhase 1: Setting the FoundationPhase 2: Risk Identification, Assessment, and PrioritizationPhase 3: Deep Dives, Risk Quantification, and ManagementPhase 4: Business and ERM IntegrationERM and Internal Audit CollaborationNotes
Chapter 14: Risk Quantification Models
IntroductionMarket Risk ModelsCredit Risk ModelsOperational Risk ModelsModel Risk ManagementThe Loss/Event DatabaseEarly Warning IndicatorsModel Risk Case Study: AIGNotes
Part Five: Risk Management
Chapter 15: Strategic Risk Management
IntroductionThe Importance of Strategic RiskMeasuring Strategic RiskManaging Strategic RiskAppendix A: Strategic Risk ModelsNotes
Chapter 16: Risk-Based Performance Management
IntroductionPerformance Management and RiskPerformance Management and CapitalPerformance Management and Value CreationSummaryNotes
Part Six: Risk Monitoring and Reporting
Chapter 17: Integration of KPIs and KRIs
IntroductionWhat Is an Indicator?Using Key Performance IndicatorsBuilding Key Risk IndicatorsKPI and KRI Program ImplementationBest PracticesConclusionNotes
Chapter 18: ERM Dashboard Reporting
IntroductionTraditional Risk Reporting vs. ERM Dashboard ReportingGeneral Dashboard RequirementsImplementing ERM DashboardsAvoid Common MistakesBest PracticesNotes
Chapter 19: Feedback Loops
IntroductionWhat Is a Feedback Loop?Examples of Feedback LoopsERM Performance Feedback LoopMeasuring Success with the ERM ScorecardNotes
Part Seven: Other ERM Resources
Chapter 20: Additional ERM Templates and Outlines
IntroductionStrategic Risk AssessmentCRO Report to the Risk CommitteeCybersecurity Risk Appetite and MetricsModel Risk PolicyRisk Escalation PolicyNotes
About the Author
Index
End User License Agreement

Content preview from Implementing Enterprise Risk Management

CHAPTER 20Additional ERM Templates and Outlines

INTRODUCTION

The focus of this book is on implementing ERM programs. In my work with board members, CROs, and other business leaders, I have found the use of best-practice examples, templates, and outlines to be highly effective in accelerating ERM development and implementation. The purpose of this chapter is to provide the reader with such materials for the following policies and reports:

Strategic Risk Assessment
CRO Report to the Risk Committee
Cybersecurity Risk Appetite and Metrics
Model Risk Policy
Risk Escalation Policy

Each company should develop its own policies and reports based on its business model, size, and complexity. The purpose of these outlines is to provide examples and ideas to support those implementation efforts.

STRATEGIC RISK ASSESSMENT

The following outline provides a summary of the key sections of a strategic risk assessment report that is provided to executive management and the board:

Executive Summary

In this section, the CRO provides a recap of the overall strategy, strategic priorities, and key business objectives.

Strategic Plan Development and Monitoring

This section refers to the Strategic Risk Policy, the ERM framework, and the Risk Appetite Statement. It also summarizes the process of developing the Strategic Plan and ongoing governance, reporting, and monitoring processes at the board and management levels.

Financial Plan

Key financial projections—including business volumes, revenues, ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Implementing Enterprise Risk Management: Case Studies and Best Practices

Publisher Resources

ISBN: 9780471745198Purchase book

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

Implementing Enterprise Risk Management

by James Lam

CHAPTER 20Additional ERM Templates and Outlines

INTRODUCTION