Fundamentals of Enterprise Risk Management: How Top Companies Assess Risk, Manage Exposure, and Seize Opportunity
Part One. Essentials of Enterprise Risk Management 1
1. Hazard and Enterprise Risk Management 3
Hurricane Andrew. Definitions of Risk. Hazard Risk. Insurable
Risk. Traditional Risk Management. Severity and Frequency.
Enterprise Risk. Operational Risk. Strategic Risk. Financial Risk.
Appendix 1. Russian Frozen Chicken 15
2. Enterprise Risk Management 18
ERM Defined. The Need for ERM. Conclusion.
Appendix 2. GM, Ford, and the Chrysler Bailout 25
3. Contributions of ERM 30
Contribution 1: Recognize the Upside of Risk. Contribution 2:
Assign Risk Owners. Contribution 3: Align Risk Accountability.
Contribution 4: Create a Central Risk Function. Contribution 5:
Install a High-Tech Electronic Platform (HTEP). AIG’s View of Risk.
Contribution 6: Involve the Board of Directors. Contribution 7:
Employ a Standard Risk Evaluation Process. Conclusion.
Appendix 3. Home Depot 40
4. Challenge of the Black Swan 45
2014 Atlanta Ice Storm. What Is a Black Swan? Blockbuster. Risk
Experts. The Failure of Experts. The Perceived Level of Risk.
Silent Evidence. Conclusion.
5. The 2008 Financial Crisis 57
Speculative Frenzies. History of the Crisis. Scanning for
Exposures. Visible Signs of Danger. Aftermath. Parallel with the
Great Depression. Dodd–Frank Act. Conclusion.
6. Implementing ERM 69
COSO Framework. COSO Structure. COSO Components. COSO
Definitions. Approaches to ERM. Risk Management Areas.
Strategies and Situations in Risk Management. Expanding the
Scope of ERM. Benefits of ERM. Making ERM More Effective.
Leadership Risk. ERM Premises. How Do We Start? High-Tech
Electronic Platform (HTEP). Conclusion.
Appendix 6. ISO 31000 Framework 82
Part Two. Risk Management Technology 85
7. Risk Clusters 87
Cluster Risk Structure. Sophisticated Risk Mapping. Clusters
Versus Spreadsheets. Hierarchy of Subrisks. Interactions.
8. Risk Technology in 2008 95
Rejection of Spreadsheets. High-Tech Electronic Platform (HTEP).
Riskonnect HTEP. User Features. Design Features. Relationships.
Risk Dashboards. Heat Map. CP&L ERM Implementation. Next
9. New Technology in 2014 113
New York University HTEP. Mobile Devices. HTEP Links.
Earthquake Notification. Southwest Airlines HTEP. Collaboration
with Chatter. Real-Time Links to the World. Word Translation and
Currency Translation. Data Resources. Managing a Disability
10. HTEP Applications 126
Airbus A380 Jumbo Jet. HTEP Opportunity with Bananas. Tropical
Storm Disruption. BP Oil Explosion. Ford Supply Chain. Dell
Supply Chain. Chilean Mine Rescue. Conclusion.
11. Product Launch Application 139
Market Risk. Product Risk. Capital Risk. Intellectual Property
Risk. Risk Profile. Expanding the View. Conclusion.
Part Three. Risks Without Risk Owners 147
12. Strategic Risk 149
FedEx. Strategic Risk Management. Strategic Risk and
Knowledge. Pursuit of Knowledge. Historical Perspective of
Strategic Risk. Strategic Risk and Synergy. Strategic Risk and
Tools of Knowledge. Strategic Risk and Opportunity Since 1980.
Scanning Post-2014. Energy All by Itself. Boeing Versus Airbus.
The Fax Machine and Strategic Risk. Conclusion.
13. Subculture Risk 171
Ford-Toyota Rowing Contest. Subculture Risk. Bureaucracy as a
Structure. Understanding Subculture Risk. Charles Handy on
Culture. Bureaucracy Culture. Spider’s Web Culture. Team
Culture. Individual Culture. Cultural Control and Effectiveness.
Recognizing the Subculture. Conclusion.
Appendix 13a. Characteristics to Identify Subcultures 184
Appendix 13b. Subculture Risk in High School 186
14. Leadership Risk 192
Behavioral Risk. Strategic and Situational Leadership. Situational
Leadership Styles. Competence and Commitment. How Leaders
Decide. IKEA Best Practices. High-Performance Leadership.
15. Life Cycle Risk 205
Organizational Life Cycle. Sharing Life Cycle Information. Life
Cycle Goals. Life Cycle Tactical Focus. Planning Horizons. Growth
as a Risk Factor. Risks with Change. GM and Toyota Life Cycle
Risk. ERM Implementation and Life Cycles. Funding for ERM.
Priority for ERM. Politics of ERM. Conclusion.
16. IBM, Microsoft, and Apple 215
IBM at Its Peak. IBM in Decline. IBM Resurgence. Microsoft
Growth. Microsoft Peak. Microsoft Decline. Apple Rise. Apple
Decline. Apple Rebound. Conclusion.
Part Four. Special Topics 225
17. Cyber Risk Management 227
Cyber Risk. Malicious Software. Loss Assessment. Managing
Cyber Risks. Buying Cyber Risk Insurance. Incident Response
Plan. Mafiaboy Attack. Sony PlayStation Attack. Hacker Language.
WikiLeaks 2010 Leak. Authorized User Exposure. Hackers and
Cyber Risk. Anonymous. Arab Spring. Bay Area Rapid
Transportation (BART). Megaupload. Responding to Anonymous
18. Collaboration for Effective Risk Management 249
Collaboration. Grocery Acquisition. Wikipedia Accuracy. Swarm
Theory. GoldCorp Collaboration.
19. Cerberus, JPMorgan, and Lehman 255
Cerberus and Chrysler. JPMorgan Chase and Derivatives. Lehman
20. Rise of Modern Risk Management 262
Risk Management Supersedes Insurance. Formation of Captives
to Retain Risks. Risk Management Addresses Liability. Decline of
Historical Data. Performance Risk Augments Hazard Risk. ERM
and Cyber Risk. War Risk. Outlaw Environments. Environmental
21. Evolving ERM 266
Four Problems for ERM. Black Swan. Long-Term Capital
Management. Speeding Up the Implementation of ERM. The
Future of ERM. Conclusion.
22. Modern Risk Managers 275
Risk Manager Roles. Risk Manager Levels. Profiles of Risk
Managers. Areas of Attention. Chief Risk Officer. Chief Strategy
Officer (CSO). CRO and CSO Areas of Focus. Paul Buckley, Tyco
Risk Manager. Chris Mandel, USAA Risk Manager. Lance Ewing,
Harrah’s Risk Manager. George Niwa, Panasonic Risk Manager.
Susan Meltzer, Aviva Risk Manager. Central Risk Management