Developing the example outlined in step 6, the forecast capital expenditure for this example including optimism bias and the cost of risk management is AED 125.4 million, calculated as follows:
AED 114.4m+AED (2+1+3+5)=AED 114.4m+AED 11m=AED 125.4m.
620 Simple Tools and Techniques for Enterprise Risk Management
This figure may change if the risk response actions are not as effective as envisaged or the anticipated costs of risk response actions exceed expectations.
REFERENCES
Department for Transport (2004)Procedures for Dealing with Optimism Bias in Transport Planning, guidance document prepared by Bent Flyvberg in association with COWI on behalf of the Department for Transport, June. http://flyvbjerg.plan.aau.dk/0406DfT-UK%20OptBiasASPUBL.pdf
Department for Transport (2007a)Transport Analysis Guidance, Unit 3.5.9: The Estimation and Treat- ment of Scheme Costs (http://www.dft.gov.uk/webtag).
Department for Transport (2007b)Transport Analysis Guidance, Unit 3.13.1: Guidance on Rail Appraisal (http://www.dft.gov.uk/webtag).
Department for Transport (2010)Transport Analysis Guidance, Unit 2.7.1: Transport Appraisal and the Treasury Green Book (http://www.dft.gov.uk/webtag).
Department of Communities and Local Government (2007) Adjusting for Optimism Bias in Re- generation Projects and Programmes, Guidance Note. DCLG, London. http://www.communities .gov.uk/publications/corporate/adjustingoptimism
Federal Transit Administration (2003) Project and Construction Guidelines, Chapter 3: Gen- eral Management Principles for Transit Capital Projects, Section 3.5.5. http://www.fta.dot.gov/
publications/reports/other_reports/planning_environment_1338.html
HM Treasury (2003a)Appraisal and Evaluation in Central Government. The Stationery Office, Norwich.
HM Treasury (2003b) Supplementary Green Book guidance on optimism bias. http://www.hm- treasury.gov.uk/media/885/68/GreenBook_optimism_bias.pdf
Mott MacDonald (2002)Review of Large Public Procurement in the UK. Mott MacDonald, Croydon.
Index
4Ps marketing mix 484 7Ss of interviewing 527–8 80/20 (Pareto) rule 193–4 absenteeism 286 accounting 86–8 acid test ratio 569 acquisitions 482–3
adjustable-rate mortgages (ARMs) 64–5 agency theory 20–1
aggregate demand 398–401 consumer spending 399–400 demand curves 399–400 exports/imports 401 government spending 400 investment expenditure 400 aggregate supply 398, 401–2 agreements 521
AMD microprocessors 487–9 analytical method, VaR 495 Annex 4,Green Book127
ARMs (adjustable-rate mortgages) 64–5 ARR (average rate of return) 210–13 articles of association 439
assignment implementation 541–8 budgets 544
customer delight questionnaire 546–8 data gathering 543–4
deliverables 544–5 findings presentation 545 key success factors 545, 548 management 541–5, 548 objectives 541–2 project planning 542 risk assessment 544 stakeholders 543 team composition 543 written statement 541 see alsoproject. . . AstraZeneca 378
ASXseeAustralian Securities Exchange attitudesseelifestyles and attitudes audit
Audit Commission 118–19 NAO 112, 129–34 resources 591–3 role of auditor 88 Sarbanes–Oxley Act 50–1 Smith Report 23–4 Australia 85–90
accounting scandals 86–8 ASX 89–90
corporate failures 85–6 corporate governance 85–90 financial statements 90 HIH Insurance Ltd 86–8 Horwath Report 88–9 reforms 86–8 regulations 85–6
Australian Securities Exchange (ASX) 89–90 average rate of return (ARR) 210–13
average settlement period for creditors/debtors 568
average stock turnover period 568 BA (British Airways) 281–2 balance of trade 406–7
Bank of Credit and Commerce International (BCCI) 22
banks/banking 22, 30–2, 71–2, 74–6 bargaining power 464, 474–5 Bayes’ theorem 607–9
BCCI (Bank of Credit and Commerce International) 22
behaviours during global crisis 70–6 banks 71–2, 74–6
corporate level 74
“group think” 72–4 herd behaviour 72–4 investors 70–1
by Robert J. Chapman Copyright © 2011, John Wiley & Sons, Ltd.
622 Index
behaviours during global crisis (Continued) mortgage lending 71
predatory lending 72 regulators 75 search for yield 70–1 blacklisting organisations 364 blackmail 461–2
board risk committees (BRCs) 28–9 boards
Cadbury Committee 22
“group think” 72–3 NAO report 132–4 need for holistic view 5 role of 7–9, 34 standards 7
useful agenda items 8 borrowing 259
brainstorming 174–5 branding 473, 485–6
BRCs (board risk committees) 28–9 bribery 361–3
British Airways (BA) 281–2 broadband 315–16
BRT (business risk taxonomy) 164–7 BSI risk categories 554
budgets 544 business
alignment 297 analysis 171 continuity 304–5 environment risk 263 growth 5–6
law 437–8 objectives 149, 171 plans 150–1, 272 risk 164–7, 169
see alsoethics management business risk taxonomy (BRT) 164–7 buyers 474–5
Cabinet Office, UK 110–11
CAD (computer-aided design) 319–20 Cadbury Committee 21–3, 102
CAM (computer-aided manufacture) 319, 320–1 Canada 90–4
corporate governance 85, 90–4 Dey Report 90–1
disclosure 93–4 Kirby Report 91–2
National Policy and Instrument 92–3 risk management survey 92
Saucier Committee 92 Canc´un Agreements 2010 425–6 capital adequacy 78
capital asset pricing model (CAPM) 194 Carbon Trust 429–30
causal analysis 190–2
CBA (cost-benefit analysis) 213–15 Central Computer and Telecommunications
Agency risk maturity model 574 change management 595–7
context of risk management 155 influences on process 530 interviews 529
operational risk management 303–4 change processes 338, 515–17 Chartered Institute of Personnel and
Development (CIPD) 591–3 Chartered Institute of Public Finance and
Accountancy (CIPFA) 120–1, 127–9 Chernobyl nuclear disaster 384–5
CILT language expertise 501–2
CIPD (Chartered Institute of Personnel and Development) 591–3
CIPFA (Chartered Institute of Public Finance and Accountancy) 120–1, 127–9 Cisco communications 482
clients and consultant appointments 515–17, 523–31
climate change 426–8 see alsoglobal warming Climate Change Levy, UK 427–8 climate pact, US 423–4
codes of conduct 370, 372 Combined Codes
1998 23
2003 25–6, 99, 106 2008 26–7
see alsoCorporate Governance Code commissionsseeproposals
communication
government and risk 566 loss of business 511 project teams 348–9
communication and consultation process 241–6
activities 244–5 controls 244 definition 242–3 external 245 goals/subgoals 242 inputs 243 internal 245 mechanisms 244 outputs 243–4 PRM process 346
communications technology 315–19 broadband 315–16
e-commerce 318 e-mail 315, 318–19 video conferencing 316–18
see alsocommunication. . .; technology
companies 438–41
articles of association 439 company name 438 directors’ duties 441 finance 439–40 formation of 35–6 legal risk 438–41 listing securities 440
memorandum of association 438–9 minority interests 440
records 51
remedy of rescission 440 shares and debentures 440 Companies Act 2006 26 compensation 49–50 competition 483–9
barriers to market entry 472–3 branding 485–6
four Ps marketing mix 484 market risk 483–9 market strategies 486–9 microchip market 486–9 non-price 484–5 price stability 483–4 compliance 34, 156, 366
“comply or explain” regime 34 computer-aided design (CAD) 319–20
computer-aided manufacture (CAM) 319, 320–1 Computer Misuse Act 1990 451–2
computer/IT systems 297–301 business alignment 297 data integrity 298 data recovery/loss 301
electronic data security 298–301 misuse of 451–2
network availability 298 system capacity 301
consultant appointments 513–48 assignment implementation 541–8 clients and change 515–17 interviews 523–31 proposals 533–9 consultant selection 517–22
activity interfaces 517–18 agreements 521
awarding commission 521 the brief 517
exclusion notification 520 long-listing 518–19 objectives 517
process management 518 short-listing 519–20 tendering process 520–2 unsuccessful tenderers 522
consultationseecommunication and consultation process; consultant. . .
consumer spending 399–400 context 141–57
PRM process 342–4 system of ethics 369–71 context establishment 141–57
activities 149–56 controls 145
definition of process 143 establishing process 143 goals/subgoals 142–3 inputs 143–5 mechanisms 146–9 outputs 145 process 141–56 continuity
business 304–5
consultant appointments 528 processes and systems 294–5 contracts 277, 447–8, 459 control
IT projects 329
monitoring and review 237–9 operational risk management 293–4 see alsointernal control; process control control technology 319–24
CAD 319–20 CAM 319, 320–1
flexible manufacturing 319, 322 mechatronics 319, 322 MRP 319, 323
operational research 319, 323–4 Cooper, Robert 478–9
Cooper risk categories 553 Copenhagen Accord 2009 424–5 copyright 445–6
corporate experience 274 corporate failure 258–9 corporate governance
Australia 85–90 Canada 85, 90–4 definition 34–5 ERM 12
internal control 98–9 SOLACE 120–1 UK 19–39
agency theory 20–1 audit committees 23–4 bank failure inquiry 30–2 Cadbury Committee 21–3 codes/reports list 20 Combined Codes 23, 25–7 Companies Act 26 company formation 35–6
“comply or explain” regime 34 Corporate Governance Code 32–3 developments 19–39
624 Index
corporate governance (Continued) FSA 36
Greenbury Report 23 Hampel Committee 23 Higgs Review 24, 34 investor unrest 19–20 LSE 36–7
Markets Act 36 problem of agency 20–1 reports/codes list 20 Smith Report 23–4 Treasury inquiry 30–2 Tyson Report 24–5 Walker reviews 27–30 US 41–57
developments 41–57 NACD 55–6
regulatory authorities 41–2 Sarbanes–Oxley Act 45–55 SEC 42–4
securities and law 44–5 Corporate Governance Code 2010
32–3
see alsoCombined Codes corporate security 304 correlations 219
cost-benefit analysis (CBA) 213–15 counterparty risk 256
country risk 262 credit, securitised 71–2 credit crisis 61–3
see alsoglobal financial crisis credit insurance 255–6
credit ratings 260–2 credit risk 250, 253–9
counterparty risk 256 credit insurance 255–6 default risk 253–4 due diligence 256–9 exposure risk 254
financial risk management 250, 253–9 recovery risk 254
crime 504–5
criminal liability 448–51 crises
Exxon oil tanker disaster 363 health and safety plans 389–90 human error and disasters 382–8 risk management 3
see alsoglobal financial crisis crisis management plans 389–90 criticality matrix 286–7 cross impact method 179 cultural aspects 288, 504, 566 currency futures 410
currency risk 250, 259–60, 407–12
current ratio 251–3, 569
customer delight questionnaire 546–8 DaimlerChrysler car firm 321 data
assignment implementation 543–4 computer/IT systems 298–301 risk identification 168–9 Day risk categories 553 debentures 440
decision analysis 190–1, 193 decision making 122, 327 decision trees 204–8
acquisition analysis 206 airport site example 205–8 construction of 207 decision alternatives 206 risk evaluation 204–8 rolling back 207–8 default risk 253–4 defaults on mortgages 65 DEFRA 123–4, 557–60
DEFRA risk management strategy 557–60 addressing risk 559
aim/principles/implementation 557 identifying risk 558
reporting risks 559–60 responsibilities 560 review 559–60 risk assessment 558–9 roles 560
deliverables 544–5 Delphi technique 178–9 demand 398–401
demographic change 502–4
Department of Commerce, US 358–9 Department for Environment, Food and Rural
AffairsseeDEFRA Department of Justice, US 360–1 derivatives 250, 263–4
design rights 446
Dey Report, Canada 1994 90–1 diet 506–7
directors
Cadbury Committee 22 company duties 441 induction 283–4 IoD 7
NACD 55–6
non-executive training 291–2 project role 347
see alsoboards
disciplinary sanctions 51–2 discrimination legislation 278 dishonesty 287
dismissals 279
distribution policies 490 diversification strategies 480–2 diversity of products 473 diversity of risk types 4 dividend yield ratio 570 documentation risk 296 drinking 507–8 Drucker, Peter 5 due diligence 256–9
checklist 257
corporate failure 258–9 credit risk 256–9 Dunn, Patricia 5 e-commerce 318 e-mail 315, 318–19
earnings per share (EPS) ratio 570 Earth Summit 1992 422
economic risk 392, 393–412 aggregate demand 398–401 aggregate supply 398, 401–2 benefits of management 394 currency risk 407–12 definition 393 employment levels 403 government policy 397–8 house prices 405
implementation management 394 inflation 403–4
interest rate risk 404–5 international trade 405–7 macroeconomics 394–6 microeconomics 394–5 protectionism 405–7 scope 393
economics
context of ethics management 370 macro/micro 394–6
Stabilization Act 76–9 see alsoPEST analysis Eddington, Rod 4 education 501–2
efficiency ratios 146, 568–9 eighty/twenty (Pareto) rule 193–4 elasticity 489–90
Emergency Economic Stabilization Act 2008 76–9
capital adequacy 78 federal reform 76–9
Financial Stability Oversight Council 77 liquidity 78–9
paradigm shift 77–8 provisions 78 emissions 423, 428 employee induction 282
see alsostaff. . .
employment
job descriptions 281–2 legislation 277–8, 447 levels 403
unemployment 66–7
EMV (expected monetary value) 201–3 enablersseeprocess mechanisms energy sources 416–19
energy storage devices 478–9 Enron 46–7, 52–3
enterprise risk management (ERM) assignment implementation 541–8 benefits 10–12
in context 1–136 definition 9–10 management approach 5 proposals 533–9 stages 141 structure 12–16
corporate governance 12 framework 14–15 internal control 13–14 policy 15
process 15–16 sources of risk 16 see alsorisk management
environmental context of ethics management 370–1
environmental disaster 363 environmental risk 392, 413–33
benefits of management 415 Carbon Trust 429–30 definition 413–14 energy sources 416–19 FTSE4Good index 429 global warming 420–9
implementation management 415–16 pollution 420, 422–3
public pressure 430–1 scope 415
sustainability 431–2 use of resources 419–20 EPS (earnings per share) ratio 570 ERMseeenterprise risk management ethics 43, 355–74
ethics management 355–74 application levels 366–8 area of focus 365–6 benefits 357
definition of risk 355–6 factors affecting 361 implementation 365–74 need for 358–61
possible approaches 365–6 risk events 361–5
scope of risk 356–7
626 Index
ethics management (Continued) unethical behaviour 357–8 see alsosystem of ethics EU (European Union) 425
European Agency for Safety and Health at Work (EU-OSHA) 379–80
European transition economies 459–60 European Union (EU) 425
evaluation of risk 195, 197–222 exchange traded derivatives 263–4 executives 204, 337
expected monetary value (EMV) 201–3 experience, corporate 274
expert opinion 220–1
exploitation of Third World countries 364 exports 401
exposure risk 254
external influences 391–511 Exxon oil tanker disaster 363 facilitation 172–82
brainstorming 174–5 NGT 175–6
process activities 172–82 structured interviews 175 workshops 172–4 family life 505–6 federal reform, US 76–9 finance and companies 439–40 financial crisisseeglobal financial crisis financial ratios 567–71
current ratio 251–3, 569 efficiency 568–9 investment 146, 570–1 liquidity 569–71 process mechanisms 146 profitability 146, 567–8 quick ratio 251–3
financial risk management 249–65 benefits 250–1
borrowing 259 credit risk 250, 253–9 currency risk 250, 259–60 definition 249–50 derivatives 250, 263–4
foreign investment risk 250, 262–3 funding risk 250, 260–2
implementation 251 liquidity risk 250, 251–3 scope 250
Financial Services Authority (FSA), UK 36, 360
Financial Stability Oversight Council, US 77
financial statements 153–4 fiscal policy, UK 397, 460–1
fishbone diagrams 190–2 flexible manufacturing 319, 322 foreclosures, mortgages 63–5 foreign investment risk 250, 262–3 formation of companies 35–6 forward market hedges 408–9 fossil fuels 416–17
four Ps marketing mix 484 fraud 50
Friend and Zehle risk categories 554 FSA (Financial Services Authority) 36, 360 FTSE4Good index 429
fuel market hedges 409 Fuld, Dick 73–4 funding risk 250, 260–2 futures, currency 410 G8 Summit 2009 359 gap analysis 163–4
GDP (gross domestic product) 395–6 gearing ratio 146, 569–70
Gieve, John 75
Glass–Steagall Act 1933, US 75 global financial crisis 2007-9 59–83
behaviours 70–6 causes/results of 68–70 federal reform 76–9
future of risk management 81–2 need for scrutiny 68–70 risk management deficiencies 76 Sarbanes–Oxley Act 54–5 subprime mortgage model 61–8 summary 59
systemic risk 79–81 unfolding of crisis 60–1 US perspective 59–83 VaR 75–6, 492–3 see alsocrises global warming 420–9
business impact 428–9 Canc´un Agreements 425–6 Climate Change Levy 427–8 Copenhagen Accord 424–5
domestic government responses 426–7 Earth Summit 422
emissions 423, 428 environmental risk 420–9 EU 425
Kyoto Protocol 422–6 pollution control 422–3 responses to 422–9 US climate pact 423–4 goals 8–9
see alsoprocess goals/subgoals goods-in-transit risk 296–7
governanceseecorporate governance. . .
government
climate change 426–7 communication of risk 566 cultural change 566 handling risk 561–6 leadership 566 management 132–4 policy 397–8
public sector 109–12, 132–4 responsibilities 109–12, 561–2 roles 561–2
spending 400 uncertainty 561–6 Green Book126–7 Greenbury Report 23 Greenspan, Alan 77–8
gross domestic product (GDP) 395–6 gross profit margin 568
“group think” 72–4 growth of business 5–6
guidance on ethics management 372
Guide to Good Disclosure 2006, Canada 93–4 guides and reports list 113
Hampel Committee 23, 102–3 health and lifestyles 506 health and safety 375–90
AstraZeneca 378 benefits 376–8 best practice 389–90 business benefits 377–8 crisis management plans 389–90 definition of risk 375
ethics management 365 EU-OSHA 379–80 HSE 378–9 human error 382–8 human reliability 388–9 implementation 380–2 management approach 381 people risk 292
risk controls 381 scope of risk 376
workplace issues 381–2, 388–9 health and safety executive (HSE) 378–9 hedging risk 407–12
currency futures 410 currency hedging 410 currency risk 407–12 forward market hedges 408–9 fuel market hedges 409 leading and lagging 408 money market risk 410–11 netting 408
PPP 411–12
Vodaphone Group Plc 411–12
herd behaviour 72–4
Higgs Review 2003 24, 34, 104 HIH Insurance Ltd 86–8
accounting aspects 87–8 background 86–7 legal outcomes 88 role of auditor 88 trigger for collapse 87
Hillson risk maturity model 573–4 Holliwell risk categories 553 home improvements 505 homogeneity of products 473 Hopkinson risk maturity model 575 horizon scanning 131–2
Horwath Report 2002, Australia 88–9
House of Commons Treasury Committee inquiry 2009 30–2
house prices 405 housing surplus 67–8
HRM (human resource management) 276–7
HSE (health and safety executive) 378–9 human capital 592–3
human error 382–8
Chernobyl nuclear disaster 384–5 health and safety 382–8
Kegworth air disaster 385–6 Ladbroke Grove train disaster 387–8 Piper Alphaoil platform disaster 387 Tenerife air disaster 382–4
human resource management (HRM) 276–7 ICAM US air force program 137–9 ICOM codes, IDEFO 139
IDEFO (integration definition for function modelling) 138–9
identification of risk 159–83 imitable resources 587–8 imports 401
independent events 606–7 industry breakpoints 599–600 inflation 403–4
influence diagrams 190–1, 193 information, perfect 473–4
information technology (IT) 312–15, 549–52 governance 324–6
information assets 312, 314–15 intranets 312, 313
investment 326–9
management information systems 312, 313 project profile models 549–52
projects 324–30, 549–52 public sector 113–14 software applications 312–13 summary risk profiles 552 technological risk 312–15, 324–30
628 Index
information technology (IT) (Continued) telematics 312, 313–14
see alsocomputer/IT systems innovation 115–16
insider trading 364
Institute of Directors (IoD) 7 insurance 86–8, 255–6
Integrated Services Digital Network (ISDN) 317 integration definition for function modelling
(IDEFO) 138–9 Intel microprocessors 486–9 intellectual property 441–6
copyright 445–6 designs 446
knowledge management 301–2 legal risk 441–6
patents 441–5 interest cover ratio 570 interest rate risk 404–5 internal control 97–108
Cadbury Committee 102 CIPFA guidance 127–9 composition 97–8 Hampel Committee 102–3 Higgs Review 104 OECD 105
responsibility allocation 102–6 risk management 97–108
application of 98–9 benefits 100 context 106–7
corporate governance 98–9 embedding 107
ERM structure 13–14 risks 100–1
Smith Report 104–5
Turnbull Report 97–100, 103–4 internal influences 247–390 internal rate of return (IRR) 213 international trade 405–7 Internet Protocol (IP) 317 interviews 523–31
assignment methodology 528–9 change management 529 client focus 524
consultant appointments 523–31 first contact 523–4
past experiences 526 recruitment 282 seven Ss 527–8 short-listing 519 structured 175
sustainable change 529–30 unique selling points 524–6 intranets 312, 313
Investment Advisers Act 1940, US 45
investment appraisal 210–15 ARR 210–13
CBA 213–15 definition 210 evaluation 210 IRR 213 NPV 211–13 PP 211
risk evaluation 210–15 investment banking 75
Investment Company Act 1940, US 45 investment decisions 327, 349 investment expenditure 400 investment in IT 326–9
approving projects 329 decision-making process 327 defining/classifying projects 327 evaluating projects 327–9 funds available 326–7 identifying opportunities 327 monitoring/controlling projects 329 investment ratios 146, 570–1 investors 19–20, 70–1 IoD (Institute of Directors) 7 IP (Internet Protocol) 317 IRR (internal rate of return) 213
ISDN (Integrated Services Digital Network) 317 ITseeinformation technology
job analysis 281 job descriptions 281–2 job losses 66–7 JPMorgan Chase 493–4 Kegworth air disaster 385–6 Kirby Report 1998, Canada 91–2 knowledge 301–2, 473–4 Kozlowski, Dennis 47–50 Kyoto Protocol 1997 422–6 Ladbroke Grove train disaster 387–8 laggingseeleading and lagging Latin hypercube sampling 220 law
business 437–8 US securities 44–5
see alsolegal. . ., legislation leadership 348, 566
leading and lagging 408
legal context of ethics management 369–70 legal risk 392, 435–52
benefits of management 436 business law 437–8 companies 438–41 computer misuse 451–2 contracts 447–8
criminal liability 448–51 definition 435
employment law 447
implementation management 436 intellectual property 441–6 scope 435
legislation
employment 277–8, 447 maternity 278
SEC 42–4
US securities industry 44–5 see also individual legislation Lehman Brothers 73–4 lenders/lending 64, 72 lifestyles and attitudes 505–10
diet 506–7 drinking 507–8 family life 505–6 health 506
home improvements 505 recreation 509–10 smoking 507–8 stress levels 508–9 tourism 509–10 working hours 508 liquidity approaches 78–9 liquidity ratios 146, 569–70 liquidity risk 250, 251–3
current ratio 251–3
financial risk management 250, 251–3 mitigation 253
quick ratio 251–3 loans 48–9
London Stock Exchange (LSE) 36–7 loss indicators 295
LSE (London Stock Exchange) 36–7 macro influences 391–511
macroeconomics 394–6 macropolitical risks 454, 456
management information systems 312, 313 Management of Risk. . .(M_o_R) reports
2002 121–3 2007 132
Managing Risks to Improve Public Services report, 129–31, 132–4
manufacturing resource planning (MRP) 319, 323
market development 479–80 market penetration 477 market risk 392, 467–97
acquisitions 482–3
alternative strategic directions 476–82 benefits of management 470
competition 483–9 definition 467–8
distribution strength 490 implementation management 470 market structure 470–5
measurement 490–6 price elasticity 489–90 product life cycles 475–6 risk response 496 scope 468–70 sources of 469
strategic directions 476–82 uncertainty 469–70 VaR 490–6
market strategies 486–9 market structure 470–5
bargaining power 474–5 barriers to entry 471–3 buyers/suppliers 474–5 interrelationships 474–5 knowledge 473–4 market risk 470–5
number of firms in industry 471 products 473
marketing plans 155–6 Markets Act 2000 36 Markov chains 208–10 maternity legislation 278 Maxwell, Robert 22 mechatronics 319, 322 meeting commitments 295 memorandum of association 438–9 Mercedes car firm 481–2
micro influences 247–390 microchip market 486–9 microeconomics 394–5 micropolitical risk 455–6 minority interests 440 monetary policy 397–8 money laundering 361 money market risk 410–11 monitoring
IT projects 329 optimism bias 350 system of ethics 373
monitoring and review process 233–40 activities 236–9
controls 235–6 definition 234 goals/subgoals 234 inputs 235 mechanisms 236 outputs 235 PRM process 345
Monte Carlo simulation 218–20 benefits 219
correlations 219 percentiles 218–19
630 Index
Monte Carlo simulation (Continued) pharmaceutical example 220 risk evaluation 218–20 VaR 495
M_o_R reports 121–3, 132 mortgages 71
see alsosubprime mortgage model MRP (manufacturing resource planning) 319,
323
mutually exclusive events 215–16 NACD (National Association of Corporate
Directors) 55–6
NAO (National Audit Office) 112, 129–34
“narrow banking” 75
National Association of Corporate Directors (NACD) 55–6
National Audit Office (NAO) 112, 129–34 National Policy and Instrument, Canada 92–3 negative equity 65–7
net present value (NPV) 211–13 net profit margin 567
netting 408
NGT (nominal group technique) 175–6 Nokia Code of Conduct 370
nominal group technique (NGT) 175–6 Northern Rock Plc 32
NPV (net present value) 211–13
OECD (Organisation for Economic Co-operation and Development) 105, 359–60
Office of Government Commerce (OGC) 111–12
operating cash flow per share ratio 570 operating cash flows to maturing obligations
ratio 569
operating environment risks 391–511 operational research, control technology 319,
323–4
operational risk management 267–308 benefits 270
business continuity 304–5 change management 303–4 definition 268–9
external events 303–5 implementation 270 measurement 307 mitigation 307 outsourcing 305, 307 people risk 275–92 processes/systems 292–303 scope 269–70
strategy risk 270–5 opportunity
IT investment 327 risk identification 171–2
upside risk 6–7 see alsoSWOT analysis optimism bias 349–51, 613–20 Orange Book116–18, 131–2
assigning ownership 116–17 defining framework 116 embedding risk management 118 evaluation 117
gaining assurance 118 horizon scanning 131–2 response to risk 117 review 118 revisited 131–2 risk appetite 117 risk categories 554–6 risk identification 116 risk prompt list 163
Organisation for Economic Co-operation and Development (OECD) 105, 359–60 organisations
VRIO analysis 587–8 see alsocompanies Osborn, A.F. 174–5 outsourcing 305, 307
over-the-counter derivatives 264 ownership
copyright 446 risk 116–17, 341
P/E (price/earnings) ratio 571 Pareto analysis 193–4 patents 441–5
application for 442–3 criteria for 443 exclusions 443 infringements 444 registration 443–4 US 444–5
payback period (PP) 211 people risk 275–92
contracts 277 definition 275–6 discrimination 278 dismissals 279 employment law 277–8 health and safety 292 HRM practices 276–7 maternity 278
operational risk management 275–92 regulatory requirements 277–80 risk management 287–92
culture 288 evaluation 290–1
non-executive directors 291–2 systems 288–90
salaries 277
staff constraints 280–7 staff dishonesty 287
statutory requirements 277–80 taxonomy diagram 275 trade unions 279–80 types 276
whistleblowing 278–9 PepsiCo 480
percentiles 218–19
perfect knowledge/information 473–4 performance of projects 341
PEST analysis 148–9, 165, 583–5 Piper Alphaoil platform disaster 387 planning/plans
assignment implementation 542 business 150–1, 272
clients and change 515 continuity 305
health and safety 389–90 interviews 527
marketing 155–6 MRP 319, 323 proposals 533
PLCs (public limited companies) 35–6 policies
distribution 490 economic risk 397–8 ERM structure 15 international trade 406 UK fiscal 397, 460–1 political context
ethics management 370 see alsoPEST analysis political risk 392, 453–65 assessing factors 463–4 bargaining power 464 benefits of management 455 blackmail 461–2
business approaches 462–3 contracts 459
definition 454
European transition economies 459–60 implementation management 455 macropolitical 454, 456
micropolitical 455–6 pressure groups 461 prioritising factors 464 response to 462–4 scope 454–5 terrorism 461–2 UK fiscal policy 460–1
Zonis and Wilkin framework 457–9 pollution 420, 422–3
population movements 502–4 PP (payback period) 211
PPP (purchasing power parity) 411–12
presentations 545 pressure groups 461 price
CAPM 194 elasticity 489–90 misleading prices 450–1 P/E ratio 571
stability 483–4
price/earnings (P/E) ratio 571 Prius hybrid car, Toyota 428–9 privacy issues 365
PRMseeproject risk management probability 215–16, 601–9
basic concepts 215–16 Bayes’ theorem 607–9 conditional 603–6 dependent events 200 distributions 188, 220–1 impact matrix 189
independent events 200, 606–7 multiplication law 606
mutually exclusive events 215–16 objective probabilities 601 relationships 602–3 risk analysis 188–9
risk evaluation 200–1, 215–16, 220–1 subjective probabilities 601–2 trees 200–1
process activities business
analysis 171 objectives 149, 171 plans 150–1 CAPM analysis 194 causal analysis 190–2 change management 155
communication/consultation 244–5 compliance systems 156
context establishment 149–56 control 237–9
cross impact method 179 decision analysis 190–1, 193 Delphi technique 178–9 establishing processes 151–3 evaluation categories 195 examining the industry 151 execution aspects 236 expert opinion 220–1 external communication 245 facilitation 172–82
financial statements 153–4 implementation 180–2 influence diagrams 190–1, 193 Latin hypercube sampling 220 marketing plans 155–6 monitoring and review 236–9
632 Index
process activities (Continued) Pareto analysis 193–4 probability 215–16, 220–1 resources 155
risk analysis 189–95 risk appetite 226–8 risk evaluation 215–21 risk identification 171–82 risk response strategies 228–30 risk treatment 226–30 scenario analysis 176–8, 217 sensitivity analysis 216–17 simulation 217–20 systems dynamics 179 process controls/constraints
communication/consultation 244 context establishment 145 monitoring and review 235–6 risk analysis 188
risk evaluation 199 risk identification 162 risk treatment 225 process definitions
communication/consultation 242–3 context establishment 143 monitoring and review 234 risk analysis 186
risk evaluation 198 risk identification 160–1 risk treatment 224
process enablersseeprocess mechanisms process goals/subgoals
communication/consultation 242 context establishment 142 monitoring and review 234 risk analysis 186
risk evaluation 197–8 risk identification 159–60 risk treatment 223–4 process inputs
communication/consultation 243 context establishment 143–5 monitoring and review 235 risk analysis 186–8 risk evaluation 198 risk identification 161–2 risk treatment 224 process mapping 137 process mechanisms
buy-in to process 182
communication/consultation 244 context establishment 146–9 databases 168–9
decision trees 204–8 diagnostic 147–8
embedding difficulties 147
EMV 201–3
existing processes 148 financial ratios 146 gap analysis 163–4
investment appraisal 210–15 Markov chains 208–10 monitoring and review 236 PEST analysis 148–9, 165 probability 188–9, 200–1 RBS 169
risk analysis 188–9 risk checklist 163 risk evaluation 200–15 risk identification 163–70 risk prompt list 163 risk questionnaires 169 risk registers 170 risk taxonomy 164–7 risk treatment 225 SWOT analysis 148, 168 utility theory 203–5 process outputs
communication/consultation 243–4 context establishment 145 monitoring and review 235 risk analysis 188
risk evaluation 198–9 risk identification 162 risk treatment 224–5
processes and systems risk 292–303 computer/IT systems 297–301 continuity 294–5
controls 293–4 definition 293 indicators of loss 295
knowledge management 301–2 operational risk management 292–303 project management 302–3, 342–6 regulatory/statutory requirements 294 taxonomy diagram 293
transactions 295–7 production processes 295–6 products
development 477–9 diversity 473 life cycles 475–6 market structure 473 variation risk 296
profitability ratios 146, 567–8
project risk management (PRM) 333–54 awareness training 339
benefits 335–6 change processes 338
definition of management 334–5 definition of risk 334
director’s role 347