Hjem

Preface xiii Acknowledgments xix
Part One ERM in Context
Chapter 1 Fundamental Concepts and Current State 3 Introduction 3 What Is Risk? 4 What Does Risk Look Like? 8 Enterprise Risk Management (ERM) 11 The Case for ERM 13 Where ERM Is Now 18 Where ERM Is Headed 19 Notes 20
Chapter 2 Key Trends and Developments 21 Introduction 21 Lessons Learned from the Financial Crisis 21 The Wheel of Misfortune Revisited 26 Global Adoption 34 Notes 37
Chapter 3 Performance-Based Continuous ERM 41 Introduction 41 Phase Three: Creating Shareholder Value 43 Performance-Based Continuous ERM 44 Case Study: Legacy Technology 56 Notes 59
Chapter 4 Stakeholder Requirements 61 Introduction 61 Stakeholders Defined 62 Managing Stakeholder Value with ERM 79 Implementing a Stakeholder Management Program 80 Appendix A: Reputational Risk Policy 83 Notes 87
Part Two Implementing an ERM Program
Chapter 5 The ERM Project 93 Introduction 93 Barriers to Change 93 Establish the Vision 95 Obtain Buy-In from Internal Stakeholders 97 Assess Current Capabilities against Best Practices 100 Develop a Roadmap 104 Appendix A: ERM Maturity Model 108 Appendix B: Practical Plan for ERM Program Implementation 111
Chapter 6 Risk Culture 115 Introduction 115 Risk Culture Success Factors 117 Best Practice: Risk Escalation 130 Conclusion 130 Notes 131
Chapter 7 The ERM Framework 132 Introduction 132 The Need for an ERM Framework 132 ERM Framework Criteria 136 Current ERM Frameworks 138 An Update: The Continuous ERM Model 145 Developing a Framework 150 Conclusion 153 Notes 153
Part Three Governance Structure and Policies
Chapter 8 The Three Lines of Defense 157 Introduction 157 COSO''s Three Lines of Defense 158 Problems with This Structure 160 The Three Lines of Defense Revisited 164 Bringing It All Together: How the Three Lines Work in Concert 172 Conclusion 173 Notes 173
Chapter 9 Role of the Board 175 Introduction 175 Regulatory Requirements 176 Current Board Practices 179 Case Study: Satyam 180 Three Levers for ERM Oversight 181 Conclusion 189 Notes 189
Chapter 10 The View from the Risk Chair 191 Introduction 191 Turnaround Story 191 The GPA Model in Action 192 Top Priorities for the Risk Oversight Committee 192 Conclusion 196 Notes 197
Chapter 11 Rise of the CRO 198 Introduction 198 History and Rise of the CRO 199 A CRO''s Career Path 201 The CRO''s Role 202 Hiring a CRO 206 A CRO''s Progress 208 Chief Risk Officer Profiles 212 Notes 225
Chapter 12 Risk Appetite Statement 227 Introduction 227 Requirements of a Risk Appetite Statement 228 Developing a Risk Appetite Statement 233 Roles and Responsibilities 239 Monitoring and Reporting 242 Examples of Risk Appetite Statements and Metrics 246 Notes 250
Part Four Risk Assessment and Quantification
Chapter 13 Risk Control Self-Assessments 255 Introduction 255 Risk Assessment: An Overview 255 RCSA Methodology 256 Phase
1: Setting the Foundation 259 Phase
2: Risk Identification, Assessment, and Prioritization 262 Phase
3: Deep Dives, Risk Quantification, and Management 267 Phase
4: Business and ERM Integration 270 ERM and Internal Audit Collaboration 272 Notes 273
Chapter 14 Risk Quantification Models 274 Introduction 274 Market Risk Models 275 Credit Risk Models 278 Operational Risk Models 281 Model Risk Management 283 The Loss/Event Database 288 Early Warning Indicators 289 Model Risk Case Study: AIG 289 Notes 290
Part Five Risk Management
Chapter 15 Strategic Risk Management 295 Introduction 295 The Importance of Strategic Risk 296 Measuring Strategic Risk 299 Managing Strategic Risk 301 Appendix A: Strategic Risk Models 310 Notes 312
Chapter 16 Risk-Based Performance Management 314 Introduction 314 Performance Management and Risk 316 Performance Management and Capital 317 Performance Management and Value Creation 319 Summary 323 Notes 324
Part Six Risk Monitoring and Reporting
Chapter 17 Integration of KPIs and KRIs 327 Introduction 327 What Is an Indicator? 327 Using Key Performance Indicators 329 Building Key Risk Indicators 330 KPI and KRI Program Implementation 335 Best Practices 337 Conclusion 338 Notes 339
Chapter 18 ERM Dashboard Reporting 340 Introduction 340 Traditional Risk Reporting vs. ERM Dashboard Reporting 344 General Dashboard Requirements 348 Implementing ERM Dashboards 351 Avoid Common Mistakes 357 Best Practices 358 Notes 361
Chapter 19 Feedback Loops 362 Introduction 362 What Is a Feedback Loop? 363 Examples of Feedback Loops 364 ERM Performance Feedback Loop 366 Measuring Success with the ERM Scorecard 368 Notes 371
Part Seven Other ERM Resources
Chapter 20 Additional ERM Templates and Outlines 375 Introduction 375 Strategic Risk Assessment 375 CRO Report to the Risk Committee 376 Cybersecurity Risk Appetite and Metrics 378 Model Risk Policy 380 Risk Escalation Policy 382 Notes 385 About the Author 386 Index 387