Simple Tools and Techniques for Enterprise Risk Management First Edition Book Endorsements Enterprise Risk Management is a necessary and valuable tool for indentifying, quantifying and mitigating risks across an organization but it is also a significant undertaking in terms of knowledge and application In these days of fiscal, regulatory and political correctness this book addresses ERM in its broadest sense, providing useful reference and examples Written in a clear and concise manner, the content should be of tremendous value to anyone involved in risk, audit or corporate governance whether as an analyst or board member (Robin Paris, Director, Group Risk, Nestl´e) This book provides an excellent introduction to enterprise risk management set in the context of strong corporate governance The writing is clear and direct, combining a comprehensive understanding of enterprise risk with a practical and straightforward guide to tools and techniques from strategic to operational level As a result I have no doubt that it will find its way onto the shelves of the more experienced risk managers (Caroline Donaldson, Director, Head of Risk, Network Rail) Robert Chapman has distilled years of experience and produced a book which is easy to read and full of practical/useful information Having devised and implemented an enterprise risk management process, I found much of the material instantly recognizable and relevant My one regret is that this book was not available earlier! (Matt Smith, Group Risk Manager, Tate & Lyle plc) This book will be of benefit to all levels of risk practitioner and sets ERM in the context of corporate governance and internal control requirements It provides a particularly clear description of a risk management process defined by IDEFO diagrams with a useful discussion of internal and external risk factors (Andrew Wood, Director, Risk Management, Serco Group plc) Simple Tools and Techniques for Enterprise Risk Management Second Edition Robert J Chapman PhD Recommended by the Institute of Risk Management A John Wiley & Sons, Ltd., Publication This edition first published 2011 Copyright © 2011 John Wiley & Sons, Ltd Registered Office John Wiley & Sons Ltd, The Atrium, Southern Gate, Chichester, West Sussex, PO19 8SQ, United Kingdom For details of our global editorial offices, for customer services and for information about how to apply for permission to reuse the copyright material in this book please see our website at www.wiley.com The right of the author to be identified as the author of this work has been asserted in accordance with the Copyright, Designs and Patents Act 1988 All rights reserved No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, except as permitted by the UK Copyright, Designs and Patents Act 1988, without the prior permission of the publisher Wiley publishes in a variety of print and electronic formats and by print-on-demand Some material included with standard print versions of this book may not be included in e-books or in print-on-demand If this book refers to media such as a CD or DVD that is not included in the version you purchased, you may download this material at http://booksupport.wiley.com For more information about Wiley products, visit www.wiley.com Designations used by companies to distinguish their products are often claimed as trademarks All brand names and product names used in this book are trade names, service marks, trademarks or registered trademarks of their respective owners The publisher is not associated with any product or vendor mentioned in this book This publication is designed to provide accurate and authoritative information in regard to the subject matter covered It is sold on the understanding that the publisher is not engaged in rendering professional services If professional advice or other expert assistance is required, the services of a competent professional should be sought Library of Congress Cataloging-in-Publication Data Chapman, Robert J Simple tools and techniques for enterprise risk management / Robert J Chapman – 2nd ed p cm ISBN 978-1-119-98997-4 (hbk) – ISBN 978-1-119-99065-9 (ebk) – ISBN 978-1-119-99064-2 (ebk) Risk management Risk Uncertainty Decision making I Title HD61.C494 2011 658.15 5–dc23 2011042252 ISBN: 978-1-119-98997-4 (hbk) ISBN: 978-1-119-96321-9 (ebk) ISBN: 978-1-119-99065-9 (ebk) ISBN: 978-1-119-99064-2 (ebk) A catalogue record for this book is available from the British Library Set in 10/12pt Times by Aptara Inc., New Delhi, India Printed and bound by CPI Group (UK) Ltd, Croydon, CR0 4YY To Kay, Dominic and Gemma Contents List of Figures xxvii Preface to the Second Edition xxxi Acknowledgements xxxv About the Author PART I ENTERPRISE RISK MANAGEMENT IN CONTEXT xxxvii 1 Introduction 1.1 Risk Diversity 1.2 Approach to Risk Management 1.3 Business Growth Through Risk Taking 1.4 Risk and Opportunity 1.5 The Role of the Board 1.6 Primary Business Objective (or Goal) 1.7 What is Enterprise Risk Management? 1.8 Benefits of Enterprise Risk Management 1.9 Structure 1.9.1 Corporate Governance 1.9.2 Internal Control 1.9.3 Implementation 1.9.4 Risk Management Framework 1.9.5 Risk Management Policy 1.9.6 Risk Management Process 1.9.7 Sources of Risk 1.10 Summary 1.11 References 5 10 12 12 13 14 14 15 15 16 16 16 Developments in Corporate Governance in the UK 2.1 Investor Unrest 2.2 The Problem of Agency 19 19 20 viii Contents 2.3 2.4 2.5 2.6 2.7 2.8 2.9 2.10 2.11 2.12 2.13 2.14 2.15 2.16 2.17 2.18 2.19 2.20 2.21 2.22 The Cadbury Committee The Greenbury Report The Hampel Committee and the Combined Code of 1998 Smith Guidance on Audit Committees Higgs Tyson Combined Code on Corporate Governance 2003 Companies Act 2006 Combined Code on Corporate Governance 2008 Sir David Walker’s Review of Corporate Governance, July 2009 (Consultation Paper) Sir David Walker’s Review of Corporate Governance, November 2009 (Final Recommendation) House of Commons Treasury Committee 2009 UK Corporate Governance Code, June 2010 The “Comply or Explain” Regime Definition of Corporate Governance Formation of Companies The Financial Services Authority and Markets Act 2000 The London Stock Exchange Summary References Developments in Corporate Governance in the US 3.1 Corporate Governance 3.2 The Securities and Exchange Commission 3.2.1 Creation of the SEC 3.2.2 Organisation of the SEC 3.3 The Laws That Govern the Securities Industry 3.3.1 Securities Act 1933 3.3.2 Securities Exchange Act 1934 3.3.3 Trust Indenture Act 1939 3.3.4 Investment Company Act 1940 3.3.5 Investment Advisers Act 1940 3.4 Catalysts for the Sarbanes-Oxley Act 2002 3.4.1 Enron 3.4.2 WorldCom 3.4.3 Tyco International 3.4.4 Provisions of the Act 3.4.5 Implementation 3.4.6 Sarbanes-Oxley Section 404 3.4.7 The Positive Effects of Post-Enron Reforms 3.4.8 Criticism of Section 404 Before the Global Financial Crisis 3.4.9 Criticism of Section 404 After the Global Financial Crisis 3.5 National Association of Corporate Directors 2008 3.6 Summary 3.7 References 21 23 23 23 24 24 25 26 26 27 29 30 32 34 34 35 36 36 37 38 41 41 42 42 43 44 44 44 45 45 45 45 46 47 47 50 52 52 52 54 54 55 56 57 Contents ix The Global Financial Crisis of 2007–2009: A US Perspective 4.1 The Financial Crisis in Summary 4.2 How the Financial Crisis Unfolded 4.3 The United States Mortgage Finance Industry 4.4 Subprime Model of Mortgage Lending 4.4.1 Contributing Events to the Credit Crisis 4.4.2 Foreclosures 4.4.3 Negative Equity 4.4.4 Housing Surplus 4.4.5 Vicious Circles 4.5 Why this Crisis Warrants Close Scrutiny 4.6 Behaviours 4.6.1 Investor Behaviour in the Search for Yield 4.6.2 Mortgage Lending Behaviour 4.6.3 Bank Behaviour and Risk Transfer through Securitised Credit 4.6.4 “Group Think” and Herd Behaviour 4.6.5 Banks’ Behaviour and Risk Appetite 4.6.6 Behaviour of Regulators and the Division of “Narrow Banking” from Investment Banking 4.6.7 Banks’ Behaviour and Misplaced Reliance of Sophisticated Mathematics and Statistics 4.7 Worldwide Deficiencies in Risk Management 4.8 Federal Reform 4.9 Systemic Risk 4.10 The Future of Risk Management 4.11 Summary 4.12 References 59 59 60 61 61 61 63 65 67 68 68 70 70 71 Developments in Corporate Governance in Australia and Canada 5.1 Australian Corporate Governance 5.1.1 Regulation Arising from Corporate Failures 5.1.2 Corporate Governance Reforms Following the Accounting Scandals of the Early 2000s 5.1.3 Horwath 2002 Corporate Governance Report 5.1.4 The ASX Corporate Governance Council 5.1.5 Financial Statements 5.2 Canada 5.2.1 Dey Report 5.2.2 Dey Revisited 5.2.3 Kirby Report 5.2.4 Saucier Committee 5.2.5 National Policy and Instrument (April 2005) 5.2.6 TSE Corporate Governance: Guide to Good Disclosure 2006 5.3 Summary 5.4 References 85 85 85 71 72 74 75 75 76 76 79 81 82 82 86 88 89 90 90 90 91 91 92 92 93 94 94 x Contents Internal Control and Risk Management 6.1 The Composition of Internal Control 6.2 Risk as a Subset of Internal Control 6.2.1 The Application of Risk Management 6.3 Allocation of Responsibility 6.3.1 Cadbury Committee 6.3.2 Hampel Committee 6.3.3 Turnbull 6.3.4 Higgs Review 6.3.5 Smith Review 6.3.6 OECD 6.4 The Context of Internal Control and Risk Management 6.5 Internal Control and Risk Management 6.6 Embedding Internal Control and Risk Management 6.7 Summary 6.8 References 97 97 98 98 102 102 102 103 104 104 105 Developments in Risk Management in the UK Public Sector 7.1 Responsibility for Risk Management in Government 7.1.1 Cabinet Office 7.1.2 Treasury 7.1.3 Office of Government Commerce 7.1.4 National Audit Office 7.2 Risk Management Publications 7.3 Successful IT 7.4 Supporting Innovation 7.4.1 Part 1: Why Risk Management is Important 7.4.2 Part 2: Comprehension of Risk Management 7.4.3 Part 3: What More Needs to be Done to Improve Risk Management 7.5 The Orange Book 7.5.1 Identify the Risks and Define a Framework 7.5.2 Assign Ownership 7.5.3 Evaluate 7.5.4 Assess Risk Appetite 7.5.5 Response to Risk 7.5.6 Gain Assurance 7.5.7 Embed and Review 7.6 Audit Commission 7.7 CIPFA/SOLACE Corporate Governance 7.8 M_o_R 2002 7.9 DEFRA 7.9.1 Risk Management Strategy 7.10 Strategy Unit Report 7.11 Risk and Value Management 109 106 107 107 107 108 109 110 111 111 112 112 113 115 115 115 115 116 116 116 117 117 117 118 118 118 120 121 123 123 124 125 Contents 7.12 The Green Book 7.12.1 Optimism Bias 7.12.2 Annex 7.13 CIPFA Guidance on Internal Control 7.14 Managing Risks to Improve Public Services 7.15 The Orange Book (Revised) 7.16 M_o_R 2007 7.17 Managing Risks in Government 7.18 Summary 7.19 References xi 126 126 127 127 129 131 132 132 134 136 PART II THE RISK MANAGEMENT PROCESS References 137 139 Establishing the Context: Stage 8.1 Process 8.2 Process Goal and Subgoals 8.3 Process Definition 8.4 Process Inputs 8.5 Process Outputs 8.6 Process Controls (Constraints) 8.7 Process Mechanisms (Enablers) 8.7.1 Ratios 8.7.2 Risk Management Process Diagnostic 8.7.3 SWOT Analysis 8.7.4 PEST Analysis 8.8 Process Activities 8.8.1 Business Objectives 8.8.2 Business Plan 8.8.3 Examining the Industry 8.8.4 Establishing the Processes 8.8.5 Projected Financial Statements 8.8.6 Resources 8.8.7 Change Management 8.8.8 Marketing Plan 8.8.9 Compliance Systems 8.9 Summary 8.10 References 141 141 142 143 143 145 145 146 146 147 148 148 149 149 150 151 151 153 155 155 155 156 156 156 Risk Identification: Stage 9.1 Process 9.2 Process Goal and Subgoals 9.3 Process Definition 9.4 Process Inputs 9.5 Process Outputs 9.6 Process Controls (Constraints) 9.7 Process Mechanisms (Enablers) 159 159 159 160 161 162 162 163 Index companies 438–41 articles of association 439 company name 438 directors’ duties 441 finance 439–40 formation of 35–6 legal risk 438–41 listing securities 440 memorandum of association 438–9 minority interests 440 records 51 remedy of rescission 440 shares and debentures 440 Companies Act 2006 26 compensation 49–50 competition 483–9 barriers to market entry 472–3 branding 485–6 four Ps marketing mix 484 market risk 483–9 market strategies 486–9 microchip market 486–9 non-price 484–5 price stability 483–4 compliance 34, 156, 366 “comply or explain” regime 34 computer-aided design (CAD) 319–20 computer-aided manufacture (CAM) 319, 320–1 Computer Misuse Act 1990 451–2 computer/IT systems 297–301 business alignment 297 data integrity 298 data recovery/loss 301 electronic data security 298–301 misuse of 451–2 network availability 298 system capacity 301 consultant appointments 513–48 assignment implementation 541–8 clients and change 515–17 interviews 523–31 proposals 533–9 consultant selection 517–22 activity interfaces 517–18 agreements 521 awarding commission 521 the brief 517 exclusion notification 520 long-listing 518–19 objectives 517 process management 518 short-listing 519–20 tendering process 520–2 unsuccessful tenderers 522 consultation see communication and consultation process; consultant consumer spending 399–400 context 141–57 PRM process 342–4 system of ethics 369–71 context establishment 141–57 activities 149–56 controls 145 definition of process 143 establishing process 143 goals/subgoals 142–3 inputs 143–5 mechanisms 146–9 outputs 145 process 141–56 continuity business 304–5 consultant appointments 528 processes and systems 294–5 contracts 277, 447–8, 459 control IT projects 329 monitoring and review 237–9 operational risk management 293–4 see also internal control; process control control technology 319–24 CAD 319–20 CAM 319, 320–1 flexible manufacturing 319, 322 mechatronics 319, 322 MRP 319, 323 operational research 319, 323–4 Cooper, Robert 478–9 Cooper risk categories 553 Copenhagen Accord 2009 424–5 copyright 445–6 corporate experience 274 corporate failure 258–9 corporate governance Australia 85–90 Canada 85, 90–4 definition 34–5 ERM 12 internal control 98–9 SOLACE 120–1 UK 19–39 agency theory 20–1 audit committees 23–4 bank failure inquiry 30–2 Cadbury Committee 21–3 codes/reports list 20 Combined Codes 23, 25–7 Companies Act 26 company formation 35–6 “comply or explain” regime 34 Corporate Governance Code 32–3 developments 19–39 623 624 Index corporate governance (Continued ) FSA 36 Greenbury Report 23 Hampel Committee 23 Higgs Review 24, 34 investor unrest 19–20 LSE 36–7 Markets Act 36 problem of agency 20–1 reports/codes list 20 Smith Report 23–4 Treasury inquiry 30–2 Tyson Report 24–5 Walker reviews 27–30 US 41–57 developments 41–57 NACD 55–6 regulatory authorities 41–2 Sarbanes–Oxley Act 45–55 SEC 42–4 securities and law 44–5 Corporate Governance Code 2010 32–3 see also Combined Codes corporate security 304 correlations 219 cost-benefit analysis (CBA) 213–15 counterparty risk 256 country risk 262 credit, securitised 71–2 credit crisis 61–3 see also global financial crisis credit insurance 255–6 credit ratings 260–2 credit risk 250, 253–9 counterparty risk 256 credit insurance 255–6 default risk 253–4 due diligence 256–9 exposure risk 254 financial risk management 250, 253–9 recovery risk 254 crime 504–5 criminal liability 448–51 crises Exxon oil tanker disaster 363 health and safety plans 389–90 human error and disasters 382–8 risk management see also global financial crisis crisis management plans 389–90 criticality matrix 286–7 cross impact method 179 cultural aspects 288, 504, 566 currency futures 410 currency risk 250, 259–60, 407–12 current ratio 251–3, 569 customer delight questionnaire 546–8 DaimlerChrysler car firm 321 data assignment implementation 543–4 computer/IT systems 298–301 risk identification 168–9 Day risk categories 553 debentures 440 decision analysis 190–1, 193 decision making 122, 327 decision trees 204–8 acquisition analysis 206 airport site example 205–8 construction of 207 decision alternatives 206 risk evaluation 204–8 rolling back 207–8 default risk 253–4 defaults on mortgages 65 DEFRA 123–4, 557–60 DEFRA risk management strategy 557–60 addressing risk 559 aim/principles/implementation 557 identifying risk 558 reporting risks 559–60 responsibilities 560 review 559–60 risk assessment 558–9 roles 560 deliverables 544–5 Delphi technique 178–9 demand 398–401 demographic change 502–4 Department of Commerce, US 358–9 Department for Environment, Food and Rural Affairs see DEFRA Department of Justice, US 360–1 derivatives 250, 263–4 design rights 446 Dey Report, Canada 1994 90–1 diet 506–7 directors Cadbury Committee 22 company duties 441 induction 283–4 IoD NACD 55–6 non-executive training 291–2 project role 347 see also boards disciplinary sanctions 51–2 discrimination legislation 278 dishonesty 287 dismissals 279 Index distribution policies 490 diversification strategies 480–2 diversity of products 473 diversity of risk types dividend yield ratio 570 documentation risk 296 drinking 507–8 Drucker, Peter due diligence 256–9 checklist 257 corporate failure 258–9 credit risk 256–9 Dunn, Patricia e-commerce 318 e-mail 315, 318–19 earnings per share (EPS) ratio 570 Earth Summit 1992 422 economic risk 392, 393–412 aggregate demand 398–401 aggregate supply 398, 401–2 benefits of management 394 currency risk 407–12 definition 393 employment levels 403 government policy 397–8 house prices 405 implementation management 394 inflation 403–4 interest rate risk 404–5 international trade 405–7 macroeconomics 394–6 microeconomics 394–5 protectionism 405–7 scope 393 economics context of ethics management 370 macro/micro 394–6 Stabilization Act 76–9 see also PEST analysis Eddington, Rod education 501–2 efficiency ratios 146, 568–9 eighty/twenty (Pareto) rule 193–4 elasticity 489–90 Emergency Economic Stabilization Act 2008 76–9 capital adequacy 78 federal reform 76–9 Financial Stability Oversight Council 77 liquidity 78–9 paradigm shift 77–8 provisions 78 emissions 423, 428 employee induction 282 see also staff employment job descriptions 281–2 legislation 277–8, 447 levels 403 unemployment 66–7 EMV (expected monetary value) 201–3 enablers see process mechanisms energy sources 416–19 energy storage devices 478–9 Enron 46–7, 52–3 enterprise risk management (ERM) assignment implementation 541–8 benefits 10–12 in context 1–136 definition 9–10 management approach proposals 533–9 stages 141 structure 12–16 corporate governance 12 framework 14–15 internal control 13–14 policy 15 process 15–16 sources of risk 16 see also risk management environmental context of ethics management 370–1 environmental disaster 363 environmental risk 392, 413–33 benefits of management 415 Carbon Trust 429–30 definition 413–14 energy sources 416–19 FTSE4Good index 429 global warming 420–9 implementation management 415–16 pollution 420, 422–3 public pressure 430–1 scope 415 sustainability 431–2 use of resources 419–20 EPS (earnings per share) ratio 570 ERM see enterprise risk management ethics 43, 355–74 ethics management 355–74 application levels 366–8 area of focus 365–6 benefits 357 definition of risk 355–6 factors affecting 361 implementation 365–74 need for 358–61 possible approaches 365–6 risk events 361–5 scope of risk 356–7 625 626 Index ethics management (Continued ) unethical behaviour 357–8 see also system of ethics EU (European Union) 425 European Agency for Safety and Health at Work (EU-OSHA) 379–80 European transition economies 459–60 European Union (EU) 425 evaluation of risk 195, 197–222 exchange traded derivatives 263–4 executives 204, 337 expected monetary value (EMV) 201–3 experience, corporate 274 expert opinion 220–1 exploitation of Third World countries 364 exports 401 exposure risk 254 external influences 391–511 Exxon oil tanker disaster 363 facilitation 172–82 brainstorming 174–5 NGT 175–6 process activities 172–82 structured interviews 175 workshops 172–4 family life 505–6 federal reform, US 76–9 finance and companies 439–40 financial crisis see global financial crisis financial ratios 567–71 current ratio 251–3, 569 efficiency 568–9 investment 146, 570–1 liquidity 569–71 process mechanisms 146 profitability 146, 567–8 quick ratio 251–3 financial risk management 249–65 benefits 250–1 borrowing 259 credit risk 250, 253–9 currency risk 250, 259–60 definition 249–50 derivatives 250, 263–4 foreign investment risk 250, 262–3 funding risk 250, 260–2 implementation 251 liquidity risk 250, 251–3 scope 250 Financial Services Authority (FSA), UK 36, 360 Financial Stability Oversight Council, US 77 financial statements 153–4 fiscal policy, UK 397, 460–1 fishbone diagrams 190–2 flexible manufacturing 319, 322 foreclosures, mortgages 63–5 foreign investment risk 250, 262–3 formation of companies 35–6 forward market hedges 408–9 fossil fuels 416–17 four Ps marketing mix 484 fraud 50 Friend and Zehle risk categories 554 FSA (Financial Services Authority) 36, 360 FTSE4Good index 429 fuel market hedges 409 Fuld, Dick 73–4 funding risk 250, 260–2 futures, currency 410 G8 Summit 2009 359 gap analysis 163–4 GDP (gross domestic product) 395–6 gearing ratio 146, 569–70 Gieve, John 75 Glass–Steagall Act 1933, US 75 global financial crisis 2007-9 59–83 behaviours 70–6 causes/results of 68–70 federal reform 76–9 future of risk management 81–2 need for scrutiny 68–70 risk management deficiencies 76 Sarbanes–Oxley Act 54–5 subprime mortgage model 61–8 summary 59 systemic risk 79–81 unfolding of crisis 60–1 US perspective 59–83 VaR 75–6, 492–3 see also crises global warming 420–9 business impact 428–9 Canc´un Agreements 425–6 Climate Change Levy 427–8 Copenhagen Accord 424–5 domestic government responses 426–7 Earth Summit 422 emissions 423, 428 environmental risk 420–9 EU 425 Kyoto Protocol 422–6 pollution control 422–3 responses to 422–9 US climate pact 423–4 goals 8–9 see also process goals/subgoals goods-in-transit risk 296–7 governance see corporate governance Index government climate change 426–7 communication of risk 566 cultural change 566 handling risk 561–6 leadership 566 management 132–4 policy 397–8 public sector 109–12, 132–4 responsibilities 109–12, 561–2 roles 561–2 spending 400 uncertainty 561–6 Green Book 126–7 Greenbury Report 23 Greenspan, Alan 77–8 gross domestic product (GDP) 395–6 gross profit margin 568 “group think” 72–4 growth of business 5–6 guidance on ethics management 372 Guide to Good Disclosure 2006, Canada 93–4 guides and reports list 113 Hampel Committee 23, 102–3 health and lifestyles 506 health and safety 375–90 AstraZeneca 378 benefits 376–8 best practice 389–90 business benefits 377–8 crisis management plans 389–90 definition of risk 375 ethics management 365 EU-OSHA 379–80 HSE 378–9 human error 382–8 human reliability 388–9 implementation 380–2 management approach 381 people risk 292 risk controls 381 scope of risk 376 workplace issues 381–2, 388–9 health and safety executive (HSE) 378–9 hedging risk 407–12 currency futures 410 currency hedging 410 currency risk 407–12 forward market hedges 408–9 fuel market hedges 409 leading and lagging 408 money market risk 410–11 netting 408 PPP 411–12 Vodaphone Group Plc 411–12 627 herd behaviour 72–4 Higgs Review 2003 24, 34, 104 HIH Insurance Ltd 86–8 accounting aspects 87–8 background 86–7 legal outcomes 88 role of auditor 88 trigger for collapse 87 Hillson risk maturity model 573–4 Holliwell risk categories 553 home improvements 505 homogeneity of products 473 Hopkinson risk maturity model 575 horizon scanning 131–2 Horwath Report 2002, Australia 88–9 House of Commons Treasury Committee inquiry 2009 30–2 house prices 405 housing surplus 67–8 HRM (human resource management) 276–7 HSE (health and safety executive) 378–9 human capital 592–3 human error 382–8 Chernobyl nuclear disaster 384–5 health and safety 382–8 Kegworth air disaster 385–6 Ladbroke Grove train disaster 387–8 Piper Alpha oil platform disaster 387 Tenerife air disaster 382–4 human resource management (HRM) 276–7 ICAM US air force program 137–9 ICOM codes, IDEFO 139 IDEFO (integration definition for function modelling) 138–9 identification of risk 159–83 imitable resources 587–8 imports 401 independent events 606–7 industry breakpoints 599–600 inflation 403–4 influence diagrams 190–1, 193 information, perfect 473–4 information technology (IT) 312–15, 549–52 governance 324–6 information assets 312, 314–15 intranets 312, 313 investment 326–9 management information systems 312, 313 project profile models 549–52 projects 324–30, 549–52 public sector 113–14 software applications 312–13 summary risk profiles 552 technological risk 312–15, 324–30 628 Index information technology (IT) (Continued ) telematics 312, 313–14 see also computer/IT systems innovation 115–16 insider trading 364 Institute of Directors (IoD) insurance 86–8, 255–6 Integrated Services Digital Network (ISDN) 317 integration definition for function modelling (IDEFO) 138–9 Intel microprocessors 486–9 intellectual property 441–6 copyright 445–6 designs 446 knowledge management 301–2 legal risk 441–6 patents 441–5 interest cover ratio 570 interest rate risk 404–5 internal control 97–108 Cadbury Committee 102 CIPFA guidance 127–9 composition 97–8 Hampel Committee 102–3 Higgs Review 104 OECD 105 responsibility allocation 102–6 risk management 97–108 application of 98–9 benefits 100 context 106–7 corporate governance 98–9 embedding 107 ERM structure 13–14 risks 100–1 Smith Report 104–5 Turnbull Report 97–100, 103–4 internal influences 247–390 internal rate of return (IRR) 213 international trade 405–7 Internet Protocol (IP) 317 interviews 523–31 assignment methodology 528–9 change management 529 client focus 524 consultant appointments 523–31 first contact 523–4 past experiences 526 recruitment 282 seven Ss 527–8 short-listing 519 structured 175 sustainable change 529–30 unique selling points 524–6 intranets 312, 313 Investment Advisers Act 1940, US 45 investment appraisal 210–15 ARR 210–13 CBA 213–15 definition 210 evaluation 210 IRR 213 NPV 211–13 PP 211 risk evaluation 210–15 investment banking 75 Investment Company Act 1940, US 45 investment decisions 327, 349 investment expenditure 400 investment in IT 326–9 approving projects 329 decision-making process 327 defining/classifying projects 327 evaluating projects 327–9 funds available 326–7 identifying opportunities 327 monitoring/controlling projects 329 investment ratios 146, 570–1 investors 19–20, 70–1 IoD (Institute of Directors) IP (Internet Protocol) 317 IRR (internal rate of return) 213 ISDN (Integrated Services Digital Network) 317 IT see information technology job analysis 281 job descriptions 281–2 job losses 66–7 JPMorgan Chase 493–4 Kegworth air disaster 385–6 Kirby Report 1998, Canada 91–2 knowledge 301–2, 473–4 Kozlowski, Dennis 47–50 Kyoto Protocol 1997 422–6 Ladbroke Grove train disaster 387–8 lagging see leading and lagging Latin hypercube sampling 220 law business 437–8 US securities 44–5 see also legal , legislation leadership 348, 566 leading and lagging 408 legal context of ethics management 369–70 legal risk 392, 435–52 benefits of management 436 business law 437–8 companies 438–41 computer misuse 451–2 contracts 447–8 Index criminal liability 448–51 definition 435 employment law 447 implementation management 436 intellectual property 441–6 scope 435 legislation employment 277–8, 447 maternity 278 SEC 42–4 US securities industry 44–5 see also individual legislation Lehman Brothers 73–4 lenders/lending 64, 72 lifestyles and attitudes 505–10 diet 506–7 drinking 507–8 family life 505–6 health 506 home improvements 505 recreation 509–10 smoking 507–8 stress levels 508–9 tourism 509–10 working hours 508 liquidity approaches 78–9 liquidity ratios 146, 569–70 liquidity risk 250, 251–3 current ratio 251–3 financial risk management 250, 251–3 mitigation 253 quick ratio 251–3 loans 48–9 London Stock Exchange (LSE) 36–7 loss indicators 295 LSE (London Stock Exchange) 36–7 macro influences 391–511 macroeconomics 394–6 macropolitical risks 454, 456 management information systems 312, 313 Management of Risk (M_o_R) reports 2002 121–3 2007 132 Managing Risks to Improve Public Services report, 129–31, 132–4 manufacturing resource planning (MRP) 319, 323 market development 479–80 market penetration 477 market risk 392, 467–97 acquisitions 482–3 alternative strategic directions 476–82 benefits of management 470 competition 483–9 definition 467–8 distribution strength 490 implementation management 470 market structure 470–5 measurement 490–6 price elasticity 489–90 product life cycles 475–6 risk response 496 scope 468–70 sources of 469 strategic directions 476–82 uncertainty 469–70 VaR 490–6 market strategies 486–9 market structure 470–5 bargaining power 474–5 barriers to entry 471–3 buyers/suppliers 474–5 interrelationships 474–5 knowledge 473–4 market risk 470–5 number of firms in industry 471 products 473 marketing plans 155–6 Markets Act 2000 36 Markov chains 208–10 maternity legislation 278 Maxwell, Robert 22 mechatronics 319, 322 meeting commitments 295 memorandum of association 438–9 Mercedes car firm 481–2 micro influences 247–390 microchip market 486–9 microeconomics 394–5 micropolitical risk 455–6 minority interests 440 monetary policy 397–8 money laundering 361 money market risk 410–11 monitoring IT projects 329 optimism bias 350 system of ethics 373 monitoring and review process 233–40 activities 236–9 controls 235–6 definition 234 goals/subgoals 234 inputs 235 mechanisms 236 outputs 235 PRM process 345 Monte Carlo simulation 218–20 benefits 219 correlations 219 percentiles 218–19 629 630 Index NACD (National Association of Corporate Directors) 55–6 NAO (National Audit Office) 112, 129–34 “narrow banking” 75 National Association of Corporate Directors (NACD) 55–6 National Audit Office (NAO) 112, 129–34 National Policy and Instrument, Canada 92–3 negative equity 65–7 net present value (NPV) 211–13 net profit margin 567 netting 408 NGT (nominal group technique) 175–6 Nokia Code of Conduct 370 nominal group technique (NGT) 175–6 Northern Rock Plc 32 NPV (net present value) 211–13 upside risk 6–7 see also SWOT analysis optimism bias 349–51, 613–20 Orange Book 116–18, 131–2 assigning ownership 116–17 defining framework 116 embedding risk management 118 evaluation 117 gaining assurance 118 horizon scanning 131–2 response to risk 117 review 118 revisited 131–2 risk appetite 117 risk categories 554–6 risk identification 116 risk prompt list 163 Organisation for Economic Co-operation and Development (OECD) 105, 359–60 organisations VRIO analysis 587–8 see also companies Osborn, A.F 174–5 outsourcing 305, 307 over-the-counter derivatives 264 ownership copyright 446 risk 116–17, 341 OECD (Organisation for Economic Co-operation and Development) 105, 359–60 Office of Government Commerce (OGC) 111–12 operating cash flow per share ratio 570 operating cash flows to maturing obligations ratio 569 operating environment risks 391–511 operational research, control technology 319, 323–4 operational risk management 267–308 benefits 270 business continuity 304–5 change management 303–4 definition 268–9 external events 303–5 implementation 270 measurement 307 mitigation 307 outsourcing 305, 307 people risk 275–92 processes/systems 292–303 scope 269–70 strategy risk 270–5 opportunity IT investment 327 risk identification 171–2 P/E (price/earnings) ratio 571 Pareto analysis 193–4 patents 441–5 application for 442–3 criteria for 443 exclusions 443 infringements 444 registration 443–4 US 444–5 payback period (PP) 211 people risk 275–92 contracts 277 definition 275–6 discrimination 278 dismissals 279 employment law 277–8 health and safety 292 HRM practices 276–7 maternity 278 operational risk management 275–92 regulatory requirements 277–80 risk management 287–92 culture 288 evaluation 290–1 non-executive directors 291–2 systems 288–90 salaries 277 Monte Carlo simulation (Continued ) pharmaceutical example 220 risk evaluation 218–20 VaR 495 M_o_R reports 121–3, 132 mortgages 71 see also subprime mortgage model MRP (manufacturing resource planning) 319, 323 mutually exclusive events 215–16 Index staff constraints 280–7 staff dishonesty 287 statutory requirements 277–80 taxonomy diagram 275 trade unions 279–80 types 276 whistleblowing 278–9 PepsiCo 480 percentiles 218–19 perfect knowledge/information 473–4 performance of projects 341 PEST analysis 148–9, 165, 583–5 Piper Alpha oil platform disaster 387 planning/plans assignment implementation 542 business 150–1, 272 clients and change 515 continuity 305 health and safety 389–90 interviews 527 marketing 155–6 MRP 319, 323 proposals 533 PLCs (public limited companies) 35–6 policies distribution 490 economic risk 397–8 ERM structure 15 international trade 406 UK fiscal 397, 460–1 political context ethics management 370 see also PEST analysis political risk 392, 453–65 assessing factors 463–4 bargaining power 464 benefits of management 455 blackmail 461–2 business approaches 462–3 contracts 459 definition 454 European transition economies 459–60 implementation management 455 macropolitical 454, 456 micropolitical 455–6 pressure groups 461 prioritising factors 464 response to 462–4 scope 454–5 terrorism 461–2 UK fiscal policy 460–1 Zonis and Wilkin framework 457–9 pollution 420, 422–3 population movements 502–4 PP (payback period) 211 PPP (purchasing power parity) 411–12 presentations 545 pressure groups 461 price CAPM 194 elasticity 489–90 misleading prices 450–1 P/E ratio 571 stability 483–4 price/earnings (P/E) ratio 571 Prius hybrid car, Toyota 428–9 privacy issues 365 PRM see project risk management probability 215–16, 601–9 basic concepts 215–16 Bayes’ theorem 607–9 conditional 603–6 dependent events 200 distributions 188, 220–1 impact matrix 189 independent events 200, 606–7 multiplication law 606 mutually exclusive events 215–16 objective probabilities 601 relationships 602–3 risk analysis 188–9 risk evaluation 200–1, 215–16, 220–1 subjective probabilities 601–2 trees 200–1 process activities business analysis 171 objectives 149, 171 plans 150–1 CAPM analysis 194 causal analysis 190–2 change management 155 communication/consultation 244–5 compliance systems 156 context establishment 149–56 control 237–9 cross impact method 179 decision analysis 190–1, 193 Delphi technique 178–9 establishing processes 151–3 evaluation categories 195 examining the industry 151 execution aspects 236 expert opinion 220–1 external communication 245 facilitation 172–82 financial statements 153–4 implementation 180–2 influence diagrams 190–1, 193 Latin hypercube sampling 220 marketing plans 155–6 monitoring and review 236–9 631 632 Index process activities (Continued ) Pareto analysis 193–4 probability 215–16, 220–1 resources 155 risk analysis 189–95 risk appetite 226–8 risk evaluation 215–21 risk identification 171–82 risk response strategies 228–30 risk treatment 226–30 scenario analysis 176–8, 217 sensitivity analysis 216–17 simulation 217–20 systems dynamics 179 process controls/constraints communication/consultation 244 context establishment 145 monitoring and review 235–6 risk analysis 188 risk evaluation 199 risk identification 162 risk treatment 225 process definitions communication/consultation 242–3 context establishment 143 monitoring and review 234 risk analysis 186 risk evaluation 198 risk identification 160–1 risk treatment 224 process enablers see process mechanisms process goals/subgoals communication/consultation 242 context establishment 142 monitoring and review 234 risk analysis 186 risk evaluation 197–8 risk identification 159–60 risk treatment 223–4 process inputs communication/consultation 243 context establishment 143–5 monitoring and review 235 risk analysis 186–8 risk evaluation 198 risk identification 161–2 risk treatment 224 process mapping 137 process mechanisms buy-in to process 182 communication/consultation 244 context establishment 146–9 databases 168–9 decision trees 204–8 diagnostic 147–8 embedding difficulties 147 EMV 201–3 existing processes 148 financial ratios 146 gap analysis 163–4 investment appraisal 210–15 Markov chains 208–10 monitoring and review 236 PEST analysis 148–9, 165 probability 188–9, 200–1 RBS 169 risk analysis 188–9 risk checklist 163 risk evaluation 200–15 risk identification 163–70 risk prompt list 163 risk questionnaires 169 risk registers 170 risk taxonomy 164–7 risk treatment 225 SWOT analysis 148, 168 utility theory 203–5 process outputs communication/consultation 243–4 context establishment 145 monitoring and review 235 risk analysis 188 risk evaluation 198–9 risk identification 162 risk treatment 224–5 processes and systems risk 292–303 computer/IT systems 297–301 continuity 294–5 controls 293–4 definition 293 indicators of loss 295 knowledge management 301–2 operational risk management 292–303 project management 302–3, 342–6 regulatory/statutory requirements 294 taxonomy diagram 293 transactions 295–7 production processes 295–6 products development 477–9 diversity 473 life cycles 475–6 market structure 473 variation risk 296 profitability ratios 146, 567–8 project risk management (PRM) 333–54 awareness training 339 benefits 335–6 change processes 338 definition of management 334–5 definition of risk 334 director’s role 347 Index documentation 341 embedding PRM 336–42 implementation challenges 336 integration issues 340, 342 misalignments 341–2 objectives unclear 337 optimism bias 349–51 ownership of risk 341 process 342–6 project teams 347–9 responsibilities 339, 346, 348 reticence of personnel 340 risk appetite 338–9 risk maturity models 337 roles/responsibilities unclear 339 senior executive support 337 software tools 351–2 sources of risk 335, 345 supporting techniques 352–3 terminology problems 338 value adding 341 project teams 347–9 communication 348–9 leadership 348 responsibility matrices 348 role definitions 348 team structure 347 projects IT 324–30 management 302–3 profile models 549–52 see also assignment implementation; project proposals 533–9 approaches 535, 538 clarifying objectives 537–8 client responsibilities 538–9 identifying parties 535, 537 location of project 537 planning 533 preliminary review 534 preparation 533–4, 536 project background 537 remuneration 539 scope 537 timing 538 ToR 535–8 writing 534–5 protectionism 405–7 provisions 78 public limited companies (PLCs) 35–6 public sector 109–36 Audit Commission 118–19 CIPFA 120–1, 127–9 DEFRA 123–4, 557–60 developments 109–36 government publications list 134–5 responsibility 109–12 risk management 132–4 Green Book 126–7 innovation 115–16 internal control 127–9 IT 113–14 M_o_R reports 121–3, 132 Orange Book 116–18, 131–2 public services 129–31, 132–4 publications 112–13, 134–5 risk and value management 125–6 SOLACE 120–1 Strategy Unit report 124–5 UK 109–36 public services 129–31, 132–4 case study evidence 130–1 improvement 129–31, 132–4 NAO report 129–31, 132–4 publications, government 112–13, 134–5 purchasing power parity (PPP) 411–12 questionnaires 169 quick ratio 251–3 rare resources 587–8 ratios see financial ratios RBS (risk breakdown structure) 169 records 51 recovery risk 254 recreation 509–10 recruitment 280–4 British Airways example 281–2 director induction 283–4 employee induction 282 interviews 282 job analysis 281 job descriptions 281–2 recruiters 280–1 selection 282 staff constraints 280–4 registers of risk 170, 182 regulations audit 50–1 Australian corporate failures 85–6 global financial crisis 75 people risk 277–80 processes and systems 294 regulator behaviour 75 Sarbanes–Oxley Act 50–1 US corporate governance 41–2 see also individual regulations related-party transactions 50 remedy of rescission 440 remuneration 539 633 634 Index renewable energy sources 417–19 reports and guides list 113 reputation 274–5, 367 required rates of return 195 rescission, remedy of 440 resources audit 591–3 context establishment 155 environmental risk 419–20 HRM 276–7 MRP 319, 323 risk management 516–17 strategy risk 273 responsibilities assignment matrices 348 clients and proposals 538–9 DEFRA risk strategy 560 ethics management 372 government 109–12, 561–2 internal control 102–6 PRM 339, 346, 348 project teams 348 return on capital employed (ROCE) 567, 569 return on investment (ROI) 328 return on ordinary shareholders’ funds (ROSF) 567 review see monitoring and review process risk global financial crisis 79–81 government handling of 561–6 sources of 16, 335, 345, 469, 553–6 see also individual types risk analysis 185–96 activities 189–95 controls 188 definition 186 goals/subgoals 186 inputs 186–8 mechanisms 188–9 outputs 188 PRM process 344–5 process 185–95 risk appetite 226–8 checklist 227 example 228 global crisis behaviours 74–5 Orange Book 117 PRM 338–9 risk treatment 226–8 risk assessment 544, 558–9 risk breakdown structure (RBS) 169 risk evaluation 197–222 activities 215–21 controls 199 definition of process 198 goals/subgoals 197–8 inputs 198 mechanisms 200–15 outputs 198–9 PRM process 345 process 197–221 risk events 361–5 risk identification 159–83 activities 171–82 controls 162 definition 160–1 DEFRA 558 goals/subgoals 159–60 inputs 161–2 mechanisms 163–70 Orange Book 116 outputs 162 PRM process 344 process 159–82 risk checklist 163 risk management 9–10 approach to business growth 5–6 Canadian survey 92 clients and change 516–17 DEFRA 557–60 effectiveness requirements 115–16 ethics management 366–7 failure to manage financial 249–65 future of 81–2 health and safety 389–90 innovation report 115–16 internal control 97–108 key messages 125 M_o_R techniques list 122–3 operational 267–308 opportunity 6–7 people risk 287–92 primary business goals 8–9 PRM 333–54 public sector 109–36 risk diversity risk-taking 5–6 role of board 7–8 stages 137–246 technological 309–31 world-wide deficiencies 76 see also enterprise risk management Risk Management Strategy report (DEFRA) 123–4 risk maturity models 573–8 author model 576–7 Central Computer and Telecommunications Agency 574 Hillson 573–4 Index Hopkinson 575 PRM 337 risk metalanguage 179–80 risk prompt list 163 risk questionnaires 169 risk reassignment 229–30 risk reduction 228 risk registers 170, 182 risk removal 228–9 risk response 117, 228–30, 496 risk retention 230 risk-taking 5–6 risk transfer 71–2, 229–30 risk treatment 223–31 activities 226–30 controls 225 definition 224 goals/subgoals 223–4 inputs 224 mechanisms 225 outputs 224–5 PRM process 345 process 223–30 Risk and Value Management guide 125–6 robotics 321 ROCE (return on capital employed) 567, 569 ROI (return on investment) 328 ROSF (return on ordinary shareholders’ funds) 567 safety of products 450–1 see also health and safety salaries 277 sales growth 476 sales per employee ratio 569 sales to capital employed ratio 568 sampling, Latin hypercube 220 Sarbanes–Oxley Act 2002, US 45–55 audit regulation 50–1 catalysts for 45–55 company records 51 corporate responsibility 51 disciplinary sanctions 51–2 Enron 46–7 global financial crisis 54–5 implementation 52 management assessment 51 non-interference in audit 51 post-Enron reforms 52–4 provisions 50–2 Section 404 52–5 senate hearings 46 Tyco International 47–50 US corporate governance 45–55 WorldCom 47 Saucier Committee, Canada 92 635 scenario analysis 176–8, 217 SEC see Securities and Exchange Commission Section 404, Sarbanes–Oxley Act 52–5 securities 42–5, 79–80, 440 Securities Act 1933, US 44 Securities Exchange Acts 1934, US 44–5 Securities and Exchange Commission (SEC) 42–4 creation 42–3 divisions 43–4 ethics legislation 43 organisation 43–4 Tyco International 48 violations 44 Securities Industry and Financial Markets Association (SIFMA) study 79–80 securitised credit 71–2 security business continuity 304 consultant appointments 528 electronic data 298–301 selection of employees 282 see also consultant selection selling points 524–6 see also sales senate hearings 46 senior executives 204, 337 see also directors sensitivity analysis 216–17 settlement period ratios 568 seven Ss of interviewing 527–8 sexual harassment 363–4 shareholders 8, 567 shares 440 short-listing 519–20 SIFMA (Securities Industry and Financial Markets Association) 79–80 simulation 217–20, 494–5 Smart cars 481–2 SMART objectives 149 Smith Report 2003 23–4, 104–5 smoking 507–8 social context 371 see also PEST analysis social risk 392, 499–511 benefits of management 500 crime 504–5 definition 499–500 demographic change 502–4 education 501–2 implementation management 501 lifestyles/attitudes 505–10 scope 500 socio-cultural trends 504 Society of Local Authority Chief Executives and Senior Managers (SOLACE) 120–1 636 Index socio-cultural trends 504 software tools 312–13, 351–2 SOLACE (Society of Local Authority Chief Executives and Senior Managers) 120–1 sources of risk 16, 335, 345, 469, 553–6 staff constraints 280–7 absenteeism 286 criticality matrix 286–7 people risk 280–7 turnover of staff 284–6 see also recruitment staff dishonesty 287 stakeholders 273–4, 543 Standard & Poor’s credit ratings 260–2 Standards for the Board report (IoD) statistics used before global crisis 75–6 statutory requirements 277–80, 294 stock trading 50 stock turnover ratio 568 strategic directions 476–82 alternative 476–82 Cisco 482 Cooper’s study 478–9 diversification 480–2 market development 479–80 market penetration 477 market risk 476–82 Mercedes 481–2 PepsiCo 480 product development 477–9 strategic risk management see enterprise risk management strategy risk 270–5 business plan 272 corporate experience 274 definition 270–1 new business 272–3 operational risk management 270–5 reputation 274–5 resources 273 stakeholder interests 273–4 strategy objectives 271–2 taxonomy diagram 271 Strategy Unit report 2002 124–5 strengths see SWOT analysis stress levels 508–9 subprime mortgage model 61–8 credit crisis 61–3 foreclosures 63–5 global financial crisis 2007-9 61–8 housing surplus 67–8 job losses 66–7 negative equity 65–7 parties engaged 62 vicious circles 63–9 success 528, 545, 548 summary risk profiles 552 suppliers/supply 398, 401–2, 474–5 Supporting Innovation report 115–16 sustainability of change 529–30 environmental risk 431–2 interviews 529–30 Swartz, Mark 47–50 SWOT analysis 148, 168, 579–81 system of ethics 368–74 context 369–71 establishment 371–2 evaluation 373–4 implementation 372–3 monitoring 373 Nokia Code of Conduct 370 response to review 373 seven-step programme 369 vision 368–9 see also ethics management systemic risk global financial crisis 79–81 government intervention 81 risk drivers 80 SIFMA study 79–80 systems dynamics 179 ethics 368–74 see also processes and systems risk TARP (Troubled Assets Relief Program) 76–7 Taylor, John B 81 team composition 543 see also project teams technological risk management 309–31 benefits 311 communications technology 315–19 control technology 319–24 definition of risk 310 implementation 311–12 IT 312–15, 324–30 primary types 312–24 responding to risk 324–30 scope of risk 310–11 technology ethics management 371 PEST analysis 148–9, 165, 583–5 see also information technology; technological risk management telematics 312, 313–14 tendering process 520–2 Tenerife air disaster 382–4 terminology 338 terms of reference (ToR) 535–8 terrorism 461–2 Third World countries 364 Index threats see SWOT analysis Tokyo Telecommunications 367–8 ToR (terms of reference) 535–8 Toronto Stock Exchange (TSE) 91–4 tourism 509–10 Toyota car firm 428–9 trade 50, 405–7 trade unions 279–80 transactions 295–7 transition economies 459–60 Treasury, UK 30–2, 110 Troubled Assets Relief Program (TARP) 76–7 Trust Indenture Act 1939, US 45 TSE (Toronto Stock Exchange) 91–4 Turnbull Report 97–100, 103–4 The Turner Review 76 Tyco International 47–50 compensation 49–50 fraudulent stock trading 50 related-party transactions 50 rise and fall 48 Sarbanes–Oxley Act 47–50 SEC 48 secret loans 48–9 Tyson Report 24–5 UK see United Kingdom uncertainty 469–70, 561–6 unemployment 66–7 see also employment unique selling points 524–6 United Kingdom (UK) CIPD 591–3 climate change 426–8 corporate governance 19–39 emissions trading 428 ethics management 360 fiscal policy 460–1 FSA 36, 360 HSE 378–9 public sector 109–36 United States (US) Air Force ICAM program 137–9 climate pact 423–4 corporate governance 41–57 Department of Commerce 358–9 Department of Justice 360–1 ethics management 358–9 637 global financial crisis 59–83 patents 444–5 utility theory 203–5 executives 204 functions 204–5 risk evaluation 203–5 valuable resources 587–8 value added 341, 367–8 value at risk (VaR) 490–6 analytical method 495 calculation 494–5 definition 490 global financial crisis 75–6, 492–3 historical simulation method 494–5 JPMorgan Chase 493–4 market risk 490–6 model assumptions 491–3 Monte Carlo method 495 recommended reading 611 risk limitation 493–4 variance-covariance method 495 value chain analysis 589–90 value management guide 125–6 VaR see value at risk variance-covariance method, VaR 495 vehicle management systems 313–14 video conferencing 316–18 violations, SEC 44 vision 368–9 Vodaphone Group Plc 411–12 VRIO analysis 587–8 Walker, David 27–30 Walker reviews 2009 27–30 Waxman, Henry 77–8 weaknesses see SWOT analysis wealth maximization 8–9 whistleblowing 278–9 Wilkin and Zonis political risk framework 457–9 working hours 508 workplace issues 381–2, 388–9 workshops 172–4 WorldCom 47 Worth the Risk report 118–19 writing proposals 534–5 Zehle and Friend risk categories 554 Zonis and Wilkin political risk framework 457–9 ... Accountants England and Wales in the form of a risk management handbook Simple Tools and Techniques for Enterprise Risk Management, Second Edition by Robert J Chapman Copyright © 2011, John Wiley... Wiley & Sons, Ltd Part I Enterprise Risk Management in Context Simple Tools and Techniques for Enterprise Risk Management, Second Edition by Robert J Chapman Copyright © 2011, John Wiley & Sons, Ltd... Tools and Techniques for Enterprise Risk Management Second Edition Robert J Chapman PhD Recommended by the Institute of Risk Management A John Wiley & Sons, Ltd., Publication This edition first published