Details

<p>Foreword by <i>Robert S. Kaplan</i> xix</p> <p><b>Part I Overview 1</b></p> <p><b>1 Enterprise Risk Management: An Introduction and Overview 3</b></p> <p>What is Enterprise Risk Management? 3</p> <p>Drivers of Enterprise Risk Management 4</p> <p>Summary of the Book Chapters 5</p> <p>Future of ERM and Unresolved Issues 15</p> <p>Notes 16</p> <p>About the Editors 16</p> <p><b>2 A Brief History of Risk Management 19</b></p> <p>Introduction 19</p> <p>Risk Management in Antiquity 19</p> <p>After the Middle Ages 20</p> <p>The Past 100 Years 21</p> <p>Notes 28</p> <p>About the Author 29</p> <p><b>3 ERM and Its Role in Strategic Planning and Strategy Execution 31</b></p> <p>Rising Expectations for Strategic Risk Management 32</p> <p>Integrating Risk into Strategic Planning 34</p> <p>Creating a Strategic Risk Mindset and Culture 40</p> <p>Building a Strategic Risk Assessment Process 42</p> <p>Conclusion 48</p> <p>Notes 48</p> <p>About the Authors 50</p> <p><b>4 The Role of the Board of Directors and Senior Management in Enterprise Risk Management 51</b></p> <p>Introduction 51</p> <p>Governance Expectations for Board Oversight of Risk Management 52</p> <p>Delegation of Risk Oversight to Board Committees 58</p> <p>Formalizing Risk Management Processes 58</p> <p>Senior Executive Leadership in Risk Management 60</p> <p>The Role of the Internal Audit Function in ERM 61</p> <p>External Audit as an Independent Source of Key Risk Identification 61</p> <p>ERM Implementation Strategies 62</p> <p>Conclusion 66</p> <p>Notes 67</p> <p><b>Part II ERM Management, Culture, and Control 69</b></p> <p><b>5 Becoming the Lamp Bearer: The Emerging Roles of the Chief Risk Officer 71</b></p> <p>The Origins of the CRO 72</p> <p>The CRO as Compliance Champion 75</p> <p>The CRO as Modeling Expert 76</p> <p>The CRO as Strategic Controller 77</p> <p>The CRO as Strategic Advisor 78</p> <p>Which CRO Role to Play? 79</p> <p>Conclusion 81</p> <p>Notes 82</p> <p>References 82</p> <p>Acknowledgments 85</p> <p>About the Author 85</p> <p><b>6 Creating a Risk-Aware Culture 87</b></p> <p>The Importance of Culture 87</p> <p>Elements of a Risk-Aware Culture 91</p> <p>How to Create a Risk-Aware Culture 91</p> <p>What Does Risk Management Have to Do? 94</p> <p>Conclusion 95</p> <p>References 95</p> <p>About the Author 95</p> <p><b>7 ERM Frameworks 97</b></p> <p>Introduction 97</p> <p>Elements of an ERM Framework 100</p> <p>Risk Management Process (RMP) 102</p> <p>Mandate and Commitment to the ERM Framework 110</p> <p>Risk Management Policy 113</p> <p>Integration of Risk Management and Resources for ERM 118</p> <p>Communications, Consultation, and Reporting 119</p> <p>Accountability 120</p> <p>Continuous Improvement 121</p> <p>Conclusion 122</p> <p>References 122</p> <p>About the Author 123</p> <p><b>8 Identifying and Communicating Key Risk Indicators 125</b></p> <p>Introduction 125</p> <p>What is a Key Risk Indicator? 126</p> <p>Practical Applications 129</p> <p>Value of KRIs to Risk Management 134</p> <p>Design Principles 135</p> <p>Implementation Considerations 137</p> <p>Conclusion 139</p> <p>Note 139</p> <p>Acknowledgment 140</p> <p>About the Author 140</p> <p><b>Part III ERM Tools and Techniques 141</b></p> <p><b>9 How to Create and Use Corporate Risk Tolerance 143</b></p> <p>Introduction 143</p> <p>What is Risk Tolerance? 144</p> <p>Why is Setting Risk Tolerance Important? 144</p> <p>What Are the Factors to Consider in Setting Risk Tolerance? 145</p> <p>How Can Your Organization Make Risk Tolerance Useful in Managing Risk? 150</p> <p>Conclusion 152</p> <p>Notes 153</p> <p>About the Authors 154</p> <p><b>10 How to Plan and Run a Risk Management Workshop 155</b></p> <p>Introduction 155</p> <p>What is a Risk Workshop? 155</p> <p>Why Use Workshops? 156</p> <p>How to Conduct a Risk Workshop 156</p> <p>Preparation 156</p> <p>Execution 165</p> <p>Techniques for Planning and Facilitating Effective</p> <p>Risk Workshops 168</p> <p>Conclusion 170</p> <p>About the Author 170</p> <p><b>11 How to Prepare a Risk Profile 171</b></p> <p>Introduction 171</p> <p>Definition and Uses of a Corporate Risk Profile 171</p> <p>Common Types of Corporate Risk Profiles 173</p> <p>Advantages and Disadvantages of Information-Gathering Methodologies 176</p> <p>How to Prepare a “Top 10” Risk Profile—Hydro One’s Experience 176</p> <p>Conclusion 186</p> <p>Notes 186</p> <p>References 187</p> <p>About the Author 188</p> <p><b>12 How to Allocate Resources Based on Risk 189</b></p> <p>Introduction 189</p> <p>Risk Policy and a Center of Excellence for Risk Management 191</p> <p>The Consequence Domain 193</p> <p>Risk-Based Business Processes and Organizational Considerations 200</p> <p>Concepts, Methods, and Models Enabling Risk Identification, Evaluation, Mitigation, Prioritization, and Management 206</p> <p>Information Requirements and Challenges 211</p> <p>Measures of Effectiveness for Continuous Improvement 213</p> <p>Conclusion 213</p> <p>Notes 214</p> <p>About the Author 216</p> <p>Appendix 12.A 216</p> <p><b>13 Quantitative Risk Assessment in ERM 219</b></p> <p>Introduction 219</p> <p>Risk Assessment: Four Alternative Approaches 222</p> <p>Aggregating Probabilities and Impacts 230</p> <p>Total Corporate Risk: An Illustration 232</p> <p>Incorporating Risk Quantification in the Business Planning Process 233</p> <p>Sensitivities and Scenarios 233</p> <p>Conclusion 234</p> <p>Notes 235</p> <p>References 235</p> <p>About the Author 235</p> <p><b>Part IV Types of Risk 237</b></p> <p><b>14 Market Risk Management and Common Elements with Credit Risk Management 239</b></p> <p>Introduction to Credit Risk and Market Risk 239</p> <p>Responding to Credit and Market Risk 242</p> <p>Measuring Market Risk 246</p> <p>Market Risk Management with Forward-Type Products 250</p> <p>Conclusion 259</p> <p>Notes 259</p> <p>References 260</p> <p>About the Author 260</p> <p><b>15 Credit Risk Management 261</b></p> <p>Credit Risk Analysis 261</p> <p>An Analysis of the Credit Crisis 272</p> <p>Conclusion 277</p> <p>Notes 277</p> <p>References 277</p> <p>About the Author 278</p> <p><b>16 Operational Risk Management 279</b></p> <p>Introduction 279</p> <p>What is Operational Risk and Why Should You Care About It? 280</p> <p>Is Risk All Bad? 283</p> <p>How Do You Assess Operational Risks, Particularly in a Dynamic Business Environment? 284</p> <p>Why You Need to Define Risk Tolerance for Aligned Decision Making 287</p> <p>What Can You Do to Effectively Manage Operational Risk? 289</p> <p>How Do You Encourage a Culture of Risk Management at the Operational Level? 296</p> <p>How Do You Align Operational Risk Management with Enterprise Risk Management? 297</p> <p>Conclusion 300</p> <p>Notes 301</p> <p>About the Author 301</p> <p><b>17 Risk Management: Techniques in Search of a Strategy 303</b></p> <p>Introduction 303</p> <p>Current Situation 304</p> <p>Risk Strategy Framework 307</p> <p>Governance 312</p> <p>New Directions 314</p> <p>Conclusion 316</p> <p>Notes 316</p> <p>References 318</p> <p>About the Author 320</p> <p><b>18 Managing Financial Risk and Its Interaction with Enterprise Risk Management 321</b></p> <p>Introduction 321</p> <p>What is Financial Risk and How is It Managed? 322</p> <p>Theoretical Underpinnings of Financial Hedging and Empirical Findings 325</p> <p>Interaction of Financial Hedging with Other Types of Risk Management 328</p> <p>What Can We Learn About ERM Given Our Knowledge of Financial Hedging? 332</p> <p>Notes 333</p> <p>References 333</p> <p>About the Author 334</p> <p><b>19 Bank Capital Regulation and Enterprise Risk Management 337</b></p> <p>Introduction 337</p> <p>The Evolution of Bank Capital Requirements 337</p> <p>Conclusion 345</p> <p>Notes 346</p> <p>References 347</p> <p>About the Author 349</p> <p><b>20 Legal Risk Post-SOX and the Subprime Fiasco: Back to the Drawing Board 351</b></p> <p>Introduction 351</p> <p>The Legal Framework of Legal and Reputational Risk Management 352</p> <p>An Assessment of the SOX Framework on Legal and Reputational Risk 359</p> <p>Toward Optimal Reputational and Legal Risk Management 363</p> <p>Conclusion 365</p> <p>Note 365</p> <p>References 365</p> <p>About the Author 367</p> <p><b>21 Financial Reporting and Disclosure Risk Management 369</b></p> <p>The Importance of Disclosure Management and ERM 369</p> <p>Foundations in the United States 370</p> <p>Disclosure and Sarbanes-Oxley 371</p> <p>Important SOX Sections 372</p> <p>Other Financial Reporting 375</p> <p>Risk Identification, Monitoring, and Reporting 377</p> <p>Financial Reporting Challenges Today 379</p> <p>Conclusion 383</p> <p>Notes 383</p> <p>References 384</p> <p>About the Author 384</p> <p><b>Part V Survey Evidence and Academic Research 385</b></p> <p><b>22 Who Reads What Most Often?: A Survey of Enterprise Risk Management Literature Read by Risk Executives 387</b></p> <p>Introduction 387</p> <p>Survey Methodology 389</p> <p>Survey Results 390</p> <p>Conclusion 402</p> <p>Appendix 22.A: Publications Included in the Survey 403</p> <p>Appendix 22.B: Survey Respondents Who Gave Permission to Be Identified 410</p> <p>Notes 410</p> <p>References 412</p> <p>About the Authors 416</p> <p><b>23 Academic Research on Enterprise Risk Management 419</b></p> <p>Introduction 419</p> <p>Academic Research on Enterprise Risk Management 420</p> <p>Case Studies on ERM 432</p> <p>Conclusion 436</p> <p>Notes 437</p> <p>References 438</p> <p>About the Authors 439</p> <p><b>24 Enterprise Risk Management: Lessons from the Field 441</b></p> <p>Introduction 441</p> <p>Lessons from the ERM Process 442</p> <p>Lessons from Integrating ERM with Ongoing Management Initiatives 449</p> <p>Some Key Value Lessons from ERM 457</p> <p>Conclusion 459</p> <p>Notes 459</p> <p>References 460</p> <p>Further Reading 461</p> <p>About the Authors 462</p> <p><b>Part VI Special Topics and Case Studies 465</b></p> <p><b>25 Rating Agencies’ Impact on Enterprise Risk Management 467</b></p> <p>Introduction 467</p> <p>Banking: General 468</p> <p>Insurance: S&P 468</p> <p>Insurance: Moody’s 470</p> <p>Insurance: Fitch 471</p> <p>Insurance: A.M. Best 472</p> <p>U.S. Energy Companies: S&P 473</p> <p>Nonfinancial Companies: S&P 473</p> <p>A Fly in the Ointment 476</p> <p>Conclusion 476</p> <p>Notes 477</p> <p>Further Reading 478</p> <p>About the Author 478</p> <p><b>26 Enterprise Risk Management: Current Initiatives and Issues 479</b></p> <p>Question 1 482</p> <p>Question 2 483</p> <p>Question 3 489</p> <p>Question 4 491</p> <p>Question 5 493</p> <p>Question 6 495</p> <p>Question 7 497</p> <p>Question 8 499</p> <p>Notes 502</p> <p><b>27 Establishing ERM Systems in Emerging Countries 505</b></p> <p>Introduction 505</p> <p>Enterprise Risk Management and Its Benefits in Emerging Markets 506</p> <p>Observations of ERM Practices in Emerging Countries 524</p> <p>Conclusion 524</p> <p>Appendix: COSO Approach to Enterprise Risk Management 525</p> <p>Notes 527</p> <p>References 528</p> <p>About the Author 528</p> <p><b>28 The Rise and Evolution of the Chief Risk Officer: Enterprise Risk Management at Hydro One 531</b></p> <p>Hydro One 533</p> <p>Getting Started with ERM 533</p> <p>Processes and Tools 538</p> <p>Corporate Risk Profile 543</p> <p>Quantifying the Unquantifiable 548</p> <p>Benefits of ERM and Outcomes at Hydro One 550</p> <p>Conclusion 553</p> <p>Notes 553</p> <p>About the Authors 556</p> <p>Index 557</p>

<p><b>JOHN FRASER</b> is the Vice President, Internal Audit, and Chief Risk Officer of Hydro One Networks Inc. He is an Ontario and Canadian Chartered Accountant, a Fellow of the Association of Chartered Certified Accountants (U.K.), a Certified Internal Auditor, and a Certified Information Systems Auditor. Fraser has more than 30 years' experience in the risk and control field, mostly in the financial services sector. He is currently the Chair of the Advisory Committee of the Conference Board of Canada's Strategic Risk Council and a Practitioner Associate Editor of the <i>Journal of Applied Finance.</i> <p><b>BETTY J. SIMKINS, P<small>H</small>D,</b> is the Williams Companies Professor of Business and Professor of Finance at Oklahoma State University. She has published more than 40 journal articles and book chapters. Many of these articles are on the topics of risk management and enterprise risk management. Simkins is also active in the finance profession and currently serves on the board of directors for the Financial Management Association, as co-editor of the <i>Journal of Applied Finance</i>, as Executive Editor of <i>FMA Online</i>, and as past president of the Eastern Finance Association. Prior to entering academia, she worked for Conoco-Phillips and Williams Companies.

<p><b>ENTERPRISE RISK MANAGEMENT</b> <p>The Robert W. Kolb Series in Finance is an unparalleled source of information dedicated to the most important issues in modern finance. Each book focuses on a specific topic in the field of finance and contains contributed chapters from both respected academics and experienced financial professionals. As part of the Robert W. Kolb Series in Finance, Enterprise Risk Management introduces you to the essential concepts and techniques associated with this dynamic field. It provides a blend of academic and practical experience in order to educate both professionals and students alike. <p>Filled with in-depth insights and expert advice, this reliable resource offers holistic coverage of ERM and, in the process, addresses the what, why, and how of ERM to assist firms with its successful implementation. <p>Divided into six comprehensive parts, Enterprise Risk Management: <ul> <li>Offers a broad overview of risk tolerance, risk profiles, and allocation of resources</li> <li>Provides a thorough introduction to ERM as it relates to credit, market, and operational risk</li> <li>Examines the evolving requirements of the rating agencies and their importance to overall risk management in a corporate setting</li> <li>Discusses the drivers, techniques, and benefits involved in successfully implementing enterprise risk management</li> <li>And much more</li> </ul> <p>With this book as your guide, you'll gain a firm understanding of the issues surrounding ERM and what it will take to make it work for you.

US