Evaluating the merits and risks đánh giá rủi ro năm 2024

Publisher’s note Every possible effort has been made to ensure that the information contained in this book is accurate at the time of going to press, and the publishers and authors cannot accept responsibility for any errors or omissions, however caused. No responsibility for loss or damage occasioned to any person acting, or refraining from action, as a result of the material in this publication can be accepted by the editor, the publisher or any of the authors.

First published in Great Britain and the United States in 2010 by Kogan Page Limited Fifth edition 2018

Apart from any fair dealing for the purposes of research or private study, or criticism or review, as permitted under the Copyright, Designs and Patents Act 1988, this publication may only be reproduced, stored or transmitted, in any form or by any means, with the prior permission in writing of the publishers, or in the case of reprographic reproduction in accordance with the terms and licences issued by the CLA. Enquiries concerning reproduction outside these terms should be sent to the publishers at the undermentioned addresses:

2nd Floor, 45 Gee Street London EC1V 3RS United Kingdom

c/o Martin P Hill Consulting 122 W 27th St, 10th Floor New York, NY 10001

CONTENTS

Cover Title Page Copyright Contents List of figures List of tables Foreword Acknowledgements

Introduction

Risk management in context Nature of risk Risk management Risk management terminology Benefits of risk management Features of risk management Book structure Risk management in practice Future for risk management Changes for the fifth edition

PART ONE Introduction to risk management

Learning outcomes for Part One Part One further reading Part One case studies

Rank Group: How we manage risk ABIL: Risk management overview BIS: Approach to risk

01 Approaches to defining risk

Definitions of risk Types of risks Risk description Inherent level of risk Risk classification systems Risk likelihood and magnitude

02 Impact of risk on organizations

Level of risk Impact of hazard risks Attachment of risks Risk and reward Attitudes to risk Risk and triggers

03 Types of risks

Timescale of risk impact Four types of risk Embrace opportunity risks Manage uncertainty risks Mitigate hazard risks Minimize compliance risks

04 Scope of risk management

Revised ISO 31000 (2018) Updating of RM terminology

07 Establishing the context

Scope of the context External context Internal context Risk management context Designing a risk register Using a risk register

08 Enterprise risk management

Enterprise-wide approach Definitions of ERM ERM in practice ERM and business continuity ERM in energy and finance Integrating strategy and performance

09 Alternative approaches

Changing face of risk management Managing emerging risks Increasing importance of resilience Different approaches Structure of management standards Future of risk management

PART THREE Risk assessment

Learning outcomes for Part Three

Part Three further reading Part Three case studies

AA: Risk governance British Land: Our assessment of risk is a cornerstone Guide Dogs NSW/ACT: List of major residual risks

10 Risk assessment considerations

Importance of risk assessment Approaches to risk assessment Risk assessment techniques Nature of the risk matrix Risk perception Attitude to risk

11 Risk classification systems

Short-, medium- and long-term risks Nature of risk classification systems Examples of risk classification systems FIRM risk scorecard PESTLE risk classification system Compliance, hazard, control and opportunity

12 Risk analysis and evaluation

Application of a risk matrix Inherent and current level of risk Control confidence 4Ts of hazard risk response Risk significance Risk capacity

Tolerate risk Treat risk Transfer risk Terminate risk Strategic risk response

16 Risk control techniques

Types of controls Hazard risk zones Preventive controls Corrective controls Directive controls Detective controls

17 Insurance and risk transfer

Importance of insurance History of insurance Types of insurance cover Evaluation of insurance needs Purchase of insurance Captive insurance companies

18 Business continuity

Business continuity management Business continuity standards Successful business continuity Business impact analysis (BIA) Business continuity and ERM Civil emergencies

PART FIVE Risk strategy

Learning outcomes for Part Five Part Five further reading Part Five case studies

AMEC Foster Wheeler: Principal risks and uncertainties BBC: Internal controls assurance Emperor Watch & Jewellery: Risk management

19 Core business processes

Dynamic business models Types of business processes Strategy and tactics Effective and efficient operations Ensuring compliance Reporting performance

20 Reputation and the business model

Components of the business model Risk management and the business model Reputation and corporate governance CSR and risk management Supply chain and ethical trading Importance of reputation

21 Risk management context

Architecture, strategy and protocols Risk architecture

24 Risk-aware culture

Styles of risk management Steps to successful risk management Defining risk culture Measuring risk culture Alignment of activities Risk maturity models

25 Importance of risk appetite

Nature of risk appetite Risk appetite and the risk matrix Risk and uncertainty Risk exposure and risk capacity Risk appetite statements Risk appetite and lifestyle decisions

26 Risk training and communication

Consistent response to risk Risk training and risk culture Risk information and communication Shared risk vocabulary Risk information on an intranet Risk management information systems (RMIS)

27 Risk practitioner competencies

Competency frameworks Range of skills Communication skills Relationship skills

Analytical skills Management skills

PART SEVEN Risk governance

Learning outcomes for Part Seven Part Seven further reading Part Seven case studies

Severn Trent Water: Our approach to risk Tim Hortons: Sustainability and responsibility DCMS: Capacity to handle risk

28 Corporate governance model

Corporate governance OECD principles of corporate governance LSE corporate governance framework Corporate governance for a bank Corporate governance for a government agency Evaluation of board performance

29 Stakeholder expectations

Range of stakeholders Stakeholder dialogue Stakeholders and core processes Stakeholders and strategy Stakeholders and tactics Stakeholders and operations

30 Operational risk management

Operational risk

Sainsbury’s and Tesco: Principal risks and uncertainties

33 The control environment

Nature of internal control Purpose of internal control Control environment Features of the control environment CoCo framework of internal control Good safety culture

34 Risk assurance techniques

Audit committees Role of risk management Risk assurance Risk management outputs Control risk self-assessment Benefits of risk assurance

35 Internal audit activities

Scope of internal audit Role of internal audit Undertaking an internal audit Risk management and internal audit Management responsibilities Five lines of assurance

36 Reporting on risk management

Risk reporting

Sarbanes–Oxley Act of 2002 Risk reports by US companies Charities’ risk reporting Public-sector risk reporting Government report on national security

Appendix A: Abbreviations and acronyms Appendix B: Glossary of terms Appendix C: Implementation guide Index Backcover