Fundamentals of Enterprise Risk Management: How Top Companies Assess Risk, Manage Exposure, and Seize Opportunity available in Hardcover
- Pub. Date:
Anyone could see that offering exotic mortgages to people with lackluster credit histories was a risky proposition. But when the default rate started its inevitable rise, almost no one imagined that large, esteemed financial institutions would actually collapse. What happened? How is it that so many organizations completely failed to understand their risk exposures? Didn’t they have risk management systems in place to reduce those exposures?
One thing the financial crisis clearly shows, says the author of Fundamentals of Enterprise Risk Management, is that traditional approaches to risk management are a failure. America’s financial companies kept a narrow, inward focus on limiting the impact of a web of maddeningly complex risk exposures. But the job of enterprise risk management (ERM) is not to centrally control risk, but to accurately identify it—constantly scanning the horizon for changing conditions and monitoring for internal weaknesses—and to share the information widely.
Fundamentals of Enterprise Risk Management offers an expansive yet focused approach that will radically improve your ability to recognize risk and minimize loss, as well as understand the level of risk that’s required to pursue opportunities.
Using examples from Home Depot, Boeing, Airbus, Nokia, and many other companies, the book’s insights, strategies, and unique tools help you:
● Identify your organization’s exposure to a multitude of business, financial, and hazard risks—then visualize risk relationships using innovative new applications, such as Riskonnect®.
● Recognize hard-to-see internal risk exposures, such as weaknesses in your strategy, subcultures that can destroy your goals, and life cycle risks for different lines of business and operating units.
● Assign “risk owners” for every category of risk—thus eliminating the excessive complexity faced by a single risk manager—and align risk accountability with the organization’s business model.
● Understand Nassim Taleb’s concept of “black swans”— unpredictable crises that seem to upend risk management strategies—and learn how seemingly random events are not always unexpected.
● Examine how companies such as AIG blindly exposed themselves to excessive risk—and how a knowledge warehouse would have clearly illuminated the risk exposures and possibly circumvented the 2008 financial crisis.
● Focus on the upside of risk and seize opportunities that are attainable only by informed decisions on the acceptance of risk.
Comprehensive, refreshingly clear, and packed with the latest insights from the field, Fundamentals of Enterprise Risk Management is essential reading for anyone responsible for monitoring risk exposures, in any setting—corporate, nonprofit, or government.
John J. Hampton is the KPMG Professor of Business and Director of Graduate Business programs at St. Peter’s College, and former Executive Director of the Risk and Insurance Management Society (RIMS). He lives in Litchfield, Connecticut.
|Edition description:||New Edition|
|Product dimensions:||6.30(w) x 9.10(h) x 1.30(d)|
|Age Range:||18 Years|
About the Author
John J. Hampton (Litchfield, CT) is the KPMG Professor of Business and Director of Graduate Business Programs at St. Peter’s College, and former Executive Director of the Risk and Insurance Management Society (RIMS).
Read an Excerpt
Risk Quote: Keep your friends close, and your enemies closer.
—Sun-Tzu, Chinese general
and military strategist,
around 400 b.c.
Risk Quote: This was my father’s study. He taught me a lot of
things in this room. He taught me to keep my friends close and
my enemies closer.
—Michael Corleone in The Godfather (1976)
Welcome to the world of enterprise risk management (ERM), one of
the most popular and misunderstood of today’s important business
topics. It is not very complex. It is not very expensive. It does
add value. We just have to get it right. Until recently, we have been
getting it wrong.
This is really a book about risk from a new perspective. The
journey carries us into the heart of risk management and risk opportunity.
It is mostly about how to do a better job of risk identification.
If we define the problem correctly and share our findings,
we can reduce surprises—not eliminate them, mind you, but get
many of them under control.
ERM tells us it is a new world of risk. No longer is risk management
largely the purview of the chief financial officer. The risk
picture is incomplete when limited to the financial component,
which actually is the scorecard, not the driver, for risk mitigation.
This realization has encouraged new approaches to manage risk
and seize opportunity.
Organizations have two ways to address risk. The wrong way
is to assume that people can understand hundreds or even thousands
of exposures. It is not possible. Risks and opportunities must
be organized and accepted at various levels by risk owners. Our
new paradigm will show you how to structure enterprise risks.
A brief overview of the new ERM includes the following specific
s Upside of Risk. Most people discuss risk as the possibility of
loss. This is totally insufficient, as risk also has an upside. A
lost opportunity is just as much a financial loss as is damage
to people and property. This is a key insight. Ask Sun-Tzu or
s Alignment with the Business Model. A business model is a
framework for achieving goals. Within it, a single manager can
supervise only a limited span of subordinates or subsidiaries.
Similarly, one person can oversee a limited number of risks
and key initiatives. ERM encourages us to align the hierarchy
of risk categories with the business model.
s Risk Owners. As someone is accountable for revenues, profits,
and efficiency, a single person should be responsible for every
category of risk. When questions arise, then, we will not have
to deal with a committee or multiple individuals. We will go
directly to the risk owner. We will see an exception to this
guideline in Part Three, where we address risks with no single
s Central Risk Function. Although risks cannot be managed centrally,
organizations need a central risk function. The role is to
scan for changing conditions from a central vantage point and
to share the findings with risk owners. In addition, some risks
cross units and responsibilities, so that risk can be overlooked.
In a change to traditional thinking, this book argues that such
a central risk function should not, itself, have any responsibility
for risk management. Risk goes with the risk owners. Risks
that cross units or responsibilities are identified centrally and
dealt with using customized solutions.
s High-Tech ERM Knowledge Warehouse. ERM encourages the
use of new technologies to clarify risks and opportunities. This
book describes in detail a cutting-edge technology platform to
help understand risk mitigation efforts and the status of risk
The book is organized into five parts, starting with the basics of a
new approach to ERM:
s Part One—Essentials of Enterprise Risk Management. We
first ask several important questions: What is ERM? What is
not ERM? What are the key components needed to manage
enterprise risk? Why do we need a central risk function and
risk identification and sharing using a high-tech platform?
Then, we address black swans, unexpected and unforeseen
major crises or disaster that are virtually unpredictable. Where
do black swans fit into the ERM picture? How could we have
highly developed ERM in place in financial institutions and still
have the 2008 financial crisis?
s Part Two—ERM Technology. This is big. We finally are getting
the technology to visualize risk relationships and to back up
the view with supporting detail. Here we cover the elements of
an ultramodern technology platform that brings together risks,
the factors that affect them, and the status of activities to mitigate
them. We employ a tool, seamless and easy to use, which
has been developed by a company called Riskonnect. Large
companies have or will soon have their own systems. Other
vendors are likely to enter the market.
s Part Three—Risks Without Risk Owners. Some risks depend
upon collaboration, crossing, as they do, the silos of the modern
bureaucracy. With a central risk function and modern technology,
we deal with such risks. We start with strategic risk.
How do we monitor conflicting plans and goals? We address
subculture risk, in which beliefs, assumptions, biases, and weak
management practices endanger success. We recognize leadership
risk, where the absence of a clear and achievable vision
can be destructive. We acknowledge life cycle risk; a failure to
understand this can be devastating. Finally, we deal with horizon
risk to keep everyone informed on changing external conditions.
s Part Four—ERM Stories. Risk management is a broad-brush
category, with the details often filled in by a focus on narrower
topics. Our stories range from avoiding business disruption to
a discussion of the future of ERM. What are different applications?
How does ERM relate to Sarbanes-Oxley? Where do we
find new risk management concepts? In this part, we present
stories of ERM.
s Part Five—The People of Risk Management. Risk management
is a people business. It takes knowledge, street smarts,
and experience to do it right. Now we get up close and personal,
introducing by name risk influencers and managers. In addition,
we describe the positions and skills needed for ERM as we
listen to ideas directly from individuals who advocate ERM.
Our journey covers a mixture of concepts, tools, and stories that
add richness and depth to managing enterprise risk. ERM is both
popular and misunderstood, but, as we have said, it is not very
complex. It is not very expensive. It does add value. We just have
to get it right. Is ERM a science? An art? A mystery? Or is it plain
old common sense? In the following pages we answer these questions.
Before we begin the journey, we wish to acknowledge the many
people who contributed to this book. Ellen Thrower, former president
of the College of Insurance in New York City, showed me the
importance of risk management as a tool for dealing with hazard
risk. Chris Mandel and Susan Meltzer, former presidents of the
Risk and Insurance Management Society (RIMS), encouraged me
to understand risk from a holistic viewpoint. Felix Kloman and
Beaumont Vance were role models for creativity in risk discussions.
Nathan Sambul, formerly with Marsh, and Valery Vyatkin,
my Russian partner, contributed ideas that shaped the book. Bob
Morrell, CEO of Riskonnect,was inspirational in his work to build
technology to support a new approach to ERM. MBA candidates at
Saint Peter’s College in New Jersey served as test subjects for readings.
Their projects and ideas contributed heavily to the evolution
of my thinking as the book went through six revisions.
Thanks also to an assortment of critical thinkers and risk practitioners,
including Lance Ewing, John Bayeux, George Niwa, Paul
Buckley, Roger Egan, Pat Gallagher, Laurie Brooks, Ralph Russo,
Anthony Terracciano, and Tom Ruggieri. Thanks also to Business
Insurance magazine. Regis Coccia seeks the highest quality understanding
of risk. Marty Ross and Paul Winston have been totally
supportive of all our efforts. Finally, thanks to Bob Shuman, Mike
Sivilli, Jerilyn Famighetti, and Jeremiah Binnbaum of AMACOM
books. Bob understood immediately the message of the book and
was a wise and steady motivator to tell it as best I can. Mike was a
pleasant surprise as he guided me through the editorial/production
process to completion of the book. Jerilyn did a marvelous job
of smoothing out rough spots and bringing clarity to the writing
during the copyediting stage.
Last but not least, my administrative assistant, Mary Sullivan,
and my graduate assistants, Juan Peng (Adele) and Yu Miao
(Grace), were invaluable in creating the final product. My bride,
Doreen, a book author in her own right, read the final three manuscripts
and contributed many suggestions to help people understand
the key points.
John J. Hampton
Table of Contents
Part One. Essentials of Enterprise Risk Management
1. Modern Risk Management
RUSSIAN FROZEN-CHICKEN CASE
2. Scope of ERM
3. Contributions of ERM
HOME DEPOT CASE
4. Challenge of the Black Swan
5. Challenge of the 2008 Financial Crisis
6. Implementing ERM
Part Two. ERM Technology
7. Visual Risk Clusters
AIG VISUAL RISK CLUSTER CASE
8. Visual Risk—A Hypothetical Case
9. Tagging Risk—An Example
10. Airbus A380 Jumbo Jet
11. Product Launch Application
Part Three. Risks Without Risk Owners
12. Strategic Risk
TAIWAN STRATEGIC RISK CASE
13. Subculture Risk
Appendix 13.A—Characteristics to Use in Identifying
SUBCULTURE RISK AND HIGH SCHOOL CASE
14. Leadership Risk
IKEA---BEST PRACTICES IN LEADERSHIP RISK CASE
15. Life Cycle Risk
GM AND TOYOTA LIFE CYCLE RISK CASE
16. Horizon Risk
Part Four. ERM Stories
17. Aligning Risk Categories with the Business Model
18. Avoiding Business Disruption
19. ERM and Sarbanes-Oxley
20. Coffee Mug, Candy, Exotic Jams, and Toyota
21. ERM and Swarm Theory
22. Cerberus and Chrysler
23. Risk Management and the History of ERM
24. Evolving ERM Since 2004
25. Risk Management and the Future of ERM
Part Five. The People of Risk Management
26. Modern Risk Managers
27. Chief Risk and Strategy Officers
28. Risk Managers in Person
29. Central Risk Management Committee
BEAUMONT CENTRAL RMC LEADER CASE
Most Helpful Customer Reviews
Fully managing enterprise risk means more than insuring against fire, floods and other hazards. Companies commonly have many uninsured exposures to loss from tougher competition, rapid technological change, financial instability and regulatory sanctions. That is why business leaders in growing numbers have adopted enterprise risk management (ERM), a flexible way to identify and respond to a corporation's total range of risks. Not all risks are all bad. Some are worth taking. Firms that practice enterprise risk management can minimize their potential peril while taking their best calculated risks, the ones most likely to increase sales and profits. Enterprise risk management will not eliminate risk. It did not prevent the failures of major financial institutions during the 2008 crisis. But author John J. Hampton cogently upholds the practice, noting that a disciplined, detailed approach is critical to making ERM actually work. He favors a customizable model of risk management - including a central monitoring function - that can work for a company of any size. getAbstract recommends this book to business leaders seeking a more reliable way to identify each meaningful risk, to distinguish good risks from bad ones and to cover their downsides as much as possible. To learn more about this book, read the following summary: http://www.getabstract.com/summary/11626/fundamentals-of-enterprise-risk-management.html