A practical, real-world guide for implementing enterprise risk management (ERM) programs into your organization Enterprise risk management (ERM) is a complex yet critical issue that all companies must deal with in the twenty-first century. Failure to properly manage risk continues to plague corporations around the world. ERM empowers risk professionals to balance risks with rewards and balance people with processes. But to master the numerous aspects of enterprise risk management, you must integrate it into the culture and operations of the business. No one knows this better than risk management expert James Lam, and now, with Implementing Enterprise Risk Management: From Methods to Applications, he distills more than thirty years' worth of experience in the field to give risk professionals a clear understanding of how to implement an enterprise risk management program for every business.
* Offers valuable insights on solving real-world business problems using ERM * Effectively addresses how to develop specific ERM tools * Contains a significant number of case studies to help with practical implementation of an ERM program While Enterprise Risk Management: From Incentives to Controls, Second Edition focuses on the "what" of ERM, Implementing Enterprise Risk Management: From Methods to Applications will help you focus on the "how." Together, these two resources can help you meet the enterprise-wide risk management challenge head on and succeed.
Implementing Enterprise Risk Management - From Methods to Applications
Preface xiii Acknowledgments xix PART ONE ERM in Context CHAPTER 1 Fundamental Concepts and Current State 3 Introduction 3 What Is Risk? 4 What Does Risk Look Like? 8 Enterprise Risk Management (ERM) 11 The Case for ERM 13 Where ERM Is Now 18 Where ERM Is Headed 19 Notes 20 CHAPTER 2 Key Trends and Developments 21 Introduction 21 Lessons Learned from the Financial Crisis 21 The Wheel of Misfortune Revisited 26 Global Adoption 34 Notes 37 CHAPTER 3 Performance-Based Continuous ERM 41 Introduction 41 Phase Three: Creating Shareholder Value 43 Performance-Based Continuous ERM 44 Case Study: Legacy Technology 56 Notes 59 CHAPTER 4 Stakeholder Requirements 61 Introduction 61 Stakeholders Defined 62 Managing Stakeholder Value with ERM 79 Implementing a Stakeholder Management Program 80 Appendix A: Reputational Risk Policy 83 Notes 87 PART TWO Implementing an ERM Program CHAPTER 5 The ERM Project 93 Introduction 93 Barriers to Change 93 Establish the Vision 95 Obtain Buy-In from Internal Stakeholders 97 Assess Current Capabilities against Best Practices 100 Develop a Roadmap 104 Appendix A: ERM Maturity Model 108 Appendix B: Practical Plan for ERM Program Implementation 111 CHAPTER 6 Risk Culture 115 Introduction 115 Risk Culture Success Factors 117 Best Practice: Risk Escalation 130 Conclusion 130 Notes 131 CHAPTER 7 The ERM Framework 132 Introduction 132 The Need for an ERM Framework 132 ERM Framework Criteria 136 Current ERM Frameworks 138 An Update: The Continuous ERM Model 145 Developing a Framework 150 Conclusion 153 Notes 153 PART THREE Governance Structure and Policies CHAPTER 8 The Three Lines of Defense 157 Introduction 157 COSO s Three Lines of Defense 158 Problems with This Structure 160 The Three Lines of Defense Revisited 164 Bringing It All Together: How the Three Lines Work in Concert 172 Conclusion 173 Notes 173 CHAPTER 9 Role of the Board 175 Introduction 175 Regulatory Requirements 176 Current Board Practices 179 Case Study: Satyam 180 Three Levers for ERM Oversight 181 Conclusion 189 Notes 189 CHAPTER 10 The View from the Risk Chair 191 Introduction 191 Turnaround Story 191 The GPA Model in Action 192 Top Priorities for the Risk Oversight Committee 192 Conclusion 196 Notes 197 CHAPTER 11 Rise of the CRO 198 Introduction 198 History and Rise of the CRO 199 A CRO s Career Path 201 The CRO s Role 202 Hiring a CRO 206 A CRO s Progress 208 Chief Risk Officer Profiles 212 Notes 225 CHAPTER 12 Risk Appetite Statement 227 Introduction 227 Requirements of a Risk Appetite Statement 228 Developing a Risk Appetite Statement 233 Roles and Responsibilities 239 Monitoring and Reporting 242 Examples of Risk Appetite Statements and Metrics 246 Notes 250 PART FOUR Risk Assessment and Quantification CHAPTER 13 Risk Control Self-Assessments 255 Introduction 255 Risk Assessment: An Overview 255 RCSA Methodology 256 Phase 1: Setting the Foundation 259 Phase 2: Risk Identification, Assessment, and Prioritization 262 Phase 3: Deep Dives, Risk Quantification, and Management 267 Phase 4: Business and ERM Integration 270 ERM and Internal Audit Collaboration 272 Notes 273 CHAPTER 14 Risk Quantification Models 274 Introduction 274 Market Risk Models 275 Credit Risk Models 278 Operational Risk Models 281 Model Risk Management 283 The Loss/Event Database 288 Early Warning Indicators 289 Model Risk Case Study: AIG 289 Notes 290 PART FIVE Risk Management CHAPTER 15 Strategic Risk Management 295 Introduction 295 The Importance of Strategic Risk 296 Measuring Strategic Risk 299 Managing Strategic Risk 301 Appendix A: Strategic Risk Models 310 Notes 312 CHAPTER 16 Risk-Based Performance Management 314 Introduction 314 Performance Management and Risk 316 Performance Management and Capital 317 Performance Management and Value Creation 319 Summary 323 Notes 324 PART SIX Risk Monitoring and Reporting CHAPTER 17 Integration of KPIs and KRIs 327 Introduction 327 What Is an Indicator? 327 Using Key Performance Indicators 329 Building Key Risk Indicators 330 KPI and KRI Program Implementation 335 Best Practices 337 Conclusion 338 Notes 339 CHAPTER 18 ERM Dashboard Reporting 340 Introduction 340 Traditional Risk Reporting vs. ERM Dashboard Reporting 344 General Dashboard Requirements 348 Implementing ERM Dashboards 351 Avoid Common Mistakes 357 Best Practices 358 Notes 361 CHAPTER 19 Feedback Loops 362 Introduction 362 What Is a Feedback Loop? 363 Examples of Feedback Loops 364 ERM Performance Feedback Loop 366 Measuring Success with the ERM Scorecard 368 Notes 371 PART SEVEN Other ERM Resources CHAPTER 20 Additional ERM Templates and Outlines 375 Introduction 375 Strategic Risk Assessment 375 CRO Report to the Risk Committee 376 Cybersecurity Risk Appetite and Metrics 378 Model Risk Policy 380 Risk Escalation Policy 382 Notes 385 About the Author 386 Index 387
801 777 223
Twój koszyk
