[下载]企业风险管理的简单工具与技术（英文版）Robert J. Chapman著

Simple Tools and Techniques for Enterprise Risk Management
Publisher: Wiley | 2006-06-05 | ISBN: 0470014660 | Pages: 494 | PDF | 2.2 MB

PART I ENTERPRISE RISK MANAGEMENT IN CONTEXT 1
1 Introduction 3
1.1 Approach to risk management 4
1.2 Business growth through risk taking 4
1.3 Risk and opportunity 5
1.4 The role of the board 5
1.5 Primary business objective (or goal) 8
1.6 What is enterprise risk management (ERM) 8
1.7 Benefits of ERM 9
1.8 Framework 10
1.8.1 Corporate governance 10
1.8.2 Internal control 11
1.8.3 Implementation 11
1.8.4 Risk management process 11
1.8.5 Sources of risk 11
1.9 Summary 11
1.10 References 12
2 Developments in Corporate Governance in the UK 13
2.1 Investor unrest 13
2.2 The problem of agency 14
2.3 Cadbury Committee 15
2.4 The Greenbury Study 16
2.5 The Hampel Committee and the Combined Code of 1998 16

2.6 Smith guidance on audit committees 17
2.7 Higgs 17
2.8 Tyson 18
2.9 Combined Code on Corporate Governance 2003 18
2.10 The “comply or explain” regime 19
2.11 Definition of corporate governance 19
2.12 Formation of companies 20
2.13 The Financial Services and Markets Act 2000 21
2.14 The London Stock Exchange 21
2.15 Summary 22
2.16 References 23
3 Developments in Corporate Governance in the US and Canada 25
3.1 Sarbanes-Oxley Act 2002 25
3.1.1 Enron 25
3.1.2 WorldCom 26
3.1.3 Provisions of the Act 26
3.1.4 Implementation 28
3.1.5 Sarbanes-Oxley, Section 404 28
3.2 Canada 29
3.2.1 Dey Report 29
3.2.2 Dey revisited 30
3.2.3 Saucier Committee 31
3.3 Summary 31
3.4 References 31
4 Internal Control and Risk Management 33
4.1 The composition of internal control 33
4.2 Risk as a subset of internal control 34
4.2.1 The application of risk management 34
4.3 Allocation of responsibility 38
4.3.1 Cadbury Committee 38
4.3.2 Hampel Committee 38
4.3.3 Turnbull 39
4.3.4 Higgs Review 40
4.3.5 Smith Review 40
4.3.6 OECD 41
4.4 The context of internal control and risk management 41
4.5 Internal control and risk management 43
4.6 Embedding internal control and risk management 43
4.7 Summary 43
4.8 References 44
5 Developments in Risk Management in the Public Sector 45
5.1 Responsibility for risk management in government 45
5.1.1 Cabinet Office 46
5.1.2 Treasury 47

5.1.3 Office of Government Commerce 47
5.1.4 National Audit Office 47
5.2 Risk management publications 48
5.3 Successful IT 49
5.4 Supporting innovation 50
5.4.1 Part 1: Why risk management is important 51
5.4.2 Part 2:Howwell risk management is understood and implemented
by government departments 51
5.4.3 Part 3: What more needs to be done to improve risk management 51
5.5 The Orange Book 51
5.5.1 Identify the risks and define a framework 52
5.5.2 Assign ownership 52
5.5.3 Evaluate 52
5.5.4 Assess risk appetite 53
5.5.5 Response to risk 53
5.5.6 Gain assurance 53
5.5.7 Embed and review 53
5.6 Audit Commission 54
5.7 CIPFA/SOLACE Corporate Governance 55
5.8 M oR 57
5.9 DEFRA 58
5.9.1 Risk management strategy 59
5.10 Strategy Unit Report 59
5.11 Risk and value management 60
5.12 The Green Book 61
5.12.1 Optimism bias 62
5.12.2 Annex 4 62
5.13 CIPFA internal control 63
5.14 Managing risks to improve public services 65
5.15 The Orange Book (revised) 65
5.16 Summary 69
5.17 References 69
PART II THE APPOINTMENT 71
6 Introduction 73
6.1 Change process from the client perspective 73
6.1.1 Planning 73
6.1.2 Timely information 74
6.1.3 Risk management resource 74
6.2 Selection of consultants 75
6.2.1 Objectives 75
6.2.2 The brief 75
6.2.3 Describing activity interfaces 75
6.2.4 Appointment process management 76
6.2.5 The long listing process 76
6.2.6 Short list selection criteria 77

6.2.7 Request for a short listing interview 77
6.2.8 Compilation of short list 77
6.2.9 Prepare an exclusion notification 78
6.2.10 Prepare tender documents 78
6.2.11 Agreement to be issued with the tender invitation 79
6.2.12 Tender process 79
6.2.13 Award 79
6.2.14 Notification to unsuccessful tenderers 80
6.3 Summary 80
6.4 Reference 80
7 Interview with the Client 81
7.1 First impressions/contact 81
7.2 Client focus 82
7.3 Unique selling point 82
7.4 Past experiences 84
7.5 Client interview 85
7.5.1 Sponsor 85
7.5.2 Situation 85
7.5.3 Scheme/plan of action 85
7.5.4 Solution implementation 86
7.5.5 Success, measurement of 86
7.5.6 Secure/continue 86
7.5.7 Stop/close 86
7.6 Assignment methodology 86
7.7 Change management 87
7.8 Sustainable change 87
7.9 Summary 88
7.10 References 89
8 Proposal 91
8.1 Introduction 91
8.2 Proposal preparation 91
8.2.1 Planning 91
8.2.2 Preliminary review 92
8.3 Proposal writing 92
8.3.1 Task management 92
8.3.2 Copying text 92
8.3.3 Master copy 92
8.3.4 Peer review 93
8.4 Approach 93
8.5 Proposal 93
8.5.1 Identify the parties, the who 93
8.5.2 Identify the location, the where 95
8.5.3 Understand the project background, the what 95
8.5.4 Define the scope, the which 95
8.5.5 Clarify the objectives, the why 96

8.5.6 Determine the approach, the how 96
8.5.7 Determine the timing, the when 96
8.6 Client responsibilities 97
8.7 Remuneration 97
8.8 Summary 97
8.9 Reference 97
9 Implementation 99
9.1 Written statement of project implementation 99
9.2 Management 99
9.2.1 Objectives 99
9.2.2 Planning the project 100
9.2.3 Consultant team composition 101
9.2.4 Interface with stakeholders 101
9.2.5 Data gathering 101
9.2.6 Budget 102
9.2.7 Assessment of risk 102
9.2.8 Deliverables 102
9.2.9 Presentation of the findings 103
9.2.10 Key factors for successful implementation 103
9.3 Customer delight 104
9.4 Summary 106
9.5 References 106
PART III THE RISK MANAGEMENT PROCESS 107
10 Analysing the Business: Stage 1 109
10.1 Process 109
10.2 Process goal and subgoals 110
10.3 Process definition 111
10.4 Process inputs 111
10.5 Process outputs 113
10.6 Process controls (constraints) 113
10.7 Process mechanisms (enablers) 113
10.7.1 Ratios 114
10.7.2 Risk management process diagnostic 114
10.7.3 SWOT analysis 116
10.7.4 PEST analysis 116
10.8 Process activities 116
10.8.1 Business objectives 117
10.8.2 Business plan 118
10.8.3 Examining the industry 118
10.8.4 Establishing the processes 119
10.8.5 Projected financial statements 120
10.8.6 Resources 122
10.8.7 Change management 123

10.8.8 Marketing plan 123
10.8.9 Compliance systems 124
10.9 Summary 124
10.10 References 124
11 Risk Identification: Stage 2 125
11.1 Process 125
11.2 Process goal and subgoals 125
11.3 Process definition 126
11.4 Process inputs 127
11.5 Process outputs 128
11.6 Process controls (constraints) 128
11.7 Process mechanisms (enablers) 128
11.7.1 Risk checklist 128
11.7.2 Risk prompt list 129
11.7.3 Gap analysis 129
11.7.4 Risk taxonomy 130
11.7.5 PEST prompt 131
11.7.6 SWOT prompt 133
11.7.7 Database 133
11.7.8 Business risk breakdown structure 134
11.7.9 Risk questionnaire 135
11.7.10 Risk register content/structure 135
11.8 Process activities 135
11.8.1 Clarifying the business objectives 135
11.8.2 Reviewing the business analysis 136
11.8.3 Risk and opportunity identification 137
11.8.4 Gaining a consensus on the risks, the opportunities and their
interdependencies 143
11.8.5 Risk register 143
11.9 Summary 144
11.10 References 144
12 Risk Assessment: Stage 3 147
12.1 Process 147
12.2 Process goals and Subgoals 147
12.3 Process definition 148
12.4 Process inputs 148
12.5 Process outputs 150
12.6 Process controls (constraints) 150
12.7 Process mechanisms (enablers) 150
12.7.1 Probability 150
12.8 Process activities 152
12.8.1 Causal analysis 152
12.8.2 Decision analysis 154
12.8.3 Pareto analysis 155

12.8.4 CAPM analysis 156
12.8.5 Define risk evaluation categories and values 157
12.9 Summary 157
12.10 References 157
13 Risk Evaluation: Stage 4 159
13.1 Process 159
13.2 Process goals and subgoals 159
13.3 Process definition 160
13.4 Process inputs 160
13.5 Process outputs 160
13.6 Process controls (constraints) 161
13.7 Process mechanisms (enablers) 161
13.7.1 Probability trees 162
13.7.2 Expected monetary value 163
13.7.3 Utility theory and functions 165
13.7.4 Decision trees 167
13.7.5 Markov chain 170
13.7.6 Investment appraisal 171
13.8 Process activities 175
13.8.1 Basic concepts of probability 175
13.8.2 Sensitivity analysis 176
13.8.3 Scenario analysis 177
13.8.4 Simulation 177
13.8.5 Monte Carlo simulation 178
13.8.6 Latin Hypercube 179
13.8.7 Probability distributions 180
13.9 Summary 180
13.10 References 181
14 Risk Planning: Stage 5 183
14.1 Process 183
14.2 Process goals and subgoals 183
14.3 Process definition 184
14.4 Process inputs 184
14.5 Process outputs 184
14.6 Process controls (constraints) 185
14.7 Process mechanisms 185
14.8 Process activities 185
14.9 Risk appetite 186
14.10 Risk response strategies 188
14.10.1 Risk reduction 188
14.10.2 Risk removal 188
14.10.3 Risk transfer or reassign 189
14.10.4 Risk retention 190
14.11 Summary 190
14.12 References 191

15 Risk Management: Stage 6 193
15.1 Process 193
15.2 Process goals and subgoals 193
15.3 Process definition 194
15.4 Process inputs 194
15.5 Process outputs 194
15.6 Process controls (constraints) 195
15.7 Process mechanisms 196
15.8 Process activities 196
15.8.1 Executing 196
15.8.2 Monitoring 196
15.8.3 Controlling 197
15.9 Summary 199
15.10 Reference 199
PART IV INTERNAL INFLUENCES – MICRO FACTORS 201
16 Financial Risk Management 203
17 Operational Risk Management 221
18 Technological Risk 263
PART V EXTERNAL INFLUENCES – MACRO FACTORS 285
19 Economic Risk 287
20 Environmental Risk 307
21 Legal Risk 323
22 Political Risk
23 Market Risk 355
24 Social Risk 381