Simplifying Risk Management
An Evidence-Based Approach to Creating Value for Stakeholders
- Available for pre-order. Item will ship after April 25, 2022
Recent decades have seen much greater attention paid to risk management at an organizational level, as evidenced by the proliferation of legislation, regulation, international standards and good practice guidance. The recent experience of Covid-19 has only served to heighten this attention. Growing interest in the discipline has been accompanied by significant growth in the risk management profession; but practitioners are not well served with suitable books to guide them in their work or challenge them in their professional development. This book attempts to place the practice of risk management within organizations into a broader context, looking as much at why we try to manage risk as how we try to manage risk. In doing so, it challenges two significant trends in the practice of risk management: • The treatment of risk management primarily as a compliance issue within an overall corporate governance narrative; and • The very widespread use of qualitative risk assessment tools (“heat maps” etc.) which have absolutely no proven effectiveness. Taken together, these trends have resulted in much attention being devoted to developing formalized systems for identifying and analyzing risks; but there is little evidence that this is driving practical, cost-effective efforts to actually manage risk. There appears to be a preoccupation with the risks themselves, rather than a focus on the positive actions that can (and should) be taken to benefit stakeholders. This book outlines a simple, quantitative approach to risk management which refocuses attention on treating risks; and presents choices about risk treatment as normal business decisions.
Table of Contents
- Risk in the Context of Organisations
- Trends in Risk Management
- Bridging the Gap Between Academics and Practitioners
- Terminology, References and Structure
Chapter 1: What do we Mean by Risk?
- Upside and Downside Risk
- Risk vs Uncertainty
- Risk to Whom?
- Reconciling Conflicting Interests
- Risk Measures
- Categorisation of Risks
Chapter 2: Why do we try to Manage Risk?
- Improving Expected Outcomes
- Reducing The Likelihood of Extreme Events
- Reducing Variability in Outcomes
- Demonstrating Good Corporate Governance
- Why do we not Manage Risk?
- Empirical Evidence
Chapter 3: Risk Management Systems
- Integrated Risk Management
- Implementation of Integrated Risk Management Systems
- ISO 31000
- Risk Displacement and Risk Compensation
Chapter 4: Scope, Context and Criteria
- Agreeing Risk Criteria
- Ownership and Delegated Authority
- Justifying Resources
Chapter 5: Risk Assessment
- Risk Identification
- Risk Analysis
Chapter 6: Risk Treatment
- Risk Treatment Example
- Combining Risk Treatments
- Recording and Reporting
Chapter 7: Measuring the Effectiveness of Risk Management
- Measuring the Effectiveness of Individual Risk Treatments
- Estimating the Mitigating Effect on Major Disruptions
- Evaluating the Success of Implementation
- Quantifying the Overall Impact of Risk Management Programmes
- Taking A Pragmatic Approach to Measurement
Chapter 8: Underlying Themes and Summary
- Is a Quantitative Approach Really Practical?
- How Does Strategy Link to Risk?
- Where Does Risk Management Belong in the Organisation?
- Crises and Black Swans
- Applicability to the Public and Not-for-Profit Sectors
- Would any of This Have Made a Difference in the Covid-19 Pandemic?
- Summary of Key Ideas
Annex A: Risk Return Relationships in UK Listed Companies
Annex B: The Impact of Covid-19 on FTSE 100 Share Price
Annex C: Alternative Numerical Example
- Risk Criteria
- Risk Analysis
- Risk Treatment
Annex D: Some Useful Sources of Risk Information
- Information Security
- Natural Disasters
Patrick Roberts, MA, MSc, PhD is the Founder/Director of Cambridge Risk Solutions, Ltd, and is responsible for both business development and delivery of a full range of risk management services across all sectors. Projects have included: • Implementation of business continuity management systems for Hotel Chocolat, the University of New South Wales, Paradigm Housing and Moorfields Eye Hospital NHS Foundation Trust; • Design and facilitation of crisis management training and exercises for Heathrow Airport, Somerset Care Group and the University of Westminster; and • Internal audits for various clients holding certification to ISO 22301 and ISO 27001. Patrick has worked in Business Continuity and Security consultancy since 2003 when he joined Olive Security, one of the UK’s leading security consultancies. He subsequently spent 3 years as a Senior Consultant at Needhams 1834 Ltd where he provided Business Continuity consultancy and training for a wide range of blue-chip businesses and public sector organizations. He specializes in Risk Modelling, Business Continuity training and Disaster Recovery solutions. Before embarking on a career in Business Continuity Management, Patrick had a varied career including various project and line management roles in the engineering industry and serving as an Infantry Officer in the British Army. He holds an MA in Natural Sciences/Computer Science from Cambridge University; an MSc in Optoelectronic and Laser Devices from St Andrews University; an MBA from the Institute of Management Development in Lausanne, Switzerland; and a PhD from Nottingham University Business School. He is also a Fellow of the Institute of Strategic Risk Management, a certified Six Sigma™ Green Belt, an ISO 27001 Implementer and has passed the ITIL® V3 Foundation Certificate.