Evaluating the merits and risks đánh giá rủi ro năm 2024
Publisher’s note Every possible effort has been made to ensure that the information contained in this book is accurate at the time of going to press, and the publishers and authors cannot accept responsibility for any errors or omissions, however caused. No responsibility for loss or damage occasioned to any person acting, or refraining from action, as a result of the material in this publication can be accepted by the editor, the publisher or any of the authors. First published in Great Britain and the United States in 2010 by Kogan Page Limited Fifth edition 2018 Apart from any fair dealing for the purposes of research or private study, or criticism or review, as permitted under the Copyright, Designs and Patents Act 1988, this publication may only be reproduced, stored or transmitted, in any form or by any means, with the prior permission in writing of the publishers, or in the case of reprographic reproduction in accordance with the terms and licences issued by the CLA. Enquiries concerning reproduction outside these terms should be sent to the publishers at the undermentioned addresses: 2nd Floor, 45 Gee Street London EC1V 3RS United Kingdom c/o Martin P Hill Consulting 122 W 27th St, 10th Floor New York, NY 10001 CONTENTSCover Title Page Copyright Contents List of figures List of tables Foreword Acknowledgements Introduction Risk management in context Nature of risk Risk management Risk management terminology Benefits of risk management Features of risk management Book structure Risk management in practice Future for risk management Changes for the fifth edition PART ONE Introduction to risk management Learning outcomes for Part One Part One further reading Part One case studies Rank Group: How we manage risk ABIL: Risk management overview BIS: Approach to risk 01 Approaches to defining risk Definitions of risk Types of risks Risk description Inherent level of risk Risk classification systems Risk likelihood and magnitude 02 Impact of risk on organizations Level of risk Impact of hazard risks Attachment of risks Risk and reward Attitudes to risk Risk and triggers 03 Types of risks Timescale of risk impact Four types of risk Embrace opportunity risks Manage uncertainty risks Mitigate hazard risks Minimize compliance risks 04 Scope of risk management Revised ISO 31000 (2018) Updating of RM terminology 07 Establishing the context Scope of the context External context Internal context Risk management context Designing a risk register Using a risk register 08 Enterprise risk management Enterprise-wide approach Definitions of ERM ERM in practice ERM and business continuity ERM in energy and finance Integrating strategy and performance 09 Alternative approaches Changing face of risk management Managing emerging risks Increasing importance of resilience Different approaches Structure of management standards Future of risk management PART THREE Risk assessment Learning outcomes for Part Three Part Three further reading Part Three case studies AA: Risk governance British Land: Our assessment of risk is a cornerstone Guide Dogs NSW/ACT: List of major residual risks 10 Risk assessment considerations Importance of risk assessment Approaches to risk assessment Risk assessment techniques Nature of the risk matrix Risk perception Attitude to risk 11 Risk classification systems Short-, medium- and long-term risks Nature of risk classification systems Examples of risk classification systems FIRM risk scorecard PESTLE risk classification system Compliance, hazard, control and opportunity 12 Risk analysis and evaluation Application of a risk matrix Inherent and current level of risk Control confidence 4Ts of hazard risk response Risk significance Risk capacity Tolerate risk Treat risk Transfer risk Terminate risk Strategic risk response 16 Risk control techniques Types of controls Hazard risk zones Preventive controls Corrective controls Directive controls Detective controls 17 Insurance and risk transfer Importance of insurance History of insurance Types of insurance cover Evaluation of insurance needs Purchase of insurance Captive insurance companies 18 Business continuity Business continuity management Business continuity standards Successful business continuity Business impact analysis (BIA) Business continuity and ERM Civil emergencies PART FIVE Risk strategy Learning outcomes for Part Five Part Five further reading Part Five case studies AMEC Foster Wheeler: Principal risks and uncertainties BBC: Internal controls assurance Emperor Watch & Jewellery: Risk management 19 Core business processes Dynamic business models Types of business processes Strategy and tactics Effective and efficient operations Ensuring compliance Reporting performance 20 Reputation and the business model Components of the business model Risk management and the business model Reputation and corporate governance CSR and risk management Supply chain and ethical trading Importance of reputation 21 Risk management context Architecture, strategy and protocols Risk architecture 24 Risk-aware culture Styles of risk management Steps to successful risk management Defining risk culture Measuring risk culture Alignment of activities Risk maturity models 25 Importance of risk appetite Nature of risk appetite Risk appetite and the risk matrix Risk and uncertainty Risk exposure and risk capacity Risk appetite statements Risk appetite and lifestyle decisions 26 Risk training and communication Consistent response to risk Risk training and risk culture Risk information and communication Shared risk vocabulary Risk information on an intranet Risk management information systems (RMIS) 27 Risk practitioner competencies Competency frameworks Range of skills Communication skills Relationship skills Analytical skills Management skills PART SEVEN Risk governance Learning outcomes for Part Seven Part Seven further reading Part Seven case studies Severn Trent Water: Our approach to risk Tim Hortons: Sustainability and responsibility DCMS: Capacity to handle risk 28 Corporate governance model Corporate governance OECD principles of corporate governance LSE corporate governance framework Corporate governance for a bank Corporate governance for a government agency Evaluation of board performance 29 Stakeholder expectations Range of stakeholders Stakeholder dialogue Stakeholders and core processes Stakeholders and strategy Stakeholders and tactics Stakeholders and operations 30 Operational risk management Operational risk Sainsbury’s and Tesco: Principal risks and uncertainties 33 The control environment Nature of internal control Purpose of internal control Control environment Features of the control environment CoCo framework of internal control Good safety culture 34 Risk assurance techniques Audit committees Role of risk management Risk assurance Risk management outputs Control risk self-assessment Benefits of risk assurance 35 Internal audit activities Scope of internal audit Role of internal audit Undertaking an internal audit Risk management and internal audit Management responsibilities Five lines of assurance 36 Reporting on risk management Risk reporting Sarbanes–Oxley Act of 2002 Risk reports by US companies Charities’ risk reporting Public-sector risk reporting Government report on national security Appendix A: Abbreviations and acronyms Appendix B: Glossary of terms Appendix C: Implementation guide Index Backcover |