Simple Tools and Techniques for
Enterprise Risk Management


First Edition Book Endorsements
Enterprise Risk Management is a necessary and valuable tool for indentifying, quantifying and
mitigating risks across an organization but it is also a significant undertaking in terms of knowledge
and application. In these days of fiscal, regulatory and political correctness this book addresses
ERM in its broadest sense, providing useful reference and examples. Written in a clear and concise
manner, the content should be of tremendous value to anyone involved in risk, audit or corporate
governance whether as an analyst or board member.
(Robin Paris, Director, Group Risk, Nestl´e)
This book provides an excellent introduction to enterprise risk management set in the context
of strong corporate governance. The writing is clear and direct, combining a comprehensive
understanding of enterprise risk with a practical and straightforward guide to tools and techniques
from strategic to operational level. As a result I have no doubt that it will find its way onto the
shelves of the more experienced risk managers.
(Caroline Donaldson, Director, Head of Risk, Network Rail)
Robert Chapman has distilled years of experience and produced a book which is easy to read
and full of practical/useful information. Having devised and implemented an enterprise risk
management process, I found much of the material instantly recognizable and relevant. My one
regret is that this book was not available earlier!
(Matt Smith, Group Risk Manager, Tate & Lyle plc)
This book will be of benefit to all levels of risk practitioner and sets ERM in the context of corporate
governance and internal control requirements. It provides a particularly clear description of a risk
management process defined by IDEFO diagrams with a useful discussion of internal and external
risk factors.
(Andrew Wood, Director, Risk Management, Serco Group plc)


Simple Tools and Techniques for

Enterprise Risk Management
Second Edition

Robert J. Chapman PhD

Recommended by the Institute of Risk Management

A John Wiley & Sons, Ltd., Publication


This edition first published 2011
Copyright © 2011 John Wiley & Sons, Ltd
Registered Office
John Wiley & Sons Ltd, The Atrium, Southern Gate, Chichester, West Sussex, PO19 8SQ, United Kingdom
For details of our global editorial offices, for customer services and for information about how to apply for
permission to reuse the copyright material in this book please see our website at www.wiley.com.
The right of the author to be identified as the author of this work has been asserted in accordance with the Copyright,
Designs and Patents Act 1988.
All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any
form or by any means, electronic, mechanical, photocopying, recording or otherwise, except as permitted by the UK
Copyright, Designs and Patents Act 1988, without the prior permission of the publisher.
Wiley publishes in a variety of print and electronic formats and by print-on-demand. Some material included with
standard print versions of this book may not be included in e-books or in print-on-demand. If this book refers to
media such as a CD or DVD that is not included in the version you purchased, you may download this material at
. For more information about Wiley products, visit www.wiley.com.
Designations used by companies to distinguish their products are often claimed as trademarks. All brand names and
product names used in this book are trade names, service marks, trademarks or registered trademarks of their
respective owners. The publisher is not associated with any product or vendor mentioned in this book. This
publication is designed to provide accurate and authoritative information in regard to the subject matter covered. It is
sold on the understanding that the publisher is not engaged in rendering professional services. If professional advice

or other expert assistance is required, the services of a competent professional should be sought.
Library of Congress Cataloging-in-Publication Data
Chapman, Robert J.
Simple tools and techniques for enterprise risk management / Robert J. Chapman. – 2nd ed.
p. cm.
ISBN 978-1-119-98997-4 (hbk) – ISBN 978-1-119-99065-9 (ebk) – ISBN 978-1-119-99064-2 (ebk)
1. Risk management. 2. Risk. 3. Uncertainty. 4. Decision making. I. Title.
HD61.C494 2011
658.15 5–dc23
2011042252
ISBN: 978-1-119-98997-4 (hbk) ISBN: 978-1-119-96321-9 (ebk)
ISBN: 978-1-119-99065-9 (ebk) ISBN: 978-1-119-99064-2 (ebk)
A catalogue record for this book is available from the British Library.

Set in 10/12pt Times by Aptara Inc., New Delhi, India
Printed and bound by CPI Group (UK) Ltd, Croydon, CR0 4YY


To Kay, Dominic and Gemma


Contents
List of Figures

xxvii

Preface to the Second Edition

xxxi


Acknowledgements

xxxv

About the Author
PART I

ENTERPRISE RISK MANAGEMENT IN CONTEXT

xxxvii
1

1 Introduction
1.1 Risk Diversity
1.2 Approach to Risk Management
1.3 Business Growth Through Risk Taking
1.4 Risk and Opportunity
1.5 The Role of the Board
1.6 Primary Business Objective (or Goal)
1.7 What is Enterprise Risk Management?
1.8 Benefits of Enterprise Risk Management
1.9 Structure
1.9.1 Corporate Governance
1.9.2 Internal Control
1.9.3 Implementation
1.9.4 Risk Management Framework
1.9.5 Risk Management Policy
1.9.6 Risk Management Process
1.9.7 Sources of Risk
1.10 Summary

1.11 References

3
4
5
5
6
7
8
9
10
12
12
13
14
14
15
15
16
16
16

2 Developments in Corporate Governance in the UK
2.1 Investor Unrest
2.2 The Problem of Agency

19
19
20



viii

Contents

2.3
2.4
2.5
2.6
2.7
2.8
2.9
2.10
2.11
2.12
2.13
2.14
2.15
2.16
2.17
2.18
2.19
2.20
2.21
2.22

The Cadbury Committee
The Greenbury Report
The Hampel Committee and the Combined Code of 1998
Smith Guidance on Audit Committees

Higgs
Tyson
Combined Code on Corporate Governance 2003
Companies Act 2006
Combined Code on Corporate Governance 2008
Sir David Walker’s Review of Corporate Governance, July 2009
(Consultation Paper)
Sir David Walker’s Review of Corporate Governance, November 2009 (Final
Recommendation)
House of Commons Treasury Committee 2009
UK Corporate Governance Code, June 2010
The “Comply or Explain” Regime
Definition of Corporate Governance
Formation of Companies
The Financial Services Authority and Markets Act 2000
The London Stock Exchange
Summary
References

3 Developments in Corporate Governance in the US
3.1 Corporate Governance
3.2 The Securities and Exchange Commission
3.2.1 Creation of the SEC
3.2.2 Organisation of the SEC
3.3 The Laws That Govern the Securities Industry
3.3.1 Securities Act 1933
3.3.2 Securities Exchange Act 1934
3.3.3 Trust Indenture Act 1939
3.3.4 Investment Company Act 1940
3.3.5 Investment Advisers Act 1940

3.4 Catalysts for the Sarbanes-Oxley Act 2002
3.4.1 Enron
3.4.2 WorldCom
3.4.3 Tyco International
3.4.4 Provisions of the Act
3.4.5 Implementation
3.4.6 Sarbanes-Oxley Section 404
3.4.7 The Positive Effects of Post-Enron Reforms
3.4.8 Criticism of Section 404 Before the Global Financial Crisis
3.4.9 Criticism of Section 404 After the Global Financial Crisis
3.5 National Association of Corporate Directors 2008
3.6 Summary
3.7 References

21
23
23
23
24
24
25
26
26
27
29
30
32
34
34
35

36
36
37
38
41
41
42
42
43
44
44
44
45
45
45
45
46
47
47
50
52
52
52
54
54
55
56
57



Contents

ix

4 The Global Financial Crisis of 2007–2009: A US Perspective
4.1 The Financial Crisis in Summary
4.2 How the Financial Crisis Unfolded
4.3 The United States Mortgage Finance Industry
4.4 Subprime Model of Mortgage Lending
4.4.1 Contributing Events to the Credit Crisis
4.4.2 Foreclosures
4.4.3 Negative Equity
4.4.4 Housing Surplus
4.4.5 Vicious Circles
4.5 Why this Crisis Warrants Close Scrutiny
4.6 Behaviours
4.6.1 Investor Behaviour in the Search for Yield
4.6.2 Mortgage Lending Behaviour
4.6.3 Bank Behaviour and Risk Transfer through
Securitised Credit
4.6.4 “Group Think” and Herd Behaviour
4.6.5 Banks’ Behaviour and Risk Appetite
4.6.6 Behaviour of Regulators and the Division of “Narrow Banking”
from Investment Banking
4.6.7 Banks’ Behaviour and Misplaced Reliance of Sophisticated
Mathematics and Statistics
4.7 Worldwide Deficiencies in Risk Management
4.8 Federal Reform
4.9 Systemic Risk
4.10 The Future of Risk Management

4.11 Summary
4.12 References

59
59
60
61
61
61
63
65
67
68
68
70
70
71

5 Developments in Corporate Governance in Australia and Canada
5.1 Australian Corporate Governance
5.1.1 Regulation Arising from Corporate Failures
5.1.2 Corporate Governance Reforms Following the Accounting Scandals
of the Early 2000s
5.1.3 Horwath 2002 Corporate Governance Report
5.1.4 The ASX Corporate Governance Council
5.1.5 Financial Statements
5.2 Canada
5.2.1 Dey Report
5.2.2 Dey Revisited
5.2.3 Kirby Report

5.2.4 Saucier Committee
5.2.5 National Policy and Instrument (April 2005)
5.2.6 TSE Corporate Governance: Guide to Good
Disclosure 2006
5.3 Summary
5.4 References

85
85
85

71
72
74
75
75
76
76
79
81
82
82

86
88
89
90
90
90
91

91
92
92
93
94
94


x

Contents

6 Internal Control and Risk Management
6.1 The Composition of Internal Control
6.2 Risk as a Subset of Internal Control
6.2.1 The Application of Risk Management
6.3 Allocation of Responsibility
6.3.1 Cadbury Committee
6.3.2 Hampel Committee
6.3.3 Turnbull
6.3.4 Higgs Review
6.3.5 Smith Review
6.3.6 OECD
6.4 The Context of Internal Control and
Risk Management
6.5 Internal Control and Risk Management
6.6 Embedding Internal Control and
Risk Management
6.7 Summary
6.8 References


97
97
98
98
102
102
102
103
104
104
105

7 Developments in Risk Management in the UK Public Sector
7.1 Responsibility for Risk Management
in Government
7.1.1 Cabinet Office
7.1.2 Treasury
7.1.3 Office of Government Commerce
7.1.4 National Audit Office
7.2 Risk Management Publications
7.3 Successful IT
7.4 Supporting Innovation
7.4.1 Part 1: Why Risk Management is Important
7.4.2 Part 2: Comprehension of Risk Management
7.4.3 Part 3: What More Needs to be Done to Improve Risk Management
7.5 The Orange Book
7.5.1 Identify the Risks and Define a Framework
7.5.2 Assign Ownership
7.5.3 Evaluate

7.5.4 Assess Risk Appetite
7.5.5 Response to Risk
7.5.6 Gain Assurance
7.5.7 Embed and Review
7.6 Audit Commission
7.7 CIPFA/SOLACE Corporate Governance
7.8 M_o_R 2002
7.9 DEFRA
7.9.1 Risk Management Strategy
7.10 Strategy Unit Report
7.11 Risk and Value Management

109

106
107
107
107
108

109
110
111
111
112
112
113
115
115
115

115
116
116
116
117
117
117
118
118
118
120
121
123
123
124
125


Contents

7.12 The Green Book
7.12.1 Optimism Bias
7.12.2 Annex 4
7.13 CIPFA Guidance on Internal Control
7.14 Managing Risks to Improve Public Services
7.15 The Orange Book (Revised)
7.16 M_o_R 2007
7.17 Managing Risks in Government
7.18 Summary
7.19 References


xi

126
126
127
127
129
131
132
132
134
136

PART II THE RISK MANAGEMENT PROCESS
References

137
139

8 Establishing the Context: Stage 1
8.1 Process
8.2 Process Goal and Subgoals
8.3 Process Definition
8.4 Process Inputs
8.5 Process Outputs
8.6 Process Controls (Constraints)
8.7 Process Mechanisms (Enablers)
8.7.1 Ratios
8.7.2 Risk Management Process Diagnostic

8.7.3 SWOT Analysis
8.7.4 PEST Analysis
8.8 Process Activities
8.8.1 Business Objectives
8.8.2 Business Plan
8.8.3 Examining the Industry
8.8.4 Establishing the Processes
8.8.5 Projected Financial Statements
8.8.6 Resources
8.8.7 Change Management
8.8.8 Marketing Plan
8.8.9 Compliance Systems
8.9 Summary
8.10 References

141
141
142
143
143
145
145
146
146
147
148
148
149
149
150

151
151
153
155
155
155
156
156
156

9 Risk Identification: Stage 2
9.1 Process
9.2 Process Goal and Subgoals
9.3 Process Definition
9.4 Process Inputs
9.5 Process Outputs
9.6 Process Controls (Constraints)
9.7 Process Mechanisms (Enablers)

159
159
159
160
161
162
162
163


xii


Contents

9.7.1 Risk Checklist
9.7.2 Risk Prompt List
9.7.3 Gap Analysis
9.7.4 Risk Taxonomy
9.7.5 PEST Prompt
9.7.6 SWOT Prompt
9.7.7 Database
9.7.8 Business Risk Breakdown Structure
9.7.9 Risk Questionnaire
9.7.10 Risk Register Content/Structure
9.8 Process Activities
9.8.1 Clarifying the Business Objectives
9.8.2 Reviewing the Business Analysis
9.8.3 Need for Risk and Opportunity Identification
9.8.4 Risk and Opportunity Identification
9.8.5 Facilitation
9.8.6 Gaining a Consensus on the Risks, the Opportunities and
their Interdependencies
9.8.7 Risk Register
9.9 Summary
9.10 References

163
163
163
164
165

168
168
169
169
170
171
171
171
171
172
172
182
182
182
182

10 Risk Analysis: Stage 3
10.1 Process
10.2 Process Goal and Subgoals
10.3 Process Definition
10.4 Process Inputs
10.5 Process Outputs
10.6 Process Controls (Constraints)
10.7 Process Mechanisms (Enablers)
10.7.1 Probability
10.8 Process Activities
10.8.1 Causal Analysis
10.8.2 Decision Analysis and Influence Diagrams
10.8.3 Pareto Analysis
10.8.4 CAPM Analysis

10.8.5 Define Risk Evaluation Categories and Values
10.9 Summary
10.10 References

185
185
186
186
186
188
188
188
188
189
190
190
193
194
195
195
196

11 Risk Evaluation: Stage 4
11.1 Process
11.2 Process Goal and Subgoals
11.3 Process Definition
11.4 Process Inputs
11.5 Process Outputs
11.6 Process Controls (Constraints)


197
197
197
198
198
198
199


Contents

11.7 Process Mechanisms (Enablers)
11.7.1 Probability Trees
11.7.2 Expected Monetary Value
11.7.3 Utility Theory and Functions
11.7.4 Decision Trees
11.7.5 Markov Chain
11.7.6 Investment Appraisal
11.8 Process Activities
11.8.1 Basic Concepts of Probability
11.8.2 Sensitivity Analysis
11.8.3 Scenario Analysis
11.8.4 Simulation
11.8.5 Monte Carlo Simulation
11.8.6 Latin Hypercube
11.8.7 Probability Distributions Defined from
Expert Opinion
11.9 Summary
11.10 References


xiii

200
200
201
203
204
208
210
215
215
216
217
217
218
220
220
221
222

12 Risk Treatment: Stage 5
12.1 Process
12.2 Process Goal and Subgoals
12.3 Process Definition
12.4 Process Inputs
12.5 Process Outputs
12.6 Process Controls (Constraints)
12.7 Process Mechanisms
12.8 Process Activities
12.9 Risk Appetite

12.10 Risk Response Strategies
12.10.1 Risk Reduction
12.10.2 Risk Removal
12.10.3 Risk Reassignment or Transfer
12.10.4 Risk Retention
12.11 Summary
12.12 References

223
223
223
224
224
224
225
225
226
226
228
228
228
229
230
230
231

13 Monitoring and Review: Stage 6
13.1 Process
13.2 Process Goal and Subgoals
13.3 Process Definition

13.4 Process Inputs
13.5 Process Outputs
13.6 Process Controls (Constraints)
13.7 Process Mechanisms
13.8 Process Activities
13.8.1 Executing

233
233
234
234
235
235
235
236
236
236


xiv

Contents

13.8.2 Monitoring
13.8.3 Controlling
13.9 Summary
13.10 Reference

236
237

239
240

14 Communication and Consultation: Stage 7
14.1 Process
14.2 Process Goal and Subgoals
14.3 Process Definition
14.4 Process Inputs
14.5 Process Outputs
14.6 Process Controls (Constraints)
14.7 Process Mechanisms
14.8 Process Activities
14.9 Internal Communication
14.10 External Communication
14.11 Summary
14.12 Reference

241
241
242
242
243
243
244
244
244
245
245
245
246


PART III INTERNAL INFLUENCES – MICRO FACTORS

247

15 Financial Risk Management
15.1 Definition of Financial Risk
15.2 Scope of Financial Risk
15.3 Benefits of Financial Risk Management
15.4 Implementation of Financial Risk Management
15.5 Liquidity Risk
15.5.1 Current and Quick Ratios
15.5.2 Mitigation of Liquidity Risk
15.6 Credit Risk
15.6.1 Default Risk
15.6.2 Exposure Risk
15.6.3 Recovery Risk
15.6.4 Credit Insurance
15.6.5 Counterparty Risk
15.6.6 Due Diligence
15.7 Borrowing
15.8 Currency Risk
15.9 Funding Risk
15.10 Foreign Investment Risk
15.10.1 Country Risk
15.10.2 Environment Risk
15.11 Derivatives
15.11.1 Exchange Traded Derivatives
15.11.2 Over-the-Counter Derivatives
15.12 Summary

15.13 References

249
249
250
250
251
251
251
253
253
253
254
254
255
256
256
259
259
260
262
262
263
263
263
264
264
265



Contents

xv

16 Operational Risk Management
16.1 Definition of Operational Risk
16.2 Scope of Operational Risk
16.3 Benefits of Operational Risk
16.4 Implementation of Operational Risk
16.5 Strategy
16.5.1 Definition of Strategy Risk
16.5.2 Objectives
16.5.3 Business Plan
16.5.4 New Business Development
16.5.5 Resources
16.5.6 Stakeholder Interests
16.5.7 Corporate Experience
16.5.8 Reputation
16.6 People
16.6.1 Definition of People Risk
16.6.2 Types of People Risk
16.6.3 Human Resource Management Practices
16.6.4 Ability to Pay Salaries
16.6.5 Regulatory and Statutory Requirements
16.6.6 Staff Constraints
16.6.7 Staff Dishonesty
16.6.8 Risk Management
16.6.9 Health and Safety
16.7 Processes and Systems
16.7.1 Definition of Processes and Systems Risk

16.7.2 Controls
16.7.3 Regulatory and Statutory Requirements
16.7.4 Continuity
16.7.5 Indicators of Loss
16.7.6 Transactions
16.7.7 Computer/IT Systems
16.7.8 Knowledge Management
16.7.9 Project Management
16.8 External Events
16.8.1 Change Management
16.8.2 Business Continuity
16.9 Outsourcing
16.10 Measurement
16.11 Mitigation
16.12 Summary
16.13 References

267
268
269
270
270
270
270
271
272
272
273
273
274

274
275
275
276
276
277
277
280
287
287
292
292
293
293
294
294
295
295
297
301
302
303
303
304
305
307
307
307
308


17 Technological Risk Management
17.1 Definition of Technology Risk
17.2 Scope of Technology Risk
17.3 Benefits of Technology Risk Management

309
310
310
311


xvi

Contents

17.4 Implementation of Technology
Risk Management
17.5 Primary Technology Types
17.5.1 Information Technology
17.5.2 Communications Technology
17.5.3 Control Technology
17.6 Responding to Technology Risk
17.6.1 IT Governance
17.6.2 Investment
17.6.3 Projects
17.7 Summary
17.8 References
18 Project Risk Management
18.1 Definition of Project Risk
18.2 Definition of Project Risk Management

18.3 Sources of Project Risk
18.4 Benefits of Project Risk Management
18.5 Embedding Project Risk Management
18.5.1 Common Challenges in Implementing Project
Risk Management
18.5.2 Lack of Clearly Defined and Disseminated Risk
Management Objectives
18.5.3 Lack of Senior Executive and Project Director
Commitment and Support
18.5.4 Lack of a Risk Maturity Model
18.5.5 Lack of a Change Process to Implement the Discipline
18.5.6 No Common Risk Language (Terms and Definitions)
18.5.7 Lack of Articulation of the Project Sponsor’s
Risk Appetite
18.5.8 No Definition of Roles and Responsibilities
18.5.9 Lack of Risk Management Awareness Training to Build
Core Competencies
18.5.10 Lack of Integration of Risk Management with Other
Project Disciplines
18.5.11 Reticence of Project Personnel to Spend Time on
Risk Management
18.5.12 Risk Owners not Automatically Taking Responsibility for
Assigned Risks
18.5.13 No Clear Demonstration of How Risk Management Adds Value
and Contributes to Project Performance
18.5.14 Overcomplicated Implementation from an Unclear Risk Policy,
Strategy, Framework, Plan and Procedure
18.5.15 Lack of Alignment between the Business Strategy, Business
Model and the Risk Management Objectives
18.5.16 Lack of the Integration of Risk Management Activities into the

Day-to-Day Activities of Project Managers

311
312
312
315
319
324
324
326
329
330
331
333
334
334
335
335
336
336
337
337
337
338
338
338
339
339
340
340

341
341
341
341
342


Contents

18.6 Project Risk Management Process
18.6.1 Establish the Context
18.6.2 Risk Identification
18.6.3 Risk Analysis
18.6.4 Risk Evaluation
18.6.5 Risk Treatment
18.6.6 Risk Monitoring and Review
18.6.7 Communication and Consultation
18.7 Responsibility for Project Risk Management
18.8 Project Director’s Role
18.9 Project Team
18.9.1 Lack of Team Structure
18.9.2 Lack of Definition of Roles
18.9.3 Lack of Responsibility Assignment Matrix
18.9.4 Poor Leadership
18.9.5 Poor Team Communication
18.10 Optimism Bias
18.10.1 The Investment Decision
18.10.2 Optimism Bias
18.10.3 Monitoring
18.10.4 Using Numerical Indicators in Project Decision Making

18.10.5 Causes of Optimism Bias
18.10.6 The Distinction between Risk Events and Optimism Bias
18.11 Software Tools Used to Support Project
Risk Management
18.12 Techniques Used to Support Project
Risk Management
18.13 Summary
18.14 References
19 Business Ethics Management
19.1 Definition of Business Ethics Risk
19.2 Scope of Business Ethics Risk
19.3 Benefits of Ethics Risk Management
19.4 How Unethical Behaviour can Arise
19.5 Recognition of the Need for Business Ethics
19.5.1 US Department of Commerce
19.5.2 The G8 Summit in Italy Pushes for a Return to “Ethics”
19.5.3 OECD and Its Approach to Business Ethics
19.5.4 UK Financial Services Authority
19.5.5 US Department of Justice
19.6 Factors that Affect Business Ethics
19.7 Risk Events
19.8 Implementation of Ethical Risk Management
19.8.1 Areas of Focus
19.8.2 Levels of Application
19.8.3 The System

xvii

342
342

344
344
345
345
345
346
346
347
347
347
348
348
348
348
349
349
350
350
350
351
351
351
352
352
354
355
355
356
357
357

358
358
359
359
360
360
361
361
365
365
366
368


xviii

Contents

19.9 Summary
19.10 References

374
374

20 Health and Safety Management
20.1 Definition of Health and Safety Risk
20.2 Scope of Health and Safety Risk
20.3 Benefits of Health and Safety Risk Management
20.3.1 Business Benefits
20.3.2 The Enterprise Context: AstraZeneca

20.4 The UK Health and Safety Executive
20.4.1 The UK Perspective: Health and Safety Record
20.5 The European Agency for Safety and
Health at Work
20.5.1 Main Challenges Concerning Health and Safety at Work
20.6 Implementation of Health and Safety
Risk Management
20.6.1 Management Arrangements
20.6.2 Risk Controls
20.6.3 Workplace Precautions
20.6.4 System Implementation
20.7 Workplace Precautions
20.8 Contribution of Human Error to
Major Disasters
20.8.1 Tenerife, 27 March 1977
20.8.2 Chernobyl, 26 April 1986
20.8.3 Kegworth, 8 January 1989
20.8.4 Herald of Free Enterprise, 6 March 1987
20.8.5 Piper Alpha, 6 July 1988
20.8.6 Ladbroke Grove, 5 October 1999
20.9 Improving Human Reliability in the Workplace
20.10 Risk Management Best Practice
20.10.1 Crisis Management Plan
20.11 Summary
20.12 References

375
375
376
376

377
378
378
379

PART IV EXTERNAL INFLUENCES – MACRO FACTORS

391

21 Economic Risk
21.1 Definition of Economic Risk
21.2 Scope of Economic Risk
21.3 Benefits of Economic Risk Management
21.4 Implementation of Economic Risk Management
21.5 Microeconomics and Macroeconomics
21.6 Macroeconomics
21.6.1 Gross Domestic Product
21.7 Government Policy
21.7.1 Fiscal Policy

393
393
393
394
394
394
395
395
397
397


379
380
380
381
381
381
382
382
382
382
384
385
386
387
387
388
389
389
390
390


Contents

21.8

21.9
21.10
21.11

21.12
21.13
21.14

21.15
21.16
21.17

21.7.2 Monetary Policy
21.7.3 Competing Theories
Aggregate Demand
21.8.1 Using Aggregate Demand Curves
21.8.2 Determinants of Consumer Spending
21.8.3 Determinants of Investment Expenditure
21.8.4 Determinants of Government Spending
21.8.5 Determinants of Net Expenditure on Exports and Imports
Aggregate Supply
Employment Levels
Inflation
Interest Rate Risk
House Prices
International Trade and Protection
21.14.1 Trade
21.14.2 Methods of Protectionism
21.14.3 Trade Policy
21.14.4 Balance of Trade
Currency Risk
21.15.1 Risk Mitigation by Hedging
Summary
References


22 Environmental Risk
22.1 Definition of Environmental Risk
22.2 Scope of Environmental Risk
22.3 Benefits of Environmental Risk Management
22.4 Implementation of Environmental
Risk Management
22.5 Energy Sources
22.5.1 Renewable Energy
22.6 Use of Resources
22.7 Pollution
22.8 Global Warming
22.9 Response to Global Warming
22.9.1 Earth Summit
22.9.2 The Kyoto Protocol
22.9.3 Pollution Control Targets
22.9.4 Sufficiency of Emission Cuts
22.9.5 US Climate Pact
22.9.6 The Copenhagen Accord
22.9.7 European Union
22.9.8 Canc´un Agreements
22.9.9 Domestic Government Response to Climate Change
22.9.10 Levy
22.9.11 Emissions Trading
22.9.12 Impact on Business

xix

397
398

398
399
399
400
400
401
401
403
403
404
405
405
405
406
406
406
407
407
412
412
413
413
415
415
415
416
417
419
420
420

422
422
422
422
423
423
424
425
425
426
427
428
428


xx

Contents

22.10 Stimulation to Environmental Considerations
22.10.1 FTSE4Good Index
22.10.2 Carbon Trust
22.10.3 Public Pressure
22.11 Environmental Sustainability
22.12 Summary
22.13 References

429
429
429

430
431
432
433

23 Legal Risk
23.1 Definition of Legal Risk
23.2 Scope of Legal Risk
23.3 Benefits of Legal Risk Management
23.4 Implementation of Legal Risk Management
23.5 Business Law
23.6 Companies
23.6.1 The Company Name
23.6.2 The Memorandum of Association
23.6.3 Articles of Association
23.6.4 Financing the Company
23.6.5 The Issue of Shares and Debentures
23.6.6 The Official Listing of Securities
23.6.7 The Remedy of Rescission
23.6.8 Protection of Minority Interests
23.6.9 Duties of Directors
23.7 Intellectual Property
23.7.1 Patents
23.7.2 Copyright
23.7.3 Designs
23.8 Employment Law
23.9 Contracts
23.9.1 Essentials of a Valid Contract
23.9.2 Types of Contract
23.10 Criminal Liability in Business

23.10.1 Misdescriptions of Goods and Services
23.10.2 Misleading Price Indications
23.10.3 Product Safety
23.11 Computer Misuse
23.11.1 Unauthorised Access to Computer Material
23.11.2 Unauthorised Access with Intent to Commit or Facilitate
Further Offences
23.11.3 Unauthorised Modification of Computer Material
23.12 Summary

435
435
435
436
436
437
438
438
438
439
439
440
440
440
440
441
441
441
445
446

447
447
447
447
448
448
449
450
451
451

24 Political Risk
24.1 Definition of Political Risk
24.2 Scope of Political Risk
24.2.1 Macropolitical Risks
24.2.2 Micropolitical Risks

453
454
454
454
455

451
451
452


Contents


24.3
24.4
24.5
24.6
24.7
24.8
24.9
24.10
24.11

Benefits of Political Risk Management
Implementation of Political Risk Management
Zonis and Wilkin Political Risk Framework
Contracts
Transition Economies of Europe
UK Government Fiscal Policy
Pressure Groups
Terrorism and Blackmail
Responding to Political Risk
24.11.1 Assessing Political Risk Factors
24.11.2 Prioritising Political Risk Factors
24.11.3 Improving Relative Bargaining Power
24.12 Summary
24.13 References

25 Market Risk
25.1 Definition of Market Risk
25.2 Scope of Market Risk
25.2.1 Levels of Uncertainty in the Marketing Environment
25.3 Benefits of Market Risk Management

25.4 Implementation of Market Risk Management
25.5 Market Structure
25.5.1 The Number of Firms in an Industry
25.5.2 Barriers to Entry
25.5.3 Product Homogeneity, Product Diversity and Branding
25.5.4 Knowledge
25.5.5 Interrelationships within Markets
25.6 Product Life Cycle Stage
25.6.1 Sales Growth
25.7 Alternative Strategic Directions
25.7.1 Market Penetration
25.7.2 Product Development
25.7.3 Market Development
25.7.4 Diversification
25.8 Acquisition
25.9 Competition
25.9.1 Price Stability
25.9.2 Non-Price Competition
25.9.3 Branding
25.9.4 Market Strategies
25.10 Price Elasticity/Sensitivity
25.10.1 Elasticity
25.10.2 Price Elasticity
25.11 Distribution Strength
25.12 Market Risk Measurement: Value at Risk
25.12.1 Definition of Value at Risk
25.12.2 Value at Risk
25.12.3 VaR Model Assumptions

xxi


455
455
457
459
459
460
461
461
462
463
464
464
464
465
467
467
468
469
470
470
470
471
471
473
473
474
475
476
476

477
477
479
481
482
483
483
484
485
486
489
489
489
490
490
490
490
491


xxii

Contents

25.12.4 Use of VaR to Limit Risk
25.12.5 Calculating Value at Risk
25.13 Risk Response Planning
25.14 Summary
25.15 References


493
494
496
496
497

26 Social Risk
26.1 Definition of Social Risk
26.2 Scope of Social Risk
26.3 Benefits of Social Risk Management
26.4 Implementation of Social Risk Management
26.5 Education
26.6 Population Movements: Demographic Changes
26.6.1 The Changing Market
26.7 Socio-Cultural Patterns and Trends
26.8 Crime
26.8.1 Key Facts
26.9 Lifestyles and Social Attitudes
26.9.1 More Home Improvements
26.9.2 Motherhood, Marriage and Family Formation
26.9.3 Health
26.9.4 Less Healthy Diets
26.9.5 Smoking and Drinking
26.9.6 Long Working Hours
26.9.7 Stress Levels
26.9.8 Recreation and Tourism
26.10 Summary
26.11 References

499

499
500
500
501
501
502
503
504
504
504
505
505
505
506
507
508
509
509
510
510
511

PART V THE APPOINTMENT

513

27 Introduction
27.1 Change Process From the Client Perspective
27.1.1 Planning
27.1.2 Timely Information

27.1.3 Risk Management Resources
27.2 Selection of Consultants
27.2.1 Objectives
27.2.2 The Brief
27.2.3 Describing Activity Interfaces
27.2.4 Appointment Process Management
27.2.5 The Long-Listing Process
27.2.6 Short-List Selection Criteria
27.2.7 Request for a Short-Listing Interview
27.2.8 Compilation of Short List
27.2.9 Prepare an Exclusion Notification

515
515
515
516
516
517
517
517
517
518
518
519
519
519
520


Contents


27.2.10 Prepare Tender Documents
27.2.11 Agreement to be Issued with the Tender Invitation
27.2.12 Tender Process
27.2.13 Award
27.2.14 Notification to Unsuccessful Tenderers
27.3 Summary
27.4 Reference

xxiii

520
521
521
521
522
522
522

28 Interview with the Client
28.1 First Impressions/Contact
28.2 Client Focus
28.3 Unique Selling Point
28.4 Past Experiences
28.5 Client Interview
28.5.1 Scene/Overview
28.5.2 Situation/Context
28.5.3 Scheme/Plan of Action
28.5.4 Solution Implementation
28.5.5 Success, Measurement of

28.5.6 Secure/Continue
28.5.7 Stop/Close
28.6 Assignment Methodology
28.7 Change Management
28.8 Sustainable Change
28.9 Summary
28.10 References

523
523
524
524
526
527
527
527
527
528
528
528
528
528
529
529
530
531

29 Proposal
29.1 Introduction
29.2 Proposal Preparation

29.2.1 Planning
29.2.2 Preliminary Review
29.3 Proposal Writing
29.3.1 Task Management
29.3.2 Copying Text
29.3.3 Master Copy
29.3.4 Peer Review
29.4 Approach
29.5 Proposal
29.5.1 Identify the Parties – the Who
29.5.2 Identify the Location – the Where
29.5.3 Understand the Project Background – the What
29.5.4 Define the Scope – the Which
29.5.5 Clarify the Objectives – the Why
29.5.6 Determine the Approach – the How
29.5.7 Determine the Timing – the When
29.6 Client Responsibilities

533
533
533
533
534
534
534
534
534
534
535
535

535
537
537
537
537
538
538
538


xxiv

Contents

29.7 Remuneration
29.8 Summary
29.9 References

539
539
539

30 Implementation
30.1 Written Statement of Project Implementation
30.2 Management
30.2.1 Objectives
30.2.2 Planning the Project
30.2.3 Consultant Team Composition
30.2.4 Interface with Stakeholders
30.2.5 Data Gathering

30.2.6 Budget
30.2.7 Assessment of Risk
30.2.8 Deliverables
30.2.9 Presentation of the Findings
30.2.10 Key Factors for Successful Implementation
30.3 Customer Delight
30.4 Summary
30.5 References

541
541
541
541
542
543
543
543
544
544
544
545
545
548
548
548

Appendix 1: Successful IT: Modernising Government in Action

549


Appendix 2: Sources of Risk

553

Appendix 3: DEFRA Risk Management Strategy

557

Appendix 4: Risk: Improving Government’s Capability to Handle
Risk and Uncertainty

561

Appendix 5: Financial Ratios

567

Appendix 6: Risk Maturity Models

573

Appendix 7: SWOT Analysis

579

Appendix 8: PEST Analysis

583

Appendix 9: VRIO Analysis


587

Appendix 10: Value Chain Analysis

589

Appendix 11: Resource Audit

591

Appendix 12: Change Management

595


Contents

xxv

Appendix 13: Industry Breakpoints

599

Appendix 14: Probability

601

Appendix 15: Value at Risk


611

Appendix 16: Optimism Bias

613

Index

621


List of Figures
Figure 1.1
Figure 1.2
Figure 4.1
Figure 4.2
Figure 4.3
Figure 4.4
Figure 4.5
Figure 5.1
Figure 6.1
Figure 6.2
Figure 7.1
Figure 7.2
Figure P2.1
Figure P2.2
Figure 8.1
Figure 8.2
Figure 8.3
Figure 9.1

Figure 9.2
Figure 9.3
Figure 9.4
Figure 9.5
Figure 9.6
Figure 10.1
Figure 10.2
Figure 10.3
Figure 10.4
Figure 10.5
Figure 10.6

The role of the board and the integration of risk management
ERM structure
Relationship between the parties engaged in the subprime housing
market
Increased foreclosures from mortgages resetting
Negative equity triggers mortgage defaults
Housing surplus leads to fall in construction and job losses
Overlapping vicious circles
Risk management survey questions and their responses
Composition of the Combined Code 2003 and its relationship to the
Turnbull guidance
Internal control and risk management in context
Parties responsible for risk management in government
Decision making within the management hierarchy of an organisation
Stages in the risk management process
IDEFO process design notation: process elements are described by
IDEFO using inputs, outputs, controls and mechanisms
Structure of Chapter 8

The “establish the context” process illustrating the inputs, outputs,
constraints and mechanisms
Structure of Section 8.8
Structure of Chapter 9
Risk identification process
Structure of questionnaire
Definition of categories of risk
Software development risk taxonomy
Techniques for identifying business risk
Structure of Chapter 10
Risk analysis process
Cause and effect
Main causes of effect
Main, level 1 and level 2 causes
Cause and effect diagram for a petrochemical company

9
13
62
63
66
67
69
92
99
106
110
122
138
139

142
143
150
160
161
163
164
165
173
186
187
190
191
191
192