Practical Enterprise Risk Management: A Business Process Approach -- Contents -- Preface -- Acknowledgments -- Chapter 1: Corporate Governance: A Gut Check -- THE GREAT SOX FALLACY -- THE VISION-CHALLENGED LEADING THE EVEN-MORE-VISION-CHALLENGED -- GOING BACK TO THE FUTURE? HOW NOT TO RUN IT -- SYSTEMIC FAILURE: CRITICAL SHORTCOMINGS OF APPLICATION SYSTEMS IMPLEMENTATION -- WHAT IS GRC ANYWAY? -- ARE YOU CUBIN'? -- Chapter 2: What ERM Is and What It Is Not -- DON'T BE MISLED: WHAT ERM IS NOT -- KEY QUALITIES OF AN EFFECTIVE ERM -- PRIMARY COMPONENTS OF RISK ASSESSMENT -- NEED FOR A BRAIN (BUSINESS RISK ASSESSMENT INFORMATION NETWORK) -- PROCESS OF CREATING A BRAIN -- Chapter 3: Understanding What the Business Is -- DEFINING THE BUSINESS -- A BANKING EXAMPLE -- ANSWERING THE KEY QUESTION: WHAT IS THE BUSINESS? -- DETERMINING THE CORE BUSINESS PROCESSES -- SETTING THE STRUCTURE: CREATING A PHYSICAL MAP -- A MEDICAL EXAMPLE: A HEALTHCARE SYSTEM -- IMPACT ANALYSIS -- Chapter 4: Defining What True Business Risk Is -- IT'S ABOUT THE OUTCOME, STUPID! -- RISK NEVER LIVES ALONE -- DEFINING BASELINE CATEGORIES OF BUSINESS RISK -- EVALUATING ALL OF THE POSSIBILITIES: THE RISK UNIVERSE -- USING THE BUSINESS STRUCTURE TO DRIVE THE RISKS -- DISTRIBUTED RISK ASSESSMENT AND MANAGEMENT (DRAM) -- Chapter 5: Objectively Defining Risk -- DEFINING RISK IN THE CONTEXT OF THE BUSINESS -- USING THE BUSINESS-DEFINED DATA STRUCTURE -- WHY USE DATA TO DEFINE RISK? THE THREE ATTRIBUTES -- DATA-CENTRIC ERM (DCERM) -- MULTI-DIMENSIONAL RISK ASSESSMENT -- Chapter 6: Building a Fluid/Dynamic Risk Model -- THE MODEL AND WHY IT IS NECESSARY -- MOVING FROM REACTIVE TO PROACTIVE RISK MANAGEMENT -- OUTCOME/RAW (OR) DATA AND WHY IT IS CRITICAL -- KRIs NOT KPIs -- OPTIONS ON HOW TO DRIVE THE MODEL -- DASHBOARD INDICATORS -- KEY EARLY WARNING INDICATORS.

DETERMINING THE KEY RISK INDICATORS -- UNIVERSAL RISK INDICATORS -- FINANCIAL, OPERATIONAL, REGULATORY, AND TECHNOLOGICAL KRIs -- Chapter 7: Top-Down Risk Assessment: Evolving the Fluid ERM Environment-A Step-by-Step Approach -- BUILDING ERM ONE STEP AT A TIME -- MAPPING THE PHYSICAL STRUCTURE OF THE ENTERPRISE -- DEFINING THE BUSINESS RISKS OF THE ENTERPRISE: UTILIZING KEY OUTCOMES -- DEVELOPING KRIs FOR ASSESSING RISK FOR THE ENTIRE ENTERPRISE -- DETAILED INVENTORIES OF KRIs: WHEN GREATER AUTOMATION/SOPHISTICATION IS ACHIEVED -- BUILDING A BASELINE RISK REGISTER -- EMBEDDING RISK REGISTERS AND KEY INFORMATION IN THE PHYSICAL MAPPING -- THE MODULAR APPROACH -- DETERMINING A FOCUSED OUTCOME GROUP (FOG) -- NET RISK VERSUS RESIDUAL RISK -- BUSINESS RISK ANALYSIS TECHNIQUES (BRATs) -- UTILIZING LOGICAL DATA PATHWAYS TO FOCUS ON ROOT CAUSE AND RESOLVE IT -- Chapter 8: The Future Evolution of the Model -- ERM FOR THE TWENTY-FIRST CENTURY -- SYSTEMS STRATEGIES -- DESIGN CRITERIA AND SPECIFICATIONS -- DESIGNING RISK-CENTRIC SYSTEMS FOR EFFICIENCY/GOVERNANCE: STEP BY STEP -- DYNAMICALLY INTEGRATED RISK EVALUATION (DIRE) -- TRIGGERS AND MOMS -- REAL-TIME PROFILING -- SETTING STANDARDS FOR FUTURE EVOLUTION -- Chapter 9: Related Topics and Special Risk Situations -- MANAGING RISK/AUDITING REAL TIME -- MONITORING CONTROLS WITH METRICS -- UTILIZING ERM TO REDUCE AUDIT FEES AND LOWER THE COSTS OF OPERATION -- MERGERS AND ACQUISITIONS: LET'S BUY SOME MORE RISK -- OUTSOURCING: WHAT YOU DON'T KNOW COULD KILL YOUR ORGANIZATION -- DEBUNKING THE OUTSOURCING MYTHS: THE VENTORO STUDY -- Chapter 10: Maximizing Impact-Minimizing Exposure -- WHO OWNS THE RISK MANAGEMENT PROCESS? -- INVOLVING THE STAKEHOLDERS: CREATING A CRITICAL BUSINESS TOOL -- EXTENDING THE IMPACT: MAKING IT A COMPANY ESSENTIAL -- STRATEGICALLY LINKING KEY RISKS AND KEY CONTROLS: CREATING A HOME.

BUILDING THE DREAM HOME: AUTOMATING EVEN YOUR SOX -- About the Author -- Index.