Risk assessment Books

Book SynopsisHigh-level guidance for implementing enterprise risk management in any organization A Practical Guide to Risk Management shows organizations how to implement an effective ERM solution, starting with senior management and risk and compliance professionals working together to categorize and assess risks throughout the enterprise. Detailed guidance is provided on the key risk categories, including financial, operational, reputational, and strategic areas, along with practical tips on how to handle risks that overlap across categories. Provides high-level guidance on how to implement enterprise risk management across any organization Includes discussion of the latest trends and best practices Features the role of IT in ERM and the tools that are available in both assessment and on-going compliance Discusses the key challenges that need to be overcome for a successful ERM initiative Walking readers through the creation of ERM aTable of ContentsPreface xi Chapter 1: Overview of Enterprise Risk Management 1 ERM Introduction 1 Guidance: History and Relationship 3 Organization View 5 ERM Today 7 Increased Pressure to Manage Risk 9 Additional evidence 10 Perceived Barriers to Risk Management 11 Building the Business Case for ERM: Value and Benefi ts 11 Keys to Success 13 Summary 15 Notes 16 Chapter 2: Corporate Governance and Roles and Responsibilities 17 Board Behavior 18 Corporate Culture 19 Roles and Responsibilities 20 Summary 23 Chapter 3: ERM Defined 25 Definitions and Concepts 28 Risk Categories 30 Internal Environment 31 Summary 34 note 34 Chapter 4: The ERM Process Step by Step 35 Step 1 Strategy and Objective Definition 36 Step 2 Event Identification 38 Step 3 Risk Assessment 40 Step 4 Risk Response 41 Step 5 Communication 45 Step 6 Monitoring 46 Oversight 47 Summary 47 Notes 48 Chapter 5: COSO Framework and Financial Controls 49 Focus on Financial Controls 49 Control Environment 52 Integrity and Ethical Values 53 Board of Directors 55 Management’s Philosophy and Operating Style 57 Organizational Structure 57 Financial Reporting Competencies 58 Authority and Responsibility 59 Human Resources 60 Summary 61 Notes 62 Appendix 5A: Excerpt from a Code of Ethics Policy 63 Our Guiding Principles and Values 64 Conflicts of Interest 64 Confidential Information; Intellectual Property 65 Appendix 5B: Whistleblower Program 67 Reports Regarding Accounting Matters 67 Investigation of Suspected Violations 68 Discipline for Violations 68 Appendix 5C: Approval Policy and Procedures 69 Policy 69 Purpose 69 Scope 69 Approvals/Documentation 70 Chapter 6: Financial Controls and Risk Assessment 74 Risk Assessment 74 Financial Reporting Objectives 75 Financial Reporting Risks 76 Fraud Risk 77 Entity-Level Controls 83 Example: Risk Assessment and Financial Controls 84 Evaluating Deficiencies 86 Summary 87 Notes 87 Appendix 6A: Entity-Level Control Assessment 88 Control Assessment Overview 88 Control Environment 90 Overall Evaluation of Control Environment 95 Risk Assessment 96 Overall Evaluation of Risk Assessment 98 Control Activities 99 Overall Evaluation of Control Activities 100 Information and Communication 101 Overall Evaluation of Information and Communication 104 Monitoring 105 Overall Evaluation of Monitoring 108 Summary Assessment 109 Overall Assessment of Internal Controls 110 Appendix 6B: Accounts Payable Preliminary Controls Assessment Questionnaire 111 Purchasing Controls Questionnaire 111 Internal Control Assessment 112 Appendix 6C: Fraud Risk Factors: AU Section 316 114 Risk Factors Relating to Misstatements Arising from Fraudulent Financial Reporting 114 Chapter 7: Ongoing Compliance Overview 120 Origin of the Sarbanes-Oxley Act 120 Generating Value from Compliance 121 Moving Beyond Initial Compliance 123 Reevaluating the Compliance Program 125 Summary 131 Chapter 8: Ongoing Compliance Challenges 132 Future State Opportunity: Compliance Optimization 133 Issues to Consider When Optimizing Compliance 136 Ongoing Compliance Plan 138 Role of Internal Audit: Balancing the Compliance and Audit Functions 143 Evolving Role of the Audit Committee 145 Summary 148 Chapter 9: Addressing Compliance and Risk Management Challenges through Automation 149 Software Can Add Value Beyond Compliance 151 Monitoring Software 152 Utilization of Continuous Monitoring: Control Testing and Control Automation 153 Benefits of Continuous Monitoring 154 Continuous Monitoring Tool Considerations 155 Continuous Monitoring Process 155 Risk Management Software 157 Unifying Financial Statements, Close Tasks, and SOX Controls 159 Determining the Right Solution 159 Summary 161 Note 161 Chapter 10: Ongoing Compliance and IFRS 162 International Financial Reporting Standards 162 Communicating the Impact 164 Preparing for IFRS 166 Comprehensive IFRS Transition Approach 167 Key Elements of an Effective IFRS Implementation 170 Summary 172 About the Author 173 Index 175

Read more less

Book SynopsisNewsworthy disasters, such as fires and explosions in buildings housing hazardous materials, have focused attention as never before on methods of evaluating and controlling hazards. In the first coherent treatment of the subject, this title details the application of hazard and risk analysis to fire safety.Table of ContentsPreface. PART I: STRUCTURE OF THE FIRE PROBLEM. 1 The place of fire safety in the community. 2 The fire safety system. 3 Review of some major fire & explosion disasters. 4 Requirements from public and private authorities for fire safety. PART II: QUANTIFYING FIRE SAFETY. 5 Physical data. 6 Sources of statistical data. 7 Occurrence and growth of fire. 8 Life loss. 9 Property damage. 10 Performance of fire safety measures. PART III: METHODS OF MEASURING FIRE SAFETY. 11 Deterministic fire safety modeling. 12 Model Validation. 13 Point systems - a single index. 14 Logic trees. 15 Stochastic fire risk modeling. 16 Fire safety concepts tree and derivative approaches. 17 Fire safety assessment in the process industries. Index.

Read more less

Book SynopsisRisk and reliability analysis is an area of growing importance in geotechnical engineering, where many variables have to be considered. Statistics, reliability modeling and engineering judgement are employed together to develop risk and decision analyses for civil engineering systems. The resulting engineering models are used to make probabilistic predictions, which are applied to geotechnical problems. Reliability & Statistics in Geotechnical Engineering comprehensively covers the subject of risk and reliability in both practical and research terms * Includes extensive use of case studies * Presents topics not covered elsewhere--spatial variability and stochastic properties of geological materials * No comparable texts available Practicing engineers will find this an essential resource as will graduates in geotechnical engineering programmes.Table of ContentsPreface. Part I. 1 Introduction – uncertainty and risk in geotechnical engineering. 1.1 Offshore platforms. 1.2 Pit mine slopes. 1.3 Balancing risk and reliability in a geotechnical design. 1.4 Historical development of reliability methods in civil engineering. 1.5 Some terminological and philosophical issues. 1.6 The organization of this book. 1.7 A comment on notation and nomenclature. 2 Uncertainty. 2.1 Randomness, uncertainty, and the world. 2.2 Modeling uncertainties in risk and reliability analysis. 2.3 Probability. 3 Probability. 3.1 Histograms and frequency diagrams. 3.2 Summary statistics. 3.3 Probability theory. 3.4 Random variables. 3.5 Random process models. 3.6 Fitting mathematical pdf models to data. 3.7 Covariance among variables. 4 Inference. 4.1 Frequentist theory. 4.2 Bayesian theory. 4.3 Prior probabilities. 4.4 Inferences from sampling. 4.5 Regression analysis. 4.6 Hypothesis tests. 4.7 Choice among models. 5 Risk, decisions and judgment. 5.1 Risk. 5.2 Optimizing decisions. 5.3 Non-optimizing decisions. 5.4 Engineering judgment. Part II. 6 Site characterization. 6.1 Developments in site characterization. 6.2 Analytical approaches to site characterization. 6.3 Modeling site characterization activities. 6.4 Some pitfalls of intuitive data evaluation. 6.5 Organization of Part II. 7 Classification and mapping. 7.1 Mapping discrete variables. 7.2 Classification. 7.3 Discriminant analysis. 7.4 Mapping. 7.5 Carrying out a discriminant or logistic analysis. 8 Soil variability. 8.1 Soil properties. 8.2 Index tests and classification of soils. 8.3 Consolidation properties. 8.4 Permeability. 8.5 Strength properties. 8.6 Distributional properties. 8.7 Measurement error. 9 Spatial variability within homogeneous deposits. 9.1 Trends and variations about trends. 9.2 Residual variations. 9.3 Estimating autocorrelation and autocovariance. 9.4 Variograms and geostatistics. Appendix: algorithm for maximizing log-likelihood of autocovariance. 10 Random field theory. 10.1 Stationary processes. 10.2 Mathematical properties of autocovariance functions. 10.3 Multivariate (vector) random fields. 10.4 Gaussian random fields. 10.5 Functions of random fields. 11 Spatial sampling. 11.1 Concepts of sampling. 11.2 Common spatial sampling plans. 11.3 Interpolating random fields. 11.4 Sampling for autocorrelation. 12 Search theory. 12.1 Brief history of search theory. 12.2 Logic of a search process. 12.3 Single stage search. 12.4 Grid search. 12.5 Inferring target characteristics. 12.6 Optimal search. 12.7 Sequential search. Part III. 13 Reliability analysis and error propagation. 13.1 Loads, resistances and reliability. 13.2 Results for different distributions of the performance function. 13.3 Steps and approximations in reliability analysis. 13.4 Error propagation – statistical moments of the performance function. 13.5 Solution techniques for practical cases. 13.6 A simple conceptual model of practical significance. 14 First order second moment (FOSM) methods. 14.1 The James Bay dikes. 14.2 Uncertainty in geotechnical parameters. 14.3 FOSM calculations. 14.4 Extrapolations and consequences. 14.5 Conclusions from the James Bay study. 14.6 Final comments. 15 Point estimate methods. 15.1 Mathematical background. 15.2 Rosenblueth’s cases and notation. 15.3 Numerical results for simple cases. 15.4 Relation to orthogonal polynomial quadrature. 15.5 Relation with ‘Gauss points’ in the finite element method. 15.6 Limitations of orthogonal polynomial quadrature. 15.7 Accuracy, or when to use the point-estimate method. 15.8 The problem of the number of computation points. 15.9 Final comments and conclusions. 16 The Hasofer–Lind approach (FORM). 16.1 Justification for improvement – vertical cut in cohesive soil. 16.2 The Hasofer–Lind formulation. 16.3 Linear or non-linear failure criteria and uncorrelated variables. 16.4 Higher order reliability. 16.5 Correlated variables. 16.6 Non-normal variables. 17 Monte Carlo simulation methods. 17.1 Basic considerations. 17.2 Computer programming considerations. 17.3 Simulation of random processes. 17.4 Variance reduction methods. 17.5 Summary. 18 Load and resistance factor design. 18.1 Limit state design and code development. 18.2 Load and resistance factor design. 18.3 Foundation design based on LRFD. 18.4 Concluding remarks. 19 Stochastic finite elements. 19.1 Elementary finite element issues. 19.2 Correlated properties. 19.3 Explicit formulation. 19.4 Monte Carlo study of differential settlement. 19.5 Summary and conclusions. Part IV. 20 Event tree analysis. 20.1 Systems failure. 20.2 Influence diagrams. 20.3 Constructing event trees. 20.4 Branch probabilities. 20.5 Levee example revisited. 21 Expert opinion. 21.1 Expert opinion in geotechnical practice. 21.2 How do people estimate subjective probabilities? 21.3 How well do people estimate subjective probabilities? 21.4 Can people learn to be well-calibrated? 21.5 Protocol for assessing subjective probabilities. 21.6 Conducting a process to elicit quantified judgment. 21.7 Practical suggestions and techniques. 21.8 Summary. 22 System reliability assessment. 22.1 Concepts of system reliability. 22.2 Dependencies among component failures. 22.3 Event tree representations. 22.4 Fault tree representations. 22.5 Simulation approach to system reliability. 22.6 Combined approaches. 22.7 Summary. Appendix A: A primer on probability theory. A.1 Notation and axioms. A.2 Elementary results. A.3 Total probability and Bayes’ theorem. A.4 Discrete distributions. A.5 Continuous distributions. A.6 Multiple variables. A.7 Functions of random variables. References. Index.

Read more less

Book SynopsisThe first edition of this book, published in 1982, was a pioneer in the development of logical, yet simple, analytic tools for discussion of the risks which we all face. This new edition, revised, expanded, and illustrated in detail, should be of value both to professionals in the field and to those who wish to understand these vital issues.Trade ReviewThis book provides a comprehensive and up-to-date analysis of the methodology for assessing and managing risks. Based on well-developed lectures given for many years at the Harvard Center for Risk Analysis and written by both an academic and a practitioner in this rapidly evolving field, it contains clear explanations, excellent examples, and duality figures and tables...The best yet on this topic. -- S. A. Batterman * Choice *

Read more less

Book SynopsisPresents an overview of financial risk modeling, with a focus on practical applications, empirical reality, and historical perspective. Covering the mean-variance analysis and the capital asset pricing model, this title offers an account of factor models, which are the key to successful risk analysis in every economic climate.Trade Review"Thorough and well-cited, this is a comprehensive treatment of techniques for portfolio risk management. It provides a unique perspective, from the fundamentals to practical applications. There are few books that cover this material in this particular way."—Christopher L. Culp, author of Structured Finance and Insurance"The range of topics is wide and the coverage is deep. An impressive book."—Peter Christoffersen, McGill University"The conceptual framework of this book is presented in a lucid and clear manner. The treatment is mathematically rigorous where it matters, without ever becoming pedantic and without cutting corners."—Riccardo Rebonato, Royal Bank of Scotland"This book takes major steps forward in the crucially important area of portfolio risk measurement, making significant strides toward incorporating industry and country risk, as well as macroeconomic, FX, credit, transactions cost, and liquidity risks. It will be an essential reference text for academics, central bankers, and others in the financial services industry."—Francis X. Diebold, University of PennsylvaniaTable of ContentsAcknowledgments xi Introduction xiii Key Notation xix Chapter 1: Measures of Risk and Return 1 1.1 Measuring Return 1 1.2 The Key Portfolio Risk Measures 6 1.3 Risk-Return Preferences and Portfolio Optimization 12 1.4 The Capital Asset Pricing Model and Its Applications to Risk Analysis 23 1.5 The Objectives and Limitations of Portfolio Risk Analysis 31 Chapter 2: Unstructured Covariance Matrices 36 2.1 Estimating Return Covariance Matrices 36 2.2 The Error-Maximization Problem 47 2.3 Portfolio Choice as Decision Making under Uncertainty 54 Chapter 3: Industry and Country Risk 61 3.1 Industry-Country Component Models 61 3.2 Empirical Evidence on the Relative Magnitudes of Country and Industry Risks 73 3.3 Sector-Currency Models of Corporate Bond Returns 77 Chapter 4: Statistical Factor Analysis 79 4.1 Types of Factor Models 79 4.2 Approximate Factor Models 82 4.3 The Arbitrage Pricing Theory 86 4.4 Small-n Estimation Methods 88 4.5 Large-n Estimation Methods 93 4.6 Number of Factors 98 Chapter 5: The Macroeconomy and Portfolio Risk 101 5.1 Estimating Macroeconomic Factor Models 101 5.2 Event Studies of Macroeconomic Announcements 110 5.3 Macroeconomic Policy Endogeneity 112 5.4 Business Cycle Betas 115 5.5 Empirical Fit and the Relative Value of Macroeconomic Factor Models 116 Chapter 6: Security Characteristics and Pervasive Risk Factors 117 6.1 Equity and Fixed-Income Characteristics 117 6.2 Characteristic-Based Factor Models of Equities 122 6.3 The Fama-French Model and Extensions 130 6.4 The Semiparametric Approach to Characteristic-Based Factor Models 132 Chapter 7: Measuring and Hedging Foreign Exchange Risk 134 7.1 Definitions of Foreign Exchange Risk 134 7.2 Optimal Currency Hedging 142 7.3 Currency Covariances with Stock and Bond Returns 149 7.4 Macroeconomic Influences on Currency Returns 151 Chapter 8: Integrated Risk Models 155 8.1 Global and Regional Integration Trends 155 8.2 Risk Integration across Asset Classes 158 8.3 Segmented Asset Allocation and Security Selection 159 8.4 Integrated Risk Models 162 Chapter 9: Dynamic Volatilities and Correlations 167 9.1 GARCH Models 167 9.2 Stochastic Volatility Models 178 9.3 Time Aggregation 180 9.4 Downside Correlation 181 9.5 Option-Implied Volatility 184 9.6 The Volatility Term Structure at Long Horizons 187 9.7 Time-Varying Cross-Sectional Dispersion 188 Chapter 10: Portfolio Return Distributions 191 10.1 Characterizing Return Distributions 191 10.2 Estimating Return Distributions 196 10.3 Tail Risk 203 10.4 Nonlinear Dependence between Asset Returns 207 Chapter 11: Credit Risk 212 11.1 Agency Ratings and Factor Models of Spread Risk 213 11.2 Rating Transitions and Default 217 11.3 Credit Instruments 218 11.4 Conceptual Approaches to Credit Risk 220 11.5 Recovery at Default 232 11.6 Portfolio Credit Models 232 11.7 The 2007-8 Credit-Liquidity Crisis 238 Chapter 12: Transaction Costs and Liquidity Risk 241 12.1 Some Basic Terminology 241 12.2 Measuring Transactions Cost 246 12.3 Statistical Properties of Liquidity 261 12.4 Optimal Trading Strategies and Transaction Costs 266 Chapter 13: Alternative Asset Classes 271 13.1 Nonsynchronous Pricing and Smoothed Returns 271 13.2 Time-Varying Risk, Nonlinear Payoff, and Style Drift 284 13.3 Selection and Survivorship Biases 291 13.4 Collectibles: Measuring Return and Risk with Infrequent and Error-Prone Observations 295 13.5 Summary 298 Chapter 14: Performance Measurement 299 14.1 Return-Based Performance Measurement 299 14.2 Holdings-Based Performance Measurement and Attribution 303 14.3 Volatility Forecast Evaluation 309 14.4 Value-at-Risk Hit Rates 316 14.5 Forecast and Realized Return Densities 317 Chapter 15: Conclusion 319 15.1 Some Key Messages 319 15.2 Questions for Future Research 320 References 323 Index 345

Read more less

Book SynopsisIntroduces a more realistic and holistic framework called KuU - the Known, the unknown, and the Unknowable - that enables one to conceptualize the different kinds of financial risks and design effective strategies for managing them.Trade ReviewWinner of the 2012 Kulp-Wright Book Award, American Risk and Insurance Association Finalist for the 2010 Paul A. Samuelson Award, TIAA-CREF "It is a bold book, tackling both theory and practice and spanning the worlds of (among others) banking, insurance, real estate, and investment. It is also utterly engrossing... Although this book is most obviously addressed to risk managers and regulators, I think it should be read by every intellectually curious person with skin in the financial game. If the investor or trader doesn't come away with at least one or two ideas of practical importance to his financial life, he is a 'sleepreader.'"--Brenda Jubin, Reading the Markets blog "Peppered with anecdotes and prominent examples, the book never abandons the practical side of its topic. It will be helpful for readers interested in only specific subtopics that each article is a stand-alone piece. I recommend this book to a wide audience: academics and practitioners, of course, but even people who are not directly involved in the financial sector, but are interested in it, will find it definitely worth their time."--Tobias Nigbur, Financial Markets and Portfolio ManagementTable of ContentsPreface vii Chapter 1: Introduction by Francis X. Diebold, Neil A. Doherty, and Richard J. Herring 1 Chapter 2: Risk: A Decision Maker's Perspective by Sir Clive W. J. Granger 31 Chapter 3: Mild vs. Wild Randomness: Focusing on Those Risks That Matter by Benoit B. Mandelbrot and Nassim Nicholas Taleb 47 Chapter 4: The Term Structure of Risk, the Role of Known and Unknown Risks, and Nonstationary Distributions by Riccardo Colacito and Robert F. Engle 59 Chapter 5: Crisis and Noncrisis Risk in Financial Markets: A Unified Approach to Risk Management by Robert H. Litzenberger and David M. Modest 74 Chapter 6: What We Know, Don't Know, and Can't Know about Bank Risk: A View from the Trenches by Andrew Kuritzkes and Til Schuermann 103 Chapter 7: Real Estate through the Ages: The Known, the Unknown, and the Unknowable by Ashok Bardhan and Robert H. Edelstein 145 Chapter 8: Reflections on Decision-making under Uncertainty by Paul R. Kleindorfer 164 Chapter 9: O n the Role of Insurance Brokers in Resolving the Known, the Unknown, and the Unknowable by Neil A. Doherty and Alexander Muermann 194 Chapter 10: Insuring against Catastrophes by Howard Kunreuther and Mark V. Pauly 210 Chapter 11: Managing Increased Capital Markets Intensity: The Chief Financial Officer's Role in Navigating the Known, the Unknown, and the Unknowable by Charles N. Bralver and Daniel Borge 239 Chapter 12: The Role of Corporate Governance in Coping with Risk and Unknowns by Kenneth E. Scott 277 Chapter 13: Domestic Banking Problems by Charles A. E. Goodhart 286 Chapter 14: Crisis Management: The Known, The Unknown, and the Unknowable by Donald L. Kohn 296 Chapter 15: Investing in the Unknown and Unknowable by Richard J. Zeckhauser 304 List of Contributors 347 Index 359

Read more less

Book SynopsisTen lessons from history on the dos and don'ts of analyzing political riskOur baffling new multipolar world grows ever more complex, desperately calling for new ways of thinking, particularly when it comes to political risk. To Dare More Boldly provides those ways, telling the story of the rise of political risk analysis, both as a discipline aTrade Review"This is a compelling read, rich in insights and alternately courageous and outrageous."---A. W. Purdue, Times Higher Education"A consistently interesting history of political risk analysis."---Tyler Cowen, Marginal Revolution"John Hulsman is one of those alarming polymaths who appear to have read nearly everything, seem to remember most of it and then are able to put all that information to work, making it leap through a vast range of entertaining intellectual hoops to find answers to questions that matter a great deal, the key one being: What is really happening in the world and what does it mean?"---James Hansen, Aspenia"[A] discursive, interesting, insightful book."---I. William Zartman, Rest Journal"[A] discursive, interesting, insightful book"---William Zartman, The Rest

Read more less

Book SynopsisTrade Review"Winner of the Bronze Medal in Business Technology, Axiom Business Book Awards""I loved this book. . . . Trading at the Speed of Light is an amazing, detailed account of why material reality matters for virtual outcomes, and conversely, in the financial markets. Everybody with the slightest interest in modern finance should read it."---Diane Coyle, Enlightened Economist

Read more less

Book SynopsisThe aim of this work is to reduce the risks of medical treatment and enhance the safety of patients in all areas of healthcare. The first section discusses the incidence of harm to patients, while other sections examine features of the healthcare systems that are essential to safe practice.Trade Review"Recommended for all in health care because safety has always been an issue." (Eye News, 2011) "Therefore I believe that this book should be read by anyone involved in, or responsible for healthcare . . . This makes a compelling case to benefit from the safety and quality improvement approaches described in the book." (The Bulletin of the Royal College of Pathologists, 1 July 2011)Table of ContentsUnderstanding adverse events. Errors and adverse events in medicine. The development of risk management. Clinical governance. Reducing risks in obstetrics. Reducing risks in paediatrics. Risk management in anaesthesia. Risk management in surgery. Risk management in A&E medicine. Reducing risks in hospital general medicine. Risk management in clinical oncology. Risk management in psychiatry. Risk management in general practice. Communicating risk. Guidelines and pathways. The role of human factors engineering. Working time, stress and fatigue. Training and supervision. Teams, culture and managing risk. Creating and maintaining safe systems. Impementation of risk management. Clinical incident reporting. Investigation and analysis of adverse events. Caring for patients harmed by treatment. Supporting staff. Dealing with complaints. Resolving disputes. Claims management

Read more less

Book SynopsisWei Ning Zechariah Wong PhD MBCI CBCP is a principal consultant at Atkins providing business continuity management solutions to organizations across a range of sectors. He is one of the leading experts at the British Standards Institution (BSI), where he contributed to the development of the world's first business continuity standard BS 25999. He has written for several journals in the area including Continuity Journal and Disaster Recovery Journal.Dr. Jianping Shi is a highly experienced business and investment consultant with over 20 years' experience. She has worked in various sectors including financial services and management consultancies and she has a strong background in corporate strategic planning, asset management, risk management and business continuity management. She is Chief Executive of Instramax, which is an international provider of business continuity services.Trade Review"This Business Continuity Management System guide provides clear and easy to navigate guidance on how to implement the ISO 22301 management system requirements. Its chapter overviews, check lists, tables and figures are all put to great use in making this complex and vital subject easy to digest. As you delve into subjects such as 'Business Impact Analysis' information like the strengths and weaknesses analysis of 'information collection methods' really do help to make sure you get the detail right, you feel as if you gain the benefit of expert experience very quickly. This book works on a number of levels which all good system guides need to, I can delve in and out effortlessly, get in-depth guidance on areas I'm unsure of, find all the practical advice quickly or completely engross myself for a fuller understanding. When Business Continuity Management Systems are something you do alongside a role like Quality a guide like this is really invaluable. I felt guidance around documentation could have benefited from worked examples having seen how easy it is for documented plans to become unusable in real world scenarios. The section on Performance Evaluation however more than makes up for this probably being the best 27 pages on the subject you will ever read. I've previously developed business continuity plans working directly from the standard, as these plans are updated and new ones developed I can imagine this book right by my side along with my copy of ISO 22301 providing assurance and confidence that I'm approaching this incredibly important subject with all the care it deserves. If you are in charge of your organizations business continuity efforts or simply thinking about making your business more secure I would recommend this book as a valuable resource." * Darren O’Neill, Quality Advisor at CGG *Table of Contents Chapter - 00: Introduction; Chapter - 01: Fundamentals of business continuity management; Chapter - 02: Business continuity management system; Chapter - 03: Context of the organization; Chapter - 04: Leadership; Chapter - 05: Planning; Chapter - 06: Support; Chapter - 07: Operation; Chapter - 08: Performance evaluation; Chapter - 09: Improvement; Chapter - 10: Conclusion

Read more less

Book SynopsisDr Keith Blacker has worked in a variety of board and executive roles globally and is the former CFO of a large UK-based health insurance business. He has over 30 years' experience working within the financial services industry and has consulted to a range of national and international banks and insurance companies on risk management matters. He is a Fellow of the Institute of Chartered Accountants in England & Wales and a Fellow of the UK Institute of Internal Auditors. Dr Patrick McConnell has been a senior manager in, and a consultant to, large international corporations, financial institutions and governments on multiple continents for over 35 years. His expertise is in risk management and information technology. He is a Fellow of BCS, the Chartered Institute for IT. He has taught in Australia and Ireland to advanced students and in-house executives.Both authors hold doctorates in Business Administration and have published and spoken widely in industry and academic Trade Review"An expertly written book, it takes you to the heart of the risk problem - people. The best systems, the most up to date software, the most meticulous risk mitigation plan, all can be circumvented by human ingenuity. Via case studies and analytical framing the authors review, analyse and most usefully prescribe how people risk can be minimized but never eliminated. People Risk is not a HR function but a holistic framework of thinking and this book exposes you to it." * Brian Lucey, Professor of Finance, Trinity College Dublin *"I recommend this book to experienced risk managers because it tackles some very difficult areas from a broad knowledge base, builds on the work of other's research and introduces some new concepts. I would put a slight caveat to the less experienced risk practitioner because it is important to understand how people risk management should sit within a wider risk management framework. The book leaves the impression that people risk is the principal cause for all ills, however, root cause analysis consistently finds that there is usually more than one factor present for risks to materialise." * Jane Walde, Director of The Holistic Risk Practice (for RMProfessional) *"People Risk Management by McConnell and Blacker is a book that has been sorely needed for some time. For too long risk practitioners, as a whole, have underplayed the role that people risk can have in an organisation. Given that the major events of the global financial crisis of 2007-2009 were a result of people, both in senior and junior positions, making poor decisions for a variety of reasons, it is time that people risk is given much more prominence. And it's not just a matter of risk culture, as McConnell and Blacker successfully argue. More attention needs to be paid to making a more robust decision making process, especially at senior levels. For the practitioner, this book offers more than an overview of the risk and some case studies; a framework for managing people risk, and proposals for increasing the quality of people risk management from the Boardroom to the individual worker make a valuable resource. This is a book that I wish I'd written." * Frank Ashe, Macquarie University *"Among the many carefully reasoned observations in the wide field of risk management and its focus on People Risk, this book highlights the important roles of Human Resources which extend beyond its established domains of recruitment, selection, training, development and rewarding. The authors' detailed analyses persuasively render indispensable the wider remit of HR. The book, however, goes beyond HR. It prompts the governance functions into ensuring that people risks are included in every assignment they undertake, it argues that senior management are at the front line of promoting personal responsibility and managing people risk and it tells the board that people risks, not only need managing in the organisation, but they also need managing in the boardroom." * Bill Weinstein, Emeritus Professor of International Business, Henley Business School *"It has long been appreciated that effective human resource management systems are an essential part of organisational success, however it is much less well understood that people can still bring down even the most successful organisations. Scratch beneath the surface and even apparently well run organisations can be found to have significant people risk exposures - often because they lack the necessary knowledge and expertise to manage this complex and diverse area of risk. Blacker and McConnell, two of the leading lights in people risk management, have delivered a must-read text for all senior managers and board members in organisations - combining practical insights with strong academic foundations. The book is also an important addition to the book shelves of students and academics with an interest in the human aspects of risk management." * Simon Ashby, Associate Professor at Plymouth University, and Chairman, Institute of Operational Risk *Table of Contents Chapter - 01: People Risk in context; Chapter - 02: Definition and models of People Risk; Chapter - 03: The human dimension of People Risk; Chapter - 04: Case studies in People Risk; Chapter - 05: People Risk Management Framework; Chapter - 06: People Risk in the boardroom; Chapter - 07: The influence of organizational culture; Chapter - 08: Roles and responsibilities; Chapter - 09: Improving decision-making; Chapter - 10: Personal responsibility; Chapter - 11: Conclusion

Read more less

Book SynopsisAnthony Fitzsimmons is Chairman of Reputability LLP and an authority and leading thinker on reputational risk and the propensity of behavioural and organizational risks to cause reputational damage. Derek Atkins BSc PhD MIMMM CEng FCIM FCII Chartered Insurer was a visiting Professor at Cass Business School, London, teaching risk management, reputational risk, and insurance, and a partner in Reputability LLP. He was the co-author of a dozen books.Trade Review"An exceptional book for learning at every level - whether you are a business school student or a chief executive; Prime Minister or a new recruit into the civil service." * Lord Owen CH FRCP, Former UK Foreign Secretary and author of 'The Hubris Syndrome' *"The authors have examined trust in business through the lens of reputational risk and identified themes that really matter. Their well-illustrated commentary is good read for business leaders at all levels." * Dame Alison Carnwath, Company Chair, Audit Committee Chair, NED and Supervisory board member *"This book is written in the riveting style worthy of a subject often overlooked. The authors' discussion of collateral damage and guilt by association was especially intriguing." * Senator Bob Graham, Co-Chairman of the National Presidential Commission on the Deepwater Horizon Disaster *"The authors highlight the role of culture and conduct and of the wider responsibilities of organisations to their customers and to the public. I much endorse their recommendations to business leaders. It is instructive to see this subject handled with such conviction and clarity." * Sir Winfried Bischoff, Chairman, Financial Reporting Council *"The authors show why the most valuable core competence for leaders everywhere is the ability to understand how people actually feel, think and behave, and how to manage risks from people effectively. This is just as important for government and the public sector as for private sector organisations." * Richard Bacon MP, Deputy Chairman, House of Commons Public Accounts Committee *"This thoroughly enjoyable book is a must-read for leaders of all organizations at all levels, right up to the board and its leadership." * Dr Kiyoshi Kurokuwa, Chairman of the Independent Investigation Commission of Fukushima Nuclear Accident by the National Diet of Japan *"I very much welcome this book as a comprehensive and insightful study into one of the most critical but often neglected aspects of risk management - reputational risk." * John Hurrell, Chief Executive of AIRMIC *"Rethinking Reputational Risk is an excellent contribution to the understanding of reputation as a key indicator of the quality of a company's leadership, culture and material stakeholder relationships." * Colin Melvin, Head of Global Stewardship, Hermes Investment Management *"This book will be chastening reading for company board members. Other readers will be fascinated, and also horrified, by the systematic risk-blindness of those who oversee our largest and most powerful companies." * Professor Andrew Hopkins, author of 'Risky Rewards: How company bonuses affect safety’ *Table of Contents Section - ONE: Rethinking Chapter - 01: Introduction Chapter - 02: Reputation Basics Chapter - 03: How Reputations are lost Chapter - 04: What is Reputational Risk? Chapter - 05: The hole in Classical Risk Management Chapter - 06: Stakeholder Behaviour Chapter - 07: Risks from failing to communicate and learn Chapter - 08: Character, Culture and Ethos Chapter - 09: Incentives Chapter - 10: Complexity Chapter - 11: Board composition, Skill, Knowledge, Experience and Behaviour Chapter - 12: Risks from Strategy and Change Chapter - 13: Incubation and complacency Chapter - 14: The special role – and Risks – of leaders Section - TWO: Case studies Chapter - 15: BP: Texas City Explosion Chapter - 16: BP: Deepwater Horizon Chapter - 17: Tesco PLC Chapter - 18: American International Group (AIG) Chapter - 19: EADS Airbus A380 Chapter - 21: Volkswagen Chapter - 22: Mid Staffordshire NHS Foundation Trust (Stafford Hospital) Section - THREE: Practicalities Chapter - 23: The way forward Chapter - 24: System Basics – Getting to ‘go’ Chapter - 25: Setting up the Reputational Risk Management System Chapter - 26: Operating the Reputational Risk Management System

Read more less

Book SynopsisDomenic is a practicing Chief Risk Officer and senior risk, governance and compliance consultant. An Australian expatriate based in Dubai UAE, Domenic specializes in bringing organizations 'up the risk maturity curve' and building risk practitioner tools for implementing ERM, ISO 31000:2009 and COSO ERM. Formerly with Marsh Risk Consulting, Shell and Red Cross, he enjoys over 30 years experience in risk, strategic planning and business management across many sectors in Europe, Africa, Middle East, Asia and Australia-Pacific. A regular international conference presenter and author, he is the content author for various risk maturity model software releases. These include Benchmarker risk maturity model, the first tool to self-assess risk management effectiveness through a set of capabilities expected to be delivered by a head of risk and cross-walked to both ISO 31000 and COSO ERM. His book Risk Maturity Models is the first to focus on this important topic.Trade Review"We live and work in an increasingly complex, faster moving and connected world. The risk landscape faced by organisations today and in the future is increasingly one made up of intangible risks - risks typically more difficult to assess and control than more 'traditional' physical risks. Intangible risks demand an enterprise risk management ("ERM") approach - archaic risk silos have no place in this world - cyber is not just an IT risk, people are not just an HR risk. Risk management is at the top of the board room agenda and organisations are seeking ways in which they can evaluate and benchmark their ERM maturity. This authoritative book by Domenic Antonucci, a recognised international thought leader in the space of risk maturity is a welcome addition to every risk professional's tool kit. The book follows a logical approach and is packed with information designed to explain risk maturity and to help risk professionals use this technique in support of their position as risk leaders and trusted risk advisors." * Julia Graham, AIRMIC Ltd *"Risk management maturity models enable organizations to gauge the development and evolution of their risk management practices. Dominic Antonucci's Risk Maturity Models stands out from other risk management texts on this topic because it provides very practical guidance, supported by numerous case studies. The book brings to life the benefits of risk maturity models when effectively applied and is simple but effective in its approach." * Nicola Crawford, IRM UK Board member *"For years Domenic has been one of the leading thinkers on risk management maturity models. Now he's sharing his thoughts in a book that can help others use maturity models as a means to advance risk management maturity. Risk Maturity Models should be in the library of every risk management practitioner who's looking to advance their risk management capabilities." * Paul Sobel, IA ex Chairman, Vice President/Chief Audit Executive IIA Global *"Risk maturity models are useful to organizations that want to compare their current state of risk management capability to an appropriate target level. With his book, Domenic Antonucci offers risk practitioners not only a comprehensive review of existing risk maturity models, but also a method to build one that will satisfy the specific needs of any organization." * Ghislain Giroux Dufort, President at Baldwin Global Risk Strategies Inc. *"Risk Maturity is currently a hot topic within the Risk Management discipline, being mentioned in various books, standards as well as being discussed at length in conferences across the globe. Up until this book however, there have been a lack of publications on the topic. Domenic Antonucci provides a detailed insight into the history of Risk Maturity Models and their benefits. The book is relevant to all organizations implementing risk management who are seeking more information on risk maturity models, whether they believe themselves to be "best in class", and looking for a way to measure their risk maturity, or having only recently started their Risk Management Journey and looking for a roadmap to help guide them to increased levels of maturity." * Alexander Larsen BHRM, FIRM Risk & Controls Co-Ordinator – West Qurna Project *"Risk management is often portrayed as a subject impenetrable to those who work outside the discipline, with jargon and techniques obscuring the real value that risk-based decision making can bring to organisations. Domenic Antonucci's book changes all this. Through a wealth of practical experience and accessible examples, Dom shows how anyone can measure, review and indeed improve the level of risk maturity in their organisation. With techniques that can be used both in commercial businesses and in public and third sector organisations anywhere in the world, this book is relevant to you. Indeed, whether you manage risk directly, or influence the way it's exploited, you'll find this guide of real and lasting value." * Steve Fowler, Managing Director at Amarreurs Consulting Ltd, Ex-CEO at the Institute of Risk Management *Table of Contents Section - 01: Background to risk maturity models; Section - 02: The case for a risk maturity model; Section - 03: Comparing risk maturity models against each other; Section - 04: Tailoring and benchmarking a risk maturity model; Section - 05: Designing a tailored risk maturity model; Section - 06: How risk, audit and board functions benefit from risk maturity; Section - 07: Summary of risk maturity models from practitioner perspectives;

Read more less

Book SynopsisMatthew Whalley has a unique blend of practical experience and strategic insight into legal risk management and law department operations. He created the UK's first and only Legal Risk Consultancy in 2012, and has helped FTSE 100 and Fortune 500 clients take their first steps to develop a structured approach to legal risk. He was short-listed for the Laurie Young Memorial Global Thought Leadership award in 2014 for his papers on legal risk management.Chris Guzelian is an Associate Professor at Thomas Jefferson Law School in San Diego, California, USA, where he teaches business, criminal, and American constitutional law courses. Previously he was a state prosecutor, a civilian officer with the U.S. Department of Defense, and a lawyer with the U.S. bankruptcy courts. Chris advises a number of corporate, non-profit, and government authorities on risk-related matters.Trade Review"The Legal Risk Management Handbook contains a wealth of information useful for any company involved in international business to consider when managing legal risk. What sets this book apart is that it translates complex legal principles into practical operating tools that business managers and the lawyers who work with them can use on a day-to-day basis. An indispensable compendium for the legal and compliance team, the executive suite and the boardroom who must work hard to ensure that legal risk management is at the top of the agenda in every organization." * Professor Stuart Weinstein, Faculty of Business and Law, Coventry University *"A must-read for in-house lawyers and new general counsels. I particularly like the simple and practical guides to implement what are quite advanced legal risk management techniques." * Simon Nasta, General Counsel, FBN UK *"Legal risk management needs to become fully integrated with the practice of law. With this book, Matthew Whalley and Chris Guzelian enable in-house lawyers to get to grips with one of the least understood areas of legal practice. A must-read for General Counsel who want to articulate the value their team delivers, for Chief Compliance Officers who want to work more effectively with legal colleagues to deliver effective regulatory compliance programmes, and for any legal practitioner who operates within or delivers services to a risk-managed environment." * Neil Braakenburg, EMEA Head of Compliance, AIG Europe (and former UK Head of Legal, AIG Europe) *"This book challenges all organizations to review legal risk management strategy and provides practical suggestions on how to flex their approach to enhance legislative and regulatory compliance. All those in leadership or front line advisory roles will relate to the issues raised and can benefit from the proposed solutions to manage their forward exposures to legal loss." * Matthew Kellett, EY UK Law Leader, FSO *"Easy to read and dares to delve not just into the practical application of the law but the world of ethics and conduct and the role of lawyers to manage such. A valuable addition to the literature on legal risk." * Prof. Richard Moorhead, Professor of Law and Professional Ethics, Director of the Centre for Ethics and Law, UCL *"Legal risk management is often still seen as a niche discipline, but I believe it has great potential once it is adopted more broadly. One of the problems is that many practitioners do not even know what this nascent discipline entails and what they should learn to start practising it. This book is a very good starting point because it offers useful practical guidelines and illustrating cases. Thanks to their professional experiences with practising legal risk management, the authors are uniquely qualified for offering such guidance." * Professor Tobias Mahler, Norwegian Research Center for Computers and Law, Faculty of Law, University of Oslo *"In-house legal teams are facing major challenges. We need more books like this." * Ashley Gordon, Head of Legal, EMEA *Table of Contents Section - 01: A general guide to legal risk management and reporting; Chapter - 01: The business case for legal risk: How to articulate legal risk to your business; Chapter - 02: Big picture legal risk management: Corporate governance, values and policy; Chapter - 03: Evidence you’re in control: How to identify, quantify and report legal risk; Section - 02: An in-depth review of legal risk and how to mitigate it; Chapter - 04: Legislative/regulatory risk and the role of legal and compliance; Chapter - 05: Non-contractual obligations: Ethics, conduct and duty of care; Chapter - 06: Contract risk; Chapter - 07: Dispute risk; Chapter - 08: Non-contractual rights risk: Intellectual property: the gateway to your customer;

Read more less

Book SynopsisDr Roger Miles researches behavioural risk and the impacts of conduct regulation. He counsels Boards on human risk factors and uncertainty, and delivers bespoke risk workshops for leadership groups in government, NGOs and the professions. He teaches risk-related psychology at graduate schools including Cambridge University and the UK Defence Academy. He co-edits the LSE's annual Behavioural Economics Guide and publishes best practice guidance notes through professional bodies including British Bankers' Association (BBA), the Association of British Insurers (ABI), Global Association of Risk Professionals (GARP) and the Institute of Operational Risk (IOR).Trade Review"With the latest shocks to unsettle the predictable and rational world of deterministic and logical data-driven assumptions analysis, culminating in our inability to foresee Brexit and the rise of Donald Trump, financial practitioners would be well advised to pick up, discuss and take note of the behavioural approaches outlined in Dr Miles's Conduct Risk Management. The tools in here will help practitioners get themselves 'match fit' for managing risk in a world where almost everything you thought you knew may turn out to be wrong." * Dr David Hancock, Director HM Government Cabinet Office – Infrastructure and Projects Authority; former Head of Risk for TfL *"Dr Miles has important and timely lessons for the effective management of corporate risk, but this book goes well beyond a narrow risk focus and, with its application of and insights from behavioural science, will be of interest to students and practitioners of ethics, culture and conduct in financial services and, indeed, more widely. I'd encourage all bankers, regulators and students to read this book, which balances well academic study with practical, real-world lessons and conclusions." * Simon Thompson, Chief Executive, Chartered Banker Institute *"A refreshingly enjoyable read, but more than that, a timely expert insight into why and how the financial sector has to change fundamentally the way it engages with politics and public goods. This change of outlook has implications far beyond financial markets - there are valuable lessons for policy-making at the highest level." * Matthew Taylor, Chief Executive, RSA; Head of the Prime Minister’s Employment Law Review, 2016 *"A lively, interesting and very practical guide to understanding how regulators think, and getting on the front foot ahead of conduct risk. Using Dr Miles's techniques to 'work risk-aware' makes good business sense, is highly engaging for all business people and is certainly a better basis for effective compliance than old fashioned box-ticking." * Scott Wallace, Chief Risk Officer and Executive Director – Governance, Legal, Risk & Compliance *"Many practitioners are at a loss how to deal with Conduct Risk, yet clearly it's a vital topic to understand, now that the threat of prosecution hangs daily over every senior manager. Roger Miles is one of the very few genuinely expert sources on what the science of 'behavioural regulation' means for day-to-day business practice. This is a great opportunity to gather his insights, and enjoy his lively curiosity about where regulation comes from and will take us to next." * Donald Macrae, Senior Consultant on Regulatory Reform, World Bank *"Roger Miles has done an excellent job of animating and explaining in plain English this challenging area of regulation. His book should therefore be essential reading for any compliance and risk professional in order that they better understand the nature of conduct risk and how to mitigate the risks arising." * Brian Harte, Managing Director, Berkeley Research Group; former Group Head of Compliance and Regulatory Affairs, Barclays *Table of Contents Chapter - 01: Time for a Fresh Approach; Chapter - 02: Behavioural Science Sets Regulators Thinking…; Chapter - 03: The Onset of Financial Conduct Regulation; Chapter - 04: Why Regulators had to Change Direction; Chapter - 05: The Roots of Misconduct; Chapter - 06: The Politics of Prosecution; Chapter - 07: Establishing What Your ‘Good Behaviour Looks Like’; Chapter - 08: The ‘Behavioural Lens’, Part 1; Chapter - 09: The ‘Behavioural Lens’, Part 2; Chapter - 10: Looking Back, Looking Ahead

Read more less

Book SynopsisDr Keith Blacker has worked in a variety of board and executive roles globally and is the former CFO of a large UK-based health insurance business. He has over 30 years' experience working within the financial services industry and has consulted to a range of national and international banks and insurance companies on risk management matters. He is a Fellow of the Institute of Chartered Accountants in England & Wales and a Fellow of the UK Institute of Internal Auditors. Dr Patrick McConnell has been a senior manager in, and a consultant to, large international corporations, financial institutions and governments on multiple continents for over 35 years. His expertise is in risk management and information technology. He is a Fellow of BCS, the Chartered Institute for IT. He has taught in Australia and Ireland to advanced students and in-house executives.Both authors hold doctorates in Business Administration and have published and spoken widely in industry and academic Trade Review"An expertly written book, it takes you to the heart of the risk problem - people. The best systems, the most up to date software, the most meticulous risk mitigation plan, all can be circumvented by human ingenuity. Via case studies and analytical framing the authors review, analyse and most usefully prescribe how people risk can be minimized but never eliminated. People Risk is not a HR function but a holistic framework of thinking and this book exposes you to it." * Brian Lucey, Professor of Finance, Trinity College Dublin *"I recommend this book to experienced risk managers because it tackles some very difficult areas from a broad knowledge base, builds on the work of other's research and introduces some new concepts. I would put a slight caveat to the less experienced risk practitioner because it is important to understand how people risk management should sit within a wider risk management framework. The book leaves the impression that people risk is the principal cause for all ills, however, root cause analysis consistently finds that there is usually more than one factor present for risks to materialise." * Jane Walde, Director of The Holistic Risk Practice (for RMProfessional) *"People Risk Management by McConnell and Blacker is a book that has been sorely needed for some time. For too long risk practitioners, as a whole, have underplayed the role that people risk can have in an organisation. Given that the major events of the global financial crisis of 2007-2009 were a result of people, both in senior and junior positions, making poor decisions for a variety of reasons, it is time that people risk is given much more prominence. And it's not just a matter of risk culture, as McConnell and Blacker successfully argue. More attention needs to be paid to making a more robust decision making process, especially at senior levels. For the practitioner, this book offers more than an overview of the risk and some case studies; a framework for managing people risk, and proposals for increasing the quality of people risk management from the Boardroom to the individual worker make a valuable resource. This is a book that I wish I'd written." * Frank Ashe, Macquarie University *"Among the many carefully reasoned observations in the wide field of risk management and its focus on People Risk, this book highlights the important roles of Human Resources which extend beyond its established domains of recruitment, selection, training, development and rewarding. The authors' detailed analyses persuasively render indispensable the wider remit of HR. The book, however, goes beyond HR. It prompts the governance functions into ensuring that people risks are included in every assignment they undertake, it argues that senior management are at the front line of promoting personal responsibility and managing people risk and it tells the board that people risks, not only need managing in the organisation, but they also need managing in the boardroom." * Bill Weinstein, Emeritus Professor of International Business, Henley Business School *"It has long been appreciated that effective human resource management systems are an essential part of organisational success, however it is much less well understood that people can still bring down even the most successful organisations. Scratch beneath the surface and even apparently well run organisations can be found to have significant people risk exposures - often because they lack the necessary knowledge and expertise to manage this complex and diverse area of risk. Blacker and McConnell, two of the leading lights in people risk management, have delivered a must-read text for all senior managers and board members in organisations - combining practical insights with strong academic foundations. The book is also an important addition to the book shelves of students and academics with an interest in the human aspects of risk management." * Simon Ashby, Associate Professor at Plymouth University, and Chairman, Institute of Operational Risk *Table of Contents Chapter - 11: Conclusion Chapter - 10: Personal responsibility; Chapter - 09: Improving decision-making; Chapter - 08: Roles and responsibilities; Chapter - 07: The influence of organizational culture; Chapter - 06: People Risk in the boardroom; Chapter - 05: People Risk Management Framework; Chapter - 04: Case studies in People Risk; Chapter - 03: The human dimension of People Risk; Chapter - 02: Definition and models of People Risk; Chapter - 01: People Risk in context;

Read more less

Book SynopsisAndrew Hayward is a lawyer with more than a dozen years' experience of compliance roles across sectors. Having previously worked for AstraZeneca and Balfour Beatty, he is now Head of Compliance and Ethics at Subsea 7, an engineering, construction and services contractor to the offshore energy industry. He worked with the British Standards Institute to develop the first anti-bribery standard (BS10500) and was part of the UK delegation on the development of the International Anti-Bribery Standard (BS ISO 37001:2016).Tony Osborn is an award-winning writer, creative consultant and content developer. He has worked with leading global corporations to help them find and tell their stories and connect with stakeholders. He helped shape and write Serco's online and printed Code of Conduct, and, with Andrew Hayward, the award-winning Balfour Beatty Code of Conduct.Trade Review"The 'masters and apprentices' book of compliance - practical insights for the professional and lay person alike."" * Christopher Wright, Head of Compliance, LafargeHolcim *"The authors of this book succeeded in explaining precisely, pleasantly and in an easily understandable way what everybody should know and practice in compliance and ethics. Nobody may say anymore: 'I didn't know how to do it'." * François Vincke, Member of the Brussels Bar, Vice-Chair ICC Commission Corporate Responsibility and Anti-corruption *"The engaging style of this book will take its audience beyond the word 'compliance' - seen as so negative by so many demonstrates how to win over hearts and minds. The stories are a useful and practical way to make learning more memorable and therefore effective. The authors are to be commended for their approach in delivering a must read for every CECO... A seminal textbook for those teaching business ethics at universities and business schools." * Philippa Foster Back CBE, Director, Institute of Business Ethics *"Just as importantly, the work provides the right balance between ethics and values on the one hand and compliance programme elements on the other in discussing what works and what hasn't. Brilliantly written and easy to understand, it provides meaningful insight for both the experienced compliance professional and newcomers to the field. It masterfully weaves real stories and anecdotes into the materials in an entertaining way, bringing the discussion to life. Destined to become a classic in the compliance literature, it is required reading for anyone on the compliance journey." * Keith M. Korenchuk, VP & Chief Compliance Officer, Diagnostic Platform, Danaher Corporation/Beckman Coulter Inc. and former partner, Arnold & Porter LLP *"The authors provide such depth of understanding necessary to help entities navigate ethics and compliance in an effective and integrated way. They have managed to do so in a light and upbeat tone with some fun references ranging from rock 'n' roll to Lewis Carroll and a healthy poke at legalese." * Cécilia Fellouse-Guenkel, General Manager, Compliance For Good *Table of Contents Section - ONE: Chapter - 01: Why compliance isn’t working; Chapter - 02: The meaning, origins and role of compliance and ethics; Chapter - 03: Barriers to success; Chapter - 04: Looking for answers; Section - TWO: Chapter - 05: The anatomy of a compliance and ethics programme; Chapter - 06: Top-level commitment; Chapter - 07: Risk assessment and due diligence; Chapter - 08: Code of conduct and policies; Chapter - 09: Communication, education and training; Chapter - 10: Whistle-blowing hotline and speak-up culture; Chapter - 11: Procedures and controls; Chapter - 12: Investigations, remediation and enforcement; Chapter - 13: Assurance and continuous improvement; Chapter - 14: Implementation – The compliance and ethics function – and everyone else;

Read more less

Book SynopsisKate Hartley is co-founder of Polpeo, a crisis simulation training consultancy that works with some of the biggest brands in the world. Hartley has 25 years' agency-side experience in crisis and reputation management and corporate PR. She has spoken and run workshops on the impact of social media on crisis management at international events including SXSW, The Global PR Summit, PR Week's Crisis Comms, and Social Media Today's Social Shake Up. She is a member of the CIPR and the PRCA, and sits on the PRCA's digital steering committee which is designed to shape digital best practice in the PR industry.Trade Review"A timely analysis of the environment in which crises emerge and must be managed." * Jonathan Hemus, Managing Director, Insignia *"Above all a sane and sympathetic approach to the people embroiled in a crisis at the sharp end. Buy this book, read it, follow Kate Hartley's advice and breathe more easily." * Adrian Wheeler, author of Crisis Communications Management and Writing for the Media *"Whilst the principles of crisis communications haven't changed the environment has - beyond recognition. Understanding what that means to the corporation under fire and how best they should engage with all stakeholder audiences is the essence of this book." * Alison Clarke FPRCA, FCIPR, Alison Clarke Consulting *Table of Contents Section - ONE: Understanding how consumer behaviour has changed; Chapter - 01: Kick a brand when it's down – Why we love to hate our favourite brands; Chapter - 02: The issue of declining trust in the spread of fake news; Chapter - 03: Who do I trust? The rise of individual influencers versus declining traditional media; Chapter - 04: It's outrageous! Understanding the new response to outrage and bad news, and the role of social media; Chapter - 05: I want it now – Managing consumer expectation for instant information; Chapter - 06: Profile of a troll – Understanding and dealing with trolling behaviour; Chapter - 07: The conscious consumer – The question complex and pressures of brand transparency; Section - TWO: The role of changing consumer behaviour in crisis management and response; Chapter - 08: The new challenges – Understanding the impact of changing consumer behaviour on crisis management strategies; Chapter - 09: What is acceptable in a crisis? How to differentiate business as usual versus crisis management; Chapter - 10: The social media Hydra: Principles of transparency versus suppression of information in crisis mitigation; Chapter - 11: Crises in action: Lessons learned from crisis responses from five major brands; Chapter - 12: The importance of telling the truth and its role in crisis and reputation management; Chapter - 13: Withstanding the attack: The importance of resilience in your communications teams; Section - THREE: Building your crisis communication strategy and response; Chapter - 14: The brain's response to a crisis and training your team to cope; Chapter - 15: Insights from crisis communication influencers on managing the threats facing brands; Chapter - 16: The role of leadership in a crisis and preparing your crisis team; Chapter - 17: Showing humanity and empathy in a crisis: When it counts and when it's empty; Chapter - 18: What do I do first? Getting your priorities right in a crisis; Chapter - 19: Harnessing the crowd: Using influencers and advocates to calm the crisis: An interview with Scott Guthrie; Chapter - 20: The role of technology in crisis management: Using predictive analysis, social listening, search data and insights; Chapter - 21: Practical steps to prepare, execute and analyse a crisis response (and avoid common pitfalls)

Read more less

Book SynopsisIn the wake of 9/11 and Hurricane Katrina, many are asking what, if anything, can be done to prevent large-scale disasters. How is it that we know more about the hazards of modern American life than ever before, yet the nation faces ever-increasing losses from such events? History shows that disasters are not simply random acts. Where is the logic in creating an elaborate set of fire codes for buildings, and then allowing structures like the Twin Towers—tall, impressive, and risky—to go up as design experiments? Why prepare for terrorist attacks above all else when floods, fires, and earthquakes pose far more consistent threats to American life and prosperity?The Disaster Experts takes on these questions, offering historical context for understanding who the experts are that influence these decisions, how they became powerful, and why they are only slightly closer today than a decade ago to protecting the public from disasters. Tracing the intertwined develoTrade Review"This marvelous book offers a gripping analysis of American disaster expertise over the last 150 years. . . . A powerful, eminently readable book that belongs on undergraduate and graduate syllabi in the history of science and technology-and, indeed, in the library of every educated citizen." * Isis *"Knowles adroitly chronicles in fine historical detail the emergence of the experts (and their intellectual disciplines) who worked to understand and mitigate the constantly changing human and technological landscapes of urban risk." * Choice *"In The Disaster Experts, Scott Knowles makes a key contribution to our understanding of how American disaster policy has evolved over time. This book is a way to appreciate at a deeper level why and how Americans are prepared in some ways, and profoundly unprepared in others, for the disasters to come in the twenty-first century." * James Lee Witt, Chief Executive Officer, Witt Associates, and FEMA Director, 1993-2001 *Table of ContentsList of Abbreviations Introduction 1 The Devil's Privilege 2 Reforming Fire 3 The Invisible Screen of Safety 4 Ten to Twenty Million Killed, Tops 5 What Is a Disaster? 6 A Nation of Hazards Conclusion Notes Index Acknowledgments

Read more less

Book SynopsisWhether man-made or naturally occurring, large-scale disasters can cause fatalities and injuries, devastate property and communities, savage the environment, impose significant financial burdens on individuals and firms, and test political leadership. Moreover, global challenges such as climate change and terrorism reveal the interdependent and interconnected nature of our current moment: what occurs in one nation or geographical region is likely to have effects across the globe. Our information age creates new and more integrated forms of communication that incur risks that are difficult to evaluate, let alone anticipate. All of this makes clear that innovative approaches to assessing and managing risk are urgently required.When catastrophic risk management was in its inception thirty years ago, scientists and engineers would provide estimates of the probability of specific types of accidents and their potential consequences. Economists would then propose risk management poliTrade Review"Extraordinarily thoughtful and insightful, the authors of The Future of Risk Management provide students and professionals in the field of risk management new pathways for approaches and solutions to our myriad areas of risk. Moreover, anyone interested in understanding the risks our societies face should study these essays." * Franklin W. Nutter, President, Reinsurance Association of America *"The field of risk management has exploded in recent decades as natural disasters, financial meltdowns, pandemics, and other damaging events have wreaked havoc across borders. The Future of Risk Management brings together essays from leading thinkers on ways to reduce risk so that today's threats do not turn into tomorrow's catastrophes. Aimed at policy leaders seeking strategies to reduce future harm, this volume deserves a close read and a spot on the bookshelf of all forward-thinking decision-makers." * Alice Hill, The Hoover Institution, Stanford University *"The Future of Risk Management engages in a critical discussion on how we as a nation and the world as a whole should better prepare for and reduce the costs of future disasters. The authors correctly recognize that our current disaster preparedness and response paradigm is fundamentally broken-plagued by inconsistencies, short-sightedness, and a lack of integration. Instead, we need to take a holistic, long-term approach to disaster response and risk management and allocate resources based on the best objective data available." * Jason M. Tuber, U.S. Congressional Staffer *"This comprehensive, critical, and lucid survey demonstrates convincingly that effectively managing climate change and other major threats requires understanding how the average person reacts to risk. It's a story about lessons learned and lessons forgotten, about logic and bias, about positive incentives and perverse incentives-and serves as a warning that we have a long, long way to go before we manage risk effectively." * Michael Oppenheimer, Princeton University *Table of ContentsIntroduction —Howard Kunreuther, Robert J. Meyer, and Erwann O. Michel-Kerjan PART I. BEHAVIORAL FACTORS INFLUENCING DECISION-MAKING UNDER RISK AND UNCERTAINTY Chapter 1. The Arithmetic of Compassion and the Future of Risk Management —Paul Slovic and Daniel Västfjäll Chapter 2. "Risk as Feelings" and "Perception Matters": Psychological Contributions on Risk, Risk-Taking, and Risk Management —Elke U. Weber Chapter 3. Risk-Based Thinking —Baruch Fischhoff Chapter 4. Structured Empirical Analysis of Decisions Under Natural Hazard Risk —Craig E. Landry, Gregory Colson, and Mona Ahmadiani Chapter 5. Mixing Rationality and Irrationality in Insurance Demand and Supply —Mark Pauly Chapter 6. The Disaster Cycle: What We Do Not Learn from Experience —Robert J. Meyer PART II. IMPROVING RISK ASSESSMENT Chapter 7. Using Models to Set a Baseline and Measure Progress in Reducing Disaster Casualties —Robert Muir-Wood Chapter 8. Learning from All Types of Near-Misses —Robin Dillon Chapter 9. Managing Systemic Industry Risk: The Need for Collective Leadership —Paul J. H. Schoemaker Chapter 10. Measuring Economic Resilience: Recent Advances and Future Priorities —Adam Rose PART III. DEVELOPING BETTER RISK COMMUNICATION STRATEGIES Chapter 11. Improving Stakeholder Engagement for Upstream Risks —Robin Gregory and Nate Dieckmann Chapter 12. Improving the Accuracy of Geopolitical Risk Assessments —Barbara A. Mellers, Philip E. Tetlock, Joshua D. Baker, Jeffrey A. Friedman, and Richard Zeckhauser Chapter 13. Efficient Warnings, Not "Wolf or Puppy" Warnings —Lisa A. Robinson, W. Kip Viscusi, and Richard Zeckhauser PART IV. ROLE OF RISK MITIGATION, RISK-SHARING, AND INSURANCE Chapter 14. Threats to Insurability —Carolyn Kousky Chapter 15. The Role of Insurance in Risk Management for Natural Disasters: Back to the Future —Howard Kunreuther Chapter 16. Improving Individual Flood Preparedness Through Insurance Incentives —W. J. Wouter Botzen Chapter 17. Strong and Well-Enforced Building Codes as an Effective Disaster Risk Reduction Tool: An Evaluation —Jeffrey Czajkowski PART V. GOVERNMENT AND RISK MANAGEMENT Chapter 18. Getting the Blend Right: Public-Private Partnerships in Risk Management —Cary Coglianese Chapter 19. The Regulation of Insurance Markets Subject to Catastrophic Risks —Robert W. Klein Chapter 20. Rethinking Government Disaster Relief in the United States: Evidence and a Way Forward —Erwann O. Michel-Kerjan List of Contributors Index

Read more less

Book SynopsisChemical process quantitative risk analysis (CPQRA) is used to identify incident scenarios and evaluate their risk by defining the probability of failure, the various consequences and the potential impact of those consequences. This edition offers a guide to applying these risk-analysis techniques, particularly to risk control studies.Table of ContentsPreface. Preface to the First Edition. Acknowledgments. Acknowledgments to the First Edition. Management Overview. Organization of the Guidelines. Acronyms. 1. CHEMICAL PROCESS QUANTITATIVE RISK ANALYSIS. 1.1 CPQRA Definitions. 1.2 Component Techniques of CPQRA. 1.2.1 Complete CPQRA Procedure. 1.2.2 Prioritized CPQRA Procedure. 1.3 Scope of CPQRA Studies. 1.3.1 The Study Case. 1.3.2 Typical Goals of CPQRAs. 1.4 Management of Incident Lists. 1.4.1 Enumeration. 1.4.2 Selection. 1.4.3 Tracking. 1.5 Applications of CPQRA. 1.5.1 Screening Techniques. 1.5.2 Applications within Existing Facilities. 1.5.3 Applications within New Projects. 1.6 Limitations of CPQRA. 1.7 Current Practices. 1.8 Utilization of CPQRA Results. 1.9 Project Management. 1.91. Study Goals. 1.9.2 Study Objectives. 1.9.3 Depth of Study. 1.9.4 Special User Requirements. 1.9.5 Construction of a Project Plan. 1.9.6 Project Execution. 1.10 Maintenance of Study Results. 1.11 References. 2. CONSEQUENCE ANALYSIS. 2.1 Source Models. 2.1.1 Discharge Rate Models. 2.1.2 Flash and Evaporation. 2.1.3 Dispersion Models. 2.2 Explosions and Fires. 2.2.1 Vapor Cloud Explosions (VCE). 2.2.2 Flash Fires. 2.2.3 Physical Explosion. 2.2.4 BLEVE and Fireball. 2.2.5 Confined Explosions. 2.2.6 Pool Fries. 2.2.7 Jet Fires. 2.3 Effect Models. 2.3.1 Toxic Gas Effects. 2.3.2 Thermal Effects. 2.3.3 Explosion Effects. 2.4 Evasive Actions. 2.4.1 Background. 2.4.2 Description. 2.4.3 Example Problem. 2.4.4 Discussion. 2.5 Modeling Systems. 2.6 References. 3. EVENT PROBABILITY AND FAILURE FREQUENCY ANALYSIS. 3.1 Incident Frequencies from the Historical Record. 3.1.1 Background. 3.1.2 Description. 3.1.3 Sample Problem. 3.1.4 Discussion. 3.2 Frequency Modeling Techniques. 3.2.2 Event Tree Analysis. 3.3 Complementary Plant-Modeling Techniques. 3.3.1 Common Cause Failure Analysis. 3.3.2 Human Reliability Analysis. 3.3.3 External Events Analysis. 3.4 References. 4. MEASUREMENT, CALCULATION, AND PRESENTATION OF RISK ESTIMATES. 4.1 Risk Measures. 4.1.1 Risk Indices. 4.1.2 Individual Risk. 4.1.3 Societal Risk. 4.1.4 Injury Risk Measures. 4.2 Risk Presentation. 4.2.1 Risk Indices. 4.2.2 Individual Risk. 4.2.3 Societal Risk. 4.3 Selection of Risk Measures and Presentation Format. 4.3.1 Selection of Risk Measures. 4.3.2 Selection of Presentation Format. 4.4 Risk Calculations. 4.4.1 Individual Risk. 4.4.2 Societal Risk. 4.4.3 Risk Indices. 4.4.4 General Comments. 4.4.5 Example Risk Calculation Problem. 4.4.6 Sample Problem Illustrating That F-N Curves Cannot be Calculated from individual Risk Contours. 4.5 Risk Uncertainty, Sensitivity, and Importance. 4.5.1 Uncertainty. 4.5.2 Sensitivity. 4.5.3 Importance. 4.6 References. 5. CREATION OF CPQRA DATA BASE. 5.1 Historical Incident Data. 5.1.1 Types of Data. 5.1.2 Sources. 5.2 Process and Plant Data. 5.2.1 Plant Layout and System Description. 5.2.2 Ignition Sources and Data. 5.3 Chemical Data. 5.3.1 Types of Data. 5.3.2 Sources. 5.4 Environmental Data. 5.4.1 Population Data. 5.4.2 Meteorological Data. 5.4.3 Geographical Data. 5.4.4 Topographic Data. 5.4.5 External Event Data. 5.5 Equipment Reliability Data. 5.5.1 Terminology. 5.5.2 Types and Sources of Failure Rate Data. 5.5.3 Key Factors Influencing Equipment Failure Rates. 5.5.4 Failure Rate Adjustment Factors. 5.5.5 Data Requirements and Estimated Accuracy. 5.5.6 Collection and Processing of Raw Plant Data. 5.5.7 Preparation of the CPQRA Equipment Failure Rate Data Set. 5.5.8 Sample Problem. 5.6 Human Reliability Data. 5.7 Use of Expert Opinions. 5.8 References. 6. SPECIAL TOPICS AND OTHER TECHNIQUES. 6.1 Domino Effects. 6.1.1 Background. 6.1.2 Description. 6.1.3 Sample Problem. 6.1.4 Discussion. 6.2 Unavailability Analysis of Protective Systems. 6.2.1 Background. 6.2.2 Description. 6.2.3 Sample Problem. 6.2.4 Discussion. 6.3 Reliability Analysis of Programmable Electronic Systems. 6.3.1 Background. 6.3.2 Description. 6.3.3 Sample Problem. 6.3.4 Discussion. 6.4 Other techniques. 6.4.1 MORT Analysis. 6.4.2 IFAL Analysis. 6.4.3 Hazard Warning Structure. 6.4.4 Markov Processes. 6.4.5 Monte Carlo Techniques. 6.4.6 GO Methods. 6.4.7 Reliability Book Diagrams. 6.4.8 Cause-Consequence Analysis. 6.4.9 Multiple Failure/Error Analysis (MFEA). 6.4.10 Sneak Analysis. 6.5 References. 7. CPQRA APPLICATION EXAMPLES. 7.1 Simple/Consequence CPQRA Examples. 7.1.1 Sample/Consequence CPQRA Characterization. 7.1.2 Application to a New Process Unit. 7.1.3 Application to an Existing Process Unit. 7.2 Intermediate/Frequency CPQRA Examples. 7.2.1 Intermediate/Frequency CPQRA Characterization. 7.2.2 Application to a New Process Unit. 7.2.3 Application to Existing Process Unit. 7.3 Complex/Risk CPQRA Examples. 7.3.1 Complex/Risk Cpqra Characterization. 7.3.2 Application to a New or Existing Process Unit. 7.4 References. 8. CASE STUDIES. 8.1 Chlorine Rail Tank Car Loading Facility. 8.1.1 Introduction. 8.1.2 Description. 8.1.3 Identification, Enumeration, and Selection of Incidents. 8.1.4 Incident Consequence Estimation. 8.1.5 Incident Frequency Estimation. 8.1.6 Risk Estimation. 8.1.7 Conclusions. 8.2 Distillation Column. 8.2.1 Introduction. 8.2.2 Description. 8.2.3 Identification, Enumeration, and Selection of Incidents. 8.2.4 Incident Consequence Estimation. 8.2.5 Incident Frequency Estimation. 8.2.6 Risk Estimation. 8.2.7 Conclusions. 8.3 References. 9. FUTURE DEVELOPMENTS. 9.1 Hazard Identification. 9.2 Source and Dispersion Models. 9.2.1 Source Emission Models. 9.2.2 Transport and Dispersion Models. 9.2.3 Transient Plume Behavior. 9.2.4 Concentration Fluctuations and the Time Averaging of Dispersion Plumes. 9.2.5 Input Data Uncertainties and Model Validation. 9.2.6 Field Experiments. 9.2.7 Model Evaluation. 9.3 Consequence Models. 9.3.1 Unconfined Vapor Cloud Explosion (UVCE). 9.3.2 Boiling Liquid Expanding Vapor Explosions (BLEVES) and Fireballs. 9.3.3 Pool and Jet Fires. 9.3.4 Toxic Hazards. 9.3.5 Human Exposure Models. 9.4 Frequency Models. 9.4.1 Human Factors. 9.4.2 Electronic Systems. 9.4.3 Failure Rate Data. 9.5 Hazard Mitigation. 9.6 Uncertainty Management. 9.7 Integration of Reliability Analysis, CPQRA, and Cost-Benefit Studies. 9.8 Summary. 9.9 References. Appendix A. Loss-of-Containment Causes in the Chemical Industry. Appendix B. Training Programs. Appendix C. Sample Outline for CPQRA Reports. Appendix D. Minimal Cut Set Analysis. Appendix E. Approximation Methods for Quantifying Fault Trees. Appendix F. Probability Distributions, Parameters, and Technology. Appendix G. Statistical Distributions Available for Use as Failure Rate Models. Appendix H. Errors from Assuming That Time-Related Equipment Failure Rates Are Constant. Appendix I. Data Reduction Techniques: Distribution Identification and Testing Methods. Appendix J. Procedure for Combining Available Generic and Plant-Specific Data. Conversion Factors. Glossary. Index.

Read more less

Book SynopsisQuantitative Risk Analysis is a powerful tool used to help manage risk and improve safety. When used appropriately, it provides a rational basis for evaluating process safety and comparing alternative safety improvements. This guide, an update of an earlier American Chemistry Council (ACC) publication utilizing the hands-on experience of CPI risk assessment practitioners and safety professionals involved with the CCPS and ACC, explains how managers and users can make better-informed decisions about QRA, and how plant engineers and process designers can better understand, interpret and use the results of a QRA in their plant.Table of ContentsList of Figures. List of Tables. Preface. Acknowledgments. Executive Summary. Advice for the Reader. Acronyms. Glossary. Chapter 1. Introduction. 1.1. Background. 1.2. The Process of Risk Analysis. 1.3. Definition of QRA. 1.4. Misconceptions About QRA. Chapter 2. Deciding Whether to Use QRA. 2.1. Some Reasons for Considering QRA. 2.2. Types of Information Available From Risk Studies. 2.3. Criteria for Electing to Use QRA. Chapter 3. Management Use of QRA. 3.1. Chartering the Analysis. 3.1.1. Study Objective. 3.1.2. Scope. 3.1.3. Technical Approach. 3.1.4. Resources. 3.2. Selecting QRA Techniques. 3.2.1. Hazard Identification. 3.2.2. Consequence Analysis. 3.2.3. Frequency Analysis. 3.2.4. Risk Evaluation and Presentation. 3.3. Understanding the Assumptions and Limitations. 3.3.1. Completeness. 3.3.2. Model Validity. 3.3.3. Accuracy/Uncertainty. 3.3.4. Reproducibility. 3.3.5. Inscrutability. Chapter 4. Using QRA Results. 4.1. Comparative Methods for Establishing Perspective. 4.2. Factors Influencing Risk Perception. 4.2.1. Type of Hazard. 4.2.2. Voluntary versus Involuntary. 4.2.3. Societal versus Individual. 4.2.4. Public versus Employee. 4.2.5. High Consequence/Low Frequency versus Low Consequence/High Frequency 4.2.6. Acute versus Latent Effects. 4.2.7. Familiarity. 4.2.8. Controllability. 4.2.9. Age of Exposed Population. 4.2.10. Distribution of Risk and Benefit. 4.3. Communicating Risk. 4.3.1. Accept and Involve the Public as a Legitimate Partner. 4.3.2. Plan Carefully and Evaluate Your Efforts. 4.3.3. Listen to People's Specific Concerns. 4.3.4. Be Honest, Frank, and Open. 4.3.5. Coordinate and Collaborate with Other Credible Sources. 4.3.6. Meet the Needs of the Media. 4.3.7. Speak Clearly and with Compassion. 4.4. Pitfalls in Using QRA Results. Chapter 5. Conclusions. References. Suggested Additional Reading.

Read more less

Book SynopsisTable of ContentsA Note from the Series Editor xiii Acknowledgments xv Author Biography xvii 1 The Critical Role of Risk, High Concern, and Crisis Communication 1 1.1 Case Diary: A Collision of Facts and Perceptions 2 1.2 What Will Readers Find in This Book? 3 1.3 Why You Will Use This Book 4 1.4 The Need for This Book – Now 5 1.4.1 New Literature, New Research 5 1.4.2 Changes in the Communications Landscape 6 1.4.3 Changes in Journalism and the Perception of Facts 7 1.4.4 Changes in Laws, Regulations, and Societal Expectations 7 1.4.5 Changes in Concerns about Health, Safety, and the Environment 7 1.4.6 Changes in Levels of Trust 7 1.4.7 Changes in the Global Political Environment 8 1.4.8 The COVID- 19 Pandemic and the Changed Communication Landscape 8 2 Core Concepts 11 2.1 Case Diary: Recognizing Change as a High Concern Issue 11 2.2 Defining the Concept and Term Risk 13 2.3 Defining the Concept and Term Risk Communication 14 2.4 Risk Communication and Its Relationship to Risk Analysis 17 2.5 Defining the Concepts and Terms High Concern and High Concern Communication 19 2.6 Defining the Concept and Term Crisis 22 2.7 Defining the Concept and Term Crisis Communication 24 2.8 Chapter Resources 25 Endnotes 31 3 An Overview of Risk Communication 33 3.1 Case Diary: Complex Issues Destroy Homes 33 3.2 Challenges and Difficulties Faced in Communicating Risk Information 35 3.2.1 Characteristics and Limitations of Scientific and Technical Data about Risks 35 3.2.2 Characteristics and Limitations of Spokespersons in Communicating Information about Risks 35 3.2.2.1 Case Study: “Go Hard, Go Early”: Risk Communication Lessons from New Zealand’s Response to COVID-19 37 3.2.3 Characteristics and Limitations of Risk Management Regulations and Standards 41 3.2.3.1 Debates and Disagreements 41 3.2.3.2 Limited Resources for Risk Assessment and Management 41 3.2.3.3 Underestimating the Difficulty of and Need for Risk Communication 42 3.2.3.4 Lack of Coordination and Collaboration 42 3.2.4 Characteristics and Limitations of Traditional Media Channels in Communicating Information about Risks 42 3.2.5 Characteristics and Limitations of Social Media Channels in Communicating Information about Risks 43 3.2.6 Characteristics and Limitations of People in their Ability to Evaluate and Interpret Risk Information 44 3.3 Changes in How the Brain Processes Information Under Conditions of High Stress 48 3.4 Risk Communication Theory 49 3.4.1 Trust Determination Theory 49 3.4.2 Negative Dominance Theory 50 3.4.3 Mental Noise Theory 50 3.4.4 Risk Perception Theory 50 3.5 Risk Communication Principles and Guidelines 55 3.5.1 Principle 1. Accept and Involve All Interested and Affected Persons as Legitimate Partners 55 3.5.2 Principle 2. Plan Carefully and Evaluate Performance 55 3.5.3 Principle 3. Listen to Your Audience 57 3.5.4 Principle 4. Be Honest, Frank, and Open 57 3.5.5 Principle 5. Coordinate and Collaborate with Other Credible Sources 58 3.5.6 Principle 6. Meet the Needs of Traditional and Social Media 58 3.5.7 Principle 7. Speak Clearly and with Compassion 58 3.6 Key Takeaway Concepts and Conclusions from this Overview Chapter 59 3.7 Chapter Resources 59 Endnotes 66 4 Development of Risk Communication Theory and Practice 69 4.1 Case Diary: Origin Story 69 4.2 Introduction 70 4.2.1 Historical Phase 1: Presenting Risk Numbers 71 4.2.2 Historical Phase 2: Listening and Planning 71 4.2.3 Historical Phase 3: Stakeholder Engagement 72 4.2.4 Covello and Sandman’s Four Stages of Risk Communication 72 4.2.4.1 Stage 1: Ignore the Public 73 4.2.4.2 Stage 2: Explaining Risk Data Better 73 4.2.4.3 Stage 3: Stakeholder Engagement 77 4.2.4.4 Stage 4: Empowerment 78 4.3 Summary 79 4.4 Chapter Resources 79 Endnotes 83 5 Stakeholder Engagement and Empowerment 87 5.1 Case Diary: A Town Hall Public Meeting Goes Very Wrong 87 5.2 Introduction 89 5.3 Levels of Stakeholder Engagement 91 5.3.1 Types of Stakeholder Engagement 93 5.4 Benefits of Stakeholder Engagement 95 5.5 Limitations and Challenges of Stakeholder Engagement 96 5.6 Techniques and Approaches for Effective Stakeholder Engagement 97 5.7 Meetings with Stakeholders 100 5.7.1 Town Hall Meetings 101 5.7.2 Open House Meetings/Information Workshops 102 5.7.3 Tips for Meetings with Stakeholders 102 5.8 Chapter Resources 104 Endnotes 107 6 Communicating in a Crisis 111 6.1 Case Diary: The Challenge of Partnership in a Crisis 112 6.2 The Three Phases of a Crisis 113 6.3 Communication in the Precrisis Preparedness Phase 115 6.3.1 Precrisis Communication Activity: Identifying Potential Crises 117 6.3.2 Case Study: The 2010 BP Deepwater Horizon Oil Spill 118 6.3.3 Precrisis Communication Activity: Identify Goals and Objectives 120 6.3.4 Precrisis Communication Activity: Develop a Crisis Communication Plan 121 6.3.5 Precrisis Communication Activity: Identify, Train, and Test Crisis Communication Spokespersons 124 6.3.6 Precrisis Communication Activity: Engaging Stakeholders 124 6.3.7 Precrisis Communication Activity: Identifying Stakeholders’ Questions and Concerns 126 6.3.8 Drafting Messages for Anticipated Stakeholder Questions and Concerns 126 6.3.9 Precrisis Communication Activity: Conducting Exercises to Test the Crisis Communication Plan 128 6.3.10 Precrisis Communication Activity: Incident Command System (ICS) and the Joint Information Center (JIC) 129 6.4 Communications in the Crisis Response Phase 130 6.4.1 Case Study: Lac-Mégantic Rail Tragedy 134 6.4.2 Disaster and Emergency Warnings 136 6.4.2.1 Designing Effective Warnings 137 6.4.2.2 Steps in the Disaster and Emergency Warning Process 137 6.5 Communicating Effectively about Blame, Accountability, and Responsibility 139 6.6 Communicating an Apology 140 6.6.1 Case Study: Maple Leaf Foods and the Listeria Food Contamination Crisis 141 6.6.2 Case Study: Southwest Airlines Apology 144 6.7 Communications in the Postcrisis Recovery Phase 145 6.7.1 Case Study and Case Diary: New York City’s Communication Trials by Fire, from West Nile to 9/11 146 6.7.2 Case Study: Johnson & Johnson and the Tylenol Tampering Case 147 6.7.3 Case Study: Flint, Michigan and Contaminated Drinking Water 149 6.8 Chapter Resources 151 Endnotes 159 7 Foundational Principles: Perceptions, Biases, and Information Filters 165 7.1 Case Diary: “A” Is for “Apples” 165 7.2 Message Perception and Reception in High Concern Situations 168 7.3 Message Filter Theory: A Set of Principles Drawn from the Behavioral and Neuroscience Literature 169 7.4 Case Study: COVID- 19 and Risk Perception Factors 171 7.4.1 Social Amplification Filters 173 7.4.2 Mental Shortcut Filters 174 7.4.3 Knowledge and Belief Filters 176 7.4.4 Personality Filters 177 7.4.5 Negative Dominance/Loss Aversion Filters 177 7.5 Message Filters and the Brain 179 7.6 Message Filters, Perceptions, and Models of Human Behavior 179 7.7 Message Filters, Perceptions, and Persuasion 180 7.8 Message Filters, Perceptions, and Ethics 181 7.9 Message Filters and the Issue of Acceptable Risk 182 7.9.1 Factors in Determining Acceptable Risk 183 7.9.2 Strategies for Addressing Acceptable Risk 184 7.10 The Message is in the Mind of the Receiver 186 7.11 Chapter Resources 186 Endnotes 192 8 Foundational Principles: Trust, Culture, and Worldviews 197 8.1 Case Diary: A Disease Outbreak in Africa 198 8.2 Trust Determination 200 8.3 Characteristics and Attributes of Trust 201 8.3.1 Trust and First Impressions 203 8.3.2 Loss of Trust 204 8.3.3 Gaining Trust 206 8.3.3.1 Gaining Trust through Stakeholder Engagement 206 8.3.3.2 Gaining Trust through Trust Transference 206 8.3.3.3 Gaining Trust through Actions and Behavior 207 8.4 Case Study: Trust and the Chernobyl Nuclear Power Plant Accident 207 8.5 Case Diary: The Fukushima Japan Nuclear Power Plant Accident 208 8.6 Gaining Trust in High- Stakes Negotiations 210 8.7 Case Diary: Gaining Trust and the SARS Outbreak in Hong Kong 211 8.8 Trust and Culture 212 8.9 Cultural Competency 212 8.9.1 Different Communication Styles 213 8.9.2 Different Attitudes and Approaches toward Conflict 214 8.9.3 Different Nonverbal Communication 214 8.9.4 Different Attitudes and Approaches to Decision Making 214 8.9.5 Different Attitudes and Approaches toward Information Disclosure 215 8.9.6 Different Attitudes and Approaches to Knowing 215 8.9.7 Different Attitudes and Approaches toward Conversation and Discourse 215 8.9.8 Different Attitudes and Approaches toward the Use of Humor 215 8.10 Risk Perceptions, Trust, and Cultural Theory 215 8.11 Risk Perceptions, Trust, and Worldviews 217 8.12 Case Diary: Fame, Family, and Fear in Public Health Communications 218 8.13 Chapter Resources 221 Endnotes 227 9 Best Practices for Message Development in High Concern Situations 231 9.1 Case Diary: Mapping Through a Maze of COVID Confusion 231 9.2 Introduction 232 9.3 Crafting Messages in the Context of Stress and High Concern Decision- Making 233 9.3.1 Trust Determination and Messaging in High-Stress Situations 233 9.3.1.1 The CCO Best Practice 233 9.3.2 Impaired Comprehension and Messaging in High-Stress Situations 234 9.3.3 Negative Dominance and Messaging in High-Stress Situations 234 9.3.4 Emotional Impact and Messaging in High-Stress Situations 235 9.3.4.1 Case Study: Hoarding Toilet Paper at the Outset of the 2020 COVID-19 Pandemic 236 9.4 Message Mapping 238 9.4.1 Benefits of Message Maps 238 9.4.2 Message Maps and the Brain 241 9.4.3 The Development of Message Mapping 243 9.4.4 Case Study: Message Maps and Asbestos 244 9.4.5 Steps in Developing a Message Map 245 9.4.5.1 Step 1: Identify, Profile, and Prioritize Key Stakeholders 245 9.4.5.2 Step 2: Develop Lists of Stakeholder Questions and Concerns 248 9.4.5.3 Case Study: Stakeholder Questions, Terrorism, and Disasters 249 9.4.5.4 Step 3: Develop Key Messages 249 9.4.5.5 Step 4: Develop Supporting Information 252 9.4.5.6 Step 5: Testing the Message Map 253 9.4.5.7 Step 6: Repurpose Maps through Appropriate Information Channels 254 9.5 Summary 254 9.6 Chapter Resources 255 Endnotes 263 Appendices 265 Appendix 9.1 265 Appendix 9.2 267 Appendix 9.3 277 Appendix 9.4 280 10 Communicating Numbers, Statistics, and Technical Information about a Risk or Threat 285 10.1 Case Diary: A Civil Action 285 10.2 Introduction 288 10.3 Case Study: Numbers, Statistics, and COVID-19 289 10.4 Brain Processes That Filter How Technical Information about Risk or Threat Is Received and Understood 292 10.4.1 Risk and Threat Perception Filters 293 10.4.2 Thought Processing Filters 294 10.4.3 Mental Model Filters 294 10.4.4 Emotional Filters 295 10.4.5 Motivational Filters 295 10.5 Challenges in Explaining Technical Information About a Risk or Threat 296 10.6 Framing 297 10.7 Technical Jargon 298 10.8 Information Clarity 299 10.9 Units of Measurement 300 10.10 Case Study: Risk Numbers, Risk Statistics, and the Challenger Accident 303 10.11 Comparisons 304 10.12 Lessons Learned 308 10.13 Chapter Resources 308 Endnotes 315 11 Evaluating Risk, High Concern, and Crisis Communications 321 11.1 Case Diary: Finding the Road to Rio 321 11.1.1 The Mosquito Front 322 11.1.2 The Citizen Front 322 11.1.3 The Olympic Athlete and Visitor Front 323 11.1.4 Communication Strategy: The Citizen Front 323 11.1.5 Communication Strategy: Olympic Athlete and Visitor Front 323 11.2 Introduction 324 11.3 Benefits of Evaluation 326 11.4 Evaluation Practices for Risk, High Concern, and Crisis Communication 327 11.5 Case Studies of Evaluation Comparison to Best Practice: Hurricane Katrina, COVID-19 and Vaccination Hesitancy, and Outbreak of COVID-19 in Wuhan, China 329 11.5.1 Hurricane Katrina 329 11.5.2 COVID-19 and Vaccination Hesitancy 330 11.5.3 Outbreak of COVID-19 in Wuhan, China 330 11.6 Barriers and Challenges to Evaluation 332 11.6.1 Differences in Values 332 11.6.2 Differences in Goals 332 11.6.3 Competition for Resources 332 11.6.4 Ability to Learn from Results 333 11.7 Evaluation Measures 338 11.7.1 Process/Implementation Evaluation Measures 338 11.7.2 Outcome/Impact Evaluation Measures 339 11.7.3 Formative Evaluation Measures 340 11.8 An Integrated Approach to Evaluation 341 11.9 Resource: Case Study of Focus Group Testing of Mosquito-Control Messages, Florida, 2018–2019 342 11.10 Evaluation Tools 347 11.11 Chapter Resources 348 Endnotes 353 12 Communicating with Mainstream News Media 357 12.1 Case Diary: A High Stakes Chess Game with a News Media Outlet 357 12.2 Introduction 359 12.3 Characteristics of the Mainstream News Media 361 12.3.1 Content 361 12.3.2 Clarity 362 12.3.3 Avoiding Prejudice 362 12.3.4 Topicality 362 12.3.5 Diversity 363 12.3.6 Subject Matter Expertise 363 12.3.7 Resources 363 12.3.8 Career Advancement 364 12.3.9 Watchdogs 364 12.3.10 Amplifiers 364 12.3.11 Skepticism 364 12.3.12 Source Dependency 365 12.3.13 Professionalism and Independence 365 12.3.14 Covering Uncertainty 366 12.3.15 Legal Constraints 366 12.3.16 Special Populations 366 12.3.17 Competition 366 12.3.18 Confidentiality and Protection of Sources 367 12.3.19 Deadlines 367 12.3.20 Trust 367 12.3.21 Storytelling 368 12.3.22 Balance and Controversy 368 12.4 Guidelines and Best Practices for Interacting with Mainstream News Media 368 12.5 The Media Interview 370 12.6 Lessons and Trends 375 12.7 Case Diary: A Ten-Round Exercise 377 12.8 Chapter Resources 378 Endnotes 381 13 Social Media and the Changing Landscape for Risk, High Concern, and Crisis Communication 385 13.1 Case Diary: Myth-Busting: Mission Impossible? 385 13.2 Introduction 387 13.3 Benefits of Social Media Outlets for Risk, High Concern, and Crisis Communication 389 13.3.1 Speed 389 13.3.2 Access 390 13.3.3 Reach 390 13.3.4 Amplification 390 13.3.5 Transparency 390 13.3.6 Understanding 390 13.3.7 Changes in Behaviors 391 13.3.8 Relationship Building 391 13.3.9 Timeliness 391 13.3.10 Hyperlocal Specificity 391 13.3.11 Listening and Feedback 392 13.3.12 Taking Advantage of the Benefits of Social Media 392 13.4 Challenges of Social Media for Risk, High Concern, and Crisis Communication 393 13.4.1 Rising Expectations 393 13.4.2 Repostings/Redistribution 393 13.4.3 Permanent Storage 394 13.4.4 Hacking/Security 394 13.4.5 Rise and Fall of Social Media Platforms 394 13.4.6 Resources 394 13.4.7 Privacy and Confidentiality 394 13.4.8 Cognitive Overload 395 13.4.9 Players on the Field 395 13.4.10 Misinformation, Disinformation, and Rumors 395 13.5 Case Study: Social Media and the 2007 and 2011 Shooter Incidents at Virginia Polytechnic Institute and State University (Virginia Tech) 397 13.6 Case Study: Social Media and the 2013 Southern Alberta/Calgary Flood 398 13.7 Best Practices for Using Social Media in Risk, High Concern, and Crisis Situations 400 13.7.1 Create a Social Media Plan 400 13.7.2 Staff Appropriately for Social Media Communication 400 13.7.3 Ensure Continuous Updating 401 13.7.4 Identify Your Partners 401 13.7.5 Assess and Reassess Your Selection of Platforms 401 13.7.6 Create and Maintain as Many Social Media Accounts as You and Your Stakeholders Need 401 13.7.7 Be Prepared for the Special Social Media Requirements and Pressures in a Crisis 401 13.7.8 Provide Guidance for Employees and Engage Them in the Process 402 13.7.9 Don’t Skip Evaluation 403 13.8 Case Diary: Social Media and the Negative Power of“Junk”Information about Risks and Threats 403 13.9 Lessons Learned and Trends 404 13.10 Chapter Resources 404 Endnotes 408 Index 411

Read more less

Book SynopsisPresents information sources and methodologies for modeling and simulating banking system stability Combining both academic and institutional knowledge and experience, Banking Systems Simulation: Theory, Practice, and Application of Modeling Shocks, Losses, and Contagion presents banking system risk modeling clearly within a theoretical framework. Written from the global financial perspective, the book explores single bank risk, common bank exposures, and contagion, and how these apply on a systemic level. Zedda approaches these simulation methods logically by providing the basic building blocks of modeling and simulation, and then delving further into the individual techniques that make up a systems model. In addition, the author provides clear and detailed explanations of the foundational research into the mathematical and legal concepts used to analyze banking risk problems, measures and data for representing the main banking risk sources, and the majoTable of ContentsForeword xi Introduction xv 1 Banking Risk 1 1.1 Single Bank Risk 4 1.2 The Basel Committee on Banking Supervision Approach to Regulation 14 1.3 Banking Risk Modeling and Stress Testing 33 1.4 Contagion 36 1.5 System Modeling 41 2 Simulation Models 45 2.1 Simulating Shocks: Idiosyncratic Shocks, or Exogenous Failure of Individual Banks 49 2.2 Simulating Shocks: Stress Testing 54 2.3 Simulating Shocks: Systematic Common Shocks 56 2.4 Simulating Shocks: Common Shocks 58 2.5 Estimation of Losses Variability and Assets Riskiness 70 2.6 Simulating Shocks: Correlated Risk Factors 82 2.7 Simulating Shocks: Combining Idiosyncratic and Common Shocks 87 2.8 Correlation 89 2.9 The Interbank Matrix 98 2.10 Loss Given Default 127 2.11 Interbank Losses Attribution 132 2.12 Contagion Simulation Methods 133 2.13 Data and Applied Problems 140 3 Real Economy, Sovereign Risk, and Banking Systems Linkages 149 3.1 Effects of Bank Riskiness on Sovereign Risk 150 3.2 Effects of Sovereign Risk on Bank Riskiness 153 3.3 Linkages to the Real Economy 154 3.4 Modeling 156 3.5 Implementation 159 4 Applications 163 4.1 Testing for Banks–Public Finances Contagion Risk 163 4.2 Banking Systems Regulation What-If Tests 164 4.3 Banks’ Minimum Capital Requirements: Cost–Benefit Analysis 169 4.4 Deposits Guarantee Schemes (DGS)/Resolution Funds Dimensioning 174 4.5 Computing Capital Coverage from Assets PD and Bank PD 178 4.6 Computing Banks Probability to Default from Capital Coverage and Assets PD 180 4.7 Risk Contributions and SiFis 182 4.8 The Regulator’s Dilemma 202 Appendix: Software References and Tools 205 References 223 Index 235

Read more less

Book SynopsisPresents various challenges faced by security policy makers and risk analysts, and mathematical approaches that inform homeland security policy development and decision support Compiled by a group of highly qualified editors, this book provides a clear connection between risk science and homeland security policy making and includes top-notch contributions that uniquely highlight the role of risk analysis for informing homeland security policy decisions. Featuring discussions on various challenges faced in homeland security risk analysis, the book seamlessly divides the subject of risk analysis for homeland security into manageable chapters, which are organized by the concept of risk-informed decisions, methodology for applying risk analysis, and relevant examples and case studies. Applied Risk Analysis for Guiding Homeland Security Policy and Decisions offers an enlightening overview of risk analysis methods for homeland security. For instance, it presents readers with an exploration oTable of ContentsAbout the Editors xix List of Contributors xxi Preface xxv Chapter Abstracts xxviii Part I Managing National Security Risk and Policy Programs 1 1 On the “Influence of Scenarios to Priorities” in Risk and Security Programs 3Heimir Thorisson and James H. Lambert 1.1 Introduction 3 1.2 Risk Programs 4 1.3 Canonical Questions Guiding Development of Risk Programs 6 1.3.1 Canonical Question I: Scope 6 1.3.2 Canonical Question II: Operational Design 7 1.3.3 Canonical Question III: Evaluation 7 1.4 Scenario-Based Preferences 8 1.5 Methodology 9 1.6 Demonstration of Methods 12 1.7 Discussion and Conclusions 20 Acknowledgments 22 References 22 2 Survey of Risk Analytic Guidelines Across the Government 25Isaac Maya, Amelia Liu, Lily Zhu, Francine Tran, Robert Creighton and CharlesWoo 2.1 Department of Defense (DOD) Overview 25 2.1.1 Joint Risk Analysis Methodology (JRAM) for the Chairman’s Risk Assessment (CRA) 26 2.1.2 Mission Assurance (MA): Risk Assessment and Management for DOD Missions 29 2.1.3 Risk Management Guide for DOD Acquisition 31 2.2 Department of Justice (DOJ) 33 2.3 Environmental Protection Agency (EPA) Overview 36 2.3.1 EPA Risk Leadership 36 2.3.2 EPA Risk Assessment Methodology and Guidelines 37 2.3.3 Risk Assessment Case Studies 40 2.3.4 Risk Assessment Challenges of EPA 43 2.3.5 Review of EPA Risk Assessment/Risk Management Methodologies 43 2.4 National Aeronautics and Space Administration (NASA): Overview 44 2.4.1 NASA Risk Leadership 44 2.4.2 Critical Steps in NASA Risk Assessment/Risk Management 44 2.4.3 Risk Assessment/Risk Management Challenges of NASA 48 2.4.4 Review of NASA Risk Assessment/Risk Management Methodologies 49 2.5 Nuclear Regulatory Commission (NRC) Overview 49 2.5.1 NRC Leadership 51 2.5.2 Critical Steps in NRC Risk Assessment/Risk Management 52 2.5.3 Risk Assessment/Risk Management Challenges of NRC 53 2.5.4 Review of NRC Risk Assessment/Risk Management Methodologies 54 2.6 International Standards Organization (ISO) Overview 55 2.6.1 ISO Leadership 57 2.6.2 Critical Steps in ISO Risk Assessment/Risk Management 57 2.6.3 Risk Assessment/Risk Management Challenges of ISO 58 2.7 Australia Overview 58 2.7.1 Australia Leadership 59 2.7.2 Critical Steps in Australia Risk Assessment/Risk Management 60 2.7.3 Risk Assessment/Risk Management Challenges of Australia 61 2.8 UK Overview 61 2.8.1 UK Leadership 61 2.8.2 Critical Steps in UK Risk Assessment/Risk Management 62 2.8.3 Risk Assessment/Risk Management Challenges of the United Kingdom 65 Acknowledgments 65 References 65 3 An Overview of Risk ModelingMethods and Approaches for National Security 69Samrat Chatterjee, Robert T. Brigantic and Angela M.Waterworth 3.1 Introduction 69 3.2 Homeland Security Risk Landscape and Missions 70 3.2.1 Risk Landscape 71 3.2.2 Security Missions 71 3.2.3 Risk Definitions and Interpretations from DHS Risk Lexicon 72 3.3 Background Review 73 3.3.1 1960s to 1990s: Focus on Foundational Concepts 73 3.3.2 The 2000s: Increased Focus on Multi-hazard Risks Including Terrorism 75 3.3.3 2009 to Present: Emerging Emphasis on System Resilience and Complexity 78 3.4 Modeling Approaches for Risk Elements 88 3.4.1 Threat Modeling 88 3.4.2 VulnerabilityModeling 88 3.4.2.1 Survey-Based Methods 88 3.4.2.2 Systems Analysis 89 3.4.2.3 Network-Theoretic Approaches 89 3.4.2.4 Structural Analysis and ReliabilityTheory 89 3.4.3 Consequence Modeling 89 3.4.3.1 Direct Impacts 89 3.4.3.2 Indirect Impacts 89 3.4.4 Risk-Informed Decision Making 90 3.5 Modeling Perspectives for Further Research 90 3.5.1 Systemic Risk and ResilienceWithin a Unified Framework 90 3.5.2 Characterizing Cyber and Physical Infrastructure System Behaviors and Hazards 91 3.5.3 Utilizing “Big” Data or Lack of Data for Generating Risk and Resilience Analytics 91 3.5.4 Conceptual Multi-scale, Multi-hazard Modeling Framework 92 3.6 Concluding Remarks 94 Acknowledgments 95 References 95 4 Comparative Risk Rankings in Support of Homeland Security Strategic Plans 101Russell Lundberg 4.1 Introduction 101 4.2 Conceptual Challenges in Comparative Risk Ranking 102 4.3 Practical Challenges in Comparative Ranking of Homeland Security Risks 103 4.3.1 Choosing a Risk Set 104 4.3.1.1 Lessons from the DMRR on Hazard Set Selection 105 4.3.2 Identifying Attributes to Consider 105 4.3.2.1 Lessons from the DMRR on Attribute Selection 107 4.3.3 Assessing Each Risk Individually 109 4.3.3.1 Lessons from the DMRR on Assessing Individual Homeland Security Risks 111 4.3.4 Combining Individual Risks to Develop a Comparative Risk Ranking 112 4.3.4.1 Lessons from the DMRR on Comparing Homeland Security Risks 114 4.4 Policy Relevance to Strategic-Level Homeland Security Risk Rankings 116 4.4.1 Insights into Homeland Security Risk Rankings 116 4.4.2 Risk vs. Risk Reduction 118 Acknowledgments 120 References 120 5 A Data ScienceWorkflow for Discovering Spatial Patterns Among Terrorist Attacks and Infrastructure 125Daniel C. Fortin, Thomas Johansen, Samrat Chatterjee, GeorgeMuller and Christine Noonan 5.1 Introduction 125 5.2 The Data: Global Terrorism Database 126 5.3 The Tools: Exploring Data Interactively Using a Custom Shiny App 127 5.4 Example: Using the App to Explore ISIL Attacks 130 5.5 TheModels: StatisticalModels for Terrorist Event Data 134 5.6 More Data: Obtaining Regional Infrastructure Data to Build Statistical Models 135 5.7 A Model: Determining the Significance of Infrastructure on the Likelihood of an Attack 137 5.8 Case Study: Libya 138 5.9 Case Study: Jammu and Kashmir Region of India 139 5.9.1 The Model Revisited: Accounting for Many Regions with No Recorded Attacks 141 5.9.2 Investigating the Effect of Outliers 145 5.9.3 The Insight: What Have We Learned? 147 5.10 Summary 148 References 148 Part II Strengthening Ports of Entry 151 6 Effects of Credibility of Retaliation Threats in Deterring Smuggling of Nuclear Weapons 153Xiaojun Shan and Jun Zhuang 6.1 Introduction 153 6.2 Extending Prior Game-Based Model 158 6.3 Comparing the Game Trees 158 6.4 The Extended Model 161 6.5 Solution to the Extended Model 162 6.6 Comparing the Solutions in Prior Game-Based Model and This Study 163 6.7 Illustration of the Extended Model Using Real Data 164 6.8 Conclusion and Future Research Work 165 References 167 7 Disutility of Mass Relocation After a Severe Nuclear Accident 171VickiM. Bier and Shuji Liu 7.1 Introduction 171 7.2 Raw Data 174 7.3 Trade-Offs Between Cancer Fatalities and Relocation 177 7.4 Risk-Neutral DisutilityModel 179 7.5 Risk-Averse DisutilityModel 179 7.6 DisutilityModel with Interaction Effects 182 7.7 Economic Analysis 185 7.8 Conclusion 190 References 191 8 Scheduling Federal Air Marshals Under Uncertainty 193KeithW. DeGregory and Rajesh Ganesan 8.1 Introduction 193 8.2 Literature 196 8.2.1 Commercial Aviation Industry 196 8.2.2 Homeland Security and the Federal Air Marshals Service 198 8.2.3 Approximate Dynamic Programming 199 8.3 Air Marshal Resource Allocation Model 200 8.3.1 Risk Model 200 8.3.2 Static Allocation 202 8.3.3 Dynamic Allocation 203 8.4 Stochastic Dynamic Programming Formulation 204 8.4.1 System State 205 8.4.2 Decision Variable 205 8.4.3 Post-decision State 206 8.4.4 Exogenous Information 206 8.4.5 State Transition Function 206 8.4.6 Contribution Function 206 8.4.7 Objective Function 207 8.4.8 Bellman’s Optimality Equations 207 8.5 Phases of Stochastic Dynamic Programming 207 8.5.1 Exploration Phase 207 8.5.2 Learning Phase 208 8.5.2.1 Algorithm 208 8.5.2.2 Approximation Methods 208 8.5.2.3 Convergence 209 8.5.3 Learned Phase 210 8.6 Integrated Allocation Model 210 8.7 Results 211 8.7.1 Experiment 211 8.7.2 Results from Stochastic Dynamic Programming Model 211 8.7.3 Sensitivity Analysis 212 8.7.4 Model Output 214 8.8 Conclusion 217 Acknowledgments 218 References 218 Part III Securing Critical Cyber Assets 221 9 Decision Theory for Network Security: Active Sensing for Detection and Prevention of Data Exfiltration 223Sara M. McCarthy, Arunesh Sinha,Milind Tambe and Pratyusa Manadhatha 9.1 Introduction 223 9.1.1 Problem Domain 224 9.2 Background and RelatedWork 226 9.2.1 DNS Exfiltration 226 9.2.2 Partially Observable Markov Decision Process (POMDP) 228 9.3 Threat Model 229 9.3.1 The POMDP Model 230 9.4 POMDP Abstraction 232 9.4.1 Abstract Actions 232 9.4.2 Abstract Observations 234 9.4.3 VD-POMDP Factored Representation 234 9.4.4 Policy Execution 236 9.5 VD-POMDP Framework 239 9.6 Evaluation 241 9.6.1 Synthetic Networks 241 9.6.2 DETER Testbed Simulation 241 9.6.3 Runtime 242 9.6.4 Performance 244 9.6.5 Robustness 246 9.7 GameTheoretic Extensions 247 9.7.1 Threat Model 248 9.8 Conclusion and FutureWork 249 Acknowledgments 249 References 249 10 Measurement of Cyber Resilience from an Economic Perspective 253Adam Z. Rose and NoahMiller 10.1 Introduction 253 10.2 Economic Resilience 254 10.2.1 Basic Concepts of Cyber Resilience 254 10.2.2 Basic Concepts of Economic Resilience 254 10.2.3 Economic Resilience Metrics 255 10.3 Cyber System Resilience Tactics 257 10.4 Resilience for Cyber-Related Sectors 267 10.4.1 Resilience in the Manufacturing of Cyber Equipment 267 10.4.2 Resilience in the Electricity Sector 268 10.5 Conclusion 269 References 270 11 Responses to Cyber Near-Misses: A Scale to Measure Individual Differences 275Jinshu Cui, Heather Rosoff and Richard S. John 11.1 Introduction 275 11.2 Scale Development and Analysis Outline 277 11.3 Method 278 11.3.1 Measures 278 11.3.1.1 Cyber Near-Miss Appraisal Scale (CNMAS) 278 11.3.1.2 Measures of Discriminant Validity 281 11.3.1.3 Measure of Predictive Validity 281 11.3.1.4 Participants and Procedures 281 11.4 Results 284 11.4.1 Dimensionality and Reliability 284 11.4.2 Item Response Analysis 284 11.4.3 Differential Item Functioning (DIF) 287 11.4.4 Effects of Demographic Variables 289 11.4.5 Discriminant Validity 290 11.4.6 Predictive Validity 290 11.5 Discussion 291 Acknowledgments 292 References 292 Part IV Enhancing Disaster Preparedness and Infrastructure Resilience 295 12 An InteractiveWeb-Based Decision Support Systemfor Mass Dispensing, Emergency Preparedness, and Biosurveillance 297Eva K. Lee, Ferdinand H. Pietz, Chien-Hung Chen and Yifan Liu 12.1 Introduction 297 12.2 System Architecture and Design 299 12.3 System Modules and Functionalities 301 12.3.1 Interactive User Experience 301 12.3.2 Geographical Boundaries 301 12.3.3 Network of Service, Locations, and Population Flow and Assignment 302 12.3.4 ZIP Code and Population Composition 304 12.3.5 Multimodality Dispensing and Public–Private Partnership 305 12.3.6 POD Layout Design and Resource Allocation 308 12.3.7 Radiological Module 309 12.3.8 Biosurveillance 309 12.3.9 Regional Information Sharing, Reverse Reporting, Tracking and Monitoring, and Resupply 310 12.3.10 Multilevel End-User Access 311 12.4 Biodefense, Pandemic Preparedness Planning, and Radiological and Large-Scale Disaster Relief Efforts 312 12.4.1 Biodefense Mass Dispensing Regional Planning 312 12.4.2 Real-Life Disaster Response Effort 315 12.4.2.1 RealOpt-Haiti© 315 12.4.2.2 RealOpt-Regional and RealOpt-CRC for Fukushima Daiichi Nuclear Disaster 316 12.4.2.3 RealOpt-ASSURE© 318 12.5 Challenges and Conclusions 319 Acknowledgments 321 References 321 13 Measuring Critical Infrastructure Risk, Protection, and Resilience in an All-Hazards Environment 325Julia A. Phillips and Frédéric Petit 13.1 Introduction to Critical Infrastructure Risk Assessment 325 13.2 Motivation for Critical Infrastructure Risk Assessments 326 13.2.1 Unrest pre-September 2001 326 13.2.2 Post-911 Critical Infrastructure Protection and Resilience 326 13.3 Decision Analysis Methodologies for Creating Critical Infrastructure Risk Indicators 327 13.3.1 Decision Analysis 328 13.3.2 Illustrative Calculations for an Index: Buying a Car 328 13.4 An Application of Critical Infrastructure Protection, Consequence, and Resilience Assessment 331 13.4.1 Protection and Vulnerability 334 13.4.1.1 Physical Security 335 13.4.1.2 Security Management 335 13.4.1.3 Security Force 335 13.4.1.4 Information Sharing 337 13.4.1.5 Security Activity Background 338 13.4.2 Resilience 339 13.4.2.1 Preparedness 341 13.4.2.2 Mitigation Measures 341 13.4.2.3 Response Capabilities 342 13.4.2.4 Recovery Mechanisms 343 13.4.3 Consequences 343 13.4.3.1 Human Consequences 345 13.4.3.2 Economic Consequences 346 13.4.3.3 Government Mission/Public Health/Psychological Consequences 346 13.4.3.4 Cascading Impact Consequences 347 13.4.4 Risk Indices Comparison 349 13.5 Infrastructure Interdependencies 350 13.6 What’s Next for Critical Infrastructure Risk Assessments 352 References 354 14 Risk AnalysisMethods in Resilience Modeling: An Overview of Critical Infrastructure Applications 357Hiba Baroud 14.1 Introduction 357 14.2 Background 358 14.2.1 Risk Analysis 358 14.2.2 Resilience 359 14.2.3 Critical Infrastructure Systems 360 14.3 Modeling the Resilience of Critical Infrastructure Systems 361 14.3.1 Resilience Models 361 14.3.1.1 Manufacturing 361 14.3.1.2 Communications 362 14.3.1.3 Dams, Levees, andWaterways 363 14.3.1.4 Defense 363 14.3.1.5 Emergency Services 363 14.3.1.6 Energy 363 14.3.1.7 Transportation 364 14.3.1.8 Water/Wastewater 364 14.3.2 Discussion 365 14.3.2.1 Economic Impact 365 14.3.2.2 Social Impact 367 14.3.2.3 Interdependencies 367 14.4 Assessing Risk in Resilience Models 368 14.4.1 Probabilistic Methods 368 14.4.2 UncertaintyModeling 369 14.4.3 Simulation-Based Approaches 369 14.4.4 Data-Driven Analytics 370 14.5 Opportunities and Challenges 370 14.5.1 Opportunities 370 14.5.2 Challenges 371 14.6 Concluding Remarks 372 References 373 15 Optimal Resource Allocation Model to Prevent, Prepare, and Respond to Multiple Disruptions, with Application to the Deepwater Horizon Oil Spill and Hurricane Katrina 381Cameron A.MacKenzie and Amro Al Kazimi 15.1 Introduction 381 15.2 Model Development 383 15.2.1 Resource Allocation Model 383 15.2.2 Extension to Uncertain Parameters 385 15.3 Application: Deepwater Horizon and Hurricane Katrina 386 15.3.1 Parameter Estimation 386 15.3.1.1 Oil Spill Parameters 387 15.3.1.2 Hurricane Parameters 388 15.3.2 Base Case Results 391 15.3.3 Sensitivity Analysis on Economic Impacts 394 15.3.4 Model with Uncertain Effectiveness 395 15.4 Conclusions 397 References 398 16 Inoperability Input–Output Modeling of Electric Power Disruptions 405Joost R. Santos, Sheree Ann Pagsuyoin and Christian Yip 16.1 Introduction 405 16.2 Risk Analysis of Natural and Man-Caused Electric Power Disruptions 407 16.3 Risk Management Insights for Disruptive Events 408 16.4 Modeling the Ripple Effects for Disruptive Events 411 16.5 Inoperability Input–Output Model 412 16.5.1 Model Parameters 412 16.5.2 Sector Inoperability 413 16.5.3 InterdependencyMatrix 413 16.5.4 Demand Perturbation 414 16.5.5 Economic Resilience 414 16.5.6 Economic Loss 415 16.6 Sample Electric Power Disruptions Scenario Analysis for the United States 416 16.7 Summary and Conclusions 421 References 422 17 Quantitative Assessment of Transportation Network Vulnerability with Dynamic Traffic Simulation Methods 427Venkateswaran Shekar and Lance Fiondella 17.1 Introduction 427 17.2 Dynamic Transportation Network Vulnerability Assessment 429 17.3 Sources of Input for Dynamic Transportation Network Vulnerability Assessment 431 17.4 Illustrations 432 17.4.1 Example 1: Simple Network 432 17.4.2 Example II: University of Massachusetts Dartmouth Evacuation 437 17.5 Conclusion and Future Research 439 References 440 18 Infrastructure Monitoring for Health and Security 443Prodyot K. Basu 18.1 Introduction 443 18.2 Data Acquisition 447 18.3 Sensors 447 18.3.1 Underlying Principles of Some of the Popular Sensors Listed in Table 18.1 451 18.3.1.1 Fiber Optics 451 18.3.1.2 VibratingWire 451 18.3.1.3 Piezoelectric Sensors 456 18.3.1.4 Piezoresistive Sensors 456 18.3.1.5 Laser Vibrometer 456 18.3.1.6 Acoustic Emission Sensing 457 18.3.1.7 GPS and GNSS 458 18.3.2 Selection of a Sensor 459 18.4 Capturing and Transmitting Signals 459 18.5 Energy Harvesting 461 18.6 Robotic IHM 462 18.7 Cyber-Physical Systems 464 18.8 Conclusions 464 References 465 19 Exploring Metaheuristic Approaches for Solving the Traveling Salesman Problem Applied to Emergency Planning and Response 467Ramakrishna Tipireddy, Javier Rubio-Herrero, Samrat Chatterjee and Satish Chikkagoudar 19.1 The Traveling Salesman Problem 467 19.1.1 Definition 467 19.1.2 Computational Complexity 467 19.1.3 Solution Algorithms 468 19.1.4 Emergency Response Application 468 19.2 Emergency Planning and Response as a Traveling Salesman Problem 468 19.3 Metaheuristic Approaches 469 19.3.1 Simulated Annealing 470 19.3.1.1 Overview 470 19.3.1.2 Pseudocode 471 19.3.1.3 Case Study Results 473 19.3.2 Tabu Search 473 19.3.2.1 Overview 473 19.3.2.2 Pseudocode 474 19.3.2.3 Case Study Results 476 19.3.3 Genetic Algorithms 476 19.3.3.1 Overview 476 19.3.3.2 Pseudocode 478 19.3.3.3 Case Study Results 479 19.3.4 Ant Colony Optimization 479 19.3.4.1 Overview 479 19.3.4.2 Stochastic Solution Construction 480 19.3.4.3 Pheromone Update 480 19.3.4.4 Pseudocode 481 19.3.4.5 Case Study Results 481 19.4 Discussion 482 19.5 Concluding Remarks 482 References 484 Index 487

Read more less

Book SynopsisProtect your organization against financial misconduct In Financial Risk Management: From Metrics to Human Conduct, Frantz Maurer delivers a thorough and practical review of the core methods used by professionals in the real world to reduce the risk of financial misconduct. Starting with the key points of banking regulation, the author then describes in simple terms the most extensively used risk metrics in the banking industry. Readers can fully grasp and implement the techniques discussed within without a strong background in probabilities or statistics. The last part of the book focuses on conduct risk markers and show how to implement a conduct risk index that benchmarks the conduct of natural risk-takers like traders. The author describes how to marry this simple approach to financial risk with a conduct risk index that benchmarks the conduct of natural risk-takers, like traders. Readers will also find: Step-by-step guidance on how to apply common risk indicators to real-world situationsActionable advice for improving the resilience of financial institutions against individual misconduct and misbehavior A holistic and non-quantitative approach to a subject of critical importance, Financial Risk Management: From Metrics to Human Conduct will earn a place in the libraries of risk managers, compliance professionals, and master's level students in business administration and finance.Table of ContentsForeword ix Acknowledgements xi List of Acronyms and Symbols xiii Introduction xvii Part One Navigating Banking Regulation Chapter 1 A Brief History of the Basel Framework 3 Chapter 2 The Basel I Regulatory Framework and the Cooke Ratio 7 Chapter 3 Amendment to the Basel I Framework to Incorporate Market Risks 15 Chapter 4 Implementation of the Basel II Framework 21 Chapter 5 A Guided Tour of the Basel III Framework 29 Chapter 6 Climate- Related Financial Risks 41 Part Two The Financial Risk Measurement Landscape Chapter 7 Historical Approach to Risk 47 Chapter 8 The Gaussian Framework 61 Chapter 9 A Brief Overview of Monte Carlo Simulation 75 Chapter 10 Risk Contribution 79 Chapter 11 Shortcomings of Risk Metrics 93 Chapter 12 Ex- Post Evaluation of a Risk Model: Backtesting 103 Chapter 13 A Forward- Looking Evaluation of Risk: Stress Testing 109 Part Three Getting Conduct Risk to Scale Chapter 14 The Big Picture of Conduct Risk 119 Chapter 15 Markers of Conduct Risk 123 Chapter 16 Worked Example 7: Building a Conduct Risk Score 127 Chapter 17 Fostering a Culture of Appropriate Conduct Outcomes 137 Chapter 18 Worked Example 8: Calculating a Risk-Taker’s Conduct Risk Index 143 Chapter 19 Hot Questions Still Pending 159 Chapter 20 Understanding the Root Causes of Poor Conduct 163 Appendix 173 References 181 Contents 183 List of Figures 187 List of Tables 189 Index 191

Read more less

Book SynopsisThis book presents the issues core to risk analysis: understanding what risk means, expressing risk, building risk models, addressing uncertainty, and applying probability models to real problems. The author provides readers with the knowledge and basic thinking they require to successfully manage risk and uncertainty to support decision making.Trade Review"The book provides a framework for understanding, conducting and using risk analysis suitable for advanced undergraduates, graduates, analysts and researchers from statistics, engineering, finance, medicine and the physical sciences, as well as for managers facing decision making problems involving risk and uncertainty." (Zentralblatt MATH, 1 December 2012) Table of ContentsPreface to the second edition ix Preface to the first edition xi 1 Introduction 1 1.1 The importance of risk and uncertainty assessments 1 1.2 The need to develop a proper risk analysis framework 4 Bibliographic notes 6 2 Common thinking about risk and risk analysis 7 2.1 Accident risk 7 2.1.1 Accident statistics 7 2.1.2 Risk analysis 11 2.1.3 Reliability analysis 24 2.2 Economic risk 28 2.2.1 General definitions of economic risk in business and project management 28 2.2.2 A cost risk analysis 30 2.2.3 Finance and portfolio theory 31 2.2.4 Treatment of risk in project discounted cash flow analysis 34 2.3 Discussion and conclusions 36 2.3.1 The classical approach 36 2.3.2 The Bayesian paradigm 37 2.3.3 Economic risk and rational decision-making 39 2.3.4 Other perspectives and applications 40 2.3.5 Conclusions 43 Bibliographic notes 43 3 How to think about risk and risk analysis 47 3.1 Basic ideas and principles 47 3.1.1 Background knowledge 52 3.1.2 Models and simplifications in probability considerations 53 3.1.3 Observable quantities 53 3.2 Economic risk 54 3.2.1 A simple cost risk example 54 3.2.2 Production risk 57 3.2.3 Business and project management 59 3.2.4 Investing money in a stock market 60 3.2.5 Discounted cash flow analysis 61 3.3 Accident risk 62 3.4 Discussion 63 Bibliographic notes 68 4 How to assess uncertainties and specify probabilities 71 4.1 What is a good probability assignment? 72 4.1.1 Criteria for evaluating probabilities 72 4.1.2 Heuristics and biases 74 4.1.3 Evaluation of the assessors 75 4.1.4 Standardization and consensus 76 4.2 Modeling 76 4.2.1 Examples of models 77 4.2.2 Discussion 78 4.3 Assessing uncertainty of Y 79 4.3.1 Assignments based on classical statistical methods 80 4.3.2 Analyst judgments using all sources of information 81 4.3.3 Formal expert elicitation 82 4.3.4 Bayesian analysis 83 4.4 Uncertainty Assessments of a Vector X 91 4.4.1 Cost risk 91 4.4.2 Production risk 93 4.4.3 Reliability analysis 94 4.5 Discussion 97 4.5.1 Risk analysis and science 97 4.5.2 Probability and utility 98 4.5.3 Probability and knowledge 99 4.5.4 Probability models 99 4.5.5 Firm and vague probabilities 100 4.5.6 The need for seeing beyond probabilities 100 4.5.7 Interval (imprecise) probabilities 101 4.5.8 Example of interval (imprecise) probabilities in a risk analysis setting 102 4.5.9 Possibility theory 103 4.5.10 Example of interval (imprecise) probabilities in a risk analysis context using possibility theory 104 4.5.11 Final comments 106 Bibliographic notes 108 5 How to use risk analysis to support decision-making 111 5.1 What is a good decision? 112 5.1.1 Features of a decision-making model 113 5.1.2 Decision-support tools 114 5.1.3 Discussion 119 5.2 Some examples 122 5.2.1 Accident risk 122 5.2.2 Scrap in place or complete removal of plant 125 5.2.3 Production system 130 5.2.4 Reliability target 131 5.2.5 Health risk 133 5.2.6 Warranties 135 5.2.7 Offshore development project 136 5.2.8 Risk assessment: National sector 138 5.2.9 Multi-attribute utility example 140 5.3 Risk problem classification schemes 143 5.3.1 A scheme based on consequences and uncertainties 143 5.3.2 A scheme based on closeness to hazard and level of authority 147 Bibliographic notes 158 6 Summary and conclusions 161 Appendix A: Basic theory of probability and statistics 165 A.1 Probability theory 165 A.1.1 Types of probabilities 165 A.1.2 Probability rules 168 A.1.3 Random quantities (random variables) 172 A.1.4 Some common discrete probability distributions (models) 176 A.1.5 Some common continuous distributions (models) 178 A.1.6 Some remarks on probability models and their parameters 182 A.1.7 Random processes 183 A.2 Classical statistical inference 184 A.2.1 Nonparametric estimation 184 A.2.2 Estimation of distribution parameters 185 A.2.3 Testing hypotheses 187 A.2.4 Regression 188 A.3 Bayesian inference 189 A.3.1 Statistical (Bayesian) decision analysis 191 Bibliographic notes 192 Appendix B: Terminology 193 B.1 Risk management: Relationships between key terms 195 References 197 Index 207

Read more less

Book SynopsisYour business reputation can take years to build and mere minutes to destroy The range of business threats is evolving rapidly but your organization can thrive and gain a competitive advantage with your business vision for enterprise risk management.Table of ContentsList of Figures xxvii Preface to the Second Edition xxxi Acknowledgements xxxv About the Author xxxvii Part I Enterprise Risk Management In Context 1 1 Introduction 3 1.1 Risk Diversity 4 1.2 Approach to Risk Management 5 1.3 Business Growth Through Risk Taking 5 1.4 Risk and Opportunity 6 1.5 The Role of the Board 7 1.6 Primary Business Objective (or Goal) 8 1.7 What is Enterprise Risk Management? 9 1.8 Benefits of Enterprise Risk Management 10 1.9 Structure 12 1.9.1 Corporate Governance 12 1.9.2 Internal Control 13 1.9.3 Implementation 14 1.9.4 Risk Management Framework 14 1.9.5 Risk Management Policy 15 1.9.6 Risk Management Process 15 1.9.7 Sources of Risk 16 1.10 Summary 16 1.11 References 16 2 Developments in Corporate Governance in the UK 19 2.1 Investor Unrest 19 2.2 The Problem of Agency 20 2.3 The Cadbury Committee 21 2.4 The Greenbury Report 23 2.5 The Hampel Committee and the Combined Code of 1998 23 2.6 Smith Guidance on Audit Committees 23 2.7 Higgs 24 2.8 Tyson 24 2.9 Combined Code on Corporate Governance 2003 25 2.10 Companies Act 2006 26 2.11 Combined Code on Corporate Governance 2008 26 2.12 Sir David Walker’s Review of Corporate Governance, July 2009 (Consultation Paper) 27 2.13 Sir David Walker’s Review of Corporate Governance, November 2009 (Final Recommendation) 29 2.14 House of Commons Treasury Committee 2009 30 2.15 UK Corporate Governance Code, June 2010 32 2.16 The “Comply or Explain” Regime 34 2.17 Definition of Corporate Governance 34 2.18 Formation of Companies 35 2.19 The Financial Services Authority and Markets Act 2000 36 2.20 The London Stock Exchange 36 2.21 Summary 37 2.22 References 38 3 Developments in Corporate Governance in the US 41 3.1 Corporate Governance 41 3.2 The Securities and Exchange Commission 42 3.2.1 Creation of the SEC 42 3.2.2 Organisation of the SEC 43 3.3 The Laws That Govern the Securities Industry 44 3.3.1 Securities Act 1933 44 3.3.2 Securities Exchange Act 1934 44 3.3.3 Trust Indenture Act 1939 45 3.3.4 Investment Company Act 1940 45 3.3.5 Investment Advisers Act 1940 45 3.4 Catalysts for the Sarbanes-Oxley Act 2002 45 3.4.1 Enron 46 3.4.2 WorldCom 47 3.4.3 Tyco International 47 3.4.4 Provisions of the Act 50 3.4.5 Implementation 52 3.4.6 Sarbanes-Oxley Section 404 52 3.4.7 The Positive Effects of Post-Enron Reforms 52 3.4.8 Criticism of Section 404 Before the Global Financial Crisis 54 3.4.9 Criticism of Section 404 After the Global Financial Crisis 54 3.5 National Association of Corporate Directors 2008 55 3.6 Summary 56 3.7 References 57 4 The Global Financial Crisis of 2007–2009: A US Perspective 59 4.1 The Financial Crisis in Summary 59 4.2 How the Financial Crisis Unfolded 60 4.3 The United States Mortgage Finance Industry 61 4.4 Subprime Model of Mortgage Lending 61 4.4.1 Contributing Events to the Credit Crisis 61 4.4.2 Foreclosures 63 4.4.3 Negative Equity 65 4.4.4 Housing Surplus 67 4.4.5 Vicious Circles 68 4.5 Why this Crisis Warrants Close Scrutiny 68 4.6 Behaviours 70 4.6.1 Investor Behaviour in the Search for Yield 70 4.6.2 Mortgage Lending Behaviour 71 4.6.3 Bank Behaviour and Risk Transfer through Securitised Credit 71 4.6.4 “Group Think” and Herd Behaviour 72 4.6.5 Banks’ Behaviour and Risk Appetite 74 4.6.6 Behaviour of Regulators and the Division of “Narrow Banking” from Investment Banking 75 4.6.7 Banks’ Behaviour and Misplaced Reliance of Sophisticated Mathematics and Statistics 75 4.7 Worldwide Deficiencies in Risk Management 76 4.8 Federal Reform 76 4.9 Systemic Risk 79 4.10 The Future of Risk Management 81 4.11 Summary 82 4.12 References 82 5 Developments in Corporate Governance in Australia and Canada 85 5.1 Australian Corporate Governance 85 5.1.1 Regulation Arising from Corporate Failures 85 5.1.2 Corporate Governance Reforms Following the Accounting Scandals of the Early 2000s 86 5.1.3 Horwath 2002 Corporate Governance Report 88 5.1.4 The ASX Corporate Governance Council 89 5.1.5 Financial Statements 90 5.2 Canada 90 5.2.1 Dey Report 90 5.2.2 Dey Revisited 91 5.2.3 Kirby Report 91 5.2.4 Saucier Committee 92 5.2.5 National Policy and Instrument (April 2005) 92 5.2.6 TSE Corporate Governance: Guide to Good Disclosure 2006 93 5.3 Summary 94 5.4 References 94 6 Internal Control and Risk Management 97 6.1 The Composition of Internal Control 97 6.2 Risk as a Subset of Internal Control 98 6.2.1 The Application of Risk Management 98 6.3 Allocation of Responsibility 102 6.3.1 Cadbury Committee 102 6.3.2 Hampel Committee 102 6.3.3 Turnbull 103 6.3.4 Higgs Review 104 6.3.5 Smith Review 104 6.3.6 OECD 105 6.4 The Context of Internal Control and Risk Management 106 6.5 Internal Control and Risk Management 107 6.6 Embedding Internal Control and Risk Management 107 6.7 Summary 107 6.8 References 108 7 Developments in Risk Management in the UK Public Sector 109 7.1 Responsibility for Risk Management in Government 109 7.1.1 Cabinet Office 110 7.1.2 Treasury 111 7.1.3 Office of Government Commerce 111 7.1.4 National Audit Office 112 7.2 Risk Management Publications 112 7.3 Successful IT 113 7.4 Supporting Innovation 115 7.4.1 Part 1: Why Risk Management is Important 115 7.4.2 Part 2: Comprehension of Risk Management 115 7.4.3 Part 3: What More Needs to be Done to Improve Risk Management 115 7.5 The Orange Book 116 7.5.1 Identify the Risks and Define a Framework 116 7.5.2 Assign Ownership 116 7.5.3 Evaluate 117 7.5.4 Assess Risk Appetite 117 7.5.5 Response to Risk 117 7.5.6 Gain Assurance 118 7.5.7 Embed and Review 118 7.6 Audit Commission 118 7.7 CIPFA/SOLACE Corporate Governance 120 7.8 M_o_R 2002 121 7.9 DEFRA 123 7.9.1 Risk Management Strategy 123 7.10 Strategy Unit Report 124 7.11 Risk and Value Management 125 7.12 The Green Book 126 7.12.1 Optimism Bias 126 7.12.2 Annex 4 127 7.13 CIPFA Guidance on Internal Control 127 7.14 Managing Risks to Improve Public Services 129 7.15 The Orange Book (Revised) 131 7.16 M_o_R 2007 132 7.17 Managing Risks in Government 132 7.18 Summary 134 7.19 References 136 Part II The Risk Management Process 137 References 139 8 Establishing the Context: Stage 1 141 8.1 Process 141 8.2 Process Goal and Subgoals 142 8.3 Process Definition 143 8.4 Process Inputs 143 8.5 Process Outputs 145 8.6 Process Controls (Constraints) 145 8.7 Process Mechanisms (Enablers) 146 8.7.1 Ratios 146 8.7.2 Risk Management Process Diagnostic 147 8.7.3 SWOT Analysis 148 8.7.4 PEST Analysis 148 8.8 Process Activities 149 8.8.1 Business Objectives 149 8.8.2 Business Plan 150 8.8.3 Examining the Industry 151 8.8.4 Establishing the Processes 151 8.8.5 Projected Financial Statements 153 8.8.6 Resources 155 8.8.7 Change Management 155 8.8.8 Marketing Plan 155 8.8.9 Compliance Systems 156 8.9 Summary 156 8.10 References 156 9 Risk Identification: Stage 2 159 9.1 Process 159 9.2 Process Goal and Subgoals 159 9.3 Process Definition 160 9.4 Process Inputs 161 9.5 Process Outputs 162 9.6 Process Controls (Constraints) 162 9.7 Process Mechanisms (Enablers) 163 9.7.1 Risk Checklist 163 9.7.2 Risk Prompt List 163 9.7.3 Gap Analysis 163 9.7.4 Risk Taxonomy 164 9.7.5 PEST Prompt 165 9.7.6 SWOT Prompt 168 9.7.7 Database 168 9.7.8 Business Risk Breakdown Structure 169 9.7.9 Risk Questionnaire 169 9.7.10 Risk Register Content/Structure 170 9.8 Process Activities 171 9.8.1 Clarifying the Business Objectives 171 9.8.2 Reviewing the Business Analysis 171 9.8.3 Need for Risk and Opportunity Identification 171 9.8.4 Risk and Opportunity Identification 172 9.8.5 Facilitation 172 9.8.6 Gaining a Consensus on the Risks, the Opportunities and their Interdependencies 182 9.8.7 Risk Register 182 9.9 Summary 182 9.10 References 182 10 Risk Analysis: Stage 3 185 10.1 Process 185 10.2 Process Goal and Subgoals 186 10.3 Process Definition 186 10.4 Process Inputs 186 10.5 Process Outputs 188 10.6 Process Controls (Constraints) 188 10.7 Process Mechanisms (Enablers) 188 10.7.1 Probability 188 10.8 Process Activities 189 10.8.1 Causal Analysis 190 10.8.2 Decision Analysis and Influence Diagrams 190 10.8.3 Pareto Analysis 193 10.8.4 CAPM Analysis 194 10.8.5 Define Risk Evaluation Categories and Values 195 10.9 Summary 195 10.10 References 196 11 Risk Evaluation: Stage 4 197 11.1 Process 197 11.2 Process Goal and Subgoals 197 11.3 Process Definition 198 11.4 Process Inputs 198 11.5 Process Outputs 198 11.6 Process Controls (Constraints) 199 11.7 Process Mechanisms (Enablers) 200 11.7.1 Probability Trees 200 11.7.2 Expected Monetary Value 201 11.7.3 Utility Theory and Functions 203 11.7.4 Decision Trees 204 11.7.5 Markov Chain 208 11.7.6 Investment Appraisal 210 11.8 Process Activities 215 11.8.1 Basic Concepts of Probability 215 11.8.2 Sensitivity Analysis 216 11.8.3 Scenario Analysis 217 11.8.4 Simulation 217 11.8.5 Monte Carlo Simulation 218 11.8.6 Latin Hypercube 220 11.8.7 Probability Distributions Defined from Expert Opinion 220 11.9 Summary 221 11.10 References 222 12 Risk Treatment: Stage 5 223 12.1 Process 223 12.2 Process Goal and Subgoals 223 12.3 Process Definition 224 12.4 Process Inputs 224 12.5 Process Outputs 224 12.6 Process Controls (Constraints) 225 12.7 Process Mechanisms 225 12.8 Process Activities 226 12.9 Risk Appetite 226 12.10 Risk Response Strategies 228 12.10.1 Risk Reduction 228 12.10.2 Risk Removal 228 12.10.3 Risk Reassignment or Transfer 229 12.10.4 Risk Retention 230 12.11 Summary 230 12.12 References 231 13 Monitoring and Review: Stage 6 233 13.1 Process 233 13.2 Process Goal and Subgoals 234 13.3 Process Definition 234 13.4 Process Inputs 235 13.5 Process Outputs 235 13.6 Process Controls (Constraints) 235 13.7 Process Mechanisms 236 13.8 Process Activities 236 13.8.1 Executing 236 13.8.2 Monitoring 236 13.8.3 Controlling 237 13.9 Summary 239 13.10 Reference 240 14 Communication and Consultation: Stage 7 241 14.1 Process 241 14.2 Process Goal and Subgoals 242 14.3 Process Definition 242 14.4 Process Inputs 243 14.5 Process Outputs 243 14.6 Process Controls (Constraints) 244 14.7 Process Mechanisms 244 14.8 Process Activities 244 14.9 Internal Communication 245 14.10 External Communication 245 14.11 Summary 245 14.12 Reference 246 Part III Internal Influences – Micro Factors 247 15 Financial Risk Management 249 15.1 Definition of Financial Risk 249 15.2 Scope of Financial Risk 250 15.3 Benefits of Financial Risk Management 250 15.4 Implementation of Financial Risk Management 251 15.5 Liquidity Risk 251 15.5.1 Current and Quick Ratios 251 15.5.2 Mitigation of Liquidity Risk 253 15.6 Credit Risk 253 15.6.1 Default Risk 253 15.6.2 Exposure Risk 254 15.6.3 Recovery Risk 254 15.6.4 Credit Insurance 255 15.6.5 Counterparty Risk 256 15.6.6 Due Diligence 256 15.7 Borrowing 259 15.8 Currency Risk 259 15.9 Funding Risk 260 15.10 Foreign Investment Risk 262 15.10.1 Country Risk 262 15.10.2 Environment Risk 263 15.11 Derivatives 263 15.11.1 Exchange Traded Derivatives 263 15.11.2 Over-the-Counter Derivatives 264 15.12 Summary 264 15.13 References 265 16 Operational Risk Management 267 16.1 Definition of Operational Risk 268 16.2 Scope of Operational Risk 269 16.3 Benefits of Operational Risk 270 16.4 Implementation of Operational Risk 270 16.5 Strategy 270 16.5.1 Definition of Strategy Risk 270 16.5.2 Objectives 271 16.5.3 Business Plan 272 16.5.4 New Business Development 272 16.5.5 Resources 273 16.5.6 Stakeholder Interests 273 16.5.7 Corporate Experience 274 16.5.8 Reputation 274 16.6 People 275 16.6.1 Definition of People Risk 275 16.6.2 Types of People Risk 276 16.6.3 Human Resource Management Practices 276 16.6.4 Ability to Pay Salaries 277 16.6.5 Regulatory and Statutory Requirements 277 16.6.6 Staff Constraints 280 16.6.7 Staff Dishonesty 287 16.6.8 Risk Management 287 16.6.9 Health and Safety 292 16.7 Processes and Systems 292 16.7.1 Definition of Processes and Systems Risk 293 16.7.2 Controls 293 16.7.3 Regulatory and Statutory Requirements 294 16.7.4 Continuity 294 16.7.5 Indicators of Loss 295 16.7.6 Transactions 295 16.7.7 Computer/IT Systems 297 16.7.8 Knowledge Management 301 16.7.9 Project Management 302 16.8 External Events 303 16.8.1 Change Management 303 16.8.2 Business Continuity 304 16.9 Outsourcing 305 16.10 Measurement 307 16.11 Mitigation 307 16.12 Summary 307 16.13 References 308 17 Technological Risk Management 309 17.1 Definition of Technology Risk 310 17.2 Scope of Technology Risk 310 17.3 Benefits of Technology Risk Management 311 17.4 Implementation of Technology Risk Management 311 17.5 Primary Technology Types 312 17.5.1 Information Technology 312 17.5.2 Communications Technology 315 17.5.3 Control Technology 319 17.6 Responding to Technology Risk 324 17.6.1 IT Governance 324 17.6.2 Investment 326 17.6.3 Projects 329 17.7 Summary 330 17.8 References 331 18 Project Risk Management 333 18.1 Definition of Project Risk 334 18.2 Definition of Project Risk Management 334 18.3 Sources of Project Risk 335 18.4 Benefits of Project Risk Management 335 18.5 Embedding Project Risk Management 336 18.5.1 Common Challenges in Implementing Project Risk Management 336 18.5.2 Lack of Clearly Defined and Disseminated Risk Management Objectives 337 18.5.3 Lack of Senior Executive and Project Director Commitment and Support 337 18.5.4 Lack of a Risk Maturity Model 337 18.5.5 Lack of a Change Process to Implement the Discipline 338 18.5.6 No Common Risk Language (Terms and Definitions) 338 18.5.7 Lack of Articulation of the Project Sponsor’s Risk Appetite 338 18.5.8 No Definition of Roles and Responsibilities 339 18.5.9 Lack of Risk Management Awareness Training to Build Core Competencies 339 18.5.10 Lack of Integration of Risk Management with Other Project Disciplines 340 18.5.11 Reticence of Project Personnel to Spend Time on Risk Management 340 18.5.12 Risk Owners not Automatically Taking Responsibility for Assigned Risks 341 18.5.13 No Clear Demonstration of How Risk Management Adds Value and Contributes to Project Performance 341 18.5.14 Overcomplicated Implementation from an Unclear Risk Policy, Strategy, Framework, Plan and Procedure 341 18.5.15 Lack of Alignment between the Business Strategy, Business Model and the Risk Management Objectives 341 18.5.16 Lack of the Integration of Risk Management Activities into the Day-to-Day Activities of Project Managers 342 18.6 Project Risk Management Process 342 18.6.1 Establish the Context 342 18.6.2 Risk Identification 344 18.6.3 Risk Analysis 344 18.6.4 Risk Evaluation 345 18.6.5 Risk Treatment 345 18.6.6 Risk Monitoring and Review 345 18.6.7 Communication and Consultation 346 18.7 Responsibility for Project Risk Management 346 18.8 Project Director’s Role 347 18.9 Project Team 347 18.9.1 Lack of Team Structure 347 18.9.2 Lack of Definition of Roles 348 18.9.3 Lack of Responsibility Assignment Matrix 348 18.9.4 Poor Leadership 348 18.9.5 Poor Team Communication 348 18.10 Optimism Bias 349 18.10.1 The Investment Decision 349 18.10.2 Optimism Bias 350 18.10.3 Monitoring 350 18.10.4 Using Numerical Indicators in Project Decision Making 350 18.10.5 Causes of Optimism Bias 351 18.10.6 The Distinction between Risk Events and Optimism Bias 351 18.11 Software Tools Used to Support Project Risk Management 351 18.12 Techniques Used to Support Project Risk Management 352 18.13 Summary 352 18.14 References 354 19 Business Ethics Management 355 19.1 Definition of Business Ethics Risk 355 19.2 Scope of Business Ethics Risk 356 19.3 Benefits of Ethics Risk Management 357 19.4 How Unethical Behaviour can Arise 357 19.5 Recognition of the Need for Business Ethics 358 19.5.1 US Department of Commerce 358 19.5.2 The G8 Summit in Italy Pushes for a Return to “Ethics” 359 19.5.3 OECD and Its Approach to Business Ethics 359 19.5.4 UK Financial Services Authority 360 19.5.5 US Department of Justice 360 19.6 Factors that Affect Business Ethics 361 19.7 Risk Events 361 19.8 Implementation of Ethical Risk Management 365 19.8.1 Areas of Focus 365 19.8.2 Levels of Application 366 19.8.3 The System 368 19.9 Summary 374 19.10 References 374 20 Health and Safety Management 375 20.1 Definition of Health and Safety Risk 375 20.2 Scope of Health and Safety Risk 376 20.3 Benefits of Health and Safety Risk Management 376 20.3.1 Business Benefits 377 20.3.2 The Enterprise Context: AstraZeneca 378 20.4 The UK Health and Safety Executive 378 20.4.1 The UK Perspective: Health and Safety Record 379 20.5 The European Agency for Safety and Health at Work 379 20.5.1 Main Challenges Concerning Health and Safety at Work 380 20.6 Implementation of Health and Safety Risk Management 380 20.6.1 Management Arrangements 381 20.6.2 Risk Controls 381 20.6.3 Workplace Precautions 381 20.6.4 System Implementation 382 20.7 Workplace Precautions 382 20.8 Contribution of Human Error to Major Disasters 382 20.8.1 Tenerife, 27 March 1977 382 20.8.2 Chernobyl, 26 April 1986 384 20.8.3 Kegworth, 8 January 1989 385 20.8.4 Herald of Free Enterprise, 6 March 1987 386 20.8.5 Piper Alpha, 6 July 1988 387 20.8.6 Ladbroke Grove, 5 October 1999 387 20.9 Improving Human Reliability in the Workplace 388 20.10 Risk Management Best Practice 389 20.10.1 Crisis Management Plan 389 20.11 Summary 390 20.12 References 390 Part Iv External Influences – Macro Factors 391 21 Economic Risk 393 21.1 Definition of Economic Risk 393 21.2 Scope of Economic Risk 393 21.3 Benefits of Economic Risk Management 394 21.4 Implementation of Economic Risk Management 394 21.5 Microeconomics and Macroeconomics 394 21.6 Macroeconomics 395 21.6.1 Gross Domestic Product 395 21.7 Government Policy 397 21.7.1 Fiscal Policy 397 21.7.2 Monetary Policy 397 21.7.3 Competing Theories 398 21.8 Aggregate Demand 398 21.8.1 Using Aggregate Demand Curves 399 21.8.2 Determinants of Consumer Spending 399 21.8.3 Determinants of Investment Expenditure 400 21.8.4 Determinants of Government Spending 400 21.8.5 Determinants of Net Expenditure on Exports and Imports 401 21.9 Aggregate Supply 401 21.10 Employment Levels 403 21.11 Inflation 403 21.12 Interest Rate Risk 404 21.13 House Prices 405 21.14 International Trade and Protection 405 21.14.1 Trade 405 21.14.2 Methods of Protectionism 406 21.14.3 Trade Policy 406 21.14.4 Balance of Trade 406 21.15 Currency Risk 407 21.15.1 Risk Mitigation by Hedging 407 21.16 Summary 412 21.17 References 412 22 Environmental Risk 413 22.1 Definition of Environmental Risk 413 22.2 Scope of Environmental Risk 415 22.3 Benefits of Environmental Risk Management 415 22.4 Implementation of Environmental Risk Management 415 22.5 Energy Sources 416 22.5.1 Renewable Energy 417 22.6 Use of Resources 419 22.7 Pollution 420 22.8 Global Warming 420 22.9 Response to Global Warming 422 22.9.1 Earth Summit 422 22.9.2 The Kyoto Protocol 422 22.9.3 Pollution Control Targets 422 22.9.4 Sufficiency of Emission Cuts 423 22.9.5 US Climate Pact 423 22.9.6 The Copenhagen Accord 424 22.9.7 European Union 425 22.9.8 Cancún Agreements 425 22.9.9 Domestic Government Response to Climate Change 426 22.9.10 Levy 427 22.9.11 Emissions Trading 428 22.9.12 Impact on Business 428 22.10 Stimulation to Environmental Considerations 429 22.10.1 FTSE4Good Index 429 22.10.2 Carbon Trust 429 22.10.3 Public Pressure 430 22.11 Environmental Sustainability 431 22.12 Summary 432 22.13 References 433 23 Legal Risk 435 23.1 Definition of Legal Risk 435 23.2 Scope of Legal Risk 435 23.3 Benefits of Legal Risk Management 436 23.4 Implementation of Legal Risk Management 436 23.5 Business Law 437 23.6 Companies 438 23.6.1 The Company Name 438 23.6.2 The Memorandum of Association 438 23.6.3 Articles of Association 439 23.6.4 Financing the Company 439 23.6.5 The Issue of Shares and Debentures 440 23.6.6 The Official Listing of Securities 440 23.6.7 The Remedy of Rescission 440 23.6.8 Protection of Minority Interests 440 23.6.9 Duties of Directors 441 23.7 Intellectual Property 441 23.7.1 Patents 441 23.7.2 Copyright 445 23.7.3 Designs 446 23.8 Employment Law 447 23.9 Contracts 447 23.9.1 Essentials of a Valid Contract 447 23.9.2 Types of Contract 447 23.10 Criminal Liability in Business 448 23.10.1 Misdescriptions of Goods and Services 448 23.10.2 Misleading Price Indications 449 23.10.3 Product Safety 450 23.11 Computer Misuse 451 23.11.1 Unauthorised Access to Computer Material 451 23.11.2 Unauthorised Access with Intent to Commit or Facilitate Further Offences 451 23.11.3 Unauthorised Modification of Computer Material 451 23.12 Summary 452 24 Political Risk 453 24.1 Definition of Political Risk 454 24.2 Scope of Political Risk 454 24.2.1 Macropolitical Risks 454 24.2.2 Micropolitical Risks 455 24.3 Benefits of Political Risk Management 455 24.4 Implementation of Political Risk Management 455 24.5 Zonis and Wilkin Political Risk Framework 457 24.6 Contracts 459 24.7 Transition Economies of Europe 459 24.8 UK Government Fiscal Policy 460 24.9 Pressure Groups 461 24.10 Terrorism and Blackmail 461 24.11 Responding to Political Risk 462 24.11.1 Assessing Political Risk Factors 463 24.11.2 Prioritising Political Risk Factors 464 24.11.3 Improving Relative Bargaining Power 464 24.12 Summary 464 24.13 References 465 25 Market Risk 467 25.1 Definition of Market Risk 467 25.2 Scope of Market Risk 468 25.2.1 Levels of Uncertainty in the Marketing Environment 469 25.3 Benefits of Market Risk Management 470 25.4 Implementation of Market Risk Management 470 25.5 Market Structure 470 25.5.1 The Number of Firms in an Industry 471 25.5.2 Barriers to Entry 471 25.5.3 Product Homogeneity, Product Diversity and Branding 473 25.5.4 Knowledge 473 25.5.5 Interrelationships within Markets 474 25.6 Product Life Cycle Stage 475 25.6.1 Sales Growth 476 25.7 Alternative Strategic Directions 476 25.7.1 Market Penetration 477 25.7.2 Product Development 477 25.7.3 Market Development 479 25.7.4 Diversification 481 25.8 Acquisition 482 25.9 Competition 483 25.9.1 Price Stability 483 25.9.2 Non-Price Competition 484 25.9.3 Branding 485 25.9.4 Market Strategies 486 25.10 Price Elasticity/Sensitivity 489 25.10.1 Elasticity 489 25.10.2 Price Elasticity 489 25.11 Distribution Strength 490 25.12 Market Risk Measurement: Value at Risk 490 25.12.1 Definition of Value at Risk 490 25.12.2 Value at Risk 490 25.12.3 VaR Model Assumptions 491 25.12.4 Use of VaR to Limit Risk 493 25.12.5 Calculating Value at Risk 494 25.13 Risk Response Planning 496 25.14 Summary 496 25.15 References 497 26 Social Risk 499 26.1 Definition of Social Risk 499 26.2 Scope of Social Risk 500 26.3 Benefits of Social Risk Management 500 26.4 Implementation of Social Risk Management 501 26.5 Education 501 26.6 Population Movements: Demographic Changes 502 26.6.1 The Changing Market 503 26.7 Socio-Cultural Patterns and Trends 504 26.8 Crime 504 26.8.1 Key Facts 504 26.9 Lifestyles and Social Attitudes 505 26.9.1 More Home Improvements 505 26.9.2 Motherhood, Marriage and Family Formation 505 26.9.3 Health 506 26.9.4 Less Healthy Diets 507 26.9.5 Smoking and Drinking 508 26.9.6 Long Working Hours 509 26.9.7 Stress Levels 509 26.9.8 Recreation and Tourism 510 26.10 Summary 510 26.11 References 511 Part V The Appointment 513 27 Introduction 515 27.1 Change Process From the Client Perspective 515 27.1.1 Planning 515 27.1.2 Timely Information 516 27.1.3 Risk Management Resources 516 27.2 Selection of Consultants 517 27.2.1 Objectives 517 27.2.2 The Brief 517 27.2.3 Describing Activity Interfaces 517 27.2.4 Appointment Process Management 518 27.2.5 The Long-Listing Process 518 27.2.6 Short-List Selection Criteria 519 27.2.7 Request for a Short-Listing Interview 519 27.2.8 Compilation of Short List 519 27.2.9 Prepare an Exclusion Notification 520 27.2.10 Prepare Tender Documents 520 27.2.11 Agreement to be Issued with the Tender Invitation 521 27.2.12 Tender Process 521 27.2.13 Award 521 27.2.14 Notification to Unsuccessful Tenderers 522 27.3 Summary 522 27.4 Reference 522 28 Interview with the Client 523 28.1 First Impressions/Contact 523 28.2 Client Focus 524 28.3 Unique Selling Point 524 28.4 Past Experiences 526 28.5 Client Interview 527 28.5.1 Scene/Overview 527 28.5.2 Situation/Context 527 28.5.3 Scheme/Plan of Action 527 28.5.4 Solution Implementation 528 28.5.5 Success, Measurement of 528 28.5.6 Secure/Continue 528 28.5.7 Stop/Close 528 28.6 Assignment Methodology 528 28.7 Change Management 529 28.8 Sustainable Change 529 28.9 Summary 530 28.10 References 531 29 Proposal 533 29.1 Introduction 533 29.2 Proposal Preparation 533 29.2.1 Planning 533 29.2.2 Preliminary Review 534 29.3 Proposal Writing 534 29.3.1 Task Management 534 29.3.2 Copying Text 534 29.3.3 Master Copy 534 29.3.4 Peer Review 534 29.4 Approach 535 29.5 Proposal 535 29.5.1 Identify the Parties – the Who 535 29.5.2 Identify the Location – the Where 537 29.5.3 Understand the Project Background – the What 537 29.5.4 Define the Scope – the Which 537 29.5.5 Clarify the Objectives – the Why 537 29.5.6 Determine the Approach – the How 538 29.5.7 Determine the Timing – the When 538 29.6 Client Responsibilities 538 29.7 Remuneration 539 29.8 Summary 539 29.9 References 539 30 Implementation 541 30.1 Written Statement of Project Implementation 541 30.2 Management 541 30.2.1 Objectives 541 30.2.2 Planning the Project 542 30.2.3 Consultant Team Composition 543 30.2.4 Interface with Stakeholders 543 30.2.5 Data Gathering 543 30.2.6 Budget 544 30.2.7 Assessment of Risk 544 30.2.8 Deliverables 544 30.2.9 Presentation of the Findings 545 30.2.10 Key Factors for Successful Implementation 545 30.3 Customer Delight 548 30.4 Summary 548 30.5 References 548 Appendix 1: Successful IT: Modernising Government in Action 549 Appendix 2: Sources of Risk 553 Appendix 3: DEFRA Risk Management Strategy 557 Appendix 4: Risk: Improving Government’s Capability to Handle Risk and Uncertainty 561 Appendix 5: Financial Ratios 567 Appendix 6: Risk Maturity Models 573 Appendix 7: SWOT Analysis 579 Appendix 8: PEST Analysis 583 Appendix 9: VRIO Analysis 587 Appendix 10: Value Chain Analysis 589 Appendix 11: Resource Audit 591 Appendix 12: Change Management 595 Appendix 13: Industry Breakpoints 599 Appendix 14: Probability 601 Appendix 15: Value at Risk 611 Appendix 16: Optimism Bias 613 Index 621

Read more less

Book SynopsisInternet Security Alliance provides thought leadership in cybersecurity and works with the US government to advocate for public policy that will advance the interests of cybersecurity.Larry Clinton is President of the Internet Security Alliance. He advises industry and government on cyber policy and regularly appears in the media to provide an expert opinion. He has briefed NATO, the Organization of American States (OAS), G-20 and the US Congress. He has twice been named to the NACD 'Directorship 100' list of the most influential individuals in corporate governance.Trade Review"Cybersecurity is national security. The only way to effectively protect ourselves is through a collective defense model. Cybersecurity for Business describes the roles and responsibilities individuals across an organization must take in this new age to work together to protect their enterprise and, in so doing, contribute to our nation's defense." * GEN (Ret) Keith Alexander, Former head of US Cyber Command Co-CEO, IronNet Cybersecurity, Inc. *"Cybersecurity for Business is a bonfire of wisdom for leaders who desire to be part of the executive decision-making team in their organization. Co-authored by an extraordinary group of global leaders and luminaries with topics as diverse as 'managing' your board of directors, developing key inter-organizational relationships and aligning business goals to cybersecurity, among others, this book will find a home on the desk of leaders and managers across the cybersecurity community." * Mark Weatherford, former Deputy Undersecretary for Cybersecurity at the US Department of Homeland Security. Chief Security Officer at AlertEnterprise *"Cybersecurity for Business takes the complicated and ever-changing world of data security and technology and offers a remarkably cogent collection of guidance from industry experts. The result is a practical and wide-ranging text and a powerful tool for keeping businesses safe." * Preet Bharara, former U.S. Attorney, Distinguished Scholar in Residence at NYU School of Law; CNN Senior Legal Analyst; author of NYT bestselling 'Doing Justice' and host of 'Stay Tuned with Preet' *"Cybersecurity for Business is one of the few books that recognizes that cybersecurity is not just a technology issue - it's a strategy issue and a leadership issue. Here you'll find excellent and timely guidance that will help leaders around the company and the world do their part to succeed in an environment of cyber risk." * Daniel Dobrygowski, Head of Governance and Trust, World Economic Forum *"This ISA book on cybersecurity risk management hits the mark on enabling organizations to contextualize cyber risk to financial, operational and business outcomes. These core principles align to the heightened expectations across the regulatory (SEC), investor, risk management and boardroom communities." * Chris Hetner, Former Senior Cybersecurity Advisor to the SEC Chair and Special Advisor for Cyber Risk to the NACD *"Leadership and management of cyber risk continues to evolve. Beyond just C-Suites and IT departments, this book brings the role of the whole organization - HR, PR, finance, legal compliance, marketing, etc. - into sharp focus. Cybersecurity is a team sport that must address leadership, management and the culture of security throughout the entire business enterprise. Cybersecurity for Business sets the principles and de-facto standard for modern cyber risk management." * Harry D. Raduege, Jr. Lieutenant General, USAF (Ret) Chief Executive Officer, National Cybersecurity Center *"Cybersecurity for Business tracks the principles we recommend our college and universities follow to enhance their own cyber risk resilience. As such, it's an excellent book for graduate and undergraduate courses in cyber, and its use will help create a more coherent, secure and sustainable digital environment." * Henry Stoever, President and CEO, Association of Governing Boards of Universities and Colleges (AGB) *"The aspect of Cybersecurity for Business that compelled me to adopt it as my textbook for Columbia's Enterprise Cyber Threats and Defenses course is the holistic approach taken to the defense of complex networks. As demonstrated by the impact of Hurricane Katrina on New Orleans, dis-aligned localized defenses cannot withstand systematic attacks on complex multi-part networks. Even a single point of failure in an otherwise robust entity 'perimeter' renders the entire entity vulnerable. Because there is no security through obscurity, the only sustainable cyber defense is one architected top-down." * Dr. Corey Hirsch, CISO, Teledyne *"Cybersecurity for Business outlines a model any business should consider to align its technical systems with proper management to strengthen its cyber resilience. Besides serving as a guide to better manage cyber attacks, this book provides confirmation of our security program and the approach we've taken. Additionally, it reinforces concepts we routinely share with partners, customers, and other stakeholders across our ecosystems. What I like most is that it offers practical advice with a robust list of references for readers to dive even deeper into the various topics." * Jon Brickey, Senior Vice President Cybersecurity Evangelist, Mastercard *"Despite the deluge of cyber-attack headlines, too often boards of directors remain focused on how they should be preparing for the next inevitable breach, rather than thinking proactively about their cybersecurity oversight responsibilities. Cybersecurity for Business is an invaluable guide for directors and executives at organizations of all sizes to better understand the business, legal and technical dimensions of cybersecurity risk management, and how to optimize corporate governance to meet the challenges posed by multifaceted cyber threats. I consider it required reading for everyone interested in safeguarding their critical systems, supply chains, employees and customers." * Professor Scott J. Shackelford, JD, PhD, Chair, Indiana University Cybersecurity Risk Management Program *"The ISA's Cybersecurity for Business is the first comprehensive, practical, strategic and tactical guide to this rapidly evolving and constantly challenging subject that is both practical and academic. Indeed, it is exactly what I have been looking for as someone who both advises boards and management on strategic cyber risk management and governance and as a cyber-professor teaching a course on 'Cyber Leadership, Risk Oversight and Resilience' at NYU, where it will become my core textbook for future semesters. This is an outstanding contribution because it is written by people with direct experience on the front lines - indeed on the bleeding edge - of this ever-evolving threat and opportunity matrix and incorporates some of the groundbreaking risk governance work that Larry and the Internet Security Alliance have been doing for years with the NACD, the World Economic Forum and a number of leading industry associations around the world. And, finally, it goes beyond other publications by looking at the bigger systemic cyber-picture including the role of culture, economics, governance and how all the strategic and tactical dots interconnect. Kudos to Larry and his team - they really made it happen!" * Andrea Bonime-Blanc, Founder & CEO, GEC Risk Advisory *"Regardless of industry - whether it is agriculture, aviation or health care - organizations are all increasingly susceptible to cyberattacks, and businesses need to adapt accordingly. Cybersecurity for Business provides the tools for business and IT leaders alike to successfully navigate this new reality." * Richard Rocca, CISO, Bunge *"It is rare for a new volume to provide such excellent guidance on cyber for the working manager and practitioner. I hope board members and executives everywhere invest the time to absorb this book's fine contents." * Ed Amoroso, Former CISO, AT&T *"As an early advocate of enterprise risk management, I have seen the significant business value from better quantifying and integrating strategic, operational and financial risks. Cybersecurity cannot be managed effectively as a silo given its critical business and risk interdependencies. This practical book will help any organization break down that silo and address cybersecurity as a strategic, enterprise risk issue." * James C. Lam, President, James Lam & Associates; Chair of the Board, Recology; Chair of the Audit Committee, RiskLens; Author, 'Implementing Enterprise Risk Management' *"All businesses, large and small, will eventually find themselves the target of sophisticated cyber-attacks. Companies need to account for and adapt to this reality, especially as we all rely more on technology and data to drive our businesses. Cybersecurity for Business provides specific guidance for directors down to the front lines of IT, that, if followed, can place a company in a far better position to be armed and prepared for the inevitable cyber-attack." * Kevin Mandia, CEO, Mandiant *"Cybersecurity for Business is one of those rare practical books for businesses that can help large, medium and small companies manage the ongoing and unavoidable cyber risks now facing all industries. The threats facing manufacturers and all firms compound by the day, so learning these lessons now is crucial." * Jay Timmons, President and CEO, National Association of Manufacturers *"Utilities have been hit hard by hackers during the past few years, creating a need to balance risk with the demands of the new economics of the digital world. I cannot recommend Cybersecurity for Business enough. It helps organizations evaluate security for an enterprise-wide perspective consistent with the economics required to maintain effective service." * Ryan Boulais, Chief Information Security Officer, The AES Corporation *Table of Contents Section - ONE: Why we need to take an enterprise-wide approach to cyber risk; Chapter - 01: The growing cyber threat – Not just an "IT" issue; Chapter - 02: View from the top – How boards are addressing cyber risk; Chapter - 03: Structuring the organization for the digital age; Chapter - 04: A modern approach to assessing cyber risk; Section - TWO: How to manage cyber risk from an enterprise-wide perspective; Chapter - 05: The roles and responsibilities of human resource management in cybersecurity; Chapter - 06: The roles and responsibilities of legal and general counsel; Chapter - 07: The roles and responsibilities of audit and compliance; Chapter - 08: Cybersecure supply chain and third-party management; Chapter - 09: The roles and responsibilities of technical operations; Chapter - 10: The roles and responsibilities of external communications and crisis management; Chapter - 11: The roles and responsibilities in mergers and acquisitions; Chapter - 12: The roles and responsivities of cyber operations in developing a culture of security

Read more less

Book SynopsisMartin Massey has worked for some of the leading global insurance and risk consulting firms and has over 30 years of industry experience. He is the Managing Director of OneRisk Consulting Ltd, providing Enterprise Risk Management consultancy services with a focus on climate change risk management. He is Chair of the Institute of Risk Management's (IRM) Climate Change Special Interest Group and helped to design and launch the IRM's climate change training course. Martin Massey also wrote the IRM's Climate Change Practitioners Guide in 2021. He is based in London, UK.The IRM is a world leading professional body for risk management, driving excellence in managing risk to ensure organizations are ready for opportunities and threats of the future. They are headquartered in London, UK.Trade Review"A must-read for anyone managing climate risk. The book is insightful, informative and a great one stop shop among a plethora of thought leadership out there on the topic. Most importantly, the book contains excellent practical guidance on how to incorporate climate risk management into existing risk management frameworks and equally, how to start from scratch. I will certainly be consulting it." * Susan Young, CRO, R&Q *"Building on the existing tools and techniques of risk management Martin Massey methodically shows the reader how to encompass and embrace the challenges that climate change will bring to us all. The book is readily accessible for those new to risk management but will also bring fresh insight to those familiar with the concepts." * Roy Boukins, Group Risk Officer, Accelerant Holdings *"Finally, here is a book which provides risk and financial professionals with a roadmap for implementing climate risk into their thinking. The book contains a host of comprehensive detail to equip readers with everything they need to achieve the business transformation that is required." * Rachel Johnson, ACCA Global *"This book provides great insight for risk managers needing to navigate the challenges of climate change, particularly during this early exploratory stage as firms start to ramp up their expertise to improve understanding of risks and opportunities." * Judith Ellison, Business Development Manager, JBA Risk Management *"This book explains in a very clear and methodically way how to integrate climate risks into an existing ERM and Governance Framework." * Alfa Falconi, Director Enterprise Risk | Governance, Risk & Compliance (GRC), NEOM *"Martin Massey has written a book which will be welcomed by the risk management community, but more importantly by their children and grandchildren as we wrestle with the changes required for a net zero future. I am confident that the book will greatly help the reader to bring climate risk into their thinking including the opportunities that climate change presents to us all." * Paul Mahon, Head of Technical Development, Cornish Mutual *"Addressing the overarching issue of how we inhabit the planet, Martin Massey's book informs and equips us superbly to develop a culture that unites everyone's positive efforts around a core consensus on climate risk. He draws together a superb array of expert insights, shows us all how to take reassuringly practical steps, and finds new opportunities for enterprise even as we engage with an existential threat." * Dr Roger Miles, Head of Faculty, UK Finance: Conduct Leaders Academy *"Building on existing tools and techniques of risk management, Martin Massey methodically shows the reader how to encompass and embrace the challenges that climate change will bring to us all. The book is readily accessible for those new to risk management but I am sure it will also bring fresh insight to those familiar with the concepts." * Derek Thrumble, Head of Analytics, Gallagher Specialty *Table of Contents Chapter - 00: Introduction - Climate change enterprise risk management in context; Chapter - 01: Climate change risk landscape and ERM maturity; Chapter - 02: Climate strategic positioning and risk appetite integration; Chapter - 03: Developing an effective climate governance framework; Chapter - 04: Climate change risk identification techniques including stakeholder mapping; Chapter - 05: Managing transition risks; Chapter - 06: Building climate resilience; Chapter - 07: Climate physical risks – Data sources, uses and challenges; Chapter - 08: Designing an effective climate emerging risk management process; Chapter - 09: Climate emerging trends, issues and challenges; Chapter - 10: Climate stress and scenario testing; Chapter - 11: Climate risk integration into specific business processes; Chapter - 12: Financial reporting and climate disclosures

Read more less

Book SynopsisDavid Hillson is a thought-leader and expert practitioner in risk management, based in Petersfield, UK. He has advised major organizations, governments and charities in 60 countries on creating value from risk using applied risk-based thinking. He has written 13 major books on risk and has developed significant innovations that are now widely accepted as best practice. He has received many awards for his ground-breaking work in risk management. He regularly shares his work through the RiskDoctorVideo YouTube channel.Trade Review"An opportunity to learn from the risk world's best thinkers in one easy to navigate handbook. This will become your go to guide for pivotal risk responses, with useful pointers on next steps and emerging risk issues." * Clare Ball, Director of Internal Audit, Risk Assurance & Insurance, Babcock International Group, UK *"A collection of expert insights on various dimensions of risk, written in straightforward language that articulates in practical terms key nuances of risk management for decision-making. A must-read for anyone seeking to better understand risk and the management thereof." * Daniel Udochi, Head of Risk, du, United Arab Emirates *"The Risk Management Handbook brings together an impressive line-up of global thought leaders with a wide array of experience and expertise, providing readers with a practical handbook that covers all contemporary topics, and more, within the risk management field. This is a valuable resource for me as an educator when teaching risk management, often to non-risk students. This book caters not only to those explicitly interested in risk and risk management, but those new to the field, who want to or need to learn about this discipline that is critical to successfully running an organisation. I look forward to using this new edition with my students!" * Dr Paula Sonja Karlsson-Brown, Senior Lecturer in Management, Adam Smith Business School, University of Glasgow, UK *"A must-have resource, offering a relevant collection of expert contributions and practical insights on the latest evolution of the risk management discipline. It is structured in a logical manner, making it perfect for a deep dive on risk management or a quick refresher on a specific subject." * Francesca Schiezzari, Head of Risk Management, Leonardo Helicopters, Italy *"The Risk Management Handbook is an exceptional comprehensive guide on risk management topics and applications, full of important information for professionals, students and managers. This new edition has been updated with many recent and emergent risk issues, making it an important current source for all of us interested in risk." * Dr Terje Aven, Professor of Risk Science, University of Stavanger, Norway *"The Risk Management Handbook equips readers with the knowledge and tools necessary to navigate the complexities of risk management. With its comprehensive coverage and timely insights, this book empowers readers to effectively manage risk in the ever-evolving business landscape. Whether you are seeking an in-depth understanding or are simply intrigued by the subject, this handbook offers a practical and thought-provoking approach to risk management." * Shai Davidov, Associate Professor of Management, Operations Management & Logistics Group, Edinburgh Business School, UK *Table of Contents Chapter - 00: Preface [Dr David Hillson]; Section - ONE: Dimensions of risk management; Chapter - 01: Introducing risk [Dr David Hillson]; Chapter - 02: Enterprise Risk Management [John Crawley and Emer McAneny]; Chapter - 03: Environmental, Social & Governance (ESG) Risk Management [Dr Sarah Gordon]; Chapter - 04: Operational risk management [Dr Ariane Chapelle]; Chapter - 05: Financial Risk Management [Clive Thompson]; Chapter - 06: Business Continuity Management [Ian Clark]; Chapter - 07: Reputational risk management [Arif Zaman]; Chapter - 08: Project, Programme and Portfolio Risk Management [Dr Dale Cooper]; Chapter - 09: Supply Chain Risk Management [Linda Conrad]; Chapter - 10: Cyber Risk Management [Alex Stezycki]; Chapter - 11: Legal Risk Management [Dr Sam De Silva]; Chapter - 12: Climate Change Risk Management [Martin Massey]; Chapter - 13: Political Risk Management [Robert McKellar]; Chapter - 14: Country Risk Management [Nicki Kons]; Chapter - 15: Stakeholder Risk Management [Dr Lynda Bourne]; Chapter - 16: Ethics in Risk Management [Giusi Meloni]; Chapter - 17: Risk Management in International Development Cooperation [Magda Stepanyan]; Section - TWO: CROSS-CUTTING DISCIPLINES; Chapter - 18: Risk Culture [Alex Hindson]; Chapter - 19: Risk-Based Decision Making [Keith Smith]; Chapter - 20: Risk Leadership in Complexity [Dr Richard Barber]; Chapter - 21: Resilience [Dr Erica Seville]; Chapter - 22: Communicating Uncertainty [Professor Veronica Bowman OBE]; Chapter - 23: Organisational Change Management and Risk [Dr Ruth Murray-Webster]; Chapter - Epilogue: The Future of Risk Management [Dr David Hillson]

Read more less

Book SynopsisJohn Manners-Bell is Founder and CEO of Transport Intelligence Ltd. He is an Honorary Visiting Professor, London Guildhall Faculty of Business and Law, London Metropolitan University. He was formerly Chair of the Logistics and Supply Chain Global Agenda Council of the World Economic Forum, speaking and moderating at the annual Davos meeting. In 2021 he founded the Foundation for Future Supply Chain. His most recent book, Logistics and Supply Chain Innovation, was published by Kogan Page in November 2022.Trade Review"Supply Chain Risk Management is a comprehensive guide, shedding light on the intricate landscape of supply chain risk and the increasingly important role supply chains play as a buffer. John Manners-Bell illuminates newly emerged fragilities of global supply chains, how to identify and assess risks and how to develop and implement mitigation strategies, often based on new analytics and AI tools. I highly recommend this book to anyone who is responsible for business continuity." * Thomas Van Vliet, Director, Business Analytics, Solutions, DSV *"Supply Chain Risk Management is a wake-up call for those 'risk-agnostic' organizations that need to immediately adopt a more pro-active approach with respect to risk prevention. Anchored in today's reality, the book covers a wide range of topics and includes new tools, techniques and metrics that can be used as an effective way to identify, assess, mitigate and manage risks." * Dr Laurentiu David, Professor of Decision Sciences, Centennial College, Ontario *"Supply Chain Risk Management provides a deep dive into many of the world's largest multinational corporate agendas, both with an internal and external risk focus. John explores risks across production, manufacturing, logistics, technology and networks, in both micro and macroeconomic environments. The combination of John's highly regarded academic, research and theoretical strengths, combined with a long established international reputation as a hands on supply chain practitioner, make this book essential reading for those at all levels and areas of the global supply chain community." * Kim Winter, Group Managing Director, Logistics Executive Group *"Supply chain risk management has soared to the top of the corporate agenda since the beginning of the 2020s, as the pandemic opened top executives' eyes to supply chain vulnerabilities across all industries. Supply chain resilience is gaining traction as an essential goal, challenging decades of cost-optimization focus. This book brings together existing practice and new thinking, guiding supply chain design in an increasingly volatile and complex world." * Alex Irving, Transport Equity Research Analyst, Bernstein Autonomous *Table of Contents Chapter - 00: Introduction; Section - ONE: Building a resilient supply chain; Chapter - 01: A framework for understanding risk; Chapter - 02: Engineering supply chain resilience; Chapter - 03: Contagion and logistics networks; Chapter - 04: Lessons from the Covid crisis; Section - TWO: Industry sector risk; Chapter - 05: Industry sector resilience to supply chain threats; Chapter - 06: Automotive supply chains; Chapter - 07: High-tech supply chains; Chapter - 08: Consumer goods supply chains; Chapter - 09: Food supply chain vulnerability; Chapter - 10: Evolving risk in pharmaceutical supply chains; Chapter - 11: Fashion supply chains; Section - THREE: Supply chains’ interaction with the natural world; Chapter - 12: Natural disasters; Chapter - 13: Climate change and emissions policy; Chapter - 14: Environmental impact of global value chains; Section - FOUR: Economic, societal and political risks; Chapter - 15: Economic risks to the supply chain; Chapter - 16: Societal risks to supply chains; Chapter - 17: Political risks in international supply chains; Section - FIVE: Security and cyber threats; Chapter - 18: Corruption and bribery in international logistics; Chapter - 19: Cargo crime and piracy; Chapter - 20: Corruption in public procurement, defence and humanitarian logistics; Chapter - 21: Terrorism and security; Chapter - 22: Cyber threats to supply chains; Chapter - 23: Illicit supply chains; Chapter - 24: Conclusion; Chapter - 25: References;

Read more less

Book SynopsisChristopher J Hodson is Chief Security Officer for Cyberhaven where he oversees all facets of security to protect Cyberhaven customers and employees, including cloud and application security, security operations, and risk management. In addition, Chris serves as a board advisor at the workforce development platform, Cybrary, and is a fellow of the Chartered Institute of Information Security. He has previously held CISO positions with Contentful, Zscaler, and Tanium. He is a guest lecturer at Royal Holloway, University of London where he also holds a master's degree in computer and information systems security.Trade Review"This is an excellent book. Christopher Hodson writes as he speaks, with passion and clear understanding of a profession of which he has extensive experience and loves. Cyber Risk Management is extremely well researched and provides the reader with a simple-to-follow, guided journey through the cyber issues we face and the approaches we should be taking to cope with them. Hodson's pragmatic style demystifies complex issues making this a great read for both experienced security professionals and non-professionals alike. This is required reading for anyone who wants to intelligently manage cyber risk, whether a CISO, CFO or CEO!" * Amanda Finch, CEO, Chartered Institute of Security Professionals *"In the fast-paced world of cybersecurity, Cyber Risk Management is a guiding light. This book combines expertise with a friendly touch, making it easy for readers to tackle security challenges, no matter their technical background. Christopher Hodson has a knack for unravelling cybersecurity jargon and presenting complex ideas in a way that anyone can understand. He effortlessly blends theory with practical examples, ensuring readers not only grasp the basics but also gain insights into real-world scenarios. Throughout the book, Hodson expertly covers the essentials of cybersecurity risk management, offering a solid framework for prioritizing threats, spotting vulnerabilities, and implementing effective controls. His conversational tone and patient approach make this book a valuable resource for both seasoned practitioners and newcomers." * Dana Wolf, CEO and Co-Founder, YeshID *"Everyone in the cybersecurity universe is experiencing a pace of change and complexity which is simply unprecedented. Christopher Hodson has captured our universe as it is today. He covers the meteoric rise of LLMs and changes in social appetite to technology, with the keen insight, deep expertise and humour that we expect from him. He gives us a reason to feel optimistic about these changes. Whilst so much is changing, the importance of understanding cybersecurity remains paramount and constant." * Phil Owen MBE, VP/Chief Security Officer, Telus Health *"Cyber Risk Management serves as both a valuable playbook for security leaders building out their programs, and a much-needed reference for their key business and technical partners across the organization. Christopher Hodson reinforces and enriches each topic by drawing upon a diverse set of examples from emerging technologies, geopolitical and regulatory forces, historical events, and noteworthy incidents." * Ryan Kazanciyan, CISO, Wiz *Table of Contents Section - PART ONE: Contextualizing cybersecurity risk; Chapter - 01: Why now? The only constant is change; Chapter - 02: Technologies and security challenges; Chapter - 03: Data breaches; Section - PART TWO: Cybersecurity programme management; Chapter - 04: What are cybersecurity and cybercrime?; Chapter - 05: Establishing a cybersecurity programme; Section - PART THREE: Actors, events and vulnerabilities; Chapter - 06: Threat actors; Chapter - 07: Threat events; Chapter - 08: Vulnerabilities; Chapter - 09: Controls; Section - PART FOUR: Conclusion: the cybersecurity risk equation explained; Chapter - 10: Cyber risk management: a conclusion;

Read more less

Book SynopsisJames Crask is Managing Director of Strategic Risk Consulting for Marsh, working with clients to deliver resilience and business continuity solutions. He also chairs the International Standards Committee responsible for all global Business Continuity and Organisational Resilience ISO Standards, including ISO 22301:2019. He previously worked for PwC where he was responsible for building the UK firm's business resilience advisory services and has held roles for the Nuclear Decommissioning Authority and for the BBC. He is based in London.

Read more less

Book SynopsisMaha El Dimachki is the Centre Head for the Bank for International Settlements Innovation Hub in Singapore which works to support central banks in the digital economy using novel ideas and emerging technologies. Prior to this, Maha was Head of Department for Early and High Growth Oversight leading the Financial Conduct Authority's response to the Kalifa review of UK fintech. El Dimachki has held leadership roles in multiple geographies with a focus on risk management, regulation, strategic direction, delivering change and a passion for diversity and inclusion.

Read more less

Book SynopsisKate Boothroyd is the Director of KB Risk Consulting Limited, a risk management consultancy. She is a Certified Fellow of the Institute of Risk Management, one of their accredited trainers and lead developer of the IRM's updated Enterprise Risk Management Certificate. She was previously Deputy Chair of the IRM. She is based in Huddersfield, UK. Clive Thompson was Deputy Chair of the IRM until 2020. He has been a risk manager and consultant delivering projects globally and is a Certified Fellow of the IRM. He is based in West Sussex, UK.The Institute of Risk Management is a world leading professional body for risk management, driving excellence in managing risk to ensure organizations are ready for opportunities and threats of the future.

Read more less

Book SynopsisA new playbook for effective crisis management in higher education. Unlike other industries, in higher education an institution's most important asset is its reputation. Yet as fundamental as it is, many leaders continue to view managing reputation as dishonest and counterproductive, a suspect process that undermines the very idea of reputation as an organic outcome of reality. When leadership credibility is on the line, though, and an institution's reputation is facing potentially irreparable damage, the concept of reputational risk moves from being nebulous to all too tangible. In Preventing Crises at Your University, Simon Barker demonstrates how critical it is for colleges and universities to align strategy and values with decision-making during times of crisis. Arguing that leaders must stop considering the discussion of reputational risk as unseemly, he demonstrates that this discussion is in fact a strategic imperative for every leader. Significant reputational damage, Barker Table of ContentsPrefaceIntroduction. Mind the Gap: Why Reputational Risk MattersChapter 1. A Reputational Risk FrameworkChapter 2: Nine Things That Go Wrong in CrisesChapter 3: Effective Crisis Management I: Getting Ahead of a CrisisChapter 4: Effective Crisis Management II: Defining Roles and ResponsibilitiesChapter 5: Effective Crisis Management III: From Chaos to Managed ProcessChapter 6: Effective Crisis Management IV: Crisis CommunicationsChapter 7: Redefining Issues ManagementChapter 8: The Role of Leadership in CrisisChapter 9: Frameworks and Models to Manage Reputational RiskIndex

Read more less

Book SynopsisTake a holistic view of enterprise risk-adjusted return management in banking. This book recommends that a bank transform its siloed operating model into an agile enterprise model. It offers an event-driven, process-based, data-centric approach to help banks plan and implement an enterprise risk-adjusted return model (ERRM), keeping the focus on business events, processes, and a loosely coupled enterprise service architecture.Most banks suffer from a lack of good quality data for risk-adjusted return management. This book provides an enterprise data management methodology that improves data quality by defining and using data ontology and taxonomy. It extends the data narrative with an explanation of the characteristics of risk data, the usage of machine learning, and provides an enterprise knowledge management methodology for risk-return optimization. The book provides numerous examples for process automation, data analytics, event management, knowledge management, and improvemeTable of ContentsChapter-1 Commercial Banks, Banking Systems & Basel Recommendations1.1 Introduction 1.2 Financial markets 1.3 Commercial Bank - Lines of Business and Products 1.4 Source Systems 1.5 Evolution of Basel Risk Management Recommendations Chapter-2 Siloed Risk Management Systems 2.1 Introduction 2.2 Treasury’s Market Risk and Credit Risk Management 2.3 Credit Risk in the Loan Book 2.4 Asset Liability Management (ALM) 2.5 Anti-Money Laundering and Countering the Financing of Terrorism (AML-CFT). 2.6 Operational Risk Management (ORM) Chapter-3 Enterprise Risk adjusted Return (ERRM) Model, Gap Analysis & Identification 3.1 Introduction 3.2 What caused the Siloed Architecture? What is the impact? 3.2.4 Integrated Risk Management & ERRM 3.3 Gap Identification 3.3.1 Document New Business Requirements 3.3.2 Review of ERRM Requirements 3.3.3 Define ERRM Conceptual Model 3.3.4 Review As-Is Operating Model 3.3.5 The Gap–What needs to be done? 3.4 Summary-Build & Improve Capabilities Chapter-4 ERRM Methodology, High level Implementation Plan 4.1 Introduction 4.2 ERRM Methodology Chapter-5 Enterprise Architecture 5.1 Introduction 5.2 Ontology-Driven Information Systems 5.3 Service-Orientated Architecture (SOA) 5.4 Microservices Architecture (MSA) 5.5 Introduction to Cloud, Data Virtualisation 5.6 Enterprise Event Driven Architecture 5.7 Enterprise Process Automation 5.8 Robotic Process Automation (RPA) 5.9 SOA-BPMS Convergence 5.10 Cost Management (CM) 5.11 Gap Resolutions – Enterprise Architecture category Chapter-6 Enterprise Data Management 6.1 Introduction 6.2 Data Management Frameworks 6.3 Enterprise Data Management 6.4 Single View of the Truth Chapter-7 Enterprise Risk Data Management 7.1 Introduction 7.2 Enterprise Risk Data Ontology 7.3 Ontology based ERRM System 7.4 Enterprise Risk_Return Data Strategy 7.5 Enterprise Risk Data Discovery 7.6 Event Driven, Data Centric Enterprise Risk Management 7.7 Risk Data Management Technology 7.8 Multidimensional Enterprise Risk Data Model Chapter-8 Data Science and Enterprise Risk Return Management 8.1 Introduction 8.2 Maths & Stats in Risk Data Calculations 8.3 Theory and Concepts 8.4 Risk Management Models 8.5 Enterprise Risk-Return Model Governance Chapter 9 Advanced Analytics and Knowledge Management 9.1 Introduction 9.2 Advanced Analytics 9.3 Knowledge Management, KM 9.5 Analytics Maturity Evaluation Chapter-10 ERRM Capabilities & Improvements 10.1 Introduction 10.2 Enterprise Liquidity Management (ELM) 10.3 Dynamic ALM 10.4 Improved Risk Measures.

Read more less

Book SynopsisFor businesses to grow and be successful their approach to resilience must be defined by a holistic and risk-focused outlook, rather than one which is narrow and dominated by event-oriented continuity practices. The Organizational Resilience Handbook shows that success is as much to do with innovation and the speed with which new products are brought to market as it is with organizations having to deal with unexpected crisis situations. It comprehensively covers the full breadth and depth of the field and introduces related topics such as security, safety, e-commerce, emerging technologies and customer experience. Through adopting a strategic and progressive approach, practitioners can apply the book's methodology to develop an in-depth understanding of resilience within their own organization and use it to effectively engage with the board and senior management in developing strategies for achieving greater resilience capability. A range of high-profile case studies, such as Mercedes, the UK's National Health Service, Alibaba and BP, help to illustrate the concept of resilience by detailing characteristics and behaviours which confirm its meaning. The Organizational Resilience Handbook is a practical guide to self-assessment, benchmarking performance and implementing resilience frameworks in any organization.Trade Review"Graham Bell provides an interesting and comprehensive exploration of resilience and lays out the wide-ranging arguments on resilience which have happened over the years. It is important to be able to argue from several angles, and this handbook uses case studies to demonstrate the many and varied approaches that have been adopted in the pursuit of resilience." * Derek Mowbray, Organization Health Psychologist *"The book offers a detailed and thought provoking look at organizational resilience with a broad range of case studies and global insights. It places a focus on strategy and delivering commitments to stakeholders, the role of leadership in organizational resilience, the importance of continual learning and everything in between." * Janette Kirk-Willis, Positive Psychology and Resilience Coach, Founder of Positively Flourishing *"Provides a practical approach to using the information we gather to move from risk to resilience management. Organizations of any kind will benefit from the focus on transforming risk reviews and assessments into strategic hints. In these days of great change and external pressures, organizations will need a form of intelligent design applied to allow businesses to not only survive but excel. This book provides that." * Cosimo Pacciani, former COO of Algebris and former CRO of the European Stability Mechanism *"Managing the COVID-19 pandemic has taught us and is continuing to teach us many lessons about resilience. Not the least of these is that the responses have been widely varied in terms of the levels of preparedness displayed by different countries and the corporates and entities within them. It is also apparent that a much greater priority needs to be given to organizational resilience in the future, particularly as we face the challenges of climate change and other aspects of global instability that will continue to throw up shocks - predictable and unpredictable. 'The Organizational Resilience Handbook' therefore provides an invaluable and timely framework for assessing the resilience of an organization and to help its leaders enhance their preparedness in a way which is not threat-specific. Above all, it makes the point that any resilience strategy must be holistic and recognise the inter-dependencies that the organization faces." * Lord Toby Harris *"I commend this book to all resilience practitioners and professionals who interact with the C-Suite. Graham does a great job of outlining the many dimensions of resilience, over and above the ones we might traditionally (but erroneously) think of such as crisis management and business continuity. I found the case studies brought out many of the books arguments and finally believe that the resilience model is a great way to begin to measure something which historically has been viewed as somewhat intangible or at the very least one dimensional. This book certainly broadened my concepts and views of organisational resilience."" * Stuart Seymour, Director Global Cyber Security, Cyber Incident Response, Physical Security and Resilience at Centrica *Table of Contents Chapter - 00: Introduction; Chapter - 01: Contextual setting; Chapter - 02: Definitions and references; Chapter - 03: Reasoning and benefits; Chapter - 04: Case studies; Chapter - 05: The Organizational Resilience Capability Model® (ORCM); Chapter - 06: Assessment and reporting; Chapter - 07: Other key issues and ideas; Chapter - 08: Application and implementation

Read more less

Book SynopsisIn the next wave of conduct regulation in financial markets, from 2021 conduct regulators in the UK and elsewhere expect firms to produce evidence on how they are improving behaviour and culture. Facing this, many practitioners are anxious that their current reporting and management information (MI) are irrelevant to meeting as-yet unclear regulatory expectations. This book provides the insights and tools firms need to report on culture, securing both enhanced business value and the regulator's approval. Culture is now seen as a key contributor to good governance, feeding into existing discourse on environmental, social and governance (ESG) factors and the emerging dialogue on 'non-financial (mis)conduct', but conventional measures of business quality are unfit for the new reporting agenda. Culture Audit in Financial Services follows the arc of 'behavioural regulation' to examine what the regulator really wants, before offering guidance on how culture audit differs from conventional auditing, how to put the latest pure-research findings to work, and the key features of well-designed conduct and culture reports. Written by an impartial author and a variety of contributors with extensive experience working with practitioners, regulators, and many of the world's finest academic initiatives, this book is filled with practical, grounded advice on how best to approach this new challenge and avoid infractions.Trade Review"A highly useful travelogue written by acclaimed experts in an easy-going manner that nevertheless serves to deepen awareness and understanding. After a survey of concepts and how conduct regulation is evolving, Culture Audit opens a window on using behavioural science to frame 'better questions' and introduces straightforwardly the benefits of some advanced technology. These elements weave together to explain where thought leadership has been and points to areas for further exploration like purpose, individual character development and the excitement that awaits firms who are not quite prepared for their first earnest discussion of culture with a regulator." * Ted MacDonald, Technical Specialist, Wholesale Banking Supervision, UK Financial Conduct Authority *"Roger Miles has brought together a stellar group of experts in conduct risk and fashioned a unique resource for the financial services industry and beyond. The authors and Dr Miles himself have been there, done that and have the t-shirt when it comes to conduct risk management. Oozing with practical wisdom, this book brings concepts from psychology and behavioural science to a financial services audience, to help address the seemingly intractable challenge of workplace misconduct. Culture change programmes fail at least as often as they succeed, but Culture Audit contains many insights that will enhance the chances of success. As a business school professor teaching post-experience, post-graduate programs, I'm often looking for material that is evidence-based but accessible; that avoids bland motherhood statements and excites interests; that presents solutions that are seen as feasible and not utopian. This book has all those qualities and I expect it will help the industry chart a new course, consistent with its recent aspirations. A must-have for financial services leaders and regulators, and those who aspire to such roles." * Elizabeth Sheedy, Professor of Risk Governance, Macquarie University *"Culture Audit fills a welcome gap between procedural "how to" manuals which can be dull and conceptually empty, and academic research, which is often brilliant but difficult to translate into real organizational programs and initiatives. This book takes many of the best ideas out there from behavioral science, then sets them within a framework with action points making it genuinely useful for practitioners. The lively writing and provocative examples really help overcome the difficulty of making culture a practical consideration for companies without losing important nuances. This work deserves to make a big positive impact." * Alison Taylor, Executive Director, Ethical Systems; Professor, NYU Stern School of Business *"Just what the finance industry wants, and more importantly, what it needs. A definitive "How to" guide to understanding your firm's culture, its strengths and weaknesses, and, most importantly, how to systematically and thoroughly set about improving it throughout your workforce and firm. Packed with helpful real-life anecdotes from finance experts, academics' and regulators' perspectives, helpful history, insightful psychology, and pithy "sidebars" which neatly illustrate key points. A clear-sighted, up-to-the-minute view on progress made and what's left to do. This will long be seen as the magnum opus on this critical topic - and it is compelling reading at that. If the industry follows even half of the good advice here it will be in a much better place a few years from now." * Sean Carney, COO/CFO, Telemos Capital *"I really like the multiple-author approach, and what a list of co-authors! There's huge value in just being able to read insights from this remarkable group of people all in one place. Their different perspectives throughout, and their evident sense of fun, make Culture Audit really engaging and thought-provoking. A set of 'Interlude' stories also brings the theory to life, such as the hugely enjoyable account of how a central bank supervisor went on to 'rebrand' an investment bank's compliance department as behaviour-aware - a mindset shift that would benefit many firms. Culture Audit's view of the genesis of conduct regulation, and robust predictions for its future, ground our understanding of why it's now so vital for firms to focus on culture and behaviour. The book is always engaging - it's as if the reader is enjoying a chat with the authors - and thankfully avoids getting bogged down in regulatory small print. With so much still to be done to improve financial sector culture, here's a book which really will spark timely conversations in firms: importantly around purpose, psychological safety, diversity and inclusion. These are vital foundations for any firm to set out, then act on to start a lasting culture change. Culture Audit jump-starts these conversations in a friendly, understandable way. It's a great addition to the discourse." * Olivia Fahy, Head of Culture, TCC Group; Culture Team lead - Supervision, UK Financial Conduct Authority 2016-21 *"This masterful book gives the reader an easy lens to get familiar with the latest thought and regulatory agenda for supervising financial firms' conduct and culture. Following to the global financial crash and numerous scandals such as LIBOR rigging and mis-selling, we have seen a shift from a consumer protection regime based on disclosure, towards a new focus on the root cause of misconduct: firms' culture. Culture Audit answers many questions that will be on the minds of firms' executives and compliance professionals, as well as regulators. Uniquely, this book addresses head-on the controversial topic of how people opt for different roles at different career stages, moving between regulatory agencies and commercial roles. This brings a fresh perspective so we can reflect in a new way on how regulators and firms interact. A summary condensed from years of research, empirical experience, hundreds of real life talks and sharing by firms' executives, this book is a joy to read, for its clear setting out of theory and its practical action points. Dr Miles is a fascinating guide as he unlocks a door to the secrets of human minds, group dynamics and applying behavioural science to financial services. With an impressive group of colleagues, he addresses the big questions: What is culture and conduct? Why do regulators care about culture and conduct, as opposed to codified laws and regulations?, and more importantly: What shall we (the firms) do in response to the call? Arguing for a clear difference between conventional audit and culture assessment, it rightly also questions even whether the term culture audit is broad enough to yield the "better questions" that firms now need to ask themselves." * Davis Tsui, JD, CPA, Insurance Conduct Supervisor, Hong Kong Insurance Authority; former Treasury Markets Association Secretariat, Hong Kong Monetary Authority *"An all-round excellent reading experience: crisply written, with sharp graphics and pithy fact boxes. Culture Audit is packed with clear, current and bright insight - which is no less than we'd expect from the world-leading practitioner experts behind it. Even more impressively, they address it all in a way that's engaging, easily readable and (who'd have expected this?) frequently entertaining. Every regulated finance professional with any leadership responsibilities should read this book." * Robert Ellison, Co-Founder, Finance Unlocked *"So many books have only one idea; this one has so many from Roger Miles and his co-authors. A broadly useful book with all kinds of lessons for all kinds of practitioners. As well as efficiently tapping into key high-level research findings, readers will discover how in practice to match culture and conduct principles with the needs to their organisation's stakeholders - including regulators of course. The UK and international context is thoroughly current and well evidenced with real life examples, a full glossary and plentiful references. Everything you need is in one place. A thoroughly worthwhile read!" * Bryan Foss, serial iNED; Council member, Financial Reporting Council; Co-Founder, The Risk Coalition *"What a timely book! Plenty here to interest financial services regulation practitioners. It seems extraordinary that we are still talking about culture, more than twelve years after the global financial crisis exposed such huge problems in financial institutions. With great clarity, the authors have explained why these problems persist and if this book can help to improve culture then they've done a fine job. Culture Audit contains a wealth of knowledge including a topical chapter on the behavioural science techniques that supervisors have adapted in recent years. A vast amount of research and analysis from leading industry thinkers has clearly gone on behind the scenes to enlighten the reader, yet the authors keep the tone straight-talking, lucidly unpacking complex and technical topics without compromising the quality of the analysis. For those whose interest is piqued, a list of further reading is provided in the appendix and there's a properly helpful glossary. Culture Audit is very likely to achieve its aim of starting a wider conversation about conduct and culture across the regulated financial sector and beyond." * Alexander Robson, Managing Editor, Thomson Reuters Regulatory Intelligence *"It isn't very often that I would recommend to my book club what appears from the title to be an academic read - but this one breaks the mould. The team of writers has delivered an insightful and practical book that manages to be both strategic and operational, as needed, besides often letting the reader pause to reflect and consider how this all supports their own personal development. The 'story' interludes bring the chapters together in that really useful, involving way that storytelling has, of leading the reader towards understanding and applying the concepts in real life. A thoroughly worthwhile read." * Ann McFadyen, Director, UK Finance *Table of Contents Chapter - 01: A culture quest for ‘better behaviour; Chapter - 02: ‘How regulators’ ‘behavioural approach’ went global – with culture its latest focus; Chapter - 03: ‘The house is on fire - How regulators own research has pointed to ‘culture reset’; Chapter - 04: What’s the big idea? (1) - How conduct regulators use behavioural science; Chapter - Interlude One: From poacher to gamekeeper to poacher… to scientist - A supervisor’s tale; Chapter - 05: What’s the big idea? (2) - Regulators’ challenge to firms - framing ‘purposeful culture’; Chapter - 06: A ‘behaviour-at-risk’ agenda emerges - Questioning purpose, lost trust and cultural coercion; Chapter - 07: The new mindset and language of culture - Assessing financial and non-financial conduct; Chapter - 08: Audit basics - How the practice of culture audit differs from conventional auditing; Chapter - 09: The new management reporting information (MI) for culture Part 1 - Getting past the old MI; Chapter - 10: The new reporting Part 2 - Developing the framework - from culture models to better questions and indicators; Chapter - Interlude Two: Case example - Culture rating in a retail bank; Chapter - 11: Interventions and enforcements - How regulators have responded to a ‘culture crisis’; Chapter - 12: Intelligence gathering versus surveillance - Tried and failed methods; putting the latest research tools to work; Chapter - Interlude Three: A sector-wide group seeks culture ‘tells’ - (Observing indications of good and poor conduct); Chapter - 13: Putting respected research tools to work, example 1 - Tools for cultural transformation - Barrett Analytics; Chapter - 14: Putting respected research tools to work, example 2 - Using the CultureScope ‘combined analytic’ to deliver measurably better culture; Chapter - 15: What regulators really want - Wrap-up and look ahead; Chapter - 16: Glossary; Chapter - 17: Recommended reading;

Read more less

Book SynopsisIn the next wave of conduct regulation in financial markets, from 2021 conduct regulators in the UK and elsewhere expect firms to produce evidence on how they are improving behaviour and culture. Facing this, many practitioners are anxious that their current reporting and management information (MI) are irrelevant to meeting as-yet unclear regulatory expectations. This book provides the insights and tools firms need to report on culture, securing both enhanced business value and the regulator's approval. Culture is now seen as a key contributor to good governance, feeding into existing discourse on environmental, social and governance (ESG) factors and the emerging dialogue on 'non-financial (mis)conduct', but conventional measures of business quality are unfit for the new reporting agenda. Culture Audit in Financial Services follows the arc of 'behavioural regulation' to examine what the regulator really wants, before offering guidance on how culture audit differs from conventional auditing, how to put the latest pure-research findings to work, and the key features of well-designed conduct and culture reports. Written by an impartial author and a variety of contributors with extensive experience working with practitioners, regulators, and many of the world's finest academic initiatives, this book is filled with practical, grounded advice on how best to approach this new challenge and avoid infractions.Trade Review"A highly useful travelogue written by acclaimed experts in an easy-going manner that nevertheless serves to deepen awareness and understanding. After a survey of concepts and how conduct regulation is evolving, Culture Audit opens a window on using behavioural science to frame 'better questions' and introduces straightforwardly the benefits of some advanced technology. These elements weave together to explain where thought leadership has been and points to areas for further exploration like purpose, individual character development and the excitement that awaits firms who are not quite prepared for their first earnest discussion of culture with a regulator." * Ted MacDonald, Technical Specialist, Wholesale Banking Supervision, UK Financial Conduct Authority *"Roger Miles has brought together a stellar group of experts in conduct risk and fashioned a unique resource for the financial services industry and beyond. The authors and Dr Miles himself have been there, done that and have the t-shirt when it comes to conduct risk management. Oozing with practical wisdom, this book brings concepts from psychology and behavioural science to a financial services audience, to help address the seemingly intractable challenge of workplace misconduct. Culture change programmes fail at least as often as they succeed, but Culture Audit contains many insights that will enhance the chances of success. As a business school professor teaching post-experience, post-graduate programs, I'm often looking for material that is evidence-based but accessible; that avoids bland motherhood statements and excites interests; that presents solutions that are seen as feasible and not utopian. This book has all those qualities and I expect it will help the industry chart a new course, consistent with its recent aspirations. A must-have for financial services leaders and regulators, and those who aspire to such roles." * Elizabeth Sheedy, Professor of Risk Governance, Macquarie University *"Culture Audit fills a welcome gap between procedural "how to" manuals which can be dull and conceptually empty, and academic research, which is often brilliant but difficult to translate into real organizational programs and initiatives. This book takes many of the best ideas out there from behavioral science, then sets them within a framework with action points making it genuinely useful for practitioners. The lively writing and provocative examples really help overcome the difficulty of making culture a practical consideration for companies without losing important nuances. This work deserves to make a big positive impact." * Alison Taylor, Executive Director, Ethical Systems; Professor, NYU Stern School of Business *"Just what the finance industry wants, and more importantly, what it needs. A definitive "How to" guide to understanding your firm's culture, its strengths and weaknesses, and, most importantly, how to systematically and thoroughly set about improving it throughout your workforce and firm. Packed with helpful real-life anecdotes from finance experts, academics' and regulators' perspectives, helpful history, insightful psychology, and pithy "sidebars" which neatly illustrate key points. A clear-sighted, up-to-the-minute view on progress made and what's left to do. This will long be seen as the magnum opus on this critical topic - and it is compelling reading at that. If the industry follows even half of the good advice here it will be in a much better place a few years from now." * Sean Carney, COO/CFO, Telemos Capital *"I really like the multiple-author approach, and what a list of co-authors! There's huge value in just being able to read insights from this remarkable group of people all in one place. Their different perspectives throughout, and their evident sense of fun, make Culture Audit really engaging and thought-provoking. A set of 'Interlude' stories also brings the theory to life, such as the hugely enjoyable account of how a central bank supervisor went on to 'rebrand' an investment bank's compliance department as behaviour-aware - a mindset shift that would benefit many firms. Culture Audit's view of the genesis of conduct regulation, and robust predictions for its future, ground our understanding of why it's now so vital for firms to focus on culture and behaviour. The book is always engaging - it's as if the reader is enjoying a chat with the authors - and thankfully avoids getting bogged down in regulatory small print. With so much still to be done to improve financial sector culture, here's a book which really will spark timely conversations in firms: importantly around purpose, psychological safety, diversity and inclusion. These are vital foundations for any firm to set out, then act on to start a lasting culture change. Culture Audit jump-starts these conversations in a friendly, understandable way. It's a great addition to the discourse." * Olivia Fahy, Head of Culture, TCC Group; Culture Team lead - Supervision, UK Financial Conduct Authority 2016-21 *"This masterful book gives the reader an easy lens to get familiar with the latest thought and regulatory agenda for supervising financial firms' conduct and culture. Following to the global financial crash and numerous scandals such as LIBOR rigging and mis-selling, we have seen a shift from a consumer protection regime based on disclosure, towards a new focus on the root cause of misconduct: firms' culture. Culture Audit answers many questions that will be on the minds of firms' executives and compliance professionals, as well as regulators. Uniquely, this book addresses head-on the controversial topic of how people opt for different roles at different career stages, moving between regulatory agencies and commercial roles. This brings a fresh perspective so we can reflect in a new way on how regulators and firms interact. A summary condensed from years of research, empirical experience, hundreds of real life talks and sharing by firms' executives, this book is a joy to read, for its clear setting out of theory and its practical action points. Dr Miles is a fascinating guide as he unlocks a door to the secrets of human minds, group dynamics and applying behavioural science to financial services. With an impressive group of colleagues, he addresses the big questions: What is culture and conduct? Why do regulators care about culture and conduct, as opposed to codified laws and regulations?, and more importantly: What shall we (the firms) do in response to the call? Arguing for a clear difference between conventional audit and culture assessment, it rightly also questions even whether the term culture audit is broad enough to yield the "better questions" that firms now need to ask themselves." * Davis Tsui, JD, CPA, Insurance Conduct Supervisor, Hong Kong Insurance Authority; former Treasury Markets Association Secretariat, Hong Kong Monetary Authority *"An all-round excellent reading experience: crisply written, with sharp graphics and pithy fact boxes. Culture Audit is packed with clear, current and bright insight - which is no less than we'd expect from the world-leading practitioner experts behind it. Even more impressively, they address it all in a way that's engaging, easily readable and (who'd have expected this?) frequently entertaining. Every regulated finance professional with any leadership responsibilities should read this book." * Robert Ellison, Co-Founder, Finance Unlocked *"So many books have only one idea; this one has so many from Roger Miles and his co-authors. A broadly useful book with all kinds of lessons for all kinds of practitioners. As well as efficiently tapping into key high-level research findings, readers will discover how in practice to match culture and conduct principles with the needs to their organisation's stakeholders - including regulators of course. The UK and international context is thoroughly current and well evidenced with real life examples, a full glossary and plentiful references. Everything you need is in one place. A thoroughly worthwhile read!" * Bryan Foss, serial iNED; Council member, Financial Reporting Council; Co-Founder, The Risk Coalition *"What a timely book! Plenty here to interest financial services regulation practitioners. It seems extraordinary that we are still talking about culture, more than twelve years after the global financial crisis exposed such huge problems in financial institutions. With great clarity, the authors have explained why these problems persist and if this book can help to improve culture then they've done a fine job. Culture Audit contains a wealth of knowledge including a topical chapter on the behavioural science techniques that supervisors have adapted in recent years. A vast amount of research and analysis from leading industry thinkers has clearly gone on behind the scenes to enlighten the reader, yet the authors keep the tone straight-talking, lucidly unpacking complex and technical topics without compromising the quality of the analysis. For those whose interest is piqued, a list of further reading is provided in the appendix and there's a properly helpful glossary. Culture Audit is very likely to achieve its aim of starting a wider conversation about conduct and culture across the regulated financial sector and beyond." * Alexander Robson, Managing Editor, Thomson Reuters Regulatory Intelligence *"It isn't very often that I would recommend to my book club what appears from the title to be an academic read - but this one breaks the mould. The team of writers has delivered an insightful and practical book that manages to be both strategic and operational, as needed, besides often letting the reader pause to reflect and consider how this all supports their own personal development. The 'story' interludes bring the chapters together in that really useful, involving way that storytelling has, of leading the reader towards understanding and applying the concepts in real life. A thoroughly worthwhile read." * Ann McFadyen, Director, UK Finance *Table of Contents Chapter - 01: A culture quest for ‘better behaviour; Chapter - 02: ‘How regulators’ ‘behavioural approach’ went global – with culture its latest focus; Chapter - 03: ‘The house is on fire - How regulators own research has pointed to ‘culture reset’; Chapter - 04: What’s the big idea? (1) - How conduct regulators use behavioural science; Chapter - Interlude One: From poacher to gamekeeper to poacher… to scientist - A supervisor’s tale; Chapter - 05: What’s the big idea? (2) - Regulators’ challenge to firms - framing ‘purposeful culture’; Chapter - 06: A ‘behaviour-at-risk’ agenda emerges - Questioning purpose, lost trust and cultural coercion; Chapter - 07: The new mindset and language of culture - Assessing financial and non-financial conduct; Chapter - 08: Audit basics - How the practice of culture audit differs from conventional auditing; Chapter - 09: The new management reporting information (MI) for culture Part 1 - Getting past the old MI; Chapter - 10: The new reporting Part 2 - Developing the framework - from culture models to better questions and indicators; Chapter - Interlude Two: Case example - Culture rating in a retail bank; Chapter - 11: Interventions and enforcements - How regulators have responded to a ‘culture crisis’; Chapter - 12: Intelligence gathering versus surveillance - Tried and failed methods; putting the latest research tools to work; Chapter - Interlude Three: A sector-wide group seeks culture ‘tells’ - (Observing indications of good and poor conduct); Chapter - 13: Putting respected research tools to work, example 1 - Tools for cultural transformation - Barrett Analytics; Chapter - 14: Putting respected research tools to work, example 2 - Using the CultureScope ‘combined analytic’ to deliver measurably better culture; Chapter - 15: What regulators really want - Wrap-up and look ahead; Chapter - 16: Glossary; Chapter - 17: Recommended reading;

Read more less

Book SynopsisThis memorial collection of papers authored and co-authored by Ian Langford represents some of the most thoughtful and innovative contributions to the literature regarding the holistic analysis of environmental and health risk issues. It provides important foundations for the development of a mixed methodological approach to addressing such issues. These carefully chosen papers span a number of disciplines, including statistics, environmental risk analysis, human geography and economics and represent the diversity, innovation and analytical rigour of Ian Langford's writing.Table of ContentsContents: Foreword Introduction Part I: Human Health and Epidemiology Part II: Risk Perception and Social Psychology Part III: Environmental Valuation Part IV: Policy Analysis Index

Read more less

Book SynopsisRisk management deals with prevention, decision-making, action taking, crisis management and recovery, taking into account the consequences of unexpected events. The authors of this book are interested in ecological processes, human behavior, as well as the control and management of life-critical systems, which are potentially highly automated. Three main attributes define life-critical systems, i.e. safety, efficiency and comfort. They typically lead to complex and time-critical issues and can belong to domains such as transportation (trains, cars, aircraft), energy (nuclear, chemical engineering), health, telecommunications, manufacturing and services. The topics covered relate to risk management principles, methods and tools, and reliability assessment: human errors as well as system failures, socio-organizational issues of crisis occurrence and management, co-operative work including human−machine cooperation and CSCW (computer-supported cooperative work): task and function allocation, authority sharing, interactivity, situation awareness, networking and management evolution and lessons learned from Human-Centered Design.Table of ContentsPart 1. General Approaches for Crisis Management 1. Dealing with the Unexpected Guy A. Boy 2. Vulnerability and Resilience Assessment of Infrastructures and Networks: Concepts and Methodologies Eric Châtelet 3. The Golden Hour Challenge: Applying Systems Engineering to Life-Critical System of Systems Jean-René Ruault 4. Situated Risk Visualization in Crisis Management Lucas Stéphane 5. Safety Critical Elements of the Railway System: Most Advanced Technologies and Process to Demonstrate and Maintain Highest Safety Performance Stéphane Romei 6. Functional Modeling of Complex Systems Morten Lind Part 2. Risk Management and Human Factors 7. Designing Driver Assistance Systems in a Risk-based Process Pietro Carlo Cacciabue 8. Dissonance Engineering for Risk Analysis: A Theoretical Framework Frédéric Vanderhaegen 9. The Fading Line Between Self and System René van Paassen 10. Risk Management: A Model for Procedure Use Analysis Kara schmitt 11. Driver-Assistance Systems for Road Safety Improvement Serge Boverie Part 3. Managing Risk Via Human-Machine Cooperation 12. Human–Machine Cooperation
 Principles to Support Life-Critical Systems Management Marie-Pierre Pacaux-Lemoine 13. Cooperative Organization for Enhancing Situation Awareness Patrick Millot 14. A Cooperative Assistant for Deep Space Exploration Donald Platt 15. Managing the Risks of Automobile Accidents Via Human–Machine Collaboration Makoto Itoh 16. Human–Machine Interaction in Automated Vehicles: The ABV Project Chouki Sentouh and Jean Christophe Popieul 17. Interactive Surfaces, Tangible Interaction: Perspectives For Risk Management Christophe Kolski, Catherine Garbay, Yoann Lebrun, Fabien Badeig, Sophie Lepreux, René Mandiau and
 Emmanuel Adam

Read more less

Book SynopsisRisks are increasingly regulated by international standards, and scientists play a key role in standardization. This fascinating book exposes the action of 'invisible colleges' of scientists loose groups of prominent scientific experts who combine practical experience of risk and control with advisory responsibility in the formulation of international standards. Drawing upon the domains of medicines, 'novel foods' and food hygiene, David Demortain investigates new regulatory concepts emerging from invisible colleges, highlighting how they shape consensus and pave the way for international standards. He explores the relationship between science and regulation from theoretic and historic perspectives, and illustrates how scientific experts integrate regulatory actors in commonly agreed modes of control and structures of regulatory responsibilities. Sociological and political implications are also discussed.Using innovative methodologies and an extensive insight into food and pharmaceutical regulation, this book will provide a much-needed reference tool for scholars and students in a range of fields encompassing science and technology studies, public policy, risk and environmental regulation, and transnational governance. Contents: 1. Risk Regulation From Controversies to Common Concepts 2. Communities, Networks and Colleges: Expert Collectives in Transnational Regulation 3. From Qualifying Products to Imputing Adverse Events: A Short History of Risk Regulation 4. Drawing Lessons: Medical Professionals and the Introduction of Pharmacovigilance Planning 5. Modelling Regulation: HACCP and the Ambitions of the Food Microbiology Elite 6. The Value of Abstraction: Food Safety Scientists and the Invention of Post-market Monitoring 7. Exploring Invisible Colleges: Sociology of the Standardising Scientist 8. Scientists, Standardisation and Regulatory Change: The Emergent Action of Invisible Colleges Appendix 1. Research Strategy and Methodology References IndexTable of ContentsContents: 1. Risk Regulation – From Controversies to Common Concepts 2. Communities, Networks and Colleges: Expert Collectives in Transnational Regulation 3. From Qualifying Products to Imputing Adverse Events: A Short History of Risk Regulation 4. Drawing Lessons: Medical Professionals and the Introduction of Pharmacovigilance Planning 5. Modelling Regulation: HACCP and the Ambitions of the Food Microbiology Elite 6. The Value of Abstraction: Food Safety Scientists and the Invention of Post-market Monitoring 7. Exploring Invisible Colleges: Sociology of the Standardising Scientist 8. Scientists, Standardisation and Regulatory Change: The Emergent Action of Invisible Colleges Appendix 1. Research Strategy and Methodology References Index

Read more less

Book SynopsisArtificial Intelligence for Risk Management is about using AI to manage risk in the corporate environment.The content of this work focuses on concepts, principles, and practical applications that are relevant to the corporate and technology environments. The authors introduce AI and discuss the different types, capabilities, and purposes–including challenges.With AI also comes risk. This book defines risk, provides examples, and includes information on the risk-management process. Having a solid knowledge base for an AI project is key and this book will help readers define the knowledge base needed for an AI project by developing and identifying objectives of the risk-knowledge base and knowledge acquisition for risk. This book will help you become a contributor on an AI team and learn how to tell a compelling story with AI to drive business action on risk.

Read more less

Book SynopsisArtificial Intelligence for Security explores terminologies of security and how AI can be applied to automate security processes.Additionally, the text provides detailed explanations and recommendations for how implement procedures. Practical examples and real-time use cases are evaluated and suggest appropriate algorithms based on the author’s experiences.Threat and associated securities from the data, process, people, things (e.g., Internet of things), systems, and actions were used to develop security knowledge base, which will help readers to build their own knowledge base. This book will help the readers to start their AI journey on security and how data can be applied to drive business actions to build secure environment.

Read more less

Book SynopsisArtificial Intelligence Design and Solutions for Risk and Security targets readers to understand, learn, define problems, and architect AI projects.Starting from current business architectures and business processes to futuristic architectures. Introduction to data analytics and life cycle includes data discovery, data preparation, data processing steps, model building, and operationalization are explained in detail.The authors examine the AI and ML algorithms in detail, which enables the readers to choose appropriate algorithms during designing solutions. Functional domains and industrial domains are also explained in detail. The takeaways are learning and applying designs and solutions to AI projects with risk and security implementation and knowledge about futuristic AI in five to ten years.

Read more less