Paul Hopkin. Fundamentals of Risk Management
Подождите немного. Документ загружается.
x Contents
Risk culture and risk strategy 108
Establishing the context 108
12 Risk training and communication 110
Risk training and risk culture 110
Risk information and communication 111
Shared risk vocabulary 112
Risk information on an intranet 113
Risk management information systems (RMIS) 113
Consistent response to risk 115
Case study: Tesco – risk management responsibilities 117
Part 3 Risk assessment 119
Learning outcomes for Part 3 119
Part 3 Further reading 120
13 Risk assessment considerations 121
Importance of risk assessment 121
Approaches to risk assessment 122
Risk assessment techniques 123
Risk matrix 125
Risk perception 126
Risk appetite 127
14 Risk classifi cation systems 131
Short, medium and long-term risks 131
Purpose of risk classifi cation systems 132
Examples of risk classifi cation systems 132
FIRM risk scorecard 134
PESTLE risk classifi cation system 135
Hazard, control and opportunity risks 137
15 Risk likelihood and impact 140
Application of a risk matrix 140
Inherent and current level of risk 141
Control confi dence 143
Contents xi
4Ts of risk response 143
Risk signifi cance 144
Risk capacity 146
16 Loss control 148
Risk likelihood 148
Risk magnitude 149
Hazard risks 150
Loss prevention 151
Damage limitation 152
Cost containment 152
17 Defi ning the upside of risk 154
Upside of risk 154
Opportunity assessment 156
Riskiness index 157
Upside in strategy 160
Upside in projects 161
Upside in operations 162
18 Business continuity planning 163
Importance of BCP and DRP 163
Business continuity standards 164
Successful BCP and DRP 166
Business impact analysis (BIA) 168
BCP and ERM 168
Civil emergencies 169
Case study: Invensys – risks and uncertainties 171
Part 4 Risk and organizations 173
Learning outcomes for Part 4 173
Part 4 Further reading 174
19 Corporate governance model 175
Corporate governance 175
OECD principles of corporate governance 176
xii Contents
LSE corporate governance framework 177
Corporate governance for a bank 179
Corporate governance for a government agency 180
Evaluation of board performance 182
20 Stakeholder expectations 185
Range of stakeholders 185
Stakeholder dialogue 186
Stakeholders and core processes 188
Stakeholders and strategy 189
Stakeholders and tactics 189
Stakeholders and operations 190
21 Analysis of the business model 192
Simplifi ed business model 192
Core business processes 193
Effi cacious strategy 194
Effective processes 195
Effi cient operations 196
Reporting performance 196
22 Project risk management 198
Introduction to project risk management 198
Development of project risk management 199
Uncertainty in projects 200
Project life cycle 200
Opportunity in projects 202
Project risk analysis and management 202
23 Operational risk management 205
Operational risk 205
Defi nition of operational risk 206
Basel II 207
Measurement of operational risk 208
Diffi culties of measurement 210
Developments in operational risk 212
Contents xiii
24 Supply chain management 214
Importance of the supply chain 214
Scope of the supply chain 215
Strategic partnerships 216
Joint ventures 217
Outsourcing of operations 217
Risk and contracts 219
Case study: Hercules Incorporated – outsourcing logistics 221
Part 5 Risk response 223
Learning outcomes for Part 5 223
Part 5 Further reading 224
25 Enterprise risk management 225
Enterprise-wide approach 225
Defi nitions of ERM 226
ERM in practice 227
ERM and business continuity 229
ERM in energy and fi nance 229
Future development of ERM 231
26 Importance of risk appetite 233
Risk capacity 233
Risk exposure 235
Nature of risk appetite 236
Cost of risk controls 239
Risk management and uncertainty 240
Risk appetite and lifestyle decisions 242
27 Tolerate, treat, transfer and terminate 244
The 4Ts of hazard response 244
Risk tolerance 248
Risk treatment 248
Risk transfer 249
Risk termination 250
Project and strategic risk response 250
xiv Contents
28 Risk control techniques 253
Hazard risk zones 253
Types of controls 254
Preventive controls 257
Corrective controls 258
Directive controls 258
Detective controls 259
29 Control of selected hazard risks 261
Risk control 261
Control of fi nancial risks 262
Control of infrastructure risks 265
Control of reputational risks 270
Control of marketplace risks 272
Learning from controls 273
30 Insurance and risk transfer 277
Importance of insurance 277
History of insurance 278
Types of insurance cover 279
Evaluation of insurance needs 281
Purchase of insurance 282
Captive insurance companies 284
Case study: Intercontinental Hotels Group – loss-control strategy 287
Part 6 Risk assurance and reporting 289
Learning outcomes for Part 6 289
Part 6 Further reading 290
31 Evaluation of the control environment 291
Nature of internal control 291
Purpose of internal control 292
Control environment 293
Features of the control environment 295
CoCo framework of internal control 296
Risk-aware culture 298
Contents xv
32 Activities of the internal audit function 299
Scope of internal audit 299
Financial assertions 299
Risk management and internal audit 300
Risk management outputs 302
Role of internal audit 302
Management responsibilities 304
33 Risk assurance techniques 306
Audit committees 306
Role of risk management 308
Risk assurance 309
Hazard, control and opportunity risks 310
Control risk self-assessment 311
Benefi ts of risk assurance 312
34 Reporting on risk management 313
Risk documentation 313
Sarbanes–Oxley Act of 2002 314
Risk reports by US companies 315
Charities risk reporting 317
Public sector risk reporting 318
Government Report on National Security 320
35 Corporate social responsibility 321
CSR and corporate governance 321
CSR and risk management 322
CSR and reputational risk 323
CSR and stakeholder expectations 323
Supply chain and ethical trading 324
CSR reporting 326
36 Future of risk management 327
Review of benefi ts of risk management 327
Steps to successful risk management 328
Changing face of risk management 331
Concept of risk appetite 332
xvi Contents
Concept of upside of risk 333
Future developments 334
Case study: BP – risk reporting 336
Appendix A: Glossary of terms 338
Appendix B: Implementation guide 348
Index 351
Figures
1.1 Risk likelihood and magnitude 18
2.1 Attachment of risks 22
2.2 Risk and reward 24
4.1 7Rs and 4Ts of (hazard) risk management 40
4.2 Risk management sophistication 44
6.1 IRM risk management process 55
6.2 Components of an RM framework 57
6.3 COSO ERM framework 58
6.4 Risk management framework from BS 31100 60
6.5 Risk management process from ISO 31000 61
10.1 RM architecture for a large corporation 96
10.2 RM architecture for a charity 97
13.1 Risk appetite matrix (risk averse) 128
13.2 Risk appetite matrix (risk aggressive) 128
15.1 Personal risk matrix 140
15.2 Risk matrix and the 4Ts of hazard management 141
15.3 Inherent, current and target levels of risk 142
18.1 Model for business continuity planning 165
19.1 Corporate governance framework 178
19.2 Corporate governance in a government agency 180
20.1 Importance of core processes 188
21.1 Simplifi ed business model 193
22.1 Project life cycle 201
26.1 Risk and uncertainty 234
26.2 Risk appetite, exposure and capacity (optimal) 237
26.3 Risk appetite, exposure and capacity (vulnerable) 238
xvii
xviii Figures
26.4 Illustration of control effect 239
26.5 Risk management and uncertainty 241
27.1 Types of controls for hazard risks 246
27.2 Risk versus uncertainty in projects 251
27.3 Risk versus reward in strategy 252
28.1 Hazard risk zones 254
29.1 Cost-effective controls 262
29.2 Cost–benefi t analysis 274
29.3 Learning from controls 275
29.4 Risk and reward decisions 276
30.1 Role of captive insurance companies 285
31.1 Criteria of Control (CoCo) framework 293
32.1 Role of internal audit in ERM 303
Tables
1.1 Defi nitions of risk 12
1.2 Risk description 15
3.1 Categories of disruption 31
4.1 Defi nitions of risk management 37
4.2 Importance of risk management 38
4.3 7Rs and 4Ts of (hazard) risk management 39
5.1 Principles of risk management 47
6.1 Risk management standards 54
6.2 COSO ERM framework 59
7.1 Risk management framework 68
7.2 Risk management policy 70
7.3 Risk management protocols 71
7.4 Types of RM documentation 74
8.1 Format for a basic risk register 80
8.2 Risk register for a sports club 81
8.3 Risk register for a hospital 82
8.4 Project risk register 84
8.5 Risk register attached to a business plan 85
9.1 Risk management responsibilities 89
9.2 Historical role of the insurance risk manager 92
10.1 Responsibilities of the RM committee 99
10.2 Four levels of risk maturity 102
11.1 Risk-aware culture 106
12.1 Risk communications guidelines 111
12.2 Risk management information system (RMIS) 114
13.1 Techniques for risk assessment 123
xix