MANAGING BUSINESS RISK This page intentionally left blank ii MANAGING BUSINESS RISK a practical guide to protecting your business fourth edition consultant editor: jonathan reuvid Recommended by the Institute of Risk Management London and Philadelphia Publisher’s note Every possible effort has been made to ensure that the information contained in this book is accurate at the time of going to press, and the publishers and authors cannot accept responsibility for any errors or omissions, however caused No responsibility for loss or damage occasioned to any person acting, or refraining from action, as a result of the material in this publication can be accepted by the editor, the publisher or any of the authors First published in Great Britain and the United States in 2003 by Kogan Page Limited Second edition 2005 Third edition 2006 This edition 2007 Apart from any fair dealing for the purposes of research or private study, or criticism or review, as permitted under the Copyright, Designs and Patents Act 1988, this publication may only be reproduced, stored or transmitted, in any form or by any means, with the prior permission in writing of the publishers, or in the case of reprographic reproduction in accordance with the terms and licences issued by the CLA Enquiries concerning reproduction outside these terms should be sent to the publishers at the undermentioned addresses: 120 Pentonville Road London N1 9JN United Kingdom www.kogan-page.co.uk 525 South 4th Street, #241 Philadelphia PA 19147 USA © Kogan Page and Contributors, 2003, 2005, 2006, 2007 ISBN-10 ISBN-13 7494 4949 978 7494 4949 The views expressed in this book are those of the authors, and are not necessarily the same as those of the Institute of Risk Management British Library Cataloguing-in-Publication Data A CIP record for this book is available from the British Library Library of Congress Cataloging-in-Publication Data Managing business risk : a practical guide to protecting your business / Jonathan Reuvid, [consulting editor] – 4th ed p cm Recommended by Institute of Risk Management ISBN-13: 978-0-7494-4949-0 ISBN-10: 0-7494-4949-7 Risk management I Institute of Risk Management II Reuvid, Jonathan HD61.M26 2007 658.15’5–dc22 2007001960 Typeset by JS Typesetting Ltd, Porthcawl, Mid Glamorgan Printed and bound in Great Britain by Cambridge University Press This page intentionally left blank v This page intentionally left blank vi This page intentionally left blank vii This page intentionally left blank viii This page intentionally left blank ix This page intentionally left blank x Appendix: Contributors’ contact list ACE European Group Limited The Ace Building 100 Leadenhall Street London EC3A 3BP Tel: +44 (0) 20 7173 7000 Fax: +44 (0) 20 7173 7852 Contact: Karl Russek e-mail: karl.russek@ace-ina.com Contact: Emma Watkins e-mail: emma.watkins@ace-ina.com Contact: Richard Coello e-mail: richard.coello@ace-ina.com Contact: Steve Capon e-mail: steve.capon@ace-ina.com www.aceeuropeangroup.com BMW Group Risikomanagement 80788 Munich Germany Tel: +49 (89) 382 20245 Fax: +49 (89) 382 25564 Contact: Dr Elmar Steurer e-mail: Elmar.Steurer@bmw.de www.bmwgroup.com _ Centre for Effective Dispute Resolution (CEDR) 70 Fleet Street London EC4Y 1EU Tel: +44 (0) 20 7536 6000 Fax: +44 (0) 20 7536 6001 Contact: Andy Rogers e-mail: arogers@cedr.co.uk www.cedr.co.uk Centre for Technology Management Institute for Manufacturing, Cambridge University Engineering Department Mill Lane Cambridge CB2 1RX Tel: +44 (0) 1223 766401 Contact: Clare Farrukh e-mail: Cjp2@eng.cam.ac.uk www.ifm.eng.cam.ac.uk/ctm/ Chartered Institute of Management Accountants (CIMA) 26 Chapter Street London SW1P 4NP Tel: +44 (0) 20 7663 5441 Contact: Lottie Muir e-mail: Lottie.Muir@cimaglobal.com www.cimaglobal.com Chartered Institute of Purchasing and Supply (CIPS) Easton House Easton on the Hill Stamford PE9 3NZ Tel: +44 (0) 1780 756777 Fax: +44 (0) 1780 751610 Contact: Liz Cullen e-mail: liz.cullen@cips.org www.cips.org Chiltern plc Sheldon Square London W2 6PS Tel: +44 (0) 20 7153 2290 Fax: +44 (0) 7899 062125 Contact: Louis Cooper e-mail: cooperl@chilternplc.com www.chilternplc.com APPENDIX 375 376 APPENDIX _ Commercial Security International Limited (CSI) 125 Aldersgate Street London EC1A 4JQ Tel: +44 (0) 20 7553 7960 Contact: Neil Miller e-mail: neil.miller@comsec-international.com Companycare Communications 154 Castle Hill Reading Berkshire RG1 7RP Tel: +44 (0) 118 939 5900 Fax: +44 (0) 118 959 9595 Contact: Kevin Taylor e-mail: kevin@companycare.com www.companycare.com DNV Cromarty House 67–72 Regent Quay Aberdeen AB11 5AR Tel: +44 (0) 1224 335000 Fax: +44 (0) 1224 593311 Contact: Joyce Dalgarno e-mail: joyce.dalgarno@dnv.com Federation of European Risk Management Associations (FERMA) rue de la Presse 1000 Brussels Belgium Tel: +32 (0) 227 1144 Fax: +32 (0) 227 1148 Contact: Marie-Gemma Dequae e-mail: info@ferma-asso.org www.ferma-asso.org HASTAM The Old Bakehouse Fullbridge Maldon Essex CM9 4LE Tel: +44 (0) 1621 854111 Fax: +44 (0) 1621 851756 Contact: Tony Boyle e-mail: tony@hastam.co.uk www.hastam.co.uk _ Heineken International PO Box 28 1000 AA Amsterdam The Netherlands Tel: +44 (0) 31 20 5239338 Fax: +44 (0) 31 20 5239537 Contact: Eric Bloem e-mail: Eric.Bloem@heineken.com www.heineken.com Hewlett-Packard 29 Valepits Road Garrets Green Birmingham B33 0TD Tel: +44 (0) 121 784 7445 Fax: +44 (0) 121 783 4015 hpbc.uk@hp.com HSBC Insurance Brokers Bishops Court 27–33 Artillery Lane London E1 7LP Tel: +44 (0) 20 7661 2511 Contact: Anna Moreno e-mail: Anna.Moreno@hsbc.com www.hsbc.com ICM Computer Group ICM House Oakwell Park Oakwell Way Birstall West Yorkshire WF17 9LU Contact: Frances Longley e-mail: frances.longley@icm-computer.co.uk www.icm-computer.co.uk The Institute of Risk Management Lloyd’s Avenue London EC3N 3AX Tel: +44 (0) 20 7709 9808 Fax: +44 (0) 20 7709 0716 Contact: Rebecca Brueton e-mail: rebecca.brueton@theirm.org www.theirm.org APPENDIX 377 378 APPENDIX _ KPMG LLP Risk Advisory Services Salisbury Square London EC4Y 8BB Tel: +44 (0) 20 7694 3282 Fax: +44 (0) 20 7311 8864 Contact: Andrew Fields e-mail: andrew.fields@kpmg.co.uk www.kpmg.co.uk KSB Law LLP Elan House 5–11 Fetter Lane London EC4A 1QD Tel:+44 (0) 20 7822 7567 Fax: +44 (0) 20 7822 7600 Contact: Jennifer Paynter e-mail: jpaynter@ksblaw.co.uk www.ksblaw.co.uk Liquid Public Relations Ltd Number 1, Greenbox Westonhall Road Stoke Prior Bromsgrove Worcestershire B60 4AL Tel: +44 (0) 870 232 0300 Fax: +44 (0) 870 232 0301 Contact: Elisabeth Lewis Jones e-mail: lis@liquidpr.co.uk www.liquidpr.co.uk Lloyd’s Register Quality Assurance Ltd (LRQA) LRQA Centre Hiramford Middlemarch Office Village Siskin Drive Coventry CV3 4FJ Tel: +44 (0) 24 7688 2386 Contact: Anne-Marie Warris e-mail: anne-marie.warris@lrqa.com www.lrqa.com _ Middlesex University Centre for Decision Analysis and Risk Management Queensway Enfield Middlesex EN3 4SA Tel: +44 (0) 20 8411 6822 Fax: +44 (0) 20 8411 6580 Contact: John Watt e-mail: j.watt@mdx.ac.uk www.mdx.ac.uk/risk Norland Managed Services Limited 454–460 Old Kent Road London SE1 5AH Tel: +44 (0) 20 7231 8888 Contact: Paula Ansell e-mail: Paula.Ansell@norlandmanagedservices.co.uk www.norlandmanagedservices.co.uk Protiviti Protiviti UK 6th Floor, Rex House 10 Regent Street London SW1Y 4PE Tel: +44 (0) 20 7024 7549 Fax: +44 (0) 20 7930 8807 Contact: Sean Holohan Tel: +44 7917 761030 www.protiviti.com RSA Security UK Ltd RSA House Western Road Bracknell Berkshire RG12 1RT Tel: +44 (0) 1344 781000 Fax: +44 (0) 1344 781001 Contact: Natasha Staley e-mail: nstaley@rsa.com www.rsa.com APPENDIX 379 380 APPENDIX _ Siemens Insight Consulting The Quintet Churchfield Road Walton on Thames Surrey KT12 2TZ Tel: +44 (0) 1932 241000 Fax: +44 (0) 1932 236868 Contact: Robert Chapman e-mail: robert.chapman@siemens.co.uk www.siemens.co.uk XL Group XL House 70 Gracechurch Street London EC3V 0XL Contact: Paula Wilson e-mail: Paula.Wilson@xlgroup.com www.xlgroup.com Index age discrimination risk 306 et seq ARROW II supervision 194 assessment 95 programmes 101 protocol 96 risk maturity chart 98 Basel II 251 biometrics evolution; future risk 343 definition 344 identification technology; use of 347 recognition process 345 risks 348 technology; use of 350 BMW, integrated risk management implementation at 70 board, role of 14 brand, power of 105 brokers remuneration 11 business continuity, use of data replication 324 et seq back up, need for 325 disaster tolerance 326 smart storage systems 326 the threats 325 business performance optimization 53 et seq business risk, management through contractual schemes of liability 219 et seq payment 226 performance as possible liability 221 quality delivered as possible liability 224 risk and liability 220 time factor 225 chance/risk management (CRM) 71 implementation 73 profile 75 vehicle projects 74 China: counterfeiting and brand protection 256 et seq enforcement legislation 262 intellectual property risk 258 protection recommendations 261 traditional and internet infringements 259 CIMA Strategic Scorecard 15 et seq current developments 18 strategic risk dimension 18 client risk 132 climate change, impacts of 368 et seq implications 372 Companies Act 22, 28 conflict, cost of 198 lost productivity 200 relationships 199 reputations 199 resolution 203 conflict management, best practice 197 et seq 382 INDEX _ management skills 203 strategy development 201 contract risk 81 et seq board responsibility 82 corporate governance 20 et seq associated guidance 25 board responsibility 27 Combined Code 23 definition 20 history 21 QCA guidelines 29 related law 22 corporate responsibility agenda 46 issues 47 corporate scandals 13 cost of capital 57 crisis, bouncing back from 161 et seq aftermath 162 image 167 integrated approach 163 stakeholders and staff 163 recovery 166 survival strategy 164 critical engineering and risk management (CERM) 147 et seq culture and behaviour 153 effective, factors in 150 et seq currency depreciation 252 data replication 324 et seq decision trees and options thinking 240 delivery risk 85 deSOX 43 Disability Discrimination Act 278 exemption Part 282 disability risk assessment, on premises 278 access audit 283 access to premises 288 disclosure rules 25 economic value added 54 framework 55 EFQM framework for risk management 94 emerging markets, risk in 252 Employment Equality (Age) Regulations 306 enhanced redundancy pay 309 justification 307 prohibitions 307 promotion 309 recruitment 308 retirement 310 service related pay 309 environmental risk management; international developments 355 et seq legal system, international 356 et seq precautions 359 regulatory environment 356 European directives 8–9 existing value, use of 57 expansion by acquisition; risk management 264 et seq assessment 264 competitive advantage 268 risk transfer 267 warranty protection 266 failure mode and effects analysis (FMAE) 232 worksheet 235 Federation of European Risk Management Associations 7, 10 FIN 48 213 financial services companies, regulatory risk 187 et seq Financial Services Authority 187 fund management sector, operational risks 171 et seq EU regulations 174 insurance role 171 professional and managerial liability 173 litigation risk 172 new regulations and control 172 Global Assoc of Risk Professionals governance, enterprise 13 _ Health and Safety Executive 292 HM Revenue an Customs, role of 211 individual risks, identification of 37 information risk management 315 et seq in changing environment 317 compliance and regulatory requirements 319 project control and monitoring 318 technology developments 319 information security governance 330 et seq principles 333 innovation, risk management in 231 innovation investment, managing risk 237 insurance industry 10 integrated risk management (BMW) 70 et seq, 72 internal audit priorities 176 et seq as change agent 180 charter and reporting relationships 178 efficiency driver 181 performance measurement 184 quality improvement 183 and risk management 177 risk and stakeholder expectations 179 International Federation of Risk and Management Associations investment insurance perils 249 listing rules 25 liability capping 206 limitation periods 207 management fraud 273 et seq management systems, assessment of 92 Markets in Financial Instruments Directive (MiFID) 195 measurement and assessment 90 performance of management systems 92 INDEX 383 narrative reporting, effect of 44 occupational health and safety, management of 361 et seq legal requirements 362 management review 364 measurement 365 OH&S management 361 OH&SMS 363 occupational pension schemes, risks and rewards 285 et seq defined benefit and defined contribution 286 trust versus contract arrangements 287 trustee role 288 trustee protection 289 operational risk exposure, understanding and managing 113 et seq characteristics, nature of 116 consolidation 155 et seq contingency planning 121 identification and assessment 119 management of 118, 119 monitoring of 120 risk portfolio 117 size of exposure 117 organization overall risk 156 performance improvement 56 standards 223 political risk 246 et seq portfolio management 242 private insurance market 246 product offerings 248 procurement risk 84, 86 project risk, measurement of 156 project and programme risk, consolidation 156 prospective rules 25 quality risk 139 et seq capability, establishing 144 customer need 141 384 INDEX _ management systems 145 managing 140 of performance, liability possibility 221 RADAR scoring matrix 99 regulatory risk, financial services companies 187 et seq reputation risk, safety 104 et seq practice 107 preparation 105 process 106 residual risk transfer risk assurance management systems 93 risk capital risk and chances aggregation 77 risk tolerance 79 risk management 70 applications 83 and critical engineering 147 et seq current risk agenda 41 et seq evolution et seq identification and assessment improvement through measurement and assessment 90 et seq in innovation 231 et seq management system, dedicated 91 matrix 233 measurement 94 mitigation strategies reporting for small businesses 36 et seq value added by risk without reward 171 et seq sale or purchase of business, common risks 205 et seq notification of claims 208 Sarbanes–Oxley (SOX) fallout 41 section reporting 213 the scorecard 59 et seq implementation and use 61 et seq rationale for use 60 senior personnel, responsibility of 196 service provider, definition 280 shareholder groups guidelines 26 small business, strategic risk management 31 et seq standards, industry risk International Organization for Standardization strategic risk and good governance 12 et seq management for small companies 31 et seq supply chain risk 140 assessment 124 methods sourcing 125 origins of 122 supplier communication 125 technology 126 syndicated services, nature of 130 syndication alternative sites, invocations, testing 136 exclusion zones, and contention 135 ratios 132 and supplier risk 129 et seq implications of 123 taxation risk 211 main categories 216 management framework 214 risk monitoring 217 tenors and credit risk 251 trustee professional 288 UK and USA comparison 27 US regulatory framework 212 value driver recognition 54 value road mapping (VRM) 237 VSRD(Voluntary Supplier Risk Declaration) 130 et seq example 132 warranty claims 206 wireless security risk measurement 338 et seq cost 341 _ management of risk 340, 341 risk identification 340 work-related stress hazard 291 et seq case law 297 et seq causes, effects 293 et seq INDEX 385 definition 293 law 296 management involvement 301–02 strategy 301, 303 This page intentionally left blank 386 Index of advertisers ACE xl–xli Chiltern plc x CIMA (The Chartered Institute of Management Accountants) xi CIPS (The Chartered Institute of Purchasing and Supply) ii CSi (Comsec International) 257 Currencies Direct vi–vii DNV xiv HASTAM xii–xiii HP (Hewlett-Packard Development Company) xvii HSBC Insurance Brokers 114–15 ICM xix, 131 IRM (The Institute of Risk Management) v KPMG 42 KSB Law xlii–xliii LRQA 142–43 Protiviti xxi Siemens Insight Consulting plc viii–ix Middlesex University 32–33 XL Insurance 342 Visit Kogan Page online Comprehensive information on Kogan Page titles Features include: ● complete catalogue listings, including book reviews and descriptions ● sample chapters ● monthly promotions ● information on NEW titles and BEST-SELLING titles ● a secure shopping basket facility for online ordering Sign up to receive regular e-mail updates on Kogan Page books at www.kogan-page.co.uk/signup.aspx and visit our website: www.kogan-page.co.uk ... 1.4 Strategic risk management for small businesses John Watt, Middlesex University Introduction 31; Drivers of risk management for small businesses 35; Risk management for small businesses 36;... operational risk 116; Managing operational risk 118; Conclusion 121 113 3.2 Origins of risk in the supply chain Helen Alder Implications of risk 123; The state of play 124; Tackling supply chain risk. .. 7: Areas of Risk in IT Management and Usage 7.1 Information risk management Mike Madgin, DNV Introduction 315; Business drivers 316; IT risk in a changing business environment 317; Risk assessment