Pub. Date:
Fundamentals of Enterprise Risk Management: How Top Companies Assess Risk, Manage Exposure, and Seize Opportunity

Fundamentals of Enterprise Risk Management: How Top Companies Assess Risk, Manage Exposure, and Seize Opportunity

by John J. Hampton


Current price is , Original price is $79.95. You

Temporarily Out of Stock Online

Please check back later for updated availability.

This item is available online through Marketplace sellers.


Anyone could see that offering exotic mortgages to people with lackluster credit histories was a risky proposition. But when the default rate started its inevitable rise, almost no one imagined that large, esteemed financial institutions would actually collapse. What happened? How is it that so many organizations completely failed to understand their risk exposures? Didn’t they have risk management systems in place to reduce those exposures?


One thing the financial crisis clearly shows, says the author of Fundamentals of Enterprise Risk Management, is that traditional approaches to risk management are a failure. America’s financial companies kept a narrow, inward focus on limiting the impact of a web of maddeningly complex risk exposures. But the job of enterprise risk management (ERM) is not to centrally control risk, but to accurately identify it—constantly scanning the horizon for changing conditions and monitoring for internal weaknesses—and to share the information widely.

Fundamentals of Enterprise Risk Management offers an expansive yet focused approach that will radically improve your ability to recognize risk and minimize loss, as well as understand the level of risk that’s required to pursue opportunities.


Using examples from Home Depot, Boeing, Airbus, Nokia, and many other companies, the book’s insights, strategies, and unique tools help you:

●          Identify your organization’s exposure to a multitude of business, financial, and hazard risks—then visualize risk relationships using innovative new applications, such as Riskonnect®.

●          Recognize hard-to-see internal risk expo­sures, such as weaknesses in your strategy, subcultures that can destroy your goals, and life cycle risks for different lines of business and operating units.

●          Assign “risk owners” for every category of risk—thus eliminating the excessive com­plexity faced by a single risk manager—and align risk accountability with the organiza­tion’s business model.

●          Understand Nassim Taleb’s concept of “black swans”— unpredictable crises that seem to upend risk management stra­te­gies—and learn how seemingly random events are not always unexpected.

●          Examine how companies such as AIG blindly exposed themselves to excessive risk—and how a knowledge warehouse would have clearly illuminated the risk exposures and possibly circumvented the 2008 financial crisis.

●          Focus on the upside of risk and seize oppor­tunities that are attainable only by informed decisions on the acceptance of risk.


Comprehensive, refreshingly clear, and packed with the latest insights from the field, Fundamentals of Enterprise Risk Management is essential reading for anyone responsible for monitoring risk exposures, in any setting—corporate, nonprofit, or government.


John J. Hampton is the KPMG Professor of Business and Director of Graduate Business programs at St. Peter’s College, and former Executive Director of the Risk and Insurance Management Society (RIMS). He lives in Litchfield, Connecticut.

Product Details

ISBN-13: 9780814414927
Publisher: AMACOM
Publication date: 08/05/2009
Edition description: New Edition
Pages: 320
Product dimensions: 6.30(w) x 9.10(h) x 1.30(d)
Age Range: 18 Years

About the Author

John J. Hampton (Litchfield, CT) is the KPMG Professor of Business and Director of Graduate Business Programs at St. Peter’s College, and former Executive Director of the Risk and Insurance Management Society (RIMS).

Read an Excerpt


Risk Quote: Keep your friends close, and your enemies closer.

—Sun-Tzu, Chinese general

and military strategist,

around 400 b.c.

Risk Quote: This was my father’s study. He taught me a lot of

things in this room. He taught me to keep my friends close and

my enemies closer.

—Michael Corleone in The Godfather (1976)

Welcome to the world of enterprise risk management (ERM), one of

the most popular and misunderstood of today’s important business

topics. It is not very complex. It is not very expensive. It does

add value. We just have to get it right. Until recently, we have been

getting it wrong.

This is really a book about risk from a new perspective. The

journey carries us into the heart of risk management and risk opportunity.

It is mostly about how to do a better job of risk identification.

If we define the problem correctly and share our findings,

we can reduce surprises—not eliminate them, mind you, but get

many of them under control.

ERM tells us it is a new world of risk. No longer is risk management

largely the purview of the chief financial officer. The risk

picture is incomplete when limited to the financial component,

which actually is the scorecard, not the driver, for risk mitigation.

This realization has encouraged new approaches to manage risk

and seize opportunity.

Organizations have two ways to address risk. The wrong way

is to assume that people can understand hundreds or even thousands

of exposures. It is not possible. Risks and opportunities must

be organized and accepted at various levels by risk owners. Our

new paradigm will show you how to structure enterprise risks.

A brief overview of the new ERM includes the following specific


s Upside of Risk. Most people discuss risk as the possibility of

loss. This is totally insufficient, as risk also has an upside. A

lost opportunity is just as much a financial loss as is damage

to people and property. This is a key insight. Ask Sun-Tzu or

Michael Corleone.

s Alignment with the Business Model. A business model is a

framework for achieving goals. Within it, a single manager can

supervise only a limited span of subordinates or subsidiaries.

Similarly, one person can oversee a limited number of risks

and key initiatives. ERM encourages us to align the hierarchy

of risk categories with the business model.

s Risk Owners. As someone is accountable for revenues, profits,

and efficiency, a single person should be responsible for every

category of risk. When questions arise, then, we will not have

to deal with a committee or multiple individuals. We will go

directly to the risk owner. We will see an exception to this

guideline in Part Three, where we address risks with no single

risk owner.

s Central Risk Function. Although risks cannot be managed centrally,

organizations need a central risk function. The role is to

scan for changing conditions from a central vantage point and

to share the findings with risk owners. In addition, some risks

cross units and responsibilities, so that risk can be overlooked.

In a change to traditional thinking, this book argues that such

a central risk function should not, itself, have any responsibility

for risk management. Risk goes with the risk owners. Risks

that cross units or responsibilities are identified centrally and

dealt with using customized solutions.

s High-Tech ERM Knowledge Warehouse. ERM encourages the

use of new technologies to clarify risks and opportunities. This

book describes in detail a cutting-edge technology platform to

help understand risk mitigation efforts and the status of risk


The book is organized into five parts, starting with the basics of a

new approach to ERM:

s Part One—Essentials of Enterprise Risk Management. We

first ask several important questions: What is ERM? What is

not ERM? What are the key components needed to manage

enterprise risk? Why do we need a central risk function and

risk identification and sharing using a high-tech platform?

Then, we address black swans, unexpected and unforeseen

major crises or disaster that are virtually unpredictable. Where

do black swans fit into the ERM picture? How could we have

highly developed ERM in place in financial institutions and still

have the 2008 financial crisis?

s Part Two—ERM Technology. This is big. We finally are getting

the technology to visualize risk relationships and to back up

the view with supporting detail. Here we cover the elements of

an ultramodern technology platform that brings together risks,

the factors that affect them, and the status of activities to mitigate

them. We employ a tool, seamless and easy to use, which

has been developed by a company called Riskonnect. Large

companies have or will soon have their own systems. Other

vendors are likely to enter the market.

s Part Three—Risks Without Risk Owners. Some risks depend

upon collaboration, crossing, as they do, the silos of the modern

bureaucracy. With a central risk function and modern technology,

we deal with such risks. We start with strategic risk.

How do we monitor conflicting plans and goals? We address

subculture risk, in which beliefs, assumptions, biases, and weak

management practices endanger success. We recognize leadership

risk, where the absence of a clear and achievable vision

can be destructive. We acknowledge life cycle risk; a failure to

understand this can be devastating. Finally, we deal with horizon

risk to keep everyone informed on changing external conditions.

s Part Four—ERM Stories. Risk management is a broad-brush

category, with the details often filled in by a focus on narrower

topics. Our stories range from avoiding business disruption to

a discussion of the future of ERM. What are different applications?

How does ERM relate to Sarbanes-Oxley? Where do we

find new risk management concepts? In this part, we present

stories of ERM.

s Part Five—The People of Risk Management. Risk management

is a people business. It takes knowledge, street smarts,

and experience to do it right. Now we get up close and personal,

introducing by name risk influencers and managers. In addition,

we describe the positions and skills needed for ERM as we

listen to ideas directly from individuals who advocate ERM.

Our journey covers a mixture of concepts, tools, and stories that

add richness and depth to managing enterprise risk. ERM is both

popular and misunderstood, but, as we have said, it is not very

complex. It is not very expensive. It does add value. We just have

to get it right. Is ERM a science? An art? A mystery? Or is it plain

old common sense? In the following pages we answer these questions.


Before we begin the journey, we wish to acknowledge the many

people who contributed to this book. Ellen Thrower, former president

of the College of Insurance in New York City, showed me the

importance of risk management as a tool for dealing with hazard

risk. Chris Mandel and Susan Meltzer, former presidents of the

Risk and Insurance Management Society (RIMS), encouraged me

to understand risk from a holistic viewpoint. Felix Kloman and

Beaumont Vance were role models for creativity in risk discussions.

Nathan Sambul, formerly with Marsh, and Valery Vyatkin,

my Russian partner, contributed ideas that shaped the book. Bob

Morrell, CEO of Riskonnect,was inspirational in his work to build

technology to support a new approach to ERM. MBA candidates at

Saint Peter’s College in New Jersey served as test subjects for readings.

Their projects and ideas contributed heavily to the evolution

of my thinking as the book went through six revisions.

Thanks also to an assortment of critical thinkers and risk practitioners,

including Lance Ewing, John Bayeux, George Niwa, Paul

Buckley, Roger Egan, Pat Gallagher, Laurie Brooks, Ralph Russo,

Anthony Terracciano, and Tom Ruggieri. Thanks also to Business

Insurance magazine. Regis Coccia seeks the highest quality understanding

of risk. Marty Ross and Paul Winston have been totally

supportive of all our efforts. Finally, thanks to Bob Shuman, Mike

Sivilli, Jerilyn Famighetti, and Jeremiah Binnbaum of AMACOM

books. Bob understood immediately the message of the book and

was a wise and steady motivator to tell it as best I can. Mike was a

pleasant surprise as he guided me through the editorial/production

process to completion of the book. Jerilyn did a marvelous job

of smoothing out rough spots and bringing clarity to the writing

during the copyediting stage.

Last but not least, my administrative assistant, Mary Sullivan,

and my graduate assistants, Juan Peng (Adele) and Yu Miao

(Grace), were invaluable in creating the final product. My bride,

Doreen, a book author in her own right, read the final three manuscripts

and contributed many suggestions to help people understand

the key points.

John J. Hampton

Litchfield, Connecticut

January 2009

Table of Contents



Part One. Essentials of Enterprise Risk Management

1. Modern Risk Management


2. Scope of ERM

3. Contributions of ERM


4. Challenge of the Black Swan

5. Challenge of the 2008 Financial Crisis

6. Implementing ERM

Part Two. ERM Technology

7. Visual Risk Clusters


8. Visual Risk—A Hypothetical Case

9. Tagging Risk—An Example

10. Airbus A380 Jumbo Jet

11. Product Launch Application

Part Three. Risks Without Risk Owners

12. Strategic Risk


13. Subculture Risk

Appendix 13.A—Characteristics to Use in Identifying



14. Leadership Risk


15. Life Cycle Risk


16. Horizon Risk

Part Four. ERM Stories

17. Aligning Risk Categories with the Business Model

18. Avoiding Business Disruption

19. ERM and Sarbanes-Oxley

20. Coffee Mug, Candy, Exotic Jams, and Toyota

21. ERM and Swarm Theory

22. Cerberus and Chrysler

23. Risk Management and the History of ERM

24. Evolving ERM Since 2004

25. Risk Management and the Future of ERM

Part Five. The People of Risk Management

26. Modern Risk Managers

27. Chief Risk and Strategy Officers

28. Risk Managers in Person

29. Central Risk Management Committee





Customer Reviews

Most Helpful Customer Reviews

See All Customer Reviews

Fundamentals of Enterprise Risk Management: How Top Companies Assess Risk, Manage Exposure, and Seize Opportunity 5 out of 5 based on 0 ratings. 1 reviews.
RolfDobelli More than 1 year ago
Fully managing enterprise risk means more than insuring against fire, floods and other hazards. Companies commonly have many uninsured exposures to loss from tougher competition, rapid technological change, financial instability and regulatory sanctions. That is why business leaders in growing numbers have adopted enterprise risk management (ERM), a flexible way to identify and respond to a corporation's total range of risks. Not all risks are all bad. Some are worth taking. Firms that practice enterprise risk management can minimize their potential peril while taking their best calculated risks, the ones most likely to increase sales and profits. Enterprise risk management will not eliminate risk. It did not prevent the failures of major financial institutions during the 2008 crisis. But author John J. Hampton cogently upholds the practice, noting that a disciplined, detailed approach is critical to making ERM actually work. He favors a customizable model of risk management - including a central monitoring function - that can work for a company of any size. getAbstract recommends this book to business leaders seeking a more reliable way to identify each meaningful risk, to distinguish good risks from bad ones and to cover their downsides as much as possible. To learn more about this book, read the following summary: