F U N D A M E N TA L S O F Enterprise Risk Management H o w To p C o m p a n i e s A s s e s s R i s k , M a n a g e Exposures, and Seize Oppor tunities John J Hampton American Management Association New York • Atlanta • Brussels • Chicago • Mexico City • San Francisco Shanghai • Tokyo • Toronto • Washington, D.C Special discounts on bulk quantities of AMACOM books are available to corporations, professional associations, and other organizations For details, contact Special Sales Department, AMACOM, a division of American Management Association, 1601 Broadway, New York, NY 10019 Tel.: 800-250-5308 Fax: 518-891-2372 E-Mail: specialsls@amanet.org Website: www.amacombooks.org/go/specialsales To view all AMACOM titles, go to: www.amacombooks.org This publication is designed to provide accurate and authoritative information in regard to the subject matter covered It is sold with the understanding that the publisher is not engaged in rendering legal, accounting, or other professional service If legal advice or other expert assistance is required, the services of a competent professional person should be sought Library of Congress Cataloging-in-Publication Data Hampton, John J Fundamentals of enterprise risk management : how top companies assess risk, manage exposure, and seize opportunity / John J Hampton p cm Includes bibliographical references and index ISBN-13: 978-0-8144-1492-7 ISBN-10: 0-8144-1492-3 Corporations—Finance Risk assessment Risk management I Title HG4026.H274 2009 658.15Ј5—dc22 2009003022 ᭧ 2009 John J Hampton All rights reserved Printed in the United States of America This publication may not be reproduced, stored in a retrieval system, or transmitted in whole or in part, in any form or by any means, electronic, mechanical, photocopying, recording, or otherwise, without the prior written permission of AMACOM, a division of American Management Association, 1601 Broadway, New York, NY 10019 Printing Number 10 To Doreen, a steady source of support through seven versions of this book and an editor of the final three versions To Alex Tango, of Freehold, New Jersey, a rising young risk manager To Mary Sullivan, of Saint Peter’s College, an amazing person who understands risk firsthand and who deals with it every time This page intentionally left blank CONTENTS Foreword vii Part One Essentials of Enterprise Risk Management Modern Risk Management R USSIAN F ROZEN- CHICKEN CASE Scope of ERM 17 Contributions of ERM 28 H OME D EPOT C ASE Challenge of the Black Swan 41 Challenge of the 2008 Financial Crisis Implementing ERM Part Two ERM Technology Visual Risk Clusters 58 68 79 81 A IG V I S U A L R I S K C L U S T E R C A S E 8 Visual Risk—A Hypothetical Case Tagging Risk—An Example 10 Airbus A380 Jumbo Jet 94 104 109 11 Product Launch Application 119 Part Three Risks Without Risk Owners 12 Strategic Risk 125 127 T A I W A N S T R AT E G I C R I S K C A S E 14 v vi Contents 13 Subculture Risk 150 Appendix 13.A—Characteristics to Use in Identifying Subcultures 164 S U B C U LT U R E R I S K A N D H I G H S C H O O L C A S E 66 14 Leadership Risk 172 J O E P L U M E R I ’ S P A S S I O N AT E P R I N C I P L E S O F L E A D E R S H I P C A S E 18 15 Life Cycle Risk GM AND 185 T O Y O T A L I F E C Y C L E R I S K C A S E 19 16 Horizon Risk 195 Part Four ERM Stories 207 17 Aligning Risk Categories with the Business Model 18 Avoiding Business Disruption 19 ERM and Sarbanes-Oxley 215 219 20 Coffee Mug, Candy, Exotic Jams, and Toyota 21 ERM and Swarm Theory 22 Cerberus and Chrysler 223 227 230 23 Risk Management and the History of ERM 24 Evolving ERM Since 2004 238 25 Risk Management and the Future of ERM Part Five The People of Risk Management 26 Modern Risk Managers 243 253 255 27 Chief Risk and Strategy Officers 28 Risk Managers in Person 233 264 275 29 Central Risk Management Committee 288 B E A U M O N T C E N T R A L R MC L E A D E R C A S E 29 Denouement 297 Bibliography 299 Index 301 209 FOREWORD Risk Quote: Keep your friends close, and your enemies closer —Sun-Tzu, Chinese general and military strategist, around 400 b.c This was my father’s study He taught me a lot of things in this room He taught me to keep my friends close and my enemies closer Risk Quote: —Michael Corleone in The Godfather (1976) W elcome to the world of enterprise risk management (ERM), one of the most popular and misunderstood of today’s important business topics It is not very complex It is not very expensive It does add value We just have to get it right Until recently, we have been getting it wrong This is really a book about risk from a new perspective The journey carries us into the heart of risk management and risk opportunity It is mostly about how to a better job of risk identification If we define the problem correctly and share our findings, we can reduce surprises—not eliminate them, mind you, but get many of them under control ERM tells us it is a new world of risk No longer is risk management largely the purview of the chief financial officer The risk picture is incomplete when limited to the financial component, which actually is the scorecard, not the driver, for risk mitigation This realization has encouraged new approaches to manage risk and seize opportunity vii viii Foreword Organizations have two ways to address risk The wrong way is to assume that people can understand hundreds or even thousands of exposures It is not possible Risks and opportunities must be organized and accepted at various levels by risk owners Our new paradigm will show you how to structure enterprise risks A brief overview of the new ERM includes the following specific features: s Upside of Risk Most people discuss risk as the possibility of loss This is totally insufficient, as risk also has an upside A lost opportunity is just as much a financial loss as is damage to people and property This is a key insight Ask Sun-Tzu or Michael Corleone s Alignment with the Business Model A business model is a framework for achieving goals Within it, a single manager can supervise only a limited span of subordinates or subsidiaries Similarly, one person can oversee a limited number of risks and key initiatives ERM encourages us to align the hierarchy of risk categories with the business model s Risk Owners As someone is accountable for revenues, profits, and efficiency, a single person should be responsible for every category of risk When questions arise, then, we will not have to deal with a committee or multiple individuals We will go directly to the risk owner We will see an exception to this guideline in Part Three, where we address risks with no single risk owner s Central Risk Function Although risks cannot be managed centrally, organizations need a central risk function The role is to scan for changing conditions from a central vantage point and to share the findings with risk owners In addition, some risks cross units and responsibilities, so that risk can be overlooked In a change to traditional thinking, this book argues that such a central risk function should not, itself, have any responsibility for risk management Risk goes with the risk owners Risks that cross units or responsibilities are identified centrally and dealt with using customized solutions Foreword ix s High-Tech ERM Knowledge Warehouse ERM encourages the use of new technologies to clarify risks and opportunities This book describes in detail a cutting-edge technology platform to help understand risk mitigation efforts and the status of risk opportunities The book is organized into five parts, starting with the basics of a new approach to ERM: s Part One—Essentials of Enterprise Risk Management We first ask several important questions: What is ERM? What is not ERM? What are the key components needed to manage enterprise risk? Why we need a central risk function and risk identification and sharing using a high-tech platform? Then, we address black swans, unexpected and unforeseen major crises or disaster that are virtually unpredictable Where black swans fit into the ERM picture? How could we have highly developed ERM in place in financial institutions and still have the 2008 financial crisis? s Part Two—ERM Technology This is big We finally are getting the technology to visualize risk relationships and to back up the view with supporting detail Here we cover the elements of an ultramodern technology platform that brings together risks, the factors that affect them, and the status of activities to mitigate them We employ a tool, seamless and easy to use, which has been developed by a company called Riskonnect௣ Large companies have or will soon have their own systems Other vendors are likely to enter the market s Part Three—Risks Without Risk Owners Some risks depend upon collaboration, crossing, as they do, the silos of the modern bureaucracy With a central risk function and modern technology, we deal with such risks We start with strategic risk How we monitor conflicting plans and goals? We address subculture risk, in which beliefs, assumptions, biases, and weak management practices endanger success We recognize leadership risk, where the absence of a clear and achievable vision can be destructive We acknowledge life cycle risk; a failure to 294 The People of Risk Management Prior Positions CFO, Charles Schwab Western Regional Manager, Burger King Personal Analytic Medium versatility Hands-off management style Intellectual communications style Achievements Significant improvements in customer service in all jobs Motivational speaker for Schwab Candidate ࠼3 Mack Anderson Current Position Head of Security for Donald Trump Education Law Degree Graduate of the FBI National Academy Prior Position Chief of Police, San Jose, California Personal Driver High versatility Task management style Outward communications style Achievements Cut fraud in casinos by 35% Cut crime in inner city by 60% Purple Heart for being wounded in action in Iraq in 1991 Candidate ࠼4 William Brannon Current Position Commissioner, World Soccer Federation Education Ph.D., INSEAD (a leading French business school) Prior Positions Chief operating officer, Six Flags Vice President, Human Resources, Bank of America Personal Driver Medium versatility Task management style Outward communications style Achievements Doubled sponsorships of World Cup series Fighter pilot in French air force Candidate ࠼5 Kim Yang Current Position Senior Vice President, Customer Relations, Federal Express Central Risk Management Committee 295 Education Ph.D in Economics Prior Position Vice President, Human Resources, Boeing Personal Expressive Medium versatility Task management style Two-way communications style Achievements Increased customer satisfaction at FedEx Reduced Boeing labor force by 20% with few problems Candidate ࠼6 Phillip DiMarco Current Position CEO, American Red Cross Education M.B.A Prior Position Chief compliance officer, Dow Chemical Personal Expressive High versatility Hands-off management style Two-way communications style Achievements Built financial reserves after disastrous earthquake Won regulatory lawsuit with government agency at Dow Candidate ࠼7 Martin Lund Current Position COO, Freightways Trucking Company Education B.A., Psychology, University of Texas Prior Position Crisis manager, Shell Oil Company Personal Analytic Low versatility Hands-on management style Outward communications style Achievements Doubled Freightways tonnage in five-year period Led team to extinguish oil well fires in Kuwait Candidate ࠼8 Susan Diaz Current Position Deputy Chief of Staff, White House Education M.S in Mathematics Prior Positions Mayor, Dallas Texas CEO, Taiwan Steel USA 296 The People of Risk Management Persona Amiable High versatility Task management style Inward communications style Achievements Improved morale of presidential staff Increased private investment in Dallas business community Question On the basis of the information provided, which candidate would be most likely to succeed as the leader of a central risk function implementing enterprise risk management? Explain the criteria for your selection DENOUEMENT I n French, a denouement is the end of a complex sequence of events To be more dramatic, it is the final outcome of the main dramatic complication in a literary work So it is that our journey ends What did we learn? First, risk is best managed in a framework of alignment with the business strategy, accountable risk owners, and a recognition that every risk may be accompanied by a opportunity A central risk function and a knowledge of ERM are tools to identify and share exposures and opportunities We learned about new and powerful technology to visualize risk relationships and document mitigation efforts We looked at oftenoverlooked exposure with weaknesses in strategies, cultures, and leadership—risks that cross hierarchical divisions We read stories of success and failures of risk management We concluded with an introduction to people who manage risk for major organizations This is an entirely new paradigm on a concept that is 20 years old If we move enterprise risk management from the complex and cerebral, we will find that the concept is solid It produces benefits for organizations It can help us make sense out of a complex world If this book helps make ERM more accessible, the journey will have been well worth it 297 This page intentionally left blank BIBLIOGRAPHY Many reference sources are helpful to understanding enterprise risk management The following are some of the most important, many of which have been consulted during the preparation of this book Ariely, Dan Predictably Irrational: The Hidden Forces That Shape Our Decisions New York: HarperCollins, 2008 Bacevich, Andrew J The Limits of Power: The End of American Exceptionalism New York: Henry Holt and Company, 2008 Flynn, Stephen The Edge of Disaster: Rebuilding a Resilient Nation New York: Random House, 2007 Friedman, Thomas L Hot, Flat, and Crowded: Why We Need a Green Revolution and How It Can Renew America New York: Farrar, Straus and Giroux, 2008 Gladwell, Malcolm The Tipping Point: How Little Things Can Make a Big Difference Boston: Little, Brown & Company, 2000 Kagan, Robert The Return of History: And the End of Dreams New York: Alfred A Knopf, 2008 Khanna, Parag The Second World: Empires and Influence in the New Global Order New York: Random House, 2008 Levitt, Steven D., and Stephen J Dubner Freakonomics: A Rogue Economist Explores the Hidden Side of Everything New York: HarperCollins, 2005 Medina, John Brain Rules: 12 Principles for Surviving and Thriving at Work, Home, and School Seattle: Pear Press, 2008 Sheffi, Yossi The Resilient Enterprise: Overcoming Vulnerability for Competitive Advantage Cambridge, Mass.: MIT Press, 2005 Shiller, Robert J Irrational Exuberance New York: Doubleday, 2005 Taleb, Nassim Nicholas The Black Swan: The Impact of the Highly Improbable New York: Random House, 2007 Tapscott, Don, and Anthony D Williams Wikonomics: How Mass Collaboration Changes Everything New York: Penguin Group, 2006 299 300 Bibliography Thaler, Richard H., and Cass R Sunstein Nudge: Improving Decisions About Health, Wealth, and Happiness New Haven, Conn.: Yale University Press, 2008 Zakaria, Fareed The Post-American World New York: W W Norton, 2008 INDEX A380 Airbus, visual risk clusters, 109 accomplishments, 50 accountability chief risk officer, 268 accuracy of estimates, 44 adjustment to strategies, 143 administration risk, 213 Age of Unreason, The (Charles Handy), 154 agreement on premises, 76 agricultural age risk, 133 AIG, 46, 48, 86 and visual risk, 88 Airbus and Boeing, 140 Airbus A380 visual risk clusters, 109 Power8 program, 110 market risk, 142 strategy, 140 technology risk, 142 airlines, 241 A-level risk manager, 258 alignment of risks, x, 30, 209 alternative risk transfer, 90 AOL and Time Warner, 59 Aon Corporation, 19 Aon risk consultants, 256 applied research, 131 area(s) of focus chief risk officer, 266 chief strategy officer, 267 risk managers, 262 assess the impact, 34 assumptions, 178 athletes subculture risk, 167 Audit Committee requirements, SARBOX, 220 authority chief risk officer, 268 auto companies Chapter 11 bankruptcy, 248 auto company exposures, 245 auto crisis, 2009, 245 automobile manufacturers, 241 Aviva, risk manager interview, 285 basic research, 130 Bayeux, John (Willis Financial Institutions), 279 Beaumont risk leader case, 292 beliefs, 178 Black Swan, challenge of, 41 Blink, Malcolm Gladwell, 55 board involvement, 32 Boeing and Airbus, 140 Boeing strategy, 140 Boeing, market risk, 142 Boeing, technology risk, 142 border disruption, Ford Motor Company, 216 bribes in India, 203 Buckley, Paul (Tyco), 275 Buffett, Warren, 42 bureaucracy as a structure, 151 bureaucracy, values in, 152 Bush, George W., 171 Bush, George H.W., 171 business disruption, 215 business model, 30 model components, matching risk categories, 10, 37, 207 business risk, business support risk, 213 capital budgeting risk, 212 capital risk, 122 capital structure risk, 212 captives, formation of, 234 Carter, Jimmy, 171 301 302 categories business model, 10, 37, 207 categories, risk, 239 cats (study), estimate of, 55 central risk function, x, 31, 72 central risk management committee, 288 Cerberus and Chrysler, 230 Chamberlain, Neville, 46 change, risks with, 189 changing conditions, 128 Chapter 11 bankruptcy (auto companies), 248 characteristics of subcultures, 164 characteristics of values, 151 chief risk officer, 265 area of focus, 266 roles, 273 skills, 269 title, 265 chief strategy officer, 266 area of focus, 267 China cardboard case, 200 China scanning, 197 China, James McGregor on, 199 Chrysler and Cerberus, 230 Chrysler, Nardelli, 230 Clinton, Bill, 171 coffee mug, 224 collaboration, cultural, (GoldCorp), 159 collaterized debt obligations, 91 commitment and competence, 177 commitment, Schrempp, 177 common traits felons, 161 communications risk, 135, 213 skills, 174 compensation of risk managers, 261 competence and commitment, 177 competence, Schrempp, 177 competent risk managers, 256 complexity of ERM, reducing it, 223 compliance, 13 compliance risk, 213 components business model, confidence of estimates, 56 constituencies, multiple, 174 Consumer Reports, 226 Index contractual agreements (auto companies), 246 contributions of ERM, 28 control, cultural, 160 coordinating, implementing ERM, 190 CP&L visual risk, 94 creating a central risk function, 31 creating a knowledge warehouse, 31–32 credit card fraud, 236 credit default swaps, 91 credit risk, 15, 212 crime rate (view of Levitt), 72 critical risks (Chrysler), 231 cultural collaboration (GoldCorp), 159 cultural control, 160 cultural effectiveness, 160 culture bureaucracy, 155 individual, 158 spider’s web, 156 team, 157 cyberterrorism, 236 cycles, organizational life, 185 data quality, 50 dead horse life cycle, 192 decline of historical data, 235 decline life cycle stage, 186 definitions of ERM, 18 Dell Computer, 215 Deloitte survey, 25, 69 denouement, 297 design risk, 211 development of risk management, 10 diminished sales (auto companies), 245 discovering eHolding risk categories, 210 disruption, JetBlue, 20–22, 228 distribution risk, 212 drivers, governance, 69 economic risk (view of Levitt), 62 effectiveness of internal controls (SARBOX), 221 effectiveness, cultural, 160 efficiency risk, 213 Egan, Roger (Integro), 283 emerging nations, 138 empiricism, 50 303 Index employing a standard risk process, 32–35 employees dismissing in India, 202 environmental risk, 237 Ericsson, Phillips, and Nokia, ERM swarm theory, 227 components, contributions, 28 defined, 18 evolving since 2004, 238 finance, 244 funding for, 191 future, 243 hazard, 243 implementation, 68, 240, 259 knowledge warehouse, xi, 31, 73 need for, 19 politics of, 192 premise, 76 priority with, 191 road map (Towers Perrin), 23 scope of, 17 stories, 207 swarm theory, 227 technology, 79 warehouse, creating, 31 estimates accuracy of, 44 confidence of, 56 Europa, Hotel, 14 evidence, 50 silent, 52 evolving ERM, 238 Ewing, Lance (Harrah’s), 280 excess of dealers (auto companies), 246 exotic jams, 224 expanding the view of risk, 123 expansion of liability concepts in the 1980s, 234 expert, financial (SARBOX), 220 experts risk, 46 experts, role of, 49 experts (view of Levitt), 48 exposures (auto companies), 245 expropriation risk, 14 facts, 178 failure, 50 failure of hedging value at risk, 56 Farrell, John (KPMG), 230 FedEx, 128 feelings, 178 felons, 161 finance ERM, 244 finance risk, 212, 244 financial crisis (2008), 58 financial CRO, 266 financial CRO area of focus, 266 financial expert (SARBOX), 220 financial institutions, 241 financial reporting risk, 212 financial risk, Florida insurers, focus life cycle stage, 187 Ford and Toyota rowing, 153 Ford palladium, 29 Ford, border disruption, 216 Ford, Henry, 133 forecasts, optimism in, 54 forecasts, pessimism in, 54 frequency, funding for ERM, 191 future of ERM, 243 Gates, Bill (leadership), 176 General Motors, 19, 71, 193 general vs specific risk, 232 Gladwell, Malcolm, 55 Global Petroleum, 12 GM and Toyota life cycle risk case, 193 GM zero percent financing, 71 GM life cycle case, 193 goal orientation, 173 goals, life cycle stages, 187 Gods of Management (Charles Handy), 154 GoldCorp, 159 goods transporting in India, 203 governance drivers, 69 grocery chain acquisition, 34 growth as a risk factor, 188 life cycle stage, 185 guaranteed investment contracts, 91 304 hackers, 236 Handy, Charles, 154 cultural model, 154 Harrah’s risk manager interview, 280 hazard ERM, 243 risk, 11, 243 risk and performance risks, 235 risk management, 13 health care auto company exposure, 245 health risk, perception of, 51 hedging failure, value at risk, 56 high school subculture risk, 166 high worker costs (auto companies), 245 historical data, decline of, 235 historical perspective, strategic risk, 131 history of risk, 233 Home Depot, 35 Nardelli, 36 risk at, 35 horizon risk, 195 horizons, planning, 187 Hotel Europa, 14 hub and spoke strategy, 141 hurricanes, Florida, ideas view of Taleb, 47 identifying risk owner, 29 identifying subcultures, 164 identity theft, 236 illegal downloading, 236 imagination impact, assess the, 34 implementing ERM, 68, 240, 259 problems with, 190 incentives view of Levitt, 75 India bribes in, 203 dismissing employees in, 202 legal issues, 204 scanning, 202 transporting goods in, 203 view of Taleb, 47 individual culture, 158 Index industrial age organizations, 146 risk, 133 industrial espionage, 236 information systems risk, 213 insurance, superseded by risk management, 234 Integro (Roger Egan), 283 intellectual property risk, 122 internal audit, 13 internal controls, 13 effectiveness of (SARBOX), 221 material weakness (SARBOX), 221 Internet leadership, Bill Gates, 176 Internet risk, 236 interrelated risks, 143 involve the board, 32 James McGregor, 199 JetBlue, 20, 228 jocks subculture risk, 166 key initiatives risk, 211 knowledge pursuit of, 130 and strategic risk, 129 and technology, 138 tools of, 136 warehouse, xi, 31, 73 KPMG, 210, 230 risk categories, 210 leadership and organization chart, 181 passionate principles of, 181 risk, 172 situational, 175 strategic, 175 Toyota, 179 legacy exposure auto companies, 245 legal issues in India, 204 levels of risk managers, 257 Levitt on crime rate, 72 on economic risk, 62 on incentives, 75 on motivation, 77 on self-interest, 60 on social risk, 62 305 Index Levitt, Steven, 48, 57, 69 liability addressed by risk management, 234 liability concepts expansion of in 1980s, 234 life cycle resistance to change, 189 life cycle risk GM and Toyota case, 193 sharing information, 186 life cycle stages decline, 186 growth, 185 peak, 185 startup, 185 life cycle stages focus, 187 life cycle stages goals, 187 life cycle stages planning horizon, 188 life cycle stages tactical focus, 188 linkages, implementing ERM, 190 logic and risk, 49 logistics risk, scanning, 139 luck view of Taleb, 45 Mandel, Chris (USAA), 277 market risk, 120, 211 Boeing and Airbus, 142 marketing risk, 211 Marsh, 19 2007 survey, 258 2008 survey, 259 material weakness internal controls (SARBOX), 221 McGregor, James, 199 on China, 199 Meltzer, Susan (Aviva), 285 Mercer, 256 missed risks AIG, 46 Neville Chamberlain, 46 modern risk management 3, 12 modern risk managers, 255 Moody’s on ERM, 23 risk management assessment, 22 morality play cultural risk, 169 motivation view of Levitt, 77 move, shoot, and communicate, 218 multiple constituencies, 174 Nardelli, Bob Cerberus and Chrysler, 230 Home Depot, 36 National Geographic, 227 natural disaster, perception of, 51 need for ERM, 19 needs risk, 212 nerds subculture risk, 167 ninety-five percent solution, 54 Niwa, George (Panasonic), 284 Nokia, Ericsson, and Phillips, nonaligned risk categories, 209 nonfinancial CRO, 267 area of focus, 267 normal value at risk, 248 Obama, Barack, 171 O J trial, 53 opinions, 178 opportunity, strategic risk, 133 optimism and pessimism, 54 optimism in forecasts, 54 organization chart and leadership, 181 organizational life cycles, 185 outlaw environments, 236 overconfidence of estimates, 55 Palladium, Ford, 29 Panasonic risk manager interview, 284 paradigm, new ERM, 217 Patmont Motor Werks, 200 peak life cycle stage, 185 people of risk management, 253 perception of health risk, 51 of natural disaster, 51 of physical danger, 52 of social risk, 52 performance risk, 213, 235 and hazard risk, 235 pessimism in forecasts, 54 pharming, 236 Phillips, Nokia, Ericsson, phishing, 236 physical danger, perception of, 52 306 physical economy, 130 physical risk, 15 planning horizons, 187 life cycle stages, 188 planning, implementing ERM, 190 Plumeri, Joseph on leadership, 181 point-to-point strategy, 141 politics of ERM, 192 popular people, 168 portfolio risk, 212 power, chief risk officer, 268 Power8 program, Airbus, 110 PP&L risk tagging, 104 premise, ERM, 76 pricing risk, 212 principles of leadership, 181 priorities, implementing ERM, 190 priority for ERM, 191 problems with implementing ERM, 190 process risk, 211 product launch visual risks, 119 product risk, 120 production risk, 211 profile of risk, 123 profile of risk managers, 260 progressive risk management, 258 pursuit of knowledge, 130 Reagan, Ronald, 171 recognizing the upside of risk, 29 records management risk, 213 redundancy in supply chain, 217 regulatory compliance, 13 reporting line, central risk committee, 291 reporting lines risk managers, 260 requirements audit committee (SARBOX), 220 research applied, 131 basic, 130 resilient enterprise, resistance to change, life cycle, 189 responsibility chief risk officer, 268 retirement auto company exposure, 245 RIMS survey, 255 Index risk categories, 239 business unit, 214 key initiatives, 214 risk definitions, risk experts, 46 risk factor, growth, 188 risk into opportunity, 258 risk management assessment, Moody’s, 22 risk management development of, 10 people of, 253 roles, 256 strategic, 129 traditional, 11 risk manager, A-level, 258 risk manager interview Aviva, 284 Harrah’s, 280 Panasonic, 285 Tyco, 275 USAA, 277 risk manager levels, 257 risk managers areas of attention, 262 compensation, 261 profile of, 260 reporting lines, 260 risk owners, x, 29 risk profile, 123 risk retention role of captives, 234 risk specialist, 256 risk administration, 213 agricultural age, 133 behavioral, 172 business support, 213 capital budgeting, 212 capital structure, 212 communications, 135, 213 compliance, 213 credit, 212 design, 211 distribution, 212 efficiency, 213 financial reporting, 212 general vs specific, 232 history of, 233 industrial age, 133 Index information systems, 213 key initiatives, 211 leadership, 172 life cycle, 185 marketing, 211 needs, 212 performance, 213 portfolio, 212 pricing, 212 process, 211 production, 211 records management, 213 short-term vs long-term, 232 strategic, 127 structure, 213 subculture, 150 supply, 211 technology, 211 transportation, 136 upside of, x, 29 valuation, 212 war, 236 risks with change, 189 interrelated, 143 without risk owners, 125 tagging, PP&L, 104 view of Taleb, 53 Roger Egan, 283 roles of risk management, 256 Roles chief risk officer, 273 rowing contest, Ford and Toyota, 153 Russian Frozen Chicken case, 14 Samsung, 131 SARBOX CEO role, 221 CFO role, 221 effectiveness of internal controls, 221 Sarbanes-Oxley, 219 scalability, 49 scams, 236 scanning case, Taiwan, 145 scanning China, 197 India, 202 logistics risk, 139 since 1980, 138 Schrempp, Jurgen on leadership, 177 307 scope of ERM, 17 self-interest view of Levitt, 60 seven contributions of ERM, 29 severity, shadow economy, 130 short-term vs long-term risk, 232 silent evidence, 52 situational leadership, 175 Toyota, 179 skills, chief risk officer, 269 social risk, perception of, 52 view of Levitt, 62 spam, 236 spider’s web culture, 156 spyware, 236 Standard and Poor’s on ERM, 24 standard risk evaluation process, 32 standard risk process, employing, 32 startup life cycle stage, 185 stories about ERM, 207 view of Taleb, 47 story candy, 224 coffee mug, 224 strategic leadership, 175 Toyota, 179 strategic player, 256 strategic risk, 127 Henry Ford, 133 historical perspective, 131 and knowledge, 129 management, 129 and synergy, 134 Taiwan, 145 strategic risks since 1980, 138 strategies, adjustment to, 143 structure risk 213 styles, situational leadership, 175 sub subrisk, 124 subculture risk, 150 high school, 166 understanding, 152 subcultures, identifying, 164 subrisk, 30, 122 supply chain Redundancy, 217 supply risk, 211 308 swarm theory and ERM, 227 synergy and strategic risk, 134 tactical focus life cycle stages, 188 tagging risks, PP&L, 104 Taleb on ideas, 47 on imagination, 47 on normalcy, 249 on risks, 53 on stories, 47 on truth, 47 view of luck, 45 Taleb, Nassim, 24, 45, 53 team culture, 157 technology and knowledge, 138 technology risk, 211 Boeing and Airbus, 142 technology, ERM, 79 terrorism, 50 thugs, 168 Tillinghast, 19 risk categories, 210 Time Warner and AOL, 59 title, chief risk officer, 265 tools of knowledge, 136 Tower Perrin on ERM, 22 ERM Road Map, 23 toy factory visit to in China, 201 Toyota, 153, 177, 191, 223 and Ford Rowing, 153 leadership, 179 life cycle case,193 recall, 225 traditional risk management, 11 transition organization, 146 Index transportation risk, 136 truth view of Taleb, 47 turning risk into opportunity, 258 2008 financial crisis, 55 Tyco risk manager interview, 275 upside of risk, x, 16, 29 USAA risk manager interview, 277 U.S Marines Corp, 218 motto, 218 valuation risk, 212 value at risk failure of hedging, 56 ‘‘normal,’’ 248 values in a bureaucracy, 152 characteristics of, 151 understanding high school, 169 viruses, 236 vision, 174 visit to toy factory, 201 visual risk and AIG, 88 visual risk clusters, 32, 82 Airbus A380 case, 109 CP&L case, 94 visual risks product launch, 119 volume risk, 212 war risk, 236 whistleblower, 222 SARBOX, 220, 222 workloads, implementing ERM, 190 worst-case scenario, misuse of, 55 zero percent financing, GM, 71 ... culture proved to be disastrous Daimler failed to merge the distinct German corporate culture with the proud but troubled executives and workers in Detroit Lesson Learned: Business risk can destroy... internal controls, and regulatory compliance but are finding increasing applications for dealing with the broader exposures confronting profit, nonprofit, and governmental bodies Russian Frozen-Chicken... risk management for an international project Expropriation Risk A company had a project to export frozen chicken by oceangoing vessel from Virginia and North Carolina to St Petersburg, Russia The