Fundamentals of Enterprise Risk Management 2nd Edition by John J. Hampton Table of Contents & Intro
-
Upload
amacom-publishing-division-of-the-american-management-association -
Category
Documents
-
view
95 -
download
0
description
Transcript of Fundamentals of Enterprise Risk Management 2nd Edition by John J. Hampton Table of Contents & Intro
-
How Top Companies Assess R isk , Manage
Exposure , and Se ize Oppor tun i t y
Second Edition
American Management AssociationNew York Atlanta Brussels Chicago Mexico City San Francisco
Shanghai Tokyo Toronto Washington, D.C.
John J . Hampton
F U N D A M E N TA L S O F
Excerpt from
EnterpriseRisk Management
PAGE iii................. 18585$ $$FM 08-06-14 07:54:16 PS
-
CONTENTS
Introduction xi
(full table of contents)
Part One. Essentials of Enterprise Risk Management 1
1. Hazard and Enterprise Risk Management 3
Hurricane Andrew. Definitions of Risk. Hazard Risk. Insurable
Risk. Traditional Risk Management. Severity and Frequency.
Enterprise Risk. Operational Risk. Strategic Risk. Financial Risk.
Conclusion.
Appendix 1. Russian Frozen Chicken 15
2. Enterprise Risk Management 18
ERM Defined. The Need for ERM. Conclusion.
Appendix 2. GM, Ford, and the Chrysler Bailout 25
3. Contributions of ERM 30
Contribution 1: Recognize the Upside of Risk. Contribution 2:
Assign Risk Owners. Contribution 3: Align Risk Accountability.
Contribution 4: Create a Central Risk Function. Contribution 5:
Install a High-Tech Electronic Platform (HTEP). AIGs View of Risk.
Contribution 6: Involve the Board of Directors. Contribution 7:
Employ a Standard Risk Evaluation Process. Conclusion.
Appendix 3. Home Depot 40
4. Challenge of the Black Swan 45
2014 Atlanta Ice Storm. What Is a Black Swan? Blockbuster. Risk
Experts. The Failure of Experts. The Perceived Level of Risk.
Silent Evidence. Conclusion.
5. The 2008 Financial Crisis 57
Speculative Frenzies. History of the Crisis. Scanning for
Exposures. Visible Signs of Danger. Aftermath. Parallel with the
Great Depression. DoddFrank Act. Conclusion.
PAGE vii
vii
................. 18585$ CNTS 08-04-14 09:18:12 PS
-
viii Contents
6. Implementing ERM 69
COSO Framework. COSO Structure. COSO Components. COSO
Definitions. Approaches to ERM. Risk Management Areas.
Strategies and Situations in Risk Management. Expanding the
Scope of ERM. Benefits of ERM. Making ERM More Effective.
Leadership Risk. ERM Premises. How Do We Start? High-Tech
Electronic Platform (HTEP). Conclusion.
Appendix 6. ISO 31000 Framework 82
Part Two. Risk Management Technology 857. Risk Clusters 87
Cluster Risk Structure. Sophisticated Risk Mapping. Clusters
Versus Spreadsheets. Hierarchy of Subrisks. Interactions.
Conclusion.
8. Risk Technology in 2008 95
Rejection of Spreadsheets. High-Tech Electronic Platform (HTEP).
Riskonnect HTEP. User Features. Design Features. Relationships.
Risk Dashboards. Heat Map. CP&L ERM Implementation. Next
Steps. Conclusion.
9. New Technology in 2014 113
New York University HTEP. Mobile Devices. HTEP Links.
Earthquake Notification. Southwest Airlines HTEP. Collaboration
with Chatter. Real-Time Links to the World. Word Translation and
Currency Translation. Data Resources. Managing a Disability
Claim. Conclusion.
10. HTEP Applications 126
Airbus A380 Jumbo Jet. HTEP Opportunity with Bananas. Tropical
Storm Disruption. BP Oil Explosion. Ford Supply Chain. Dell
Supply Chain. Chilean Mine Rescue. Conclusion.
11. Product Launch Application 139
Market Risk. Product Risk. Capital Risk. Intellectual Property
Risk. Risk Profile. Expanding the View. Conclusion.
Part Three. Risks Without Risk Owners 14712. Strategic Risk 149
FedEx. Strategic Risk Management. Strategic Risk and
Knowledge. Pursuit of Knowledge. Historical Perspective of
PAGE viii................. 18585$ CNTS 08-04-14 09:18:13 PS
-
Contents ix
Strategic Risk. Strategic Risk and Synergy. Strategic Risk and
Tools of Knowledge. Strategic Risk and Opportunity Since 1980.
Scanning Post-2014. Energy All by Itself. Boeing Versus Airbus.
The Fax Machine and Strategic Risk. Conclusion.
13. Subculture Risk 171
Ford-Toyota Rowing Contest. Subculture Risk. Bureaucracy as a
Structure. Understanding Subculture Risk. Charles Handy on
Culture. Bureaucracy Culture. Spiders Web Culture. Team
Culture. Individual Culture. Cultural Control and Effectiveness.
Recognizing the Subculture. Conclusion.
Appendix 13a. Characteristics to Identify Subcultures 184Appendix 13b. Subculture Risk in High School 186
14. Leadership Risk 192
Behavioral Risk. Strategic and Situational Leadership. Situational
Leadership Styles. Competence and Commitment. How Leaders
Decide. IKEA Best Practices. High-Performance Leadership.
15. Life Cycle Risk 205
Organizational Life Cycle. Sharing Life Cycle Information. Life
Cycle Goals. Life Cycle Tactical Focus. Planning Horizons. Growth
as a Risk Factor. Risks with Change. GM and Toyota Life Cycle
Risk. ERM Implementation and Life Cycles. Funding for ERM.
Priority for ERM. Politics of ERM. Conclusion.
16. IBM, Microsoft, and Apple 215
IBM at Its Peak. IBM in Decline. IBM Resurgence. Microsoft
Growth. Microsoft Peak. Microsoft Decline. Apple Rise. Apple
Decline. Apple Rebound. Conclusion.
Part Four. Special Topics 225
17. Cyber Risk Management 227
Cyber Risk. Malicious Software. Loss Assessment. Managing
Cyber Risks. Buying Cyber Risk Insurance. Incident Response
Plan. Mafiaboy Attack. Sony PlayStation Attack. Hacker Language.
WikiLeaks 2010 Leak. Authorized User Exposure. Hackers and
Cyber Risk. Anonymous. Arab Spring. Bay Area Rapid Transit
(BART). Megaupload. Responding to Anonymous Threats.
Conclusion.
PAGE ix................. 18585$ CNTS 08-04-14 09:18:13 PS
-
x Contents
18. Collaboration for Effective Risk Management 249
Collaboration. Grocery Acquisition. Wikipedia Accuracy. Swarm
Theory. GoldCorp Collaboration.
19. Cerberus, JPMorgan, and Lehman 255
Cerberus and Chrysler. JPMorgan Chase and Derivatives. Lehman
Toxic Assets.
20. Rise of Modern Risk Management 262
Risk Management Supersedes Insurance. Formation of Captives
to Retain Risks. Risk Management Addresses Liability. Decline of
Historical Data. Performance Risk Augments Hazard Risk. ERM
and Cyber Risk. War Risk. Outlaw Environments. Environmental
Risks. Conclusion.
21. Evolving ERM 266
Four Problems for ERM. Black Swan. Long-Term Capital
Management. Speeding Up the Implementation of ERM. The
Future of ERM. Conclusion.
22. Modern Risk Managers 275
Risk Manager Roles. Risk Manager Levels. Profiles of Risk
Managers. Areas of Attention. Chief Risk Officer. Chief Strategy
Officer (CSO). CRO and CSO Areas of Focus. Paul Buckley, Tyco
Risk Manager. Chris Mandel, USAA Risk Manager. Lance Ewing,
Harrahs Risk Manager. George Niwa, Panasonic Risk Manager.
Susan Meltzer, Aviva Risk Manager. Central Risk Management
Committee.
Denouement 285
Index 287
PAGE x................. 18585$ CNTS 08-04-14 09:18:14 PS
-
INTRODUCTION
Risk Quote: Keep your friends close, and your enemies closer.Sun-Tzu, Chinese general and military
strategist, around 400 b.c.e.
Risk Quote: This was my fathers study. He taught me a lot ofthings in this room. He taught me to keep my friends close andmy enemies closer.
Michael Corleone in The Godfather (1976)
Welcome to the world of enterprise risk management (ERM), one ofthe most popular and misunderstood of todays important busi-ness topics. It is not very complex. It is not very expensive. It doesadd value. We just have to get it right. Until recently, businesseshave been getting it wrong.
The first edition of this book carried us into the heart of riskmanagement. It was mostly about how to do a better job of riskidentification. If we define the problem correctly, we reduce sur-prisesnot eliminate them, mind you, but get many of themunder control.
This book continues our journey with massive updates. Riskmanagement has changed dramatically since the 2008 financialcrisis. Recent developments in technology and communicationsdemand new approaches to manage risk and seize opportunity.They still build on the basic structure of ERM.
s Upside of Risk. Most people discuss risk as the possibility ofloss. This is totally insufficient because risk has an upside. A
PAGE xi
xi
................. 18585$ INTR 08-04-14 09:18:15 PS
-
xii Introduction
lost opportunity is just as much a financial loss as is damageto people and property. This is a key insight. Ask Sun-Tzu orMichael Corleone.
s Alignment with the Business Model. Within a framework forachieving goals, a single manager can supervise directly only alimited span of subordinates. Similarly, one person can overseea limited number of risks. ERM encourages us to create a hier-archy of risk categories aligned with the business model.
s Risk Owners. A single person should be responsible for everycategory of risk. When questions arise, we go directly to therisk owner. We will see an exception to this guideline in PartThree, where we address risks with no single risk owner.
s Central Risk Function. Although risks cannot be managed cen-trally, a central risk function acknowledges that some riskscross units and responsibilities. The function influences riskdecisions by scanning for changing conditions from a centralvantage point and sharing findings. This book argues that acentral risk function should not, itself, have responsibility formanagement decisions. Risk goes with the risk owners.
s High-Tech Electronic Platform (HTEP). ERM encourages theuse of new technologies. This book describes a cutting-edgetechnology and a revolutionary way to use it. The results areamazing.
The book is organized in four parts:
1. Part One. Essentials of Enterprise Risk Management. What isERM? What is not ERM? What are its key components? Why dowe need a central risk function, risk identification, a high-techplatform? We address risk management successes and failuresand cover lessons learned since the original publication of thisbook.
2. Part Two. Risk Management Technology. This is big. In thefirst edition, we examined visualized risk relationships andbacked up the view with supporting detail. You will not believethe developments since 2008. Building on the success of
PAGE xii................. 18585$ INTR 08-04-14 09:18:15 PS
-
Introduction xiii
Riskonnect, we describe the High-Tech Electronic Platform(HTEP) that serves so many companies today. If we thoughttechnology was big six years agoand it wasit is amazingtoday.
3. Part Three. Risks Without Risk Owners. Some risks dependon collaboration, crossing, as they do, the silos of organiza-tions. With a central risk function and modern technology, weupdate strategic risk, subculture risk, leadership risk, and lifecycle risk. We examine how weak management practicesendanger success and how the absence of a clear and achievablevision can be destructive. Included are incisive stories aboutIBM, Microsoft, and Apple and their rise, decline, and efforts torebound.
4. Part Four. Special Topics. Here we fill in the picture of riskmanagement. Cyber risk management deserves a chapter of itsown. The importance of collaboration is demonstrated withexamples. The struggles of Cerberus, JPMorgan, and Lehmanare documented. Three chapters build our understanding ofmodern risk managers.
Our journey covers a mixture of concepts, tools, and stories thatadd richness and depth to managing enterprise risk. Modern riskmanagement is both popular and misunderstood, but, as we willsee, it is not overly complex. Nor is it expensive. It does add value.We just have to get it right. Is risk management a science? An art?A mystery? Or is it plain old common sense? In the followingpages, we update answers to these questions.
Contributors
In the first edition, we acknowledged many people who contrib-uted to this book. Chris Mandel and Lance Ewing, former presi-dents of the Risk and Insurance Management Society (RIMS),continue to encourage me to understand risk from a holistic view-point. Valery Vyatkin, my Russian partner, contributed ideas froma Russian perspective. Finally, thanks to Bob Nirkind from
PAGE xiii................. 18585$ INTR 08-04-14 09:18:15 PS
-
xiv Introduction
AMACOM books. His insight and wisdom kept this project oncourse.
Lets also remember my administrative assistant, Mary Sulli-van of Saint Peters University, who was once again invaluable increating the final product. My bride, Doreen, a book author in herown right, tells me regularly, Jack, dont talk about risk manage-ment. Nobody cares. She is also the person who gives me themost support for projects such as this book.
Updating this list is a single acknowledgment. Thanks to thepeople at Riskonnect, particularly Bob Morrell, Kelly Barton, Eliz-abeth Morrell, and Russell McGuire. They started the journey andbuilt the HTEP described in this book. An amazing job. Just askany of their clients.
J. HamptonLitchfield, ConnecticutMarch 2014
PAGE xiv................. 18585$ INTR 08-04-14 09:18:16 PS
-
Bulk discounts available. For details visit:www.amacombooks.org/go/specialsalesOr contact special sales:Phone: 800-250-5308Email: [email protected] all the AMACOM titles at: www.amacombooks.orgAmerican Management Association: www.amanet.org
This publication is designed to provide accurate and authoritativeinformation in regard to the subject matter covered. It is sold withthe understanding that the publisher is not engaged in renderinglegal, accounting, or other professional service. If legal advice orother expert assistance is required, the services of a competentprofessional person should be sought.
Library of Congress Cataloging-in-Publication Data
Hampton, John J.Fundamentals of enterprise risk management : how top companies assess risk,
manage exposure, and seize opportunity / John J. Hampton.Second edition.pages cm
Includes bibliographical references and index.ISBN-13: 978-0-8144-4903-5 (alk. paper)ISBN-10: 0-8144-4903-4 (alk. paper)ISBN-13: 978-0-8144-4904-2 (ebook)ISBN-10: 0-8144-4904-2 (ebook)1. CorporationsFinance. 2. Risk assessment. 3. Risk management. I. Title.
HG4026.H274 2015658.155dc23
2014009521
2015 John J. Hampton.All rights reserved.Printed in the United States of America.
This publication may not be reproduced, stored in a retrieval system, or transmittedin whole or in part, in any form or by any means, electronic, mechanical,photocopying, recording, or otherwise, without the prior written permission ofAMACOM, a division of American Management Association, 1601 Broadway, New York,NY 10019.
The scanning, uploading, or distribution of this book via the Internet or any othermeans without the express permission of the publisher is illegal and punishable by law.Please purchase only authorized electronic editions of this work and do not participatein or encourage piracy of copyrighted materials, electronically or otherwise. Yoursupport of the authors rights is appreciated.
About AMAAmerican Management Association (www.amanet.org) is a world leader in talentdevelopment, advancing the skills of individuals to drive business success. Our missionis to support the goals of individuals and organizations through a complete range ofproducts and services, including classroom and virtual seminars, webcasts, webinars,podcasts, conferences, corporate and government solutions, business books andresearch. AMAs approach to improving performance combines experientiallearninglearning through doingwith opportunities for ongoing professionalgrowth at every step of ones career journey.
Printing number
10 9 8 7 6 5 4 3 2 1
PAGE iv................. 18585$ $$FM 08-06-14 07:54:16 PS
FundmtlEntrprsRiskMgt-TOC_sampleFundamentals of Enterprise Risk Mgmt - title pgFundamentals of Enterprise Risk Mgmt - TOCFundamentals Of Enterprise Risk Mgmt -IntroFundamentals Of Enterprise Risk Mgmt - copyright