CHAPTER 22 JAA Inc.—A Case Study in Creating Value from Uncertainty Best Practices in Managing Risk


Head of Internal Audit, AVBOB Mutual Assurance Society


Principal, Schanfield Risk Management Advisors LLC


Risk Officer, Sekerbank T.A.S., Turkey

This case study describes how enterprise risk management (ERM) was implemented at a fictitious company, JAA Inc. It provides extensive detail as to the governance structure, the processes, and the various tools used. The case is built on the principles/guidance of ISO 310001 and the implementation guidance created by HB 436.2 The key players in this case are the heads of Internal Audit and Risk Management. It is interesting to see what they have done in the five years expended to implement ERM. We offer special thanks and appreciation to Grant Purdy from Broadleaf International in Australia for his continued support, dedication, and help provided to our efforts.


It was a beautiful Wednesday afternoon in Chicago. Matt Damison, the chief internal auditor (CIA), and Frank Gillespie, the chief risk officer (CRO), were having lunch in JAA's cafeteria and reminiscing about the times at JAA when the company's performance was much lower than the current state. Only five years earlier, in 2008, the company had embarked on a comprehensive enterprise risk management (ERM) program. Both Matt and Frank, together with executive management and the board, had been actively involved ...

Get Implementing Enterprise Risk Management: Case Studies and Best Practices now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.