Enterprise Risk Management: From Incentives to Controls / Edition 1

Hardcover (Print)
Buy Used
Buy Used from BN.com
(Save 41%)
Item is in good condition but packaging may have signs of shelf wear/aging or torn packaging.
Condition: Used – Good details
Used and New from Other Sellers
Used and New from Other Sellers
from $2.05
Usually ships in 1-2 business days
(Save 97%)
Other sellers (Hardcover)
  • All (19) from $2.05   
  • New (3) from $58.80   
  • Used (16) from $2.05   
Sort by
Page 1 of 1
Showing 1 – 1 of 3
Note: Marketplace items are not eligible for any BN.com coupons and promotions
Seller since 2008

Feedback rating:



New — never opened or used in original packaging.

Like New — packaging may have been opened. A "Like New" item is suitable to give as a gift.

Very Good — may have minor signs of wear on packaging but item works perfectly and has no damage.

Good — item is in good condition but packaging may have signs of shelf wear/aging or torn packaging. All specific defects should be noted in the Comments section associated with each item.

Acceptable — item is in working order but may show signs of wear such as scratches or torn packaging. All specific defects should be noted in the Comments section associated with each item.

Used — An item that has been opened and may show signs of wear. All specific defects should be noted in the Comments section associated with each item.

Refurbished — A used item that has been renewed or updated and verified to be in proper working condition. Not necessarily completed by the original manufacturer.


Ships from: Chicago, IL

Usually ships in 1-2 business days

  • Standard, 48 States
  • Standard (AK, HI)
Page 1 of 1
Showing 1 – 1 of 3
Sort by


A comprehensive look at enterprise-wide risk management written by a high-profile risk manager

Failure to properly manage risk continues to plague corporate America–from Enron to Long-Term Capital Management. A company can survive and may even thrive if it has good people and bad processes, but it cannot if the reverse is true. The truth is a company’s risk profile is driven by the decisions and actions of its employees. Filled with valuable advice and expert insight, Enterprise Risk Management explores the controls and incentives that motivate proper risk management within any organization. While risk management processes such as risk reporting and auditing can provide useful monitoring, it is more important to ensure that the right people are in place to begin with, and that they are motivated by the right culture and incentives. Enterprise Risk Management allows readers to do this by focusing on how to best meet these challenges and discussing how to improve risk management procedures within a company.

About the Author:
James Lam is President of James Lam & Associates, an independent risk advisory firm.

Read More Show Less

Product Details

  • ISBN-13: 9780471430001
  • Publisher: Wiley
  • Publication date: 5/23/2003
  • Series: Wiley Finance Series, #181
  • Edition number: 1
  • Pages: 336
  • Product dimensions: 6.12 (w) x 9.26 (h) x 1.14 (d)

Meet the Author

JAMES LAM is widely recognized as the first ever ChiefRisk Officer and a pioneer in the field of enterprise riskmanagement. In a Euromoney survey, Mr. Lam was nominated by clientsand peers as one of the world’s leading risk consultants. Hecurrently serves as President of James Lam & Associates andDirector and Chairman, Risk Oversight Committee of E*TRADEFinancial. Previously, he held positions including Partner ofOliver Wyman, Founder and President of ERisk, Chief Risk Officer ofFidelity Investments, and Chief Risk Officer of GE Capital MarketsServices, Inc. In 1997, Mr. Lam received the inaugural Risk Managerof the Year Award from the Global Association of RiskProfessionals. Treasury & Risk magazine named him one ofthe “100 Most Influential People in Finance” in 2005,2006, and 2008.

Read More Show Less

Read an Excerpt

Enterprise Risk Management

From Incentives to Controls

John Wiley & Sons, Inc.

Copyright © 2003 James Lam
All right reserved.

ISBN: 0-471-43000-5


One evening in the autumn of 1995, I flew into Boston to have dinner with Denis McCarthy, then the chief financial officer of Fidelity Investments. McCarthy was the person to whom I would report if I accepted an offer to become the first chief risk officer for the corporation. I asked him what the main objective would be for this new position. His reply: "We want to operate in an environment in control, not a controlled environment."

I took that job with the understanding that Fidelity wanted to improve its risk management practices, but not at the price of destroying the entrepreneurial spirit and product innovation that had made it the largest mutual fund company in the United States.

Fidelity was not alone then and is not alone now. Every business faces the parallel challenges of growing earnings and managing risks. A thriving business must identify and meet customer needs with quality services and products; recruit and retain talented people; and correctly make business and investment decisions that will lead to future profit opportunities. However, the pursuit of new profit opportunities means that a business must take on a variety of risks. All of these risks must be effectively measured and managed across the business enterprise.

Otherwise, today's promising business ventures may end up being tomorrow's financial disasters. As I am fond of telling audiences when speaking on the importance of risk management, over the longer term, the only alternative to risk management is crisis management-and crisis management is much more expensive, time consuming, and embarrassing. The majority of such audiences have experienced one or more crises in their time, so this is a message that rings true.

Every business decision involves an element of risk. There are risks involved in making investments, hedging with derivatives, or extending credit to a retail customer or business entity. There are also risks involved when developing and pricing new products, hiring and training new employees, aligning performance measurement and incentives with business objectives, and establishing a culture that balances revenue growth and risk management.

Over time, individual business decisions and risks collectively build up into a company's overall risk portfolio, which will have a unique risk pro-file. This risk profile will determine the company's earnings-and earnings volatility-over the business cycle. Some decisions will be winners and some will be losers. Some risks will offset each other, some risks will be unrelated to each other, and some will compound each other. In order to manage risk effectively, a business must address not only its underlying risks, but also the interrelationships between them.

As we will see from the numerous case studies discussed in this book, ineffective risk management can lead to reduced earnings or even bankruptcy. However, risk management means different things to different people. In this book, risk management is defined in its broadest business sense. Risk management is not just about using derivatives to manage interest rate and foreign exchange exposures-it is about using a portfolio approach to manage the full range of risks faced by an enterprise. Nor is risk management only about establishing the right control systems and processes-it is also about having the right people and risk culture. And although the term has come to bear some negative connotations, risk management is not only about reducing downside potential or the probability of pain, but also about increasing upside opportunity or the prospects for gain.

Individual investors managing their investments must be careful when it comes to the amount of risk that they take on. If they take on too much risk, perhaps by making aggressive investments, the losses could exceed their risk tolerance, or be too uncertain for comfort. On the other hand, if they fail to take on enough risk, by making conservative investments, they may earn returns that are stable, but inadequate for achieving the investor's financial objectives.

Striking an optimal balance between risk and return is not only important to the individual investor, it is also an imperative for business management. The concept of "no risk, no return" is widely accepted in the business world. A corollary to that concept is "higher risk, higher return," a positive relationship illustrated in Figure 1.1. This is how many people think about the trade-off between risk and return, and it has the virtue of simplicity. However, it is certainly not valid if risk is put into its proper perspective.

A better way to think about risk and return is illustrated in Figure 1.2. The focus is no longer on the relationship between risk and absolute return, but about the relative or risk-adjusted return. A company in zone 1 is not taking enough risk, and its capital is being underutilized. This company would be better off increasing risk through a growth or acquisition strategy, or reducing capital through higher dividends. In zone 3, however, the company is taking too much risk. This company's risk level is above and beyond its risk absorption capability in terms of capital, and/or its risk management capability in terms of people and systems.

In zone 2, the company has found the "sweet spot" that optimizes its risk/return profile. The problem is that most companies do not even have good information on enterprise-wide risk exposures (which is to say, where they are on the horizontal axis), let alone where they are on the risk-adjusted return curve. To make matters worse, the net present value and economic value-added models frequently used in strategic planning naturally favor higher-risk investments unless proper adjustments are made to account for risk. Over time, investments guided by these unadjusted models may inadvertently lead a company to drift into zone 3.

A principal message of this book is that a company should develop an integrated approach to measuring and managing all of its risks in order to optimize its risk/return profile. A key management requirement for risk/return optimization is to integrate risk management in the business processes of the company.

We've seen, then, that risk is an inescapable part of doing business and argued that a business should strive toward its optimal risk/return profile. However, there is another question that deserves examination: why manage risk? Indeed, why read this book?

A company could conceivably agree that it bears risks but feels it inappropriate to manage them, rather than simply live with them. Risk management may seem to be irrelevant, too costly, or not in accordance with the interests of the company's stakeholders. Some academics have argued positions close to these, as we will see. Certainly, before a company invests money and other valuable resources into risk management (and before the reader spends any more time reading this book), the "value proposition" of risk management needs to be clearly established.

Perhaps the best way to answer the question "why manage risk?" is to borrow a popular technique used by diet and other self-improvement programs. That simple but effective technique is to paint a clear picture of the gain of action along with an equally clear picture of the pain of inaction. In the next section, we'll paint the happy picture: the benefits of effective risk management in terms of the expected benefits and gains. In the section thereafter, we'll paint the dire picture of the severe negative consequences-the pain-that may be suffered if effective risk management is not in place.


Numerous academic papers have established the theoretical basis for managing risk, arguing that it can reduce taxes, reduce transaction costs, and improve investment decisions. However, beyond the theory there are at least four practical reasons why risk management should be of paramount importance to the management of a firm. In this practical context, risk management should be defined more broadly, to include internal controls as well as hedging.

Let's now take a look at these four reasons in turn.

Reason #1. Managing risk is management's job. One notion in modern finance theory is that managing risk, or more specifically hedging, is not necessary because an investor can reduce risk through a diversified investment portfolio. Regardless of what some theoreticians may argue, you will never in the real world hear a fund manager or individual investor tell a company's management, "Don't worry about managing risk or bankrupting the company-I have a large diversified portfolio."

Managing the risks of a business enterprise is the direct responsibility of its management, not of its shareholders. While modern portfolio theory is a major contributor to the theory and practice of finance and risk management today, the argument that the investor can better manage or diversify risks does not ring true in the real world. The average individual investor probably spends more time buying a new car than addressing the risks of his or her investment portfolio. Even the professional fund manager is several degrees away from the "insider knowledge" required for effective risk management, which includes:

* Historical data on risk/return results, volatilities, and correlations

* Current risk exposures and concentrations in the business

* Future business and investment plans that may alter the firm's risk profile

Given the complexity of the above information, as well as the lack of full transparency to outsiders, the shareholder cannot be expected to make optimal risk/return decisions. Measuring and managing enterprise-wide risks is a great challenge even for the enterprise's management, which has superior access to information and support from risk management professionals. The most that shareholders can do is to elect an independent and risk-astute board that will represent their interests, and walk away with their investment dollars if they are not happy with management's performance. In the meantime, it remains management's job to ensure that the company achieves its business objectives and is not exposed to excessive risks.

Reason #2. Managing risk can reduce earnings volatility. One of the key objectives of risk management is to reduce the sensitivity of a firm's earnings and market value to external variables. For example, the stock prices of companies that are more active in, say, market risk management should exhibit lower sensitivity to market prices. This is borne out by the empirical evidence. For example, a study published in 1998 by Peter Tufano of the Harvard Business School ranked gold producers in terms of the intensity of their hedging activities. The conclusion was that the stock prices of those in the top quartile were about 23 percent less sensitive to gold price changes than those of the bottom quartile. Companies exposed to interest rates, foreign exchange rates, energy prices, and other market variables can better manage earnings volatility through risk management. Managing earnings volatility today is more important than ever given that the stock market severely punishes stocks that fail to meet earnings expectations. At the same time, the Securities and Exchange Commission (SEC) and other regulatory bodies are cracking down on "earnings management" practices that use accounting techniques to smooth out earnings. In this business environment, management must pay more attention to managing the underlying risks of the business.

Reason #3. Managing risk can maximize shareholder value. In addition to managing earnings volatility, risk management can help a business enterprise to achieve its business objectives and maximize shareholder value. Companies that undertake a risk-based program for shareholder value management typically identify opportunities for risk management and business optimization that can add 20 to 30 percent or more to shareholder value. Such improvements can be achieved by ensuring that:

* Target investment returns and product pricing are established at levels that reflect the underlying risks.

* Capital is allocated to projects and businesses with the most attractive risk-adjusted returns, and risk-transfer strategies are executed to optimize portfolio risk and return.

* The company has the appropriate skills to manage all of its risks, in order to protect against large financial losses or damage to its reputation or brand.

* Performance metrics and incentives, at both the individual and business unit levels, are in congruence with the enterprise's business and risk objectives.

* Key management decisions, such as mergers and acquisitions and business planning, explicitly incorporate the element of risk.

Strategies for achieving these objectives, and case studies of how they work in practice, will be discussed in the main sections of the book.

A 1998 study by George Allayannis and James Weston of the University of Virginia has supported the notion that active risk management contributes to shareholder value. Allayannis and Weston compared the ratio of market value to book value for companies that were more or less active in market risk management between 1990 and 1995, as measured by their hedging activities. They found that the more active companies were rewarded with an average increase of 20 percent in market value. Risk management adds value not only to individual companies, but also supports overall economic growth by lowering the cost of capital and reducing the uncertainty of commercial activities.

Reason #4. Risk management promotes job and financial security. On an individual level, perhaps the most compelling benefit of risk management is that it promotes job and financial security, especially for senior managers. In the aftermath of the fall 1998 turmoil in financial markets, a significant number of chief executive officers (CEOs), chief operating officers, chief risk officers, and business group heads of financial institutions lost their jobs because of poor risk management performance. Senior executives in other industries have faced a similar fate in the wake of risk management problems. More recently, senior executives involved in corporate frauds and accounting scandals have appeared on national television being led away in handcuffs and face the potential of severe criminal sentences.

In addition to "career risks," senior executives with a significant portion of their wealth tied up in company stocks and options have a direct financial interest in the success and survival of the firm. These incentives, if structured appropriately, work to put the "skin in the game" for managers, resulting in a strong alignment between management and shareholder interests.


Excerpted from Enterprise Risk Management by JAMES LAM Copyright © 2003 by James Lam. Excerpted by permission.
All rights reserved. No part of this excerpt may be reproduced or reprinted without permission in writing from the publisher.
Excerpts are provided by Dial-A-Book Inc. solely for the personal use of visitors to this web site.

Read More Show Less

Table of Contents

Sect. 1 Risk Management in Context 1
Ch. 1 Introduction 3
Ch. 2 Lessons Learned 15
Ch. 3 Concepts and Processes 23
Sect. 2 The Enterprise Risk Management Framework 41
Ch. 4 What is Enterprise Risk Management? 43
Ch. 5 Corporate Governance 57
Ch. 6 Line Management 69
Ch. 7 Portfolio Management 83
Ch. 8 Risk Transfer 95
Ch. 9 Risk Analytics 109
Ch. 10 Data and Technology 123
Ch. 11 Stakeholder Management 133
Sect. 3 Risk Management Applications 147
Ch. 12 Credit Risk Management 149
Ch. 13 Market Risk Management 181
Ch. 14 Operational Risk Management 207
Ch. 15 Business Applications 235
Ch. 16 Financial Institutions 241
Ch. 17 Energy Firms 259
Ch. 18 Nonfinancial Corporations 273
Sect. 4 A Look to the Future 291
Ch. 19 Predictions 293
Ch. 20 Everlast Financial 307
Index 311
Read More Show Less

Customer Reviews

Be the first to write a review
( 0 )
Rating Distribution

5 Star


4 Star


3 Star


2 Star


1 Star


Your Rating:

Your Name: Create a Pen Name or

Barnes & Noble.com Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & Noble.com that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & Noble.com does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at BN.com or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation


  • - By submitting a review, you grant to Barnes & Noble.com and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Noble.com Terms of Use.
  • - Barnes & Noble.com reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & Noble.com also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on BN.com. It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously
Sort by: Showing 1 Customer Reviews
  • Anonymous

    Posted May 18, 2004

    Highly Recommded!

    Until recently, risk management was fairly simple. You bought insurance for your company or not. Perhaps because the world was a more stable place or because companies simply lacked the tools for quantitative analysis, executives often failed to analyze, understand and manage the spectrum of risks. Those innocent days ended with currency shifts, interest rate turbulence, the emergence of new competitors, the technological revolution and other disruptive events. In the early 1980s, companies began to take risk management seriously. Author James Lam has spent 20 years in risk management, which means he has been involved almost since its inception. He provides a lucid, well-written, well-edited exposition of the new approach to risk management ¿ enterprise risk management or ERM. His book requires a certain basic understanding of mathematical and financial concepts, but it ought to be accessible to anyone with a few years of business education or experience. We believe that CFOs and risk managers will find it most useful.

    Was this review helpful? Yes  No   Report this review
Sort by: Showing 1 Customer Reviews

If you find inappropriate content, please report it to Barnes & Noble
Why is this product inappropriate?
Comments (optional)