Implementing Enterprise Risk Management. Lam James
>
James Lam
Implementing Enterprise Risk Management
Founded in 1807, John Wiley & Sons is the oldest independent publishing company in the United States. With offices in North America, Europe, Australia and Asia, Wiley is globally committed to developing and marketing print and electronic products and services for our customers’ professional and personal knowledge and understanding.
The Wiley Finance series contains books written specifically for finance and investment professionals as well as sophisticated individual investors and their financial advisors. Book topics range from portfolio management to e-commerce, risk management, financial engineering, valuation and financial instrument analysis, as well as much more.
For a list of available titles, visit ourWeb site at www.WileyFinance.com.
Implementing Enterprise Risk Management
From Methods to Applications
JAMES LAM
Copyright © 2017 by James Lam. All rights reserved.
Published by John Wiley & Sons, Inc., Hoboken, New Jersey.
Published simultaneously in Canada.
No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning, or otherwise, except as permitted under Section 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, Inc., 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600, or on the Web at www.copyright.com. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online at http://www.wiley.com/go/permissions.
Limit of Liability/Disclaimer of Warranty: While the publisher and author have used their best efforts in preparing this book, they make no representations or warranties with respect to the accuracy or completeness of the contents of this book and specifically disclaim any implied warranties of merchantability or fitness for a particular purpose. No warranty may be created or extended by sales representatives or written sales materials. The advice and strategies contained herein may not be suitable for your situation. You should consult with a professional where appropriate. Neither the publisher nor author shall be liable for any loss of profit or any other commercial damages, including but not limited to special, incidental, consequential, or other damages.
For general information on our other products and services or for technical support, please contact our Customer Care Department within the United States at (800) 762-2974, outside the United States at (317) 572-3993 or fax (317) 572-4002.
Wiley publishes in a variety of print and electronic formats and by print-on-demand. Some material included with standard print versions of this book may not be included in e-books or in print-on-demand. If this book refers to media such as a CD or DVD that is not included in the version you purchased, you may download this material at http://booksupport.wiley.com. For more information about Wiley products, visit www.wiley.com.
Library of Congress Cataloging-in-Publication Data is Available:
ISBN 9780471745198 (Hardcover)
ISBN 9781118221563 (ePDF)
ISBN 9781118235362 (ePub)
Cover Image: © canadastock/Shutterstock
Cover Design: Wiley
Preface
Confucius said: “I hear and I forget. I see and I remember. I do and I understand.”
Indeed, the value of knowledge is not in its acquisition but in its application. I am grateful that I have had opportunities to apply risk management in a wide range of roles throughout my 30-year career in risk management. As a consultant, I've worked with clients with different requirements based on their size, complexity, and industry. As a risk manager, I've implemented enterprise risk management (ERM) programs while overcoming data, technical, and cultural challenges. As a founder of a technology start-up, I've worked with customers to leverage advanced analytics to improve their risk quantification and reporting. In the past four years, as a board member and risk committee chair, I've worked with my board colleagues to provide independent risk oversight while respecting the operating role of management.
These experiences have taught me that knowledge of ERM best practices is insufficient. Value can be created only if these practices are integrated into the decision-making processes of an organization. The purpose of this book is to help my fellow risk practitioners to bridge the gap between knowledge and practical applications.
In my first book, Enterprise Risk Management – From Incentives to Controls (Wiley, 1st edition 2003, 2nd edition 2014), the focus was on the what questions related to ERM:
• What is enterprise risk management?
• What are the key components of an ERM framework?
• What are best practices and useful case studies?
• What are the functional requirements for credit, market, and operational risks?
• What are the industry requirements for financial institutions, energy firms, and non-financial corporations?
In this companion book, the focus is on the how questions:
• How to implement an ERM program?
• How to overcome common implementation issues and cultural barriers?
• How to leverage ERM in all three lines of defense: business and operational units, risk and compliance, and the board and internal audit?
• How to develop and implement specific ERM processes and tools?
• How to enhance business decisions and create value with ERM?
The publication of my first ERM book was one of the most gratifying professional experiences of my career. The book has been translated into Chinese, Japanese, Korean, and Indonesian. It has been adopted by leading professional associations and university programs around the world. On Amazon.com, it has ranked #1 best-selling among 25,000 risk management titles. In a 2007 survey of ERM practitioners in the United States and Canada conducted by the Conference Board of Canada, the book was ranked among the top-10 in ERM books and research papers. In addition, the book has brought me countless consulting and speaking opportunities internationally.
In my travels, risk professionals most often request practical approaches and case studies, as well as best-practice templates and examples that can assist them in their ERM programs. Based on this feedback, I have structured this book to focus on effective implementation of ERM.
OVERVIEW OF THE BOOK
This book is organized into seven parts. Part One provides the overall context for the current state and future vision of ERM:
• Chapter 1 introduces the notion that risk is a bell curve. It also lays out the fundamental concepts and definitions for enterprise risk management. We also discuss the business case for, and current state of, the practice of ERM.
• Chapter 2 reviews the key trends and developments in ERM since the 2008 financial crisis, including lessons learned and major changes since that time.
• In Chapter 3, a new performance-based continuous model for