CONTENTS List of figures List of tables Preface Acknowledgements Introduction PART ONE Introduction to risk management Learning outcomes for Part One Part One Further reading 01 Approaches to defining risk Definitions of risk Types of risks Risk description Inherent level of risk Risk classification systems Risk likelihood and magnitude 02 Impact of risk on organizations Level of risk Impact of hazard risks Attachment of risks Risk and reward Risk and uncertainty Attitudes to risk 03 Types of risks Timescale of risk impact Hazard, control and opportunity risks Hazard tolerance Mitigation of hazard risks Management of uncertainties Embracing opportunities 04 Development of risk management Origins of risk management Changes in the marketplace Insurance origins of risk management Specialist areas of risk management Enterprise risk management Levels of risk management sophistication Bow-tie representation of risk management 05 Principles and aims of risk management Principles of risk management Importance of risk management Risk management activities Efficient, effective and efficacious Implementing risk management Achieving benefits 06 Risk management standards Scope of risk management standards Risk management process Risk management framework COSO ERM cube Features of RM standards Alternative approaches Case studies: Generali Group: Risk factors Rio Tinto: Managing risk effectively PART TWO Risk strategy Learning outcomes for Part Two Part Two Further reading 07 Risk management framework Risk architecture, strategy and protocols Risk management manual Risk management architecture Risk management strategy Risk management protocols Establishing the context 08 Risk management documentation Risk management documentation Risk response and improvement plans Event reports and recommendations Risk performance and certification reports Designing a risk register Using a risk register 09 Risk management responsibilities Allocation of responsibilities Range of responsibilities Statutory responsibilities of management Role of the risk manager Risk architecture Risk committees 10 Risk-aware culture Styles of risk management Defining risk culture Measuring risk culture Risk culture and risk strategy Alignment of activities Risk maturity 11 Risk training and communication Consistent response to risk Risk training and risk culture Risk information and communication Shared risk vocabulary Risk information on an intranet Risk management information systems (RMIS) 12 Risk practitioner competencies Competency frameworks Range of skills Communication skills Relationship skills Analytical skills Management skills Case studies: Invensys: Responsibilities and actions Coventry Building Society: Governance and oversight PART THREE Risk assessment Learning outcomes for Part Three Part Three Further reading 13 Risk assessment considerations Importance of risk assessment Approaches to risk assessment Risk assessment techniques Risk matrix Risk perception Risk appetite 14 Risk classification systems Short, medium and long-term risks Nature of risk classification systems Examples of risk classification systems FIRM risk scorecard PESTLE risk classification system Hazard, control and opportunity risks 15 Risk likelihood and impact Application of a risk matrix Inherent and current level of risk Control confidence 4Ts of risk response Risk significance Risk capacity 16 Loss control Risk likelihood Risk magnitude Hazard risks Loss prevention Damage limitation Cost containment 17 Defining the upside of risk Upside of risk Opportunity assessment Riskiness index Upside in strategy Upside in projects Upside in operations 18 Business continuity planning Importance of business continuity planning and disaster recovery planning Business continuity standards Successful business continuity planning and disaster recovery planning Business impact analysis (BIA) Business continuity planning and enterprise risk management Civil emergencies Case studies: BG Group: Principal risks and uncertainties IHG: Managing risk in hotels PART FOUR Risk response Learning outcomes for Part Four Part Four Further reading 19 Enterprise risk management Enterprise-wide approach Definitions of ERM ERM in practice ERM and business continuity ERM in energy and finance Future development of ERM 20 Importance of risk appetite Risk capacity Risk exposure Nature of risk appetite Risk appetite statements Risk management and uncertainty Risk appetite and lifestyle decisions 21 Tolerate, treat, transfer and terminate The 4Ts of hazard response Tolerate risk Treat risk Transfer risk Terminate risk Project and strategic risk response 22 Risk control techniques Hazard risk zones Types of controls Preventive controls Corrective controls Directive controls Detective controls 23 Control of selected hazard risks Cost of risk controls Control of financial risks Control of infrastructure risks Control of reputational risks Control of marketplace risks Learning from controls 24 Insurance and risk transfer Importance of insurance History of insurance Types of insurance cover Evaluation of insurance needs Purchase of insurance Captive insurance companies Case studies: Nationwide: Risk management and control Rank Group: Governance framework PART FIVE Risk and organizations Learning outcomes for Part Five Part Five Further reading 25 Corporate governance model Corporate governance OECD principles of corporate governance LSE corporate governance framework Corporate governance for a bank Corporate governance for a government agency Evaluation of board performance 26 Stakeholder expectations Range of stakeholders Stakeholder dialogue Stakeholders and core processes Stakeholders and strategy Stakeholders and tactics Stakeholders and operations 27 Analysis of the business model Simplified business models Core business processes Efficacious strategy Effective processes Efficient operations Reporting performance 28 Project risk management Introduction to project risk management Development of project risk management Uncertainty in projects Project lifecycle Opportunity in projects Project risk analysis and management 29 Operational risk management Operational risk Definition of operational risk Basel II Measurement of operational risk Difficulties of measurement Developments in operational risk 30 Supply chain management Importance of the supply chain Scope of the supply chain Strategic partnerships Joint ventures Outsourcing of operations Risk and contracts Case studies: BBC: Corporate governance framework Sainsbury: RM and internal controls PART SIX Risk assurance and reporting Learning outcomes for Part Six Part Six Further reading 31 Evaluation of the control environment Nature of internal control Purpose of internal control Control environment Features of the control environment CoCo framework of internal control Risk-aware culture 32 Activities of the internal audit function Scope of internal audit Financial assertions Risk management and internal audit Risk management outputs Role of internal audit Management responsibilities 33 Risk assurance techniques Audit committees Role of risk management Risk assurance Undertaking an internal audit Control risk self-assessment Benefits of risk assurance 34 Reporting on risk management Risk documentation Sarbanes–Oxley Act of 2002 Risk reports by US companies Charities’ risk reporting Public sector risk reporting Government report on national security 35 Importance of corporate reputation Reputation and corporate governance CSR and risk management CSR and reputational risk Supply chain and ethical trading CSR reporting Importance of reputation 36 Future of risk management Review of benefits of risk management Steps to successful risk management Changing face of risk management Emerging risks Emerging trends in risk management Future developments Case studies: John Lewis: Corporate social responsibility (CSR) Man Group: Risk and control reporting Appendix A: Abbreviations and acronyms Appendix B: Glossary of terms Appendix C: Implementation guide