ContentsForeword by Robert S. Kaplan xixPART I Overview 11 Enterprise Risk Management: An Introductionand Overview 3What Is Enterprise Risk Management? 3Drivers of Enterprise Risk Management 4Summary of the Book Chapters 5Overview 5ERM Management, Culture, and Control 6ERM Tools and Techniques 8Types of Risks 10Survey Evidence and Academic Research 12Special Topics and Case Studies 13Future of ERM and Unresolved Issues 15Notes 16About the Editors 162 A Brief History of Risk Management 19Introduction 19Risk Management in Antiquity 19After the Middle Ages 20The Past 100 Years 21Notes 28About the Author 293 ERM and Its Role in Strategic Planningand Strategy Execution 31Rising Expectations for Strategic Risk Management 32ERM Positioned as Value-Adding 33Board Demands for More Strategic Risk Management 34Integrating Risk into Strategic Planning 34Recognizing Strategic Business Risk 35Evaluating Strategic Business Risk 36v viContents11 Tenets of the Return Driven Framework 37Using a Framework to Build a Strategic Risk Management Mindset 39Creating a Strategic Risk Mindset and Culture 40A Strategic Risk Management Mindset 40Recognizing Value of Strategic Risk Management at High-Performance Companies 42Building a Strategic Risk Assessment Process 42Strategic Risk Management Processes 43Focus on Genuine Assets at Risk 44Strategic Risk Management and Performance Measurement 45Critical Steps for Value-Added Strategic Risk Management 47Conclusion 48Notes 48About the Authors 504 The Role of the Board of Directors and SeniorManagement in Enterprise Risk Management 51Introduction 51Governance Expectations for Board Oversight of Risk Management 52Delegation of Risk Oversight to Board Committees 58Formalizing Risk Management Processes 58Senior Executive Leadership in Risk Management 60The Role of the Internal Audit Function in ERM 61External Audit as an Independent Source of Key Risk Identification 61ERM Implementation Strategies 62Role of the Audit Committee 62Role of the Board 63Training 64Board Composition 64Reporting 65Compliance 66Culture 66Conclusion 66Notes 67PART II ERM Management, Culture, and Control 695 Becoming the Lamp Bearer: The Emerging Rolesof the Chief Risk Officer 71The Origins of the CRO 72The CRO as Compliance Champion 75The CRO as Modeling Expert 76The CRO as Strategic Controller 77The CRO as Strategic Advisor 78Which CRO Role to Play? 79Conclusion 81Notes 82 CONTENTS viiReferences 82Acknowledgments 85About the Author 856 Creating a Risk-Aware Culture 87The Importance of Culture 87Defining Culture 87The Goals of Culture 87The Importance of Culture 88When the Chips Are Down 88Culture Can Discourage Good Risk Taking 90Elements of a Risk-Aware Culture 91Behavioral Elements 91Process Elements 91How to Create a Risk-Aware Culture 91Defining the Elements 91Measuring and Monitoring 92Involvement and Buy-In 93Openness 93Tone from the Top 93Alignment of Incentives and Rewards—Walking the Talk 93What Does Risk Management Have to Do? 94Conclusion 95References 95About the Author 957 ERM Frameworks 97Introduction 97Introduction to the ISO Risk Management Framework 97Principles of Risk Management and Excellence in Risk Management 99Elements of an ERM Framework 100ERM Framework: Concept and Elements 100Risk Management Process (RMP) 102Risk Management Process: Context 105Risk Management Process: Risk Assessment 106Risk Management Process: Risk Treatment 109Risk Management Process: Monitoring and Review 109Risk Management Process: Communication and Consultation 109Risk Management Process: Recording the Risk Management Process 110Mandate and Commitment to the ERM Framework 110Rationale for Commitment to ERM 111Gap Analysis for ERM 111Context for ERM Framework 112Design, Decision, and Implementation of the ERM Framework 112Risk Management Policy 113Policies for the ERM Framework 113Policies for Risk Management Decisions 113Review of Policies 117 viiiContentsIntegration of Risk Management and Resources for ERM 118Communications, Consultation, and Reporting 119Accountability 120Continuous Improvement 121Conclusion 122References 122About the Author 1238 Identifying and Communicating Key Risk Indicators 125Introduction 125What Is a Key Risk Indicator? 126Definition 126Examples ofKRIs 126Differentiation from Key Performance Indicators 128Practical Applications 129Validate Organizational Planning and Monitor Performance 129Enhance Operational Efficiency and Effectiveness 130Clarify Risk-Taking Expectations 131Monitor Risk Exposures 132Measure Risk 133Value of KRIs to Risk Management 134Design Principles 135Keep the Stakeholders and Objectives in Mind 135Leverage Management Insight and Existing Metrics 135Have a Good Basic Understanding of the Risks 135Limit Indicators to Those That Are Most Representative 136Ensure Clarity in What Is Being Measured 136Focus More on Objective Measures 136Consider the Wider Set ofKRIs 136Consider the Relative Importance ofKRIs 136Monitor for Continual Usefulness 137Think Longer Term 137Implementation Considerations 137Obtaining Buy-In 138Lack of Resources and Skills 138Data and Technology Challenges 138Integration with Business Activities 139Sustainability of the KRI Framework 139Conclusion 139Note 139Acknowledgment 140About the Author 140PART III ERM Tools and Techniques 1419 How to Create and Use Corporate Risk Tolerance 143Introduction 143What Is Risk Tolerance? 144 CONTENTS ixWhy Is Setting Risk Tolerance Important? 144What Are the Factors to Consider in Setting Risk Tolerance? 145Attitude About Risk 146Goals 146Capability to Manage Risk 147Capacity to Take Risk 149Cost/Benefit of Managing Risk 150How Can Your Organization Make Risk Tolerance Useful in Managing Risk? 150Conclusion 152Notes 153About the Authors 15410 How to Plan and Run a Risk Management Workshop 155Introduction 155What Is a Risk Workshop? 155Why Use Workshops? 156How to Conduct a Risk Workshop 156Preparation 156Identify the Sponsor 157Set the Objectives of the Workshop 158Set the Scope 159Assemble Reference Materials 160Set the Agenda 162Decide on Attendees 164Arrange Venue 164Execution 165Facilitate the Workshop 165Record the Results 167Prepare the Final Report 167Techniques for Planning and Facilitating EffectiveRisk Workshops 168"Anonymous" Voting 168Useful Facilitation Tips 169Tough Spots 169Conclusion 170About the Author 17011 How to Prepare a Risk Profile 171Introduction 171Definition and Uses of a Corporate Risk Profile 171Common Types of Corporate Risk Profiles 173The "Top 10" List 173The Risk Map 173The Heat Map 174Advantages and Disadvantages of Information-Gathering Methodologies 176 xContentsHow to Prepare a "Top 10" Risk Profile—Hydro One's Experience 176Step 1: Schedule Interviews and Gather Background Information 177Step 2: Prepare the Interview Tools 178Step 3: Summarize the Interview Findings 181Step 4: Summarize the Risk Ratings and Trends 182Step 5: Draft the Top 10 Risk Profile 182Step 6: Review the Draft Risk Profile 184Step 7: Communicate the Risk Profile with the Boardor Board Committee 185Step 8: Track the Results 186Conclusion 186Notes 186References 187About the Author 18812 How to Allocate Resources Based on Risk 189
Introduction 189
Risk Policy and a Center of Excellence for Risk Management 191
Key Policy Elements 191
Center of Excellence 192
Translating Strategic Objectives into Risk-Based Concepts 192
The Consequence Domain 193
The Probability Domain 197
The Integration of Business Objectives/Risk Events/Risk Concepts 198
Risk-Based Business Processes and Organizational Considerations 200
Risk-Based Business Processes 200
Organizational Considerations 204
Concepts, Methods, and Models Enabling Risk Identification,
Evaluation, Mitigation, Prioritization, and Management 206
The Concept ofEvaluation Time Frames 206
Methods and Models to Quantify the Impact of Risk Events 207
Prioritization of Investment Proposals 209
Management of the Portfolio of Preferred Investment Proposals 211
Information Requirements and Challenges 211
Operational Risk Assessment Information 212
Strategic Risk Assessments 212
Measures of Effectiveness for Continuous Improvement 213
Conclusion 213
Notes 214
About the Author 216
Appendix 12.A 216
13 Quantitative Risk Assessment in ERM 219
Introduction 219
Risk Assessment: Four Alternative Approaches 222
Method 1: Active Management of the Largest Risks 222
Method 2: "High/Medium/Low" Classification of Risks:
The Two-Dimensional Risk Map 224
CONTENTS
xi
Method 3: Risk Assessment Using Refined Classifications:
Refining the Classification 225
Method 4: Statistical Analysis 229
Aggregating Probabilities and Impacts 230
Total Corporate Risk: An Illustration 232
Incorporating Risk Quantification in the Business Planning Process 233
Sensitivities and Scenarios 233
Conclusion 234
Notes 235
References 235
About the Author 235
PART IV Types of Risk 237
14 Market Risk Management and Common Elements
with Credit Risk Management 239
Introduction to Credit Risk and Market Risk 239
A Taxonomy of Market and Credit Risk 240
Credit and Market Risk in an ERM Framework 241
Responding to Credit and Market Risk 242
The Case for Actively Managing Market Risk 243
The Case for Not Actively Managing Market Risk 244
Natural Market Risk Management 245
Measuring Market Risk 246
The Markets as Risk Indicators 247
Measuring Potential Impact 248
Earnings at Risk 249
Market Risk Management with Forward-Type Products 250
Market Risk Management with Option-Type Products 253
Trade-Offs Between Option Strategies and Forward Strategies 255
Operational Issues of Using Derivatives 256
Governance and Oversight of Market Risk Management 257
Conclusion 259
Notes 259
References 260
About the Author 260
15 Credit Risk Management 261
Credit Risk Analysis 261
Fundamental Analysis of Credit D
đang được dịch, vui lòng đợi..