Simple Tools and Techniques for Enterprise Risk Management

Your business reputation can take years to build—and mere minutes to destroy The range of business threats is evolving rapidly but your organization can thrive and gain a competitive advantage with your business vision for enterprise risk management. Trends affecting markets—events in the global financial markets, changing technologies, environmental priorities, dependency on intellectual property—all underline how important it is to keep up to speed on the latest financial risk management practices and procedures. This popular book on enterprise risk management has been expanded and updated to include new themes and current trends for today's risk practitioner. It features up-to-date materials on new threats, lessons from the recent financial crisis, and how businesses need to protect themselves in terms of business interruption, security, project and reputational risk management. Project risk management is now a mature discipline with an international standard for its implementation. This book reinforces that project risk management needs to be systematic, but also that it must be embedded to become part of an organization's DNA. This book promotes techniques that will help you implement a methodical and broad approach to risk management. The author is a well-known expert and boasts a wealth of experience in project and enterprise risk management Easy-to-navigate structure breaks down the risk management process into stages to aid implementation Examines the external influences that bring sources of business risk that are beyond your control Provides a handy chapter with tips for commissioning consultants for business risk management services It is a business imperative to have a clear vision for risk management. Simple Tools and Techniques for Enterprise Risk Management, Second Edition shows you the way.

Table of Contents:
List of Figures xxvii Preface to the Second Edition xxxi Acknowledgements xxxv About the Author xxxvii Part I Enterprise Risk Management In Context 1 1 Introduction 3 1.1 Risk Diversity 4 1.2 Approach to Risk Management 5 1.3 Business Growth Through Risk Taking 5 1.4 Risk and Opportunity 6 1.5 The Role of the Board 7 1.6 Primary Business Objective (or Goal) 8 1.7 What is Enterprise Risk Management? 9 1.8 Benefits of Enterprise Risk Management 10 1.9 Structure 12 1.9.1 Corporate Governance 12 1.9.2 Internal Control 13 1.9.3 Implementation 14 1.9.4 Risk Management Framework 14 1.9.5 Risk Management Policy 15 1.9.6 Risk Management Process 15 1.9.7 Sources of Risk 16 1.10 Summary 16 1.11 References 16 2 Developments in Corporate Governance in the UK 19 2.1 Investor Unrest 19 2.2 The Problem of Agency 20 2.3 The Cadbury Committee 21 2.4 The Greenbury Report 23 2.5 The Hampel Committee and the Combined Code of 1998 23 2.6 Smith Guidance on Audit Committees 23 2.7 Higgs 24 2.8 Tyson 24 2.9 Combined Code on Corporate Governance 2003 25 2.10 Companies Act 2006 26 2.11 Combined Code on Corporate Governance 2008 26 2.12 Sir David Walker’s Review of Corporate Governance, July 2009 (Consultation Paper) 27 2.13 Sir David Walker’s Review of Corporate Governance, November 2009 (Final Recommendation) 29 2.14 House of Commons Treasury Committee 2009 30 2.15 UK Corporate Governance Code, June 2010 32 2.16 The “Comply or Explain” Regime 34 2.17 Definition of Corporate Governance 34 2.18 Formation of Companies 35 2.19 The Financial Services Authority and Markets Act 2000 36 2.20 The London Stock Exchange 36 2.21 Summary 37 2.22 References 38 3 Developments in Corporate Governance in the US 41 3.1 Corporate Governance 41 3.2 The Securities and Exchange Commission 42 3.2.1 Creation of the SEC 42 3.2.2 Organisation of the SEC 43 3.3 The Laws That Govern the Securities Industry 44 3.3.1 Securities Act 1933 44 3.3.2 Securities Exchange Act 1934 44 3.3.3 Trust Indenture Act 1939 45 3.3.4 Investment Company Act 1940 45 3.3.5 Investment Advisers Act 1940 45 3.4 Catalysts for the Sarbanes-Oxley Act 2002 45 3.4.1 Enron 46 3.4.2 WorldCom 47 3.4.3 Tyco International 47 3.4.4 Provisions of the Act 50 3.4.5 Implementation 52 3.4.6 Sarbanes-Oxley Section 404 52 3.4.7 The Positive Effects of Post-Enron Reforms 52 3.4.8 Criticism of Section 404 Before the Global Financial Crisis 54 3.4.9 Criticism of Section 404 After the Global Financial Crisis 54 3.5 National Association of Corporate Directors 2008 55 3.6 Summary 56 3.7 References 57 4 The Global Financial Crisis of 2007–2009: A US Perspective 59 4.1 The Financial Crisis in Summary 59 4.2 How the Financial Crisis Unfolded 60 4.3 The United States Mortgage Finance Industry 61 4.4 Subprime Model of Mortgage Lending 61 4.4.1 Contributing Events to the Credit Crisis 61 4.4.2 Foreclosures 63 4.4.3 Negative Equity 65 4.4.4 Housing Surplus 67 4.4.5 Vicious Circles 68 4.5 Why this Crisis Warrants Close Scrutiny 68 4.6 Behaviours 70 4.6.1 Investor Behaviour in the Search for Yield 70 4.6.2 Mortgage Lending Behaviour 71 4.6.3 Bank Behaviour and Risk Transfer through Securitised Credit 71 4.6.4 “Group Think” and Herd Behaviour 72 4.6.5 Banks’ Behaviour and Risk Appetite 74 4.6.6 Behaviour of Regulators and the Division of “Narrow Banking” from Investment Banking 75 4.6.7 Banks’ Behaviour and Misplaced Reliance of Sophisticated Mathematics and Statistics 75 4.7 Worldwide Deficiencies in Risk Management 76 4.8 Federal Reform 76 4.9 Systemic Risk 79 4.10 The Future of Risk Management 81 4.11 Summary 82 4.12 References 82 5 Developments in Corporate Governance in Australia and Canada 85 5.1 Australian Corporate Governance 85 5.1.1 Regulation Arising from Corporate Failures 85 5.1.2 Corporate Governance Reforms Following the Accounting Scandals of the Early 2000s 86 5.1.3 Horwath 2002 Corporate Governance Report 88 5.1.4 The ASX Corporate Governance Council 89 5.1.5 Financial Statements 90 5.2 Canada 90 5.2.1 Dey Report 90 5.2.2 Dey Revisited 91 5.2.3 Kirby Report 91 5.2.4 Saucier Committee 92 5.2.5 National Policy and Instrument (April 2005) 92 5.2.6 TSE Corporate Governance: Guide to Good Disclosure 2006 93 5.3 Summary 94 5.4 References 94 6 Internal Control and Risk Management 97 6.1 The Composition of Internal Control 97 6.2 Risk as a Subset of Internal Control 98 6.2.1 The Application of Risk Management 98 6.3 Allocation of Responsibility 102 6.3.1 Cadbury Committee 102 6.3.2 Hampel Committee 102 6.3.3 Turnbull 103 6.3.4 Higgs Review 104 6.3.5 Smith Review 104 6.3.6 OECD 105 6.4 The Context of Internal Control and Risk Management 106 6.5 Internal Control and Risk Management 107 6.6 Embedding Internal Control and Risk Management 107 6.7 Summary 107 6.8 References 108 7 Developments in Risk Management in the UK Public Sector 109 7.1 Responsibility for Risk Management in Government 109 7.1.1 Cabinet Office 110 7.1.2 Treasury 111 7.1.3 Office of Government Commerce 111 7.1.4 National Audit Office 112 7.2 Risk Management Publications 112 7.3 Successful IT 113 7.4 Supporting Innovation 115 7.4.1 Part 1: Why Risk Management is Important 115 7.4.2 Part 2: Comprehension of Risk Management 115 7.4.3 Part 3: What More Needs to be Done to Improve Risk Management 115 7.5 The Orange Book 116 7.5.1 Identify the Risks and Define a Framework 116 7.5.2 Assign Ownership 116 7.5.3 Evaluate 117 7.5.4 Assess Risk Appetite 117 7.5.5 Response to Risk 117 7.5.6 Gain Assurance 118 7.5.7 Embed and Review 118 7.6 Audit Commission 118 7.7 CIPFA/SOLACE Corporate Governance 120 7.8 M_o_R 2002 121 7.9 DEFRA 123 7.9.1 Risk Management Strategy 123 7.10 Strategy Unit Report 124 7.11 Risk and Value Management 125 7.12 The Green Book 126 7.12.1 Optimism Bias 126 7.12.2 Annex 4 127 7.13 CIPFA Guidance on Internal Control 127 7.14 Managing Risks to Improve Public Services 129 7.15 The Orange Book (Revised) 131 7.16 M_o_R 2007 132 7.17 Managing Risks in Government 132 7.18 Summary 134 7.19 References 136 Part II The Risk Management Process 137 References 139 8 Establishing the Context: Stage 1 141 8.1 Process 141 8.2 Process Goal and Subgoals 142 8.3 Process Definition 143 8.4 Process Inputs 143 8.5 Process Outputs 145 8.6 Process Controls (Constraints) 145 8.7 Process Mechanisms (Enablers) 146 8.7.1 Ratios 146 8.7.2 Risk Management Process Diagnostic 147 8.7.3 SWOT Analysis 148 8.7.4 PEST Analysis 148 8.8 Process Activities 149 8.8.1 Business Objectives 149 8.8.2 Business Plan 150 8.8.3 Examining the Industry 151 8.8.4 Establishing the Processes 151 8.8.5 Projected Financial Statements 153 8.8.6 Resources 155 8.8.7 Change Management 155 8.8.8 Marketing Plan 155 8.8.9 Compliance Systems 156 8.9 Summary 156 8.10 References 156 9 Risk Identification: Stage 2 159 9.1 Process 159 9.2 Process Goal and Subgoals 159 9.3 Process Definition 160 9.4 Process Inputs 161 9.5 Process Outputs 162 9.6 Process Controls (Constraints) 162 9.7 Process Mechanisms (Enablers) 163 9.7.1 Risk Checklist 163 9.7.2 Risk Prompt List 163 9.7.3 Gap Analysis 163 9.7.4 Risk Taxonomy 164 9.7.5 PEST Prompt 165 9.7.6 SWOT Prompt 168 9.7.7 Database 168 9.7.8 Business Risk Breakdown Structure 169 9.7.9 Risk Questionnaire 169 9.7.10 Risk Register Content/Structure 170 9.8 Process Activities 171 9.8.1 Clarifying the Business Objectives 171 9.8.2 Reviewing the Business Analysis 171 9.8.3 Need for Risk and Opportunity Identification 171 9.8.4 Risk and Opportunity Identification 172 9.8.5 Facilitation 172 9.8.6 Gaining a Consensus on the Risks, the Opportunities and their Interdependencies 182 9.8.7 Risk Register 182 9.9 Summary 182 9.10 References 182 10 Risk Analysis: Stage 3 185 10.1 Process 185 10.2 Process Goal and Subgoals 186 10.3 Process Definition 186 10.4 Process Inputs 186 10.5 Process Outputs 188 10.6 Process Controls (Constraints) 188 10.7 Process Mechanisms (Enablers) 188 10.7.1 Probability 188 10.8 Process Activities 189 10.8.1 Causal Analysis 190 10.8.2 Decision Analysis and Influence Diagrams 190 10.8.3 Pareto Analysis 193 10.8.4 CAPM Analysis 194 10.8.5 Define Risk Evaluation Categories and Values 195 10.9 Summary 195 10.10 References 196 11 Risk Evaluation: Stage 4 197 11.1 Process 197 11.2 Process Goal and Subgoals 197 11.3 Process Definition 198 11.4 Process Inputs 198 11.5 Process Outputs 198 11.6 Process Controls (Constraints) 199 11.7 Process Mechanisms (Enablers) 200 11.7.1 Probability Trees 200 11.7.2 Expected Monetary Value 201 11.7.3 Utility Theory and Functions 203 11.7.4 Decision Trees 204 11.7.5 Markov Chain 208 11.7.6 Investment Appraisal 210 11.8 Process Activities 215 11.8.1 Basic Concepts of Probability 215 11.8.2 Sensitivity Analysis 216 11.8.3 Scenario Analysis 217 11.8.4 Simulation 217 11.8.5 Monte Carlo Simulation 218 11.8.6 Latin Hypercube 220 11.8.7 Probability Distributions Defined from Expert Opinion 220 11.9 Summary 221 11.10 References 222 12 Risk Treatment: Stage 5 223 12.1 Process 223 12.2 Process Goal and Subgoals 223 12.3 Process Definition 224 12.4 Process Inputs 224 12.5 Process Outputs 224 12.6 Process Controls (Constraints) 225 12.7 Process Mechanisms 225 12.8 Process Activities 226 12.9 Risk Appetite 226 12.10 Risk Response Strategies 228 12.10.1 Risk Reduction 228 12.10.2 Risk Removal 228 12.10.3 Risk Reassignment or Transfer 229 12.10.4 Risk Retention 230 12.11 Summary 230 12.12 References 231 13 Monitoring and Review: Stage 6 233 13.1 Process 233 13.2 Process Goal and Subgoals 234 13.3 Process Definition 234 13.4 Process Inputs 235 13.5 Process Outputs 235 13.6 Process Controls (Constraints) 235 13.7 Process Mechanisms 236 13.8 Process Activities 236 13.8.1 Executing 236 13.8.2 Monitoring 236 13.8.3 Controlling 237 13.9 Summary 239 13.10 Reference 240 14 Communication and Consultation: Stage 7 241 14.1 Process 241 14.2 Process Goal and Subgoals 242 14.3 Process Definition 242 14.4 Process Inputs 243 14.5 Process Outputs 243 14.6 Process Controls (Constraints) 244 14.7 Process Mechanisms 244 14.8 Process Activities 244 14.9 Internal Communication 245 14.10 External Communication 245 14.11 Summary 245 14.12 Reference 246 Part III Internal Influences – Micro Factors 247 15 Financial Risk Management 249 15.1 Definition of Financial Risk 249 15.2 Scope of Financial Risk 250 15.3 Benefits of Financial Risk Management 250 15.4 Implementation of Financial Risk Management 251 15.5 Liquidity Risk 251 15.5.1 Current and Quick Ratios 251 15.5.2 Mitigation of Liquidity Risk 253 15.6 Credit Risk 253 15.6.1 Default Risk 253 15.6.2 Exposure Risk 254 15.6.3 Recovery Risk 254 15.6.4 Credit Insurance 255 15.6.5 Counterparty Risk 256 15.6.6 Due Diligence 256 15.7 Borrowing 259 15.8 Currency Risk 259 15.9 Funding Risk 260 15.10 Foreign Investment Risk 262 15.10.1 Country Risk 262 15.10.2 Environment Risk 263 15.11 Derivatives 263 15.11.1 Exchange Traded Derivatives 263 15.11.2 Over-the-Counter Derivatives 264 15.12 Summary 264 15.13 References 265 16 Operational Risk Management 267 16.1 Definition of Operational Risk 268 16.2 Scope of Operational Risk 269 16.3 Benefits of Operational Risk 270 16.4 Implementation of Operational Risk 270 16.5 Strategy 270 16.5.1 Definition of Strategy Risk 270 16.5.2 Objectives 271 16.5.3 Business Plan 272 16.5.4 New Business Development 272 16.5.5 Resources 273 16.5.6 Stakeholder Interests 273 16.5.7 Corporate Experience 274 16.5.8 Reputation 274 16.6 People 275 16.6.1 Definition of People Risk 275 16.6.2 Types of People Risk 276 16.6.3 Human Resource Management Practices 276 16.6.4 Ability to Pay Salaries 277 16.6.5 Regulatory and Statutory Requirements 277 16.6.6 Staff Constraints 280 16.6.7 Staff Dishonesty 287 16.6.8 Risk Management 287 16.6.9 Health and Safety 292 16.7 Processes and Systems 292 16.7.1 Definition of Processes and Systems Risk 293 16.7.2 Controls 293 16.7.3 Regulatory and Statutory Requirements 294 16.7.4 Continuity 294 16.7.5 Indicators of Loss 295 16.7.6 Transactions 295 16.7.7 Computer/IT Systems 297 16.7.8 Knowledge Management 301 16.7.9 Project Management 302 16.8 External Events 303 16.8.1 Change Management 303 16.8.2 Business Continuity 304 16.9 Outsourcing 305 16.10 Measurement 307 16.11 Mitigation 307 16.12 Summary 307 16.13 References 308 17 Technological Risk Management 309 17.1 Definition of Technology Risk 310 17.2 Scope of Technology Risk 310 17.3 Benefits of Technology Risk Management 311 17.4 Implementation of Technology Risk Management 311 17.5 Primary Technology Types 312 17.5.1 Information Technology 312 17.5.2 Communications Technology 315 17.5.3 Control Technology 319 17.6 Responding to Technology Risk 324 17.6.1 IT Governance 324 17.6.2 Investment 326 17.6.3 Projects 329 17.7 Summary 330 17.8 References 331 18 Project Risk Management 333 18.1 Definition of Project Risk 334 18.2 Definition of Project Risk Management 334 18.3 Sources of Project Risk 335 18.4 Benefits of Project Risk Management 335 18.5 Embedding Project Risk Management 336 18.5.1 Common Challenges in Implementing Project Risk Management 336 18.5.2 Lack of Clearly Defined and Disseminated Risk Management Objectives 337 18.5.3 Lack of Senior Executive and Project Director Commitment and Support 337 18.5.4 Lack of a Risk Maturity Model 337 18.5.5 Lack of a Change Process to Implement the Discipline 338 18.5.6 No Common Risk Language (Terms and Definitions) 338 18.5.7 Lack of Articulation of the Project Sponsor’s Risk Appetite 338 18.5.8 No Definition of Roles and Responsibilities 339 18.5.9 Lack of Risk Management Awareness Training to Build Core Competencies 339 18.5.10 Lack of Integration of Risk Management with Other Project Disciplines 340 18.5.11 Reticence of Project Personnel to Spend Time on Risk Management 340 18.5.12 Risk Owners not Automatically Taking Responsibility for Assigned Risks 341 18.5.13 No Clear Demonstration of How Risk Management Adds Value and Contributes to Project Performance 341 18.5.14 Overcomplicated Implementation from an Unclear Risk Policy, Strategy, Framework, Plan and Procedure 341 18.5.15 Lack of Alignment between the Business Strategy, Business Model and the Risk Management Objectives 341 18.5.16 Lack of the Integration of Risk Management Activities into the Day-to-Day Activities of Project Managers 342 18.6 Project Risk Management Process 342 18.6.1 Establish the Context 342 18.6.2 Risk Identification 344 18.6.3 Risk Analysis 344 18.6.4 Risk Evaluation 345 18.6.5 Risk Treatment 345 18.6.6 Risk Monitoring and Review 345 18.6.7 Communication and Consultation 346 18.7 Responsibility for Project Risk Management 346 18.8 Project Director’s Role 347 18.9 Project Team 347 18.9.1 Lack of Team Structure 347 18.9.2 Lack of Definition of Roles 348 18.9.3 Lack of Responsibility Assignment Matrix 348 18.9.4 Poor Leadership 348 18.9.5 Poor Team Communication 348 18.10 Optimism Bias 349 18.10.1 The Investment Decision 349 18.10.2 Optimism Bias 350 18.10.3 Monitoring 350 18.10.4 Using Numerical Indicators in Project Decision Making 350 18.10.5 Causes of Optimism Bias 351 18.10.6 The Distinction between Risk Events and Optimism Bias 351 18.11 Software Tools Used to Support Project Risk Management 351 18.12 Techniques Used to Support Project Risk Management 352 18.13 Summary 352 18.14 References 354 19 Business Ethics Management 355 19.1 Definition of Business Ethics Risk 355 19.2 Scope of Business Ethics Risk 356 19.3 Benefits of Ethics Risk Management 357 19.4 How Unethical Behaviour can Arise 357 19.5 Recognition of the Need for Business Ethics 358 19.5.1 US Department of Commerce 358 19.5.2 The G8 Summit in Italy Pushes for a Return to “Ethics” 359 19.5.3 OECD and Its Approach to Business Ethics 359 19.5.4 UK Financial Services Authority 360 19.5.5 US Department of Justice 360 19.6 Factors that Affect Business Ethics 361 19.7 Risk Events 361 19.8 Implementation of Ethical Risk Management 365 19.8.1 Areas of Focus 365 19.8.2 Levels of Application 366 19.8.3 The System 368 19.9 Summary 374 19.10 References 374 20 Health and Safety Management 375 20.1 Definition of Health and Safety Risk 375 20.2 Scope of Health and Safety Risk 376 20.3 Benefits of Health and Safety Risk Management 376 20.3.1 Business Benefits 377 20.3.2 The Enterprise Context: AstraZeneca 378 20.4 The UK Health and Safety Executive 378 20.4.1 The UK Perspective: Health and Safety Record 379 20.5 The European Agency for Safety and Health at Work 379 20.5.1 Main Challenges Concerning Health and Safety at Work 380 20.6 Implementation of Health and Safety Risk Management 380 20.6.1 Management Arrangements 381 20.6.2 Risk Controls 381 20.6.3 Workplace Precautions 381 20.6.4 System Implementation 382 20.7 Workplace Precautions 382 20.8 Contribution of Human Error to Major Disasters 382 20.8.1 Tenerife, 27 March 1977 382 20.8.2 Chernobyl, 26 April 1986 384 20.8.3 Kegworth, 8 January 1989 385 20.8.4 Herald of Free Enterprise, 6 March 1987 386 20.8.5 Piper Alpha, 6 July 1988 387 20.8.6 Ladbroke Grove, 5 October 1999 387 20.9 Improving Human Reliability in the Workplace 388 20.10 Risk Management Best Practice 389 20.10.1 Crisis Management Plan 389 20.11 Summary 390 20.12 References 390 Part Iv External Influences – Macro Factors 391 21 Economic Risk 393 21.1 Definition of Economic Risk 393 21.2 Scope of Economic Risk 393 21.3 Benefits of Economic Risk Management 394 21.4 Implementation of Economic Risk Management 394 21.5 Microeconomics and Macroeconomics 394 21.6 Macroeconomics 395 21.6.1 Gross Domestic Product 395 21.7 Government Policy 397 21.7.1 Fiscal Policy 397 21.7.2 Monetary Policy 397 21.7.3 Competing Theories 398 21.8 Aggregate Demand 398 21.8.1 Using Aggregate Demand Curves 399 21.8.2 Determinants of Consumer Spending 399 21.8.3 Determinants of Investment Expenditure 400 21.8.4 Determinants of Government Spending 400 21.8.5 Determinants of Net Expenditure on Exports and Imports 401 21.9 Aggregate Supply 401 21.10 Employment Levels 403 21.11 Inflation 403 21.12 Interest Rate Risk 404 21.13 House Prices 405 21.14 International Trade and Protection 405 21.14.1 Trade 405 21.14.2 Methods of Protectionism 406 21.14.3 Trade Policy 406 21.14.4 Balance of Trade 406 21.15 Currency Risk 407 21.15.1 Risk Mitigation by Hedging 407 21.16 Summary 412 21.17 References 412 22 Environmental Risk 413 22.1 Definition of Environmental Risk 413 22.2 Scope of Environmental Risk 415 22.3 Benefits of Environmental Risk Management 415 22.4 Implementation of Environmental Risk Management 415 22.5 Energy Sources 416 22.5.1 Renewable Energy 417 22.6 Use of Resources 419 22.7 Pollution 420 22.8 Global Warming 420 22.9 Response to Global Warming 422 22.9.1 Earth Summit 422 22.9.2 The Kyoto Protocol 422 22.9.3 Pollution Control Targets 422 22.9.4 Sufficiency of Emission Cuts 423 22.9.5 US Climate Pact 423 22.9.6 The Copenhagen Accord 424 22.9.7 European Union 425 22.9.8 Cancún Agreements 425 22.9.9 Domestic Government Response to Climate Change 426 22.9.10 Levy 427 22.9.11 Emissions Trading 428 22.9.12 Impact on Business 428 22.10 Stimulation to Environmental Considerations 429 22.10.1 FTSE4Good Index 429 22.10.2 Carbon Trust 429 22.10.3 Public Pressure 430 22.11 Environmental Sustainability 431 22.12 Summary 432 22.13 References 433 23 Legal Risk 435 23.1 Definition of Legal Risk 435 23.2 Scope of Legal Risk 435 23.3 Benefits of Legal Risk Management 436 23.4 Implementation of Legal Risk Management 436 23.5 Business Law 437 23.6 Companies 438 23.6.1 The Company Name 438 23.6.2 The Memorandum of Association 438 23.6.3 Articles of Association 439 23.6.4 Financing the Company 439 23.6.5 The Issue of Shares and Debentures 440 23.6.6 The Official Listing of Securities 440 23.6.7 The Remedy of Rescission 440 23.6.8 Protection of Minority Interests 440 23.6.9 Duties of Directors 441 23.7 Intellectual Property 441 23.7.1 Patents 441 23.7.2 Copyright 445 23.7.3 Designs 446 23.8 Employment Law 447 23.9 Contracts 447 23.9.1 Essentials of a Valid Contract 447 23.9.2 Types of Contract 447 23.10 Criminal Liability in Business 448 23.10.1 Misdescriptions of Goods and Services 448 23.10.2 Misleading Price Indications 449 23.10.3 Product Safety 450 23.11 Computer Misuse 451 23.11.1 Unauthorised Access to Computer Material 451 23.11.2 Unauthorised Access with Intent to Commit or Facilitate Further Offences 451 23.11.3 Unauthorised Modification of Computer Material 451 23.12 Summary 452 24 Political Risk 453 24.1 Definition of Political Risk 454 24.2 Scope of Political Risk 454 24.2.1 Macropolitical Risks 454 24.2.2 Micropolitical Risks 455 24.3 Benefits of Political Risk Management 455 24.4 Implementation of Political Risk Management 455 24.5 Zonis and Wilkin Political Risk Framework 457 24.6 Contracts 459 24.7 Transition Economies of Europe 459 24.8 UK Government Fiscal Policy 460 24.9 Pressure Groups 461 24.10 Terrorism and Blackmail 461 24.11 Responding to Political Risk 462 24.11.1 Assessing Political Risk Factors 463 24.11.2 Prioritising Political Risk Factors 464 24.11.3 Improving Relative Bargaining Power 464 24.12 Summary 464 24.13 References 465 25 Market Risk 467 25.1 Definition of Market Risk 467 25.2 Scope of Market Risk 468 25.2.1 Levels of Uncertainty in the Marketing Environment 469 25.3 Benefits of Market Risk Management 470 25.4 Implementation of Market Risk Management 470 25.5 Market Structure 470 25.5.1 The Number of Firms in an Industry 471 25.5.2 Barriers to Entry 471 25.5.3 Product Homogeneity, Product Diversity and Branding 473 25.5.4 Knowledge 473 25.5.5 Interrelationships within Markets 474 25.6 Product Life Cycle Stage 475 25.6.1 Sales Growth 476 25.7 Alternative Strategic Directions 476 25.7.1 Market Penetration 477 25.7.2 Product Development 477 25.7.3 Market Development 479 25.7.4 Diversification 481 25.8 Acquisition 482 25.9 Competition 483 25.9.1 Price Stability 483 25.9.2 Non-Price Competition 484 25.9.3 Branding 485 25.9.4 Market Strategies 486 25.10 Price Elasticity/Sensitivity 489 25.10.1 Elasticity 489 25.10.2 Price Elasticity 489 25.11 Distribution Strength 490 25.12 Market Risk Measurement: Value at Risk 490 25.12.1 Definition of Value at Risk 490 25.12.2 Value at Risk 490 25.12.3 VaR Model Assumptions 491 25.12.4 Use of VaR to Limit Risk 493 25.12.5 Calculating Value at Risk 494 25.13 Risk Response Planning 496 25.14 Summary 496 25.15 References 497 26 Social Risk 499 26.1 Definition of Social Risk 499 26.2 Scope of Social Risk 500 26.3 Benefits of Social Risk Management 500 26.4 Implementation of Social Risk Management 501 26.5 Education 501 26.6 Population Movements: Demographic Changes 502 26.6.1 The Changing Market 503 26.7 Socio-Cultural Patterns and Trends 504 26.8 Crime 504 26.8.1 Key Facts 504 26.9 Lifestyles and Social Attitudes 505 26.9.1 More Home Improvements 505 26.9.2 Motherhood, Marriage and Family Formation 505 26.9.3 Health 506 26.9.4 Less Healthy Diets 507 26.9.5 Smoking and Drinking 508 26.9.6 Long Working Hours 509 26.9.7 Stress Levels 509 26.9.8 Recreation and Tourism 510 26.10 Summary 510 26.11 References 511 Part V The Appointment 513 27 Introduction 515 27.1 Change Process From the Client Perspective 515 27.1.1 Planning 515 27.1.2 Timely Information 516 27.1.3 Risk Management Resources 516 27.2 Selection of Consultants 517 27.2.1 Objectives 517 27.2.2 The Brief 517 27.2.3 Describing Activity Interfaces 517 27.2.4 Appointment Process Management 518 27.2.5 The Long-Listing Process 518 27.2.6 Short-List Selection Criteria 519 27.2.7 Request for a Short-Listing Interview 519 27.2.8 Compilation of Short List 519 27.2.9 Prepare an Exclusion Notification 520 27.2.10 Prepare Tender Documents 520 27.2.11 Agreement to be Issued with the Tender Invitation 521 27.2.12 Tender Process 521 27.2.13 Award 521 27.2.14 Notification to Unsuccessful Tenderers 522 27.3 Summary 522 27.4 Reference 522 28 Interview with the Client 523 28.1 First Impressions/Contact 523 28.2 Client Focus 524 28.3 Unique Selling Point 524 28.4 Past Experiences 526 28.5 Client Interview 527 28.5.1 Scene/Overview 527 28.5.2 Situation/Context 527 28.5.3 Scheme/Plan of Action 527 28.5.4 Solution Implementation 528 28.5.5 Success, Measurement of 528 28.5.6 Secure/Continue 528 28.5.7 Stop/Close 528 28.6 Assignment Methodology 528 28.7 Change Management 529 28.8 Sustainable Change 529 28.9 Summary 530 28.10 References 531 29 Proposal 533 29.1 Introduction 533 29.2 Proposal Preparation 533 29.2.1 Planning 533 29.2.2 Preliminary Review 534 29.3 Proposal Writing 534 29.3.1 Task Management 534 29.3.2 Copying Text 534 29.3.3 Master Copy 534 29.3.4 Peer Review 534 29.4 Approach 535 29.5 Proposal 535 29.5.1 Identify the Parties – the Who 535 29.5.2 Identify the Location – the Where 537 29.5.3 Understand the Project Background – the What 537 29.5.4 Define the Scope – the Which 537 29.5.5 Clarify the Objectives – the Why 537 29.5.6 Determine the Approach – the How 538 29.5.7 Determine the Timing – the When 538 29.6 Client Responsibilities 538 29.7 Remuneration 539 29.8 Summary 539 29.9 References 539 30 Implementation 541 30.1 Written Statement of Project Implementation 541 30.2 Management 541 30.2.1 Objectives 541 30.2.2 Planning the Project 542 30.2.3 Consultant Team Composition 543 30.2.4 Interface with Stakeholders 543 30.2.5 Data Gathering 543 30.2.6 Budget 544 30.2.7 Assessment of Risk 544 30.2.8 Deliverables 544 30.2.9 Presentation of the Findings 545 30.2.10 Key Factors for Successful Implementation 545 30.3 Customer Delight 548 30.4 Summary 548 30.5 References 548 Appendix 1: Successful IT: Modernising Government in Action 549 Appendix 2: Sources of Risk 553 Appendix 3: DEFRA Risk Management Strategy 557 Appendix 4: Risk: Improving Government’s Capability to Handle Risk and Uncertainty 561 Appendix 5: Financial Ratios 567 Appendix 6: Risk Maturity Models 573 Appendix 7: SWOT Analysis 579 Appendix 8: PEST Analysis 583 Appendix 9: VRIO Analysis 587 Appendix 10: Value Chain Analysis 589 Appendix 11: Resource Audit 591 Appendix 12: Change Management 595 Appendix 13: Industry Breakpoints 599 Appendix 14: Probability 601 Appendix 15: Value at Risk 611 Appendix 16: Optimism Bias 613 Index 621

About the Author :
About the author ROBERT J. CHAPMAN is the Director of Risk Management in the Middle East for AECOM, a publicly traded company on the New York Stock Exchange, and listed on the Fortune 500 as one of America's largest companies. Prior to this he held the position of Director of Risk Management at a number of European companies and has provided risk management consultancy services in Holland, Ireland, South Africa, Qatar, England and the UAE to companies within the pharmaceutical, aviation, marine, rail, broadcast, heritage, health, education, manufacturing, water, sport, oil and gas, property development, construction and media sectors. He was made a Fellow of both the Institute of Risk Management (UK) and the Association for Project Management (UK) for his contribution to the development of the discipline of risk management. He has provided guidance to the Chartered Institute of Accountants in England and Wales in the form of a risk management handbook and was a co-author of Management of Risk: Guidance for Practitioners published by the Office of Government Commerce and Managing Business Risk published by Kogan Page. He has had articles on the subject of risk management published in three languages and has a PhD in risk management.